Extend product-in sed to cover shared/, not-in, and single quotes #1

Merged
alukoshko merged 1 commits from swoutersup/scap-security-guide:fix/product-in-sed-coverage into a10 2026-07-16 13:31:47 +00:00
Contributor

Description

The if product in sed replacement in section 5 of add-almalinux10-support.sh had three gaps:

  • Only searched linux_os/, missing rules in shared/ (e.g. PAM OVAL checks that gate on product to select the correct PAM file paths)
  • Only matched double-quoted product names — single-quoted names were silently skipped
  • Did not handle if product not in [...] exclusion lists at all

Changes

  • Extend find path from ./linux_os to ./linux_os ./shared
  • Add single-quote variant for if product in
  • Add double- and single-quote variants for if product not in

Testing

Verified by building ssg-almalinux10-ds.xml against ComplianceAsCode/content master.
Without this fix, rules such as accounts_password_pam_unix_authtok and sysctl_kernel_kptr_restrict produced incorrect OVAL checks for AlmaLinux 10.

## Description The `if product in` sed replacement in section 5 of `add-almalinux10-support.sh` had three gaps: - Only searched `linux_os/`, missing rules in `shared/` (e.g. PAM OVAL checks that gate on product to select the correct PAM file paths) - Only matched double-quoted product names — single-quoted names were silently skipped - Did not handle `if product not in [...]` exclusion lists at all ## Changes - Extend `find` path from `./linux_os` to `./linux_os ./shared` - Add single-quote variant for `if product in` - Add double- and single-quote variants for `if product not in` ## Testing Verified by building `ssg-almalinux10-ds.xml` against [ComplianceAsCode/content](https://github.com/ComplianceAsCode/content) master. Without this fix, rules such as `accounts_password_pam_unix_authtok` and `sysctl_kernel_kptr_restrict` produced incorrect OVAL checks for AlmaLinux 10.
swoutersup added 1 commit 2026-07-15 16:12:13 +00:00
The existing sed only searched linux_os/ and only matched double-quoted
product names in 'if product in' blocks. This missed:

- Rules in shared/ that gate on product (e.g. PAM OVAL checks)
- Exclusion lists using 'if product not in [...]'
- Single-quoted product names in either form

Extend the find path to linux_os/ and shared/, and add the three
missing -e expressions to cover all four combinations.
alukoshko merged commit 1778f1ad07 into a10 2026-07-16 13:31:47 +00:00
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: autopatch/scap-security-guide#1
No description provided.