Since Spectrum update to 21.2.8, from 10.4.2.2, the block policy is not parsing correctly and we see the following error message.
error text :
May 05, 2022 10:26:57.343 - ScmServiceImpl::parseScriptOutputXml(): GotJDOMException exceptionpolicy /spectrum/NCM/cache/blockScOutput_27614663_3150755933162512331.xml : Error on line 1 of document file:/spectrum/NCM/cache/blockScOutput_27614663_3150755933162512331.xml: Premature end of file.
May 05, 2022 10:26:57.345 - ScmServiceImpl::verifyScriptBlock(): Got violated the policy policyMh: 27614663
scriptContent: "#!/bin/bash# ## Script will return STDOUT has TRUE OR FALSE ( case insensitive)## FALSE -> Policy is NOT Violated# TRUE -> Policy is Violated## First Argument is Temporary File name that contains BLOCK of configuration for validation# Remaining Argument are Dynamic Params configured during on policy definition.## First Line is Block Start matched Tag in the BLOCK.# LAST Line is Block End matched Tag in the BLOCKblockTextFile=$1startTag=`head -n 1 $blockTextFile`endTag=`tail -n 1 $blockTextFile`#conditions to be validated on Blockgrep -F \"local-user \" <$blockTextFile|grep -vF \"undo local-user admin\"|grep -vE \"local-user\\s(Passwordmanager)\" 1>/dev/null 2>&1if [ $? = 0 ]then echo true exitfiecho falseexit"
**<internal error> Unable to parse Script outputfile**
This is the core of issue.
We saw temporary file with blocks and empty xml files.
Release : 21.2
Component : Spectrum Applications
in Spectrum 10.4.3 the NCM Block Policies were updated, therefore any custom scripts need to be updated.
Some changes to NCM Block Policy were made in 10.4.3 that requires the custom scripts to be updated.
The output file contents need to filled by the user using the custom script. Previously we used to tell whether policy is violated or not, but now we can show more information about violation using the output file.
Customer can refer to sample script file that is provided with installation to know more about how to populate that data.
Using similar script as example we updated documentation section as well: Doc Link
Ask them to modify the script as they should able to populate the violation data properly.