From cd378103a6052b07dc41c4044a7c300cd204b842 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Thu, 1 Aug 2024 17:06:41 +0200
Subject: [PATCH] template.py: prevent specification of value and
 xccdf_variable at the same time

---
 shared/templates/sshd_lineinfile/template.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/shared/templates/sshd_lineinfile/template.py b/shared/templates/sshd_lineinfile/template.py
index 90165d469659..82685617f569 100644
--- a/shared/templates/sshd_lineinfile/template.py
+++ b/shared/templates/sshd_lineinfile/template.py
@@ -2,6 +2,9 @@
 
 
 def preprocess(data, lang):
+    if data.get("value") is not None and data.get("xccdf_variable") is not None:
+        errmsg = "The template definition of {0} specifies both value and xccdf_variable. This is forbidden.".format(data["_rule_id"])
+        raise ValueError(errmsg)
     if data["datatype"] not in ["string", "int"]:
         errmsg = "The template instance of the rule {0} contains invalid datatype. It must be either 'string' or 'int'".format(data["_rule_id"])
         raise ValueError(errmsg)