Merge pull request ComplianceAsCode#6584 from ggbecker/improve-yamlfi…

…le-value

Improve yamlfile_value template

shared/templates/yamlfile_value/oval.template

@@ -32,7 +32,7 @@
     <ind:state state_ref="state_{{{ rule_id }}}"/>
   </ind:yamlfilecontent_test>
 {{% else %}}
-  <ind:variable_test id="test_{{{ rule_id }}}" check="all" check_existence="all_exist" comment="comment1" version="1">
+  <ind:variable_test id="test_{{{ rule_id }}}" check="all" check_existence="all_exist" comment="Variable test to check XCCDF variable" version="1">
     <ind:object object_ref="variable_object_{{{ rule_id }}}" />
     <ind:state state_ref="variable_state_{{{ rule_id }}}" />
   </ind:variable_test>
@@ -45,13 +45,11 @@
     <ind:value datatype="string" operation="equals" var_ref="{{{ XCCDF_VARIABLE }}}"/>
   </ind:variable_state>
 
-  {{% for val in VALUES %}}
-  <local_variable id="local_variable_{{{ rule_id }}}" datatype="string" comment="comment1" version="1">
-    <regex_capture pattern='{{{ val.value }}}'>
-       <object_component item_field="value" record_field="#" object_ref="object_{{{ rule_id }}}" />
+  <local_variable id="local_variable_{{{ rule_id }}}" datatype="string" comment="Captured value to be compared with XCCDF value" version="1">
+    <regex_capture pattern='{{{ (VALUES|first).value }}}'>
+       <object_component item_field="value" record_field="{{{ (VALUES|first).key|default('#') }}}" object_ref="object_{{{ rule_id }}}" />
     </regex_capture>
   </local_variable>
-  {{% endfor %}}
 
 {{% endif %}}
 

shared/templates/yamlfile_value/template.py

@@ -1,12 +1,25 @@
 def preprocess(data, lang):
 
     if data.get("xccdf_variable") and data.get("embedded_data") == "true":
-        if not data.get("values"):
+        values = data.get("values", [{}])
+        if len(values) > 1:
+            raise ValueError(
+                "Only a single value can be checked when querying "
+                "for a 'xccdf_value' that returns an embedded value. "
+                "Rule ID: {}".format(data["_rule_id"]))
+        elif not values[0].get("value"):
             raise ValueError(
                 "You should specify a capture regex in the 'value' field "
                 "when querying for a 'xccdf_value' that returns an embedded value. "
                 "Rule ID: {}".format(data["_rule_id"]))
 
+    if data.get("xccdf_variable") and data.get("embedded_data") != "true":
+        if data.get("values"):
+            raise ValueError(
+                "You cannot specify the 'value' field when querying "
+                "for a 'xccdf_value' that doesn't return an embedded value. "
+                "Rule ID: {}".format(data["_rule_id"]))
+
     data["embedded_data"] = data.get("embedded_data", "false") == "true"
     data["ocp_data"] = data.get("ocp_data", "false") == "true"
     return data