Issue when using set -e with grep commands #11712
Conversation
|
Hi @2000rosser. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
This datastream diff is auto generated by the check Click here to see the full diffbash remediation for rule 'xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy' differs.
--- xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy
+++ xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy
@@ -11,9 +11,7 @@
# Ensure CRYPTO_POLICY is not commented out
sed -i 's/#CRYPTO_POLICY=/CRYPTO_POLICY=/' ${CONF_FILE}
-grep -q "'${correct_value}'" ${CONF_FILE}
-
-if [[ $? -ne 0 ]]; then
+if ! grep -q "$correct_value" "$CONF_FILE"; then
# We need to get the existing value, using PCRE to maintain same regex
existing_value=$(grep -Po '(-oCiphers=\S+)' ${CONF_FILE})
bash remediation for rule 'xccdf_org.ssgproject.content_rule_harden_sshd_macs_opensshserver_conf_crypto_policy' differs.
--- xccdf_org.ssgproject.content_rule_harden_sshd_macs_opensshserver_conf_crypto_policy
+++ xccdf_org.ssgproject.content_rule_harden_sshd_macs_opensshserver_conf_crypto_policy
@@ -11,9 +11,7 @@
# Ensure CRYPTO_POLICY is not commented out
sed -i 's/#CRYPTO_POLICY=/CRYPTO_POLICY=/' ${CONF_FILE}
-grep -q "'${correct_value}'" ${CONF_FILE}
-
-if [[ $? -ne 0 ]]; then
+if ! grep -q "$correct_value" "$CONF_FILE"; then
# We need to get the existing value, using PCRE to maintain same regex
existing_value=$(grep -Po '(-oMACs=\S+)' ${CONF_FILE})
|
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
These rules are not part of SLE15 profiles, so the Regarding the |
|
In that case I'll revert the previous commit as it doesnt seem to have made any difference. |
This reverts commit 16c4f98.
|
Code Climate has analyzed commit f5cb12c and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.3% (-0.5% change). View more on Code Climate. |
marcusburghardt
merged commit c4b2797
into
ComplianceAsCode:master
Description:
Changed two crypto policy remediation scripts to use the grep command in the if statement
Rationale:
grep -q will exit with code 0 if any match is found and returns 1 otherwise. This causes the script to exit if set -e is set. Having the grep command within the if statement fixes this issue.