DEB822 format not supported in ssg-debian12 .

[jwsapienza]

Description of problem:

The regex's for oval:ssg-apt_sources_list_official:def:1 do not support DEB822 format and therefore return a false positive.

 <ind:textfilecontent54_object id="oval:ssg-obj_apt_sources_list_base_official:obj:1" version="1">
          <ind:filepath operation="pattern match">^/etc/apt/sources(.d\/[a-zA-Z0-9]+){0,1}.list$</ind:filepath>
          <ind:pattern operation="pattern match">^deb[\s]+http://[a-z\.]+\.debian\.org/debian[/]?[\s]+bookworm[\s]+main</ind:pattern>
          <ind:instance datatype="int">1</ind:instance>
        </ind:textfilecontent54_object>
        <ind:textfilecontent54_object id="oval:ssg-obj_apt_sources_list_security_official:obj:1" version="1">
          <ind:filepath operation="pattern match">^/etc/apt/sources(.d\/[a-zA-Z0-9]+){0,1}.list$</ind:filepath>
          <ind:pattern operation="pattern match">^deb[\s]+http://security\.debian\.org/debian-security[/]?[\s]+bookworm-security[\s]+main</ind:pattern>
          <ind:instance datatype="int">1</ind:instance>
        </ind:textfilecontent54_object>

SCAP Security Guide Version:

1.7.4

Operating System Version:

Debian 12

Steps to Reproduce:

postgres@3741abc11273:/etc/apt/sources.list.d$ cat debian.sources
Types: deb
# http://snapshot.debian.org/archive/debian/20240812T000000Z
URIs: http://deb.debian.org/debian
Suites: bookworm bookworm-updates
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
# http://snapshot.debian.org/archive/debian-security/20240812T000000Z
URIs: http://deb.debian.org/debian-security
Suites: bookworm-security
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Actual Results:

Expected Results:

Control should pass since the valid sources are present .

Additional Information/Debugging Steps:

https://wiki.debian.org/SourcesList

[dodys]

I'm adding Ubuntu to the labels as well as I imagine this impacts both