Closed spencer-cdw closed 1 year ago
It appears that github string interpolation also does not work.
- name: Inspec Summary
uses: mitre/saf_action@v1
with:
command_string: view summary -i {{ env.INSPEC_REPORT }}
produces error
Error: ENOENT: no such file or directory, open '{{'
Also failing with this syntax
UnexpectedArgsError: Unexpected arguments: 0,, \"compliance.min\":, 50}"
- name: Verify inspec failures
uses: mitre/saf_action@v1
with:
command_string: 'validate threshold -i ${{ env.INSPEC_REPORT }} -T "{\"error.total\": 0, \"compliance.min\": 50}"'
And failing with this syntax
UnexpectedArgsError: Unexpected arguments: 0,, "compliance.min":, 50}'
- name: Verify inspec failures
uses: mitre/saf_action@v1
with:
command_string: 'validate threshold -i ${{ env.INSPEC_REPORT }} -T ''{"error.total": 0, "compliance.min": 50}'''
Another syntax failing
UnexpectedArgsError: Unexpected arguments: 0,, \\"compliance.min\\":, 50}"
- name: Verify inspec failures
uses: mitre/saf_action@v1
with:
command_string: 'validate threshold -i ${{ env.INSPEC_REPORT }} -T "{\\"error.total\\": 0, \\"compliance.min\\": 50}"'
The only syntax I was able to get working was to abandon -T
and use -F
instead
- name: Verify inspec failures
uses: mitre/saf_action@v1
with:
command_string: 'validate threshold -i ${{ env.INSPEC_REPORT }} -F ${{ env.PKR_VAR_root_file_path }}/inspec/threshold.yml'
Thanks for bringing this to our attention @spencer-cdw. The source of the problem was that we were splitting the command string by space instead of treating it how the shell usually does (i.e. quoted strings with spaces inside them are one token). This commit fixes that issue 7cc89248961d5462bfbecea25fbda43221bb386a.
@spencer-cdw you might be interested in this example showcasing what you were trying to do (but now working): https://github.com/mitre/saf_action/blob/7cc89248961d5462bfbecea25fbda43221bb386a/.github/workflows/example-usages.yml#L16-L19
Please don't worry about that workflow having an overarching fail - that turns out to be due to us not processing paths with spaces inside properly on the saf cli side.
First of all, thank you for making this tool and releasing it as a github action.
Is it possible to use string interpolation in the command_string stanza?
For example, I want to:
find
commandsaf validate threshold
I'm finding that variables are not expanded
It produces this error
Notice the line
Error: ENOENT: no such file or directory, open '$(find'
command_string should be expanding
$INSPEC_JSON
to a path, however I find that it is treating the variable expansion as a literal string$(find
.Research
Looking at the code, I see it parses the input then runs
saf.run
https://github.com/mitre/saf_action/blob/main/run_command.js#L19-L25
I don't see where/how
saf.run
actually shells out to run a command.It appears that others have used this syntax succesfully
Any feedback welcome.