From 28686857e9789cae1f66936a11685f0b9fb48f69 Mon Sep 17 00:00:00 2001
From: Sam Smith <sam@ssmith.co.uk>
Date: Thu, 20 Apr 2023 10:34:44 +0100
Subject: [PATCH] Enable universal newlines when executing local commands.
 (#156)

Universal newline support is enabled by default in all calls that read
data. This means that any non-binary evidence with a foreign newline convention
cannot be verified. When the evidence is read, all line endings are converted to
'\n' which changes the expected digest.

This change enables universal newline mode during the evidence fetch. The
subprocess output will be opened as text streams in universal newlines mode. All
line endings will be converted to '\n' ensuring the evidence can be later
verified.

If you must retain evidence with foreign newline conventions then set
`binary_content = True`.
---
 CHANGES.md             |  4 ++++
 compliance/__init__.py |  2 +-
 compliance/fetch.py    | 10 ++++------
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 045dbee6..53b68f29 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,7 @@
+# [2.0.1](https://github.com/ComplianceAsCode/auditree-framework/releases/tag/v2.0.1)
+
+- [FIXED] Enable universal newlines when executing local commands.
+
 # [2.0.0](https://github.com/ComplianceAsCode/auditree-framework/releases/tag/v2.0.0)
 
 - [ADDED] Documentation on how to use it with 1Password CLI.
diff --git a/compliance/__init__.py b/compliance/__init__.py
index 53e729d2..fefc1045 100644
--- a/compliance/__init__.py
+++ b/compliance/__init__.py
@@ -13,4 +13,4 @@
 # limitations under the License.
 """Compliance automation package."""
 
-__version__ = "2.0.0"
+__version__ = "2.0.1"
diff --git a/compliance/fetch.py b/compliance/fetch.py
index 35c30903..a4e99fbf 100644
--- a/compliance/fetch.py
+++ b/compliance/fetch.py
@@ -150,12 +150,10 @@ def fetchLocalCommands(  # noqa: N802
             cmd += ["-t"]
         if not cwd:
             cwd = os.path.expanduser("~")
-        stdin = str.encode("\n".join(commands) + "\n")
-        return (
-            check_output(cmd, cwd=cwd, env=env, input=stdin, timeout=timeout)
-            .decode()
-            .rstrip()
-        )
+        stdin = "\n".join(commands) + "\n"
+        return check_output(
+            cmd, cwd=cwd, env=env, input=stdin, timeout=timeout, universal_newlines=True
+        ).rstrip()
 
 
 def fetch(url, name):