From b1b620cc05aac2f9ebd0e85c3409ccd150d8f80e Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 15 Jun 2018 09:48:15 -0400
Subject: [PATCH 1/8] Fix scrutinizer issues in ssg/_oval.py

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 ssg/_constants.py |  9 ++++++++
 ssg/_oval.py      | 52 +++++++++++++++++++++++++----------------------
 2 files changed, 37 insertions(+), 24 deletions(-)

diff --git a/ssg/_constants.py b/ssg/_constants.py
index 9db9c57b1f8..a9ca0c4b3f4 100644
--- a/ssg/_constants.py
+++ b/ssg/_constants.py
@@ -1,6 +1,15 @@
 import datetime
 import os.path
 
+try:
+    from openscap import oscap_get_version
+    if oscap_get_version() < 1.2:
+        OSCAP_OVAL_VERSION = "5.10"
+    else:
+        OSCAP_OVAL_VERSION = "5.11"
+except ImportError:
+    OSCAP_OVAL_VERSION = "5.10"
+
 
 JINJA_MACROS_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname(
     __file__)), "shared", "macros.jinja")
diff --git a/ssg/_oval.py b/ssg/_oval.py
index 5a11b728349..035979546ea 100644
--- a/ssg/_oval.py
+++ b/ssg/_oval.py
@@ -1,3 +1,5 @@
+from __future__ import print_function
+
 import sys
 import os
 import re
@@ -5,37 +7,28 @@
 import tempfile
 import subprocess
 
-from ConfigParser import SafeConfigParser
-
 from ssg._constants import oval_footer as footer
 from ssg._constants import oval_namespace as ovalns
-from ssg._constants import timestamp
+from ssg._constants import OSCAP_OVAL_VERSION
 from ssg._xml import ElementTree as ET
 from ssg._xml import oval_generated_header
-
+from ssg._id_translate import IDTranslator
 
 SHARED_OVAL = re.sub('shared.*', 'shared', __file__) + '/checks/oval/'
 
 
-try:
-    from openscap import oscap_get_version
-    if oscap_get_version() < 1.2:
-        oval_version = "5.10"
-    else:
-        oval_version = "5.11"
-except ImportError:
-    oval_version = "5.10"
-
 # globals, to make recursion easier in case we encounter extend_definition
 definitions = ET.Element("definitions")
 tests = ET.Element("tests")
 objects = ET.Element("objects")
 states = ET.Element("states")
 variables = ET.Element("variables")
+silent_mode = False
 
 
 # append new child ONLY if it's not a duplicate
 def append(element, newchild):
+    global silent_mode
     newid = newchild.get("id")
     existing = element.find(".//*[@id='" + newid + "']")
     if existing is not None:
@@ -47,11 +40,17 @@ def append(element, newchild):
         element.append(newchild)
 
 
-def add_oval_elements(body, header):
+def _add_elements(body, header):
     """Add oval elements to the global Elements defined above"""
+    global definitions
+    global tests
+    global objects
+    global states
+    global variables
 
     tree = ET.fromstring(header + body + footer)
     tree = replace_external_vars(tree)
+    defname = None
     # parse new file(string) as an etree, so we can arrange elements
     # appropriately
     for childnode in tree.findall("./{%s}def-group/*" % ovalns):
@@ -69,7 +68,7 @@ def add_oval_elements(body, header):
                 extend_ref = find_testfile(defid+".xml")
                 includedbody = read_ovaldefgroup_file(extend_ref)
                 # recursively add the elements in the other file
-                add_oval_elements(includedbody, header)
+                _add_elements(includedbody, header)
         if childnode.tag.endswith("_test"):
             append(tests, childnode)
         if childnode.tag.endswith("_object"):
@@ -95,7 +94,7 @@ def replace_external_vars(tree):
         # sys.exit()
         if extvar_id not in os.environ.keys():
             print("External_variable specified, but no value provided via "
-                  "environment variable")
+                  "environment variable", file=sys.stderr)
             sys.exit(2)
         # replace tag name: external -> local
         node.tag = "{%s}local_variable" % ovalns
@@ -110,7 +109,7 @@ def replace_external_vars(tree):
 def find_testfile(testfile):
     """Find OVAL files in CWD or shared/oval"""
     for path in ['.', SHARED_OVAL]:
-        for root, folder, files in os.walk(path):
+        for root, _, _ in os.walk(path):
             searchfile = root + '/' + testfile
             if not os.path.isfile(searchfile):
                 searchfile = ""
@@ -121,7 +120,7 @@ def find_testfile(testfile):
 
