|
|
fe0dde |
From 2dfde081b297f42690e10a0d9e550f5819ec2df2 Mon Sep 17 00:00:00 2001
|
|
|
fe0dde |
From: Watson Sato <wsato@redhat.com>
|
|
|
fe0dde |
Date: Fri, 9 Oct 2020 09:30:35 +0200
|
|
|
fe0dde |
Subject: [PATCH] Do not platform wrap empty Bash remediation
|
|
|
fe0dde |
|
|
|
fe0dde |
The fix text for a rule can end up empty if a Jinja macro or conditional
|
|
|
fe0dde |
doesn't render any text.
|
|
|
fe0dde |
In these cases, avoid wrapping empty lines in an if-else, as this causes
|
|
|
fe0dde |
syntax error.
|
|
|
fe0dde |
---
|
|
|
fe0dde |
ssg/build_remediations.py | 15 +++++++++------
|
|
|
fe0dde |
1 file changed, 9 insertions(+), 6 deletions(-)
|
|
|
fe0dde |
|
|
|
fe0dde |
diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py
|
|
|
fe0dde |
index f269d4d2d6..572db61701 100644
|
|
|
fe0dde |
--- a/ssg/build_remediations.py
|
|
|
fe0dde |
+++ b/ssg/build_remediations.py
|
|
|
fe0dde |
@@ -273,6 +273,13 @@ def parse_from_file_with_jinja(self, env_yaml):
|
|
|
fe0dde |
self.local_env_yaml.update(env_yaml)
|
|
|
fe0dde |
result = super(BashRemediation, self).parse_from_file_with_jinja(self.local_env_yaml)
|
|
|
fe0dde |
|
|
|
fe0dde |
+ # Avoid platform wrapping empty fix text
|
|
|
fe0dde |
+ # Remediations can be empty when a Jinja macro or conditional
|
|
|
fe0dde |
+ # renders no fix text for a product
|
|
|
fe0dde |
+ stripped_fix_text = result.contents.strip()
|
|
|
fe0dde |
+ if stripped_fix_text == "":
|
|
|
fe0dde |
+ return result
|
|
|
fe0dde |
+
|
|
|
fe0dde |
rule_platforms = set()
|
|
|
fe0dde |
if self.associated_rule:
|
|
|
fe0dde |
# There can be repeated inherited platforms and rule platforms
|
|
|
fe0dde |
@@ -301,15 +308,11 @@ def parse_from_file_with_jinja(self, env_yaml):
|
|
|
fe0dde |
|
|
|
fe0dde |
all_conditions = " && ".join(platform_conditionals)
|
|
|
fe0dde |
wrapped_fix_text.append("if {0}; then".format(all_conditions))
|
|
|
fe0dde |
-
|
|
|
fe0dde |
- # Avoid adding extra blank line
|
|
|
fe0dde |
- if not result.contents.startswith("\n"):
|
|
|
fe0dde |
- wrapped_fix_text.append("")
|
|
|
fe0dde |
-
|
|
|
fe0dde |
+ wrapped_fix_text.append("")
|
|
|
fe0dde |
# It is possible to indent the original body of the remediation with textwrap.indent(),
|
|
|
fe0dde |
# however, it is not supported by python2, and there is a risk of breaking remediations
|
|
|
fe0dde |
# For example, remediations with a here-doc block could be affected.
|
|
|
fe0dde |
- wrapped_fix_text.append("{0}".format(result.contents))
|
|
|
fe0dde |
+ wrapped_fix_text.append("{0}".format(stripped_fix_text))
|
|
|
fe0dde |
wrapped_fix_text.append("")
|
|
|
fe0dde |
wrapped_fix_text.append("else")
|
|
|
fe0dde |
wrapped_fix_text.append(" >&2 echo 'Remediation is not applicable, nothing was done'")
|