-
Notifications
You must be signed in to change notification settings - Fork 365
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oscap-ssh: simplify to allow limited sudo rule #1881
base: maint-1.3
Are you sure you want to change the base?
Commits on May 4, 2023
-
fix: oscap-ssh: instead of expr/let, use (( )) form
Handle options conversions up to 2nd last arg as last is input and is handled next. (( ..., 1 )) ensures return value is ok. arr[-1] is last element From shellcheck: In utils/oscap-ssh line 217: for i in $(seq 0 `expr $# - 1`); do ^-----------^ SC2046: Quote this to prevent word splitting. ^-----------^ SC2006: Use $(...) notation instead of legacy backticked `...`. ^--^ SC2003: expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]]. Did you mean: for i in $(seq 0 $(expr $# - 1)); do In utils/oscap-ssh line 218: let j=i+1 ^-------^ SC2219: Instead of 'let expr', prefer (( expr )) . In utils/oscap-ssh line 267: LOCAL_CONTENT_PATH="${oscap_args[`expr $# - 1`]}" ^-----------^ SC2006: Use $(...) notation instead of legacy backticked `...`. ^--^ SC2003: expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]]. Did you mean: LOCAL_CONTENT_PATH="${oscap_args[$(expr $# - 1)]}" In utils/oscap-ssh line 268: oscap_args[`expr $# - 1`]="$REMOTE_TEMP_DIR/input.xml" ^-----------^ SC2006: Use $(...) notation instead of legacy backticked `...`. ^--^ SC2003: expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]]. Did you mean: oscap_args[$(expr $# - 1)]="$REMOTE_TEMP_DIR/input.xml"
Configuration menu - View commit details
-
Copy full SHA for 6233bb4 - Browse repository at this point
Copy the full SHA 6233bb4View commit details -
change: oscap-ssh: simplify command_array_to_string
- use printf %q instead of home made implementation - use $@ - there is no point using fancy array arrayref and eval in this simple use case - printf just iterates parameters and "$@" works just fine - changes usage: from: command_array_to_string arref to: command_array_to_string "${array[@]}"
Configuration menu - View commit details
-
Copy full SHA for 5db382c - Browse repository at this point
Copy the full SHA 5db382cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9ebf7ea - Browse repository at this point
Copy the full SHA 9ebf7eaView commit details -
change: oscap-ssh: Simplify sudo test
Change OSCAP_SUDO as array and after this there is no need to test it.
Configuration menu - View commit details
-
Copy full SHA for 0550108 - Browse repository at this point
Copy the full SHA 0550108View commit details -
fix: oscap-ssh: ensure cd is done
Fail if can not cd into a directory. Shellcheck would warn about this.
Configuration menu - View commit details
-
Copy full SHA for a9026f3 - Browse repository at this point
Copy the full SHA a9026f3View commit details -
fix: oscap-ssh: extend command_array_to_string coverage to sudo
This ensures whole command is quoted.
Configuration menu - View commit details
-
Copy full SHA for 5274233 - Browse repository at this point
Copy the full SHA 5274233View commit details -
change: oscap-ssh: allow xccdf --verbose DEVEL eval
This is needed sometimes when debugging.
Configuration menu - View commit details
-
Copy full SHA for 712ae85 - Browse repository at this point
Copy the full SHA 712ae85View commit details -
Configuration menu - View commit details
-
Copy full SHA for 922f902 - Browse repository at this point
Copy the full SHA 922f902View commit details