oscap-ssh: simplify to allow limited sudo rule #1881
Commits on May 4, 2023
-
fix: oscap-ssh: instead of expr/let, use (( )) form
Handle options conversions up to 2nd last arg as last is input and is handled next. (( ..., 1 )) ensures return value is ok. arr[-1] is last element From shellcheck: In utils/oscap-ssh line 217: for i in $(seq 0 `expr $# - 1`); do ^-----------^ SC2046: Quote this to prevent word splitting. ^-----------^ SC2006: Use $(...) notation instead of legacy backticked `...`. ^--^ SC2003: expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]]. Did you mean: for i in $(seq 0 $(expr $# - 1)); do In utils/oscap-ssh line 218: let j=i+1 ^-------^ SC2219: Instead of 'let expr', prefer (( expr )) . In utils/oscap-ssh line 267: LOCAL_CONTENT_PATH="${oscap_args[`expr $# - 1`]}" ^-----------^ SC2006: Use $(...) notation instead of legacy backticked `...`. ^--^ SC2003: expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]]. Did you mean: LOCAL_CONTENT_PATH="${oscap_args[$(expr $# - 1)]}" In utils/oscap-ssh line 268: oscap_args[`expr $# - 1`]="$REMOTE_TEMP_DIR/input.xml" ^-----------^ SC2006: Use $(...) notation instead of legacy backticked `...`. ^--^ SC2003: expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]]. Did you mean: oscap_args[$(expr $# - 1)]="$REMOTE_TEMP_DIR/input.xml" -
change: oscap-ssh: simplify command_array_to_string
- use printf %q instead of home made implementation - use $@ - there is no point using fancy array arrayref and eval in this simple use case - printf just iterates parameters and "$@" works just fine - changes usage: from: command_array_to_string arref to: command_array_to_string "${array[@]}" -
-
change: oscap-ssh: Simplify sudo test
Change OSCAP_SUDO as array and after this there is no need to test it.
-
fix: oscap-ssh: ensure cd is done
Fail if can not cd into a directory. Shellcheck would warn about this.
-
fix: oscap-ssh: extend command_array_to_string coverage to sudo
This ensures whole command is quoted.
-
change: oscap-ssh: allow xccdf --verbose DEVEL eval
This is needed sometimes when debugging.
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.