fix: "--only" option in "hardening.sh"

Damien Cavagnini · Damien Cavagnini · commit 2bc24a96b5f8 · 2025-07-02T10:43:37.000+02:00
"--only" was broken, it did not match correctly a script passed in only

Previously we were checking the numerotation number, we now are using the full script name.

Ex: 1.1.1.1_disable_freevxfs.sh

Previously: (broken) look up for 1\.1\.1\.1, which could also match 1.1.1.1.1.1.1.1_foo.sh
Now: look up for 1.1.1.1_disable_freevxfs.sh
diff --git a/bin/hardening.sh b/bin/hardening.sh
@@ -319,10 +319,7 @@ fi
 for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do
     if [ "${#TEST_LIST[@]}" -gt 0 ]; then
         # --only X has been specified at least once, is this script in my list ?
-        SCRIPT_PREFIX=$(grep -Eo '^[0-9.]+' <<<"$(basename "$SCRIPT")")
-        # shellcheck disable=SC2001
-        SCRIPT_PREFIX_RE=$(sed -e 's/\./\\./g' <<<"$SCRIPT_PREFIX")
-        if ! grep -qE "(^|[[:space:]])$SCRIPT_PREFIX_RE([[:space:]]|$)" <<<"${TEST_LIST[@]}"; then
+        if ! grep -qE $(basename "$SCRIPT") <<<"${TEST_LIST[@]}"; then
             # not in the list
             continue
         fi
