Add word boundary for hash algorithm

ComplianceAsCode · Dec 3, 2024 · e62ce4c · e62ce4c
1 parent 4ad76c9
commit e62ce4c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/.../set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml b/.../set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml
@@ -17,8 +17,8 @@
     {{% set line_pattern = "^[\s]*password[\s]+(?:(?:required)|(?:sufficient))[\s]+pam_unix\.so[\s]+" %}}
   {{% endif %}}
 
-  {{% set pam_unix_algorithms = "(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)" %}}
-  {{% set hashing_pattern = line_pattern + "(?!.*" + pam_unix_algorithms + "[^#]*" + pam_unix_algorithms + ").*" + pam_unix_algorithms + ".*$" %}}
+  {{% set pam_unix_algorithms = "\\b(sha512|yescrypt|gost_yescrypt|blowfish|sha256|md5|bigcrypt)\\b" %}}
+  {{% set hashing_pattern = line_pattern + "(?!.*" + pam_unix_algorithms + "[^#]*" + pam_unix_algorithms + ")[^#]*" + pam_unix_algorithms + ".*$" %}}
 
   <!--
     In addition to the pam file, what usually differ between products are the controls in the