OpenSCAP returns warning for rule accounts_password_last_change_is_in_past

[mpurg]

Description of problem:

When running the OVAL check for the rule accounts_password_last_change_is_in_past this warning is returned:

Entity name 'value' from state (id: 'oval:ssg-state_accounts_password_last_change_time_diff:ste:1') not found in item (id: '1391321'). [oscap(39121):oscap(7ffff4722980):oval_resultTest.c:652:eval_item]

The warning is returned on systems which have no passwords defined in /etc/shadow, for example, on a default installation of Ubuntu 22.04 in LXD (see issue: https://bugs.launchpad.net/usg/+bug/2056775). If a password is defined for any user, the check no longer returns a warning.

Possibly related to https://github.com/ComplianceAsCode/content/issues/10212

SCAP Security Guide Version:

master:c0ed7eeb89

Operating System Version:

Ubuntu 22.04

Steps to Reproduce:

1. Remove passwords from all users
2. Evaluate the rule OVAL

Actual Results:

Check returns a warning message.

Expected Results:

No warning message should be returned.

Additional Information/Debugging Steps:

Attaching debug.log (no user passwords defined) and debug_withuser.log (with user passwords) generated using the command below. debug.log debug_withuser.log

$ oscap oval eval --verbose DEVEL --verbose-log-file debug.log --id "oval:ssg-accounts_password_last_change_is_in_past:def:1" ssg-ubuntu2204-oval.xml
Definition oval:ssg-accounts_password_last_change_is_in_past:def:1: true

[dodys]

@marcusburghardt fyi

[marcusburghardt]

@marcusburghardt fyi

This is likely the case reported in this comment: https://github.com/ComplianceAsCode/content/issues/10212#issuecomment-1470013258

It is not a critical issue IMO, but it would be nice to fix. I don't have any idea from top of my head now. It would demand more investigation. Some insights could be, for example, concatenating something to ensure the variable has always some expected value. Just brainstorming...