     if not os.path.isfile(testfile):
         print("ERROR: %s does not exist! Please specify a valid OVAL file."
-              % testfile)
+              % testfile, file=sys.stderr)
         sys.exit(1)
 
     return testfile
@@ -136,10 +135,10 @@ def read_ovaldefgroup_file(testfile):
 
 def parse_options():
     usage = "usage: %(prog)s [options] definition_file.xml"
-    parser = argparse.ArgumentParser(usage=usage, version="%(prog)s ")
+    parser = argparse.ArgumentParser(usage=usage)
     # only some options are on by default
 
-    parser.add_argument("--oval_version", default=oval_version,
+    parser.add_argument("--oval_version", default=OSCAP_OVAL_VERSION,
                         dest="oval_version", action="store",
                         help="OVAL version to use. Example: 5.11, 5.10, ... \
                         [Default: %(default)s]")
@@ -168,16 +167,21 @@ def main():
     header = oval_generated_header("testoval.py", oval_version, "0.0.1")
     testfile = find_testfile(testfile)
     body = read_ovaldefgroup_file(testfile)
-    defname = add_oval_elements(body, header)
+    defname = _add_elements(body, header)
+    if defname is None:
+        print("Error while evaluating oval: defname not set; missing "
+              "definitions section?")
+        sys.exit(1)
+
     ovaltree = ET.fromstring(header + footer)
 
     # append each major element type, if it has subelements
     for element in [definitions, tests, objects, states, variables]:
-        if element.getchildren():
+        if list(element) > 0:
             ovaltree.append(element)
     # re-map all the element ids from meaningful names to meaningless
     # numbers
-    testtranslator = idtranslate.IDTranslator("scap-security-guide.testing")
+    testtranslator = IDTranslator("scap-security-guide.testing")
     ovaltree = testtranslator.translate(ovaltree)
     (ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
     os.write(ovalfile, ET.tostring(ovaltree))
@@ -190,7 +194,7 @@ def main():
     oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
     cmd_out = oscap_child.communicate()[0]
     if not silent_mode:
-        print cmd_out
+        print(cmd_out)
     if oscap_child.returncode != 0:
         if not silent_mode:
             print("Error launching 'oscap' command: \n\t" + cmd)

From 4e7a1625ea234a88e3e6c6f65b189ce761fa18ef Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 15 Jun 2018 11:06:36 -0400
Subject: [PATCH 2/8] Fix scrutinizer issues in ssg/_checks.py

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 ssg/_checks.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ssg/_checks.py b/ssg/_checks.py
index e0e9e9c3f2c..234c7557090 100644
--- a/ssg/_checks.py
+++ b/ssg/_checks.py
@@ -1,6 +1,6 @@
 import re
 
-from ssg._constants import *
+from ssg._constants import XCCDF11_NS
 
 
 def get_content_ref_if_exists_and_not_remote(check):
@@ -17,8 +17,7 @@ def get_content_ref_if_exists_and_not_remote(check):
         return None
     if is_content_href_remote(checkcontentref):
         return None
-    else:
-        return checkcontentref
+    return checkcontentref
 
 
 def is_content_href_remote(check_content_ref):

From 162de8cab9f0899d2275dc6d7dc6cdb946b68068 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 15 Jun 2018 11:08:03 -0400
Subject: [PATCH 3/8] Fix scrutinizer issues in ssg/_contributors.py

