Fix bug in gdm banner deregexify

[jish-zetier]

Description:

• The current remediation bash scripts fail to convert banner regular expressions into matching strings.
• This is due to an error when matching the (?:[\n]+|(?:\\n)+) newline pattern, resulting in the pattern never being replaced and the remediation failing.
• For example, running oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --remediate ssg-ubuntu2204-ds.xml results in the following login banner on Ubuntu2204:

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions:(?:[n]+|(?:n)+)-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.(?:[n]+|(?:n)+)-At any time, the USG may inspect and seize data stored on this IS.(?:[n]+|(?:n)+)-Communications ...

Rationale:

• The bash_deregexify_banner_newline(banner_var_name, newline) macro attempts to replace the (?:[\n]+|(?:\\n)+) pattern in the original regex string with the following command: sed 's/(?:\[\\n\]+|(?:\\n)+)/{{{ newline }}}/g').
• sed BRE uses the \\ pattern to match a single backslash. The (?:\\n) portion of the sed commands fails to match the (?:\\n) portion of the original regex string because it fails to properly escape the two backslashes.
• After replacing (?:\\n) with (?:\\\\n), the updated command correctly matches the pattern and replaces the string.
• After making this change, oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --remediate ssg-ubuntu2204-ds.xml now produces the following compliant banner:

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications ...

[openshift-ci]

Hi @jish-zetier. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[jish-zetier]

Quoting differences between different instantiations of login_banner_text across usage of bash_deregexify_banner_newline (' vs ") caused the sed command to only correctly match on certain platforms. After conforming on using single quotes, all use cases seem to work properly.