fix xccdf_variable substitution with dotnotation

sluetze · Jul 24, 2024 · b45dd6f · b45dd6f
1 parent ecdb61c
commit b45dd6f
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/applications/openshift/api-server/api_server_request_timeout/rule.yml b/applications/openshift/api-server/api_server_request_timeout/rule.yml
@@ -50,7 +50,7 @@ ocil_clause: '<tt>min-request-timeout</tt> is not set or is not set to an approp
 ocil: |-
     Run the following command:
     <pre>$ oc get configmap config -n openshift-kube-apiserver -ojson | jq -r '.data["config.yaml"]' | jq '.apiServerArguments["min-request-timeout"]'</pre>
-    The output should return <pre> {{{ xccdf_value("var_api_min_request_timeout") }}} </pre>.
+    The output should return <pre> {{ .var_api_min_request_timeout }} </pre>.
 
 warnings:
 - general: |-

diff --git a/applications/openshift/authentication/oauth_inactivity_timeout/rule.yml b/applications/openshift/authentication/oauth_inactivity_timeout/rule.yml
@@ -61,7 +61,7 @@ ocil_clause: 'OAuth server inactivity timeout is not configured'
 ocil: |-
   To check if the OAuth server timeout is configured, run the following command:
   <pre>oc get oauth cluster -ojsonpath='{.spec.tokenConfig.accessTokenInactivityTimeout}'</pre>
-  the output should return <pre> {{{ xccdf_value("var_oauth_inactivity_timeout") }}} </pre>.
+  the output should return <pre> {{ .var_oauth_inactivity_timeout }} </pre>.
 
 severity: medium
 

diff --git a/applications/openshift/kubelet/kubelet_configure_event_creation/rule.yml b/applications/openshift/kubelet/kubelet_configure_event_creation/rule.yml
@@ -49,7 +49,7 @@ ocil_clause: 'event creation limits are not configured'
 ocil: |-
     Run the following command on the kubelet node(s):
     <pre>$ for NODE_NAME in $(oc get nodes -ojsonpath='{.items[*].metadata.name}'); do oc get --raw /api/v1/nodes/$NODE_NAME/proxy/configz | jq '.kubeletconfig|.kind="KubeletConfiguration"|.apiVersion="kubelet.config.k8s.io/v1beta1"' | grep eventRecordQPS; done</pre>
-    The output should return <tt>{{{ xccdf_value("var_event_record_qps") }}}</tt>.
+    The output should return <tt>{{ .var_event_record_qps }}</tt>.
 
 references:
     cis@ocp4: 4.2.8

diff --git a/applications/openshift/kubelet/kubelet_enable_streaming_connections_deprecated/rule.yml b/applications/openshift/kubelet/kubelet_enable_streaming_connections_deprecated/rule.yml
@@ -31,7 +31,7 @@ ocil_clause: 'the streaming connection timeouts are not disabled'
 ocil: |-
     Run the following command on the kubelet node(s):
     <pre>$ sudo grep streamingConnectionIdleTimeout {{{ kubeletconf_path }}}</pre>
-    The output should return <tt>{{{ xccdf_value("var_streaming_connection_timeouts") }}}</tt>.
+    The output should return <tt>{{ .var_streaming_connection_timeouts }}</tt>.
 
 references:
     cis@eks: 3.2.5