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 ssg/_contributors.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ssg/_contributors.py b/ssg/_contributors.py
index ccf36252df9..37552eeb1ae 100644
--- a/ssg/_contributors.py
+++ b/ssg/_contributors.py
@@ -1,7 +1,6 @@
 import collections
 import datetime
 import re
-import subprocess
 import os.path
 
 from ssg._shims import subprocess_check_output

From 7f2e0307d91f17b965b27e3149e08ba6e6afcaba Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 15 Jun 2018 11:08:51 -0400
Subject: [PATCH 4/8] Fix scrutinizer issues in ssg/_id_translate.py

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 ssg/_id_translate.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ssg/_id_translate.py b/ssg/_id_translate.py
index 09c028c5089..80eaabc18ff 100644
--- a/ssg/_id_translate.py
+++ b/ssg/_id_translate.py
@@ -43,8 +43,7 @@ def _split_namespace(tag):
     if tag[0] == "{":
         namespace, name = tag[1:].split("}", 1)
         return namespace.split("#")[0], name
-    else:
-        return (None, tag)
+    return (None, tag)
 
 
 def _namespace_to_prefix(tag):

From da2734b78f7d90137ceacf76aaae0dab36886589 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 15 Jun 2018 11:15:46 -0400
Subject: [PATCH 5/8] Remove newline at top of ssg/_parse_oval.py

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 ssg/_parse_oval.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ssg/_parse_oval.py b/ssg/_parse_oval.py
index b3fef9bfb33..d7238d525d0 100644
--- a/ssg/_parse_oval.py
+++ b/ssg/_parse_oval.py
@@ -1,4 +1,3 @@
-
 from __future__ import print_function
 
 from ssg._xml import ElementTree as ET

From 1d67737d983b0710f84a9dac666a996d1d391ee8 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 15 Jun 2018 12:51:18 -0400
Subject: [PATCH 6/8] Fix scrutinizer issues in ssg/_stig.py

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 ssg/_stig.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssg/_stig.py b/ssg/_stig.py
index f4da53c6ebc..15f07993a36 100644
--- a/ssg/_stig.py
+++ b/ssg/_stig.py
@@ -3,10 +3,9 @@
 import sys
 import csv
 
-from ssg._xml import ElementTree as ET
 from ssg._xml import parse_file as parse_xml_file
 from ssg._constants import XCCDF11_NS as xccdf_ns
-from ssg._constants import *
+from ssg._constants import disa_cciuri
 
 # This script creates a CSV file from an XCCDF file formatted in the
 # structure of a STIG.  This should enable its ingestion into VMS,
@@ -49,5 +48,6 @@ def main():
 
     sys.exit(0)
 
+
 if __name__ == "__main__":
     main()

From 8bc68d1448327bf3c233657778022d12daa64dc4 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 15 Jun 2018 12:56:07 -0400
Subject: [PATCH 7/8] Fix scrutinizer issues in ssg/_xml.py

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 ssg/_xml.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssg/_xml.py b/ssg/_xml.py
index 926f849f8ec..cf60fa54389 100644
--- a/ssg/_xml.py
+++ b/ssg/_xml.py
@@ -1,6 +1,6 @@
 import platform
 
-from ssg._constants import *
+from ssg._constants import xml_version, oval_header, timestamp
 
 
 try:

From 1d2a0e6d5245e2592ced7b5e00740751a82650cc Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 15 Jun 2018 12:58:29 -0400
Subject: [PATCH 8/8] Fix scrutinizer issues in ssg/_yaml.py

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 ssg/_yaml.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssg/_yaml.py b/ssg/_yaml.py
index d62b622bf87..00a17527ac3 100644
--- a/ssg/_yaml.py
+++ b/ssg/_yaml.py
@@ -3,8 +3,8 @@
 
 from ssg._jinja import _extract_substitutions_dict_from_template
 from ssg._jinja import _rename_items
-from ssg._jinja import *
-from ssg._constants import *
+from ssg._jinja import process_file
+from ssg._constants import PKG_MANAGER_TO_SYSTEM, JINJA_MACROS_DEFINITIONS
 
 try:
     from yaml import CSafeLoader as yaml_SafeLoader