Simplify flags

In fact, the `FLAGS` variable only holds information about if the rule is related to IPv6 or not. So we can rename it to a better name `IPV6` and make it a boolean variable.
ComplianceAsCode · Nov 5, 2024 · 5237ec2 · 5237ec2
1 parent dfcbd95
commit 5237ec2
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/shared/templates/sysctl/oval.template b/shared/templates/sysctl/oval.template
@@ -20,7 +20,7 @@
     <ind:pattern operation="pattern match">^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*(.*\S)[\s]*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
 {{%- endmacro -%}}
-{{%- if "P" in FLAGS -%}}
+{{%- if IPV6 == "false" -%}}
 
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="3">
@@ -36,7 +36,7 @@
   </definition>
 </def-group>
 
-{{%- elif "I" in FLAGS -%}}
+{{%- else -%}}
 
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="4">

diff --git a/shared/templates/sysctl/sce-bash.template b/shared/templates/sysctl/sce-bash.template
@@ -62,7 +62,7 @@ function check_sysctl_configuration()
     return $XCCDF_RESULT_FAIL
 }
 
-{{% if "I" in FLAGS -%}}
+{{% if IPV6 == "true" -%}}
 # pass if IPv6 is disabled
 check_sysctl_configuration "net.ipv6.conf.all.disable_ipv6" "1"
 if [[ $? == $XCCDF_RESULT_PASS ]] ; then

diff --git a/shared/templates/sysctl/template.py b/shared/templates/sysctl/template.py
@@ -5,10 +5,10 @@ def preprocess(data, lang):
     data["sysctlid"] = ssg.utils.escape_id(data["sysctlvar"])
     if not data.get("sysctlval"):
         data["sysctlval"] = ""
-    ipv6_flag = "P"
     if data["sysctlid"].find("ipv6") >= 0:
-        ipv6_flag = "I"
-    data["flags"] = ipv6_flag
+        data["ipv6"] = "true"
+    else:
+        data["ipv6"] = "false"
     if "operation" not in data:
         data["operation"] = "equals"
     if isinstance(data["sysctlval"], list) and len(data["sysctlval"]) == 0: