You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During @vojtapolasek 's work on ComplianceAsCode/content#9285 we have discovered that if an XCCDF value contains a pipe character (|) the generated Ansible Playbook in invalid because the generated Playbook contains a pipe character (|) which has a special meaning in YAML, specifically, the pipe introduces multililne string.
This can also be a problem when people have a tailoring where they customize their XCCDF Values to an arbitrary string if that arbitrary string contains a pipe character (|) . We can't prevent users from doing that and that means that any workaround in the content isn't sufficient.
OpenSCAP Version:
1.3.6
Operating System & Version:
F 35
Steps to Reproduce:
Download and unpack SCAP source data stream ds.tar.gz
ansible-lint playbook.yml
WARNING Listing 1 violation(s) that are fatal
syntax-check: Ansible syntax check failed
playbook.yml:1 [WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
did not find expected comment or line break
The error appears to be in '/home/jcerny/work/git/scap-security-guide/playbook.yml': line 87, column 46, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
var_removable_partition: !!str /dev/cdrom
sysctl_kernel_core_pattern_value: !!str |/bin/false
^ here
Finished with 1 failure(s), 0 warning(s) on 1 files.
Description of Problem:
During @vojtapolasek 's work on ComplianceAsCode/content#9285 we have discovered that if an XCCDF value contains a pipe character (
|
) the generated Ansible Playbook in invalid because the generated Playbook contains a pipe character (|
) which has a special meaning in YAML, specifically, the pipe introduces multililne string.This is explained on https://yaml-multiline.info/.
This can also be a problem when people have a tailoring where they customize their XCCDF Values to an arbitrary string if that arbitrary string contains a pipe character (
|
) . We can't prevent users from doing that and that means that any workaround in the content isn't sufficient.OpenSCAP Version:
1.3.6
Operating System & Version:
F 35
Steps to Reproduce:
Download and unpack SCAP source data stream ds.tar.gz
oscap xccdf generate fix --fix-type ansible --profile stig ssg-rhel9-ds.xml > playbook.yml
grep "sysctl_kernel_core_pattern_value:" playbook.yml
ansible-lint playbook.yml
Actual Results:
Expected Results:
Additional Information / Debugging Steps:
For more details, see the discussion in ComplianceAsCode/content#9285.
The text was updated successfully, but these errors were encountered: