From bdc3aa2d64fb299e83dc5f9ca3408135cd5b6b03 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 26 Jan 2026 15:03:14 -0600 Subject: [PATCH 1/6] re.M to re.MULTILINE For clarity --- ssg/ansible.py | 4 ++-- tests/test_machine_only_rules.py | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ssg/ansible.py b/ssg/ansible.py index 4a92ba3b0c68..6a278c06c43d 100644 --- a/ssg/ansible.py +++ b/ssg/ansible.py @@ -68,7 +68,7 @@ def remove_too_many_blank_lines(ansible_src): Returns: str: The modified string with excessive blank lines reduced. """ - return re.sub(r'\n{4,}', '\n\n\n', ansible_src, 0, flags=re.M) + return re.sub(r'\n{4,}', '\n\n\n', ansible_src, 0, flags=re.MULTILINE) def remove_trailing_whitespace(ansible_src): @@ -82,7 +82,7 @@ def remove_trailing_whitespace(ansible_src): str: The Ansible source code with trailing whitespace removed from each line. """ - return re.sub(r'[ \t]+$', '', ansible_src, 0, flags=re.M) + return re.sub(r'[ \t]+$', '', ansible_src, 0, flags=re.MULTILINE) package_facts_task = collections.OrderedDict([ diff --git a/tests/test_machine_only_rules.py b/tests/test_machine_only_rules.py index b2ac0648263c..6cbcbdb72f42 100755 --- a/tests/test_machine_only_rules.py +++ b/tests/test_machine_only_rules.py @@ -11,15 +11,15 @@ BASH_MACHINE_CONDITIONAL = re.compile( - r'^.*\[ ! -f /.dockerenv \] && \[ ! -f /run/.containerenv \].*$', re.M) + r'^.*\[ ! -f /.dockerenv \] && \[ ! -f /run/.containerenv \].*$', re.MULTILINE) ANSIBLE_MACHINE_CONDITIONAL = re.compile( r'ansible_virtualization_type not in \["docker",\s+"lxc",\s+"openvz",\s+"podman",\s+' + r'"container"\]', - re.M) + re.MULTILINE) MACHINE_PLATFORM_ONE_LINE = re.compile( - r'^\s*platform:\s+machine\s*$', re.M) + r'^\s*platform:\s+machine\s*$', re.MULTILINE) MACHINE_PLATFORM_MULTILINE = re.compile( - r'^\s*platforms:\s*\n(\s+-\s+.*machine.*)+', re.M) + r'^\s*platforms:\s*\n(\s+-\s+.*machine.*)+', re.MULTILINE) def main(): From 0765d410f0fcd30137fb756b1923e4e3f58f82b7 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 26 Jan 2026 15:05:21 -0600 Subject: [PATCH 2/6] Remove empty strings in print --- tests/assert_reference_unique.py | 2 +- utils/mod_checks.py | 4 ++-- utils/mod_fixes.py | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/assert_reference_unique.py b/tests/assert_reference_unique.py index 0f785b0e41cd..442d0f57d20c 100755 --- a/tests/assert_reference_unique.py +++ b/tests/assert_reference_unique.py @@ -59,7 +59,7 @@ def print_refs(ref: str, refs_found: RefsFoundType) -> bool: filenames = refs_found[dup] if len(filenames) > 1: okay = False - print("", file=sys.stderr) + print(file=sys.stderr) print(f"{ref} {dup} is included in files: ", file=sys.stderr) for filename in sorted(filenames): print(f" - {filename}", file=sys.stderr) diff --git a/utils/mod_checks.py b/utils/mod_checks.py index 19ecb5cca635..5b299147bef9 100755 --- a/utils/mod_checks.py +++ b/utils/mod_checks.py @@ -42,7 +42,7 @@ def list_platforms(rule_obj): for product in sorted(oval.get('products', [])): print(" - %s" % product) - print("") + print() print("Actual platforms:") for oval_id in sorted(rule_obj.get('ovals', {})): @@ -54,7 +54,7 @@ def list_platforms(rule_obj): for platform in platforms: print(" - %s" % platform) - print("") + print() def add_platforms(rule_obj, platforms): diff --git a/utils/mod_fixes.py b/utils/mod_fixes.py index 3dc665ee5834..25fab6925c2c 100755 --- a/utils/mod_fixes.py +++ b/utils/mod_fixes.py @@ -44,7 +44,7 @@ def list_platforms(rule_obj, lang): for product in sorted(fix.get('products', [])): print(" - %s" % product) - print("") + print() print("Actual platforms:") for rule_id in sorted(rule_obj['remediations'].get(lang, {})): @@ -56,7 +56,7 @@ def list_platforms(rule_obj, lang): for platform in platforms: print(" - %s" % platform) - print("") + print() def add_platforms(rule_obj, lang, platforms): From b0f63605710099d6e6c34a527b271d455cad56cc Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 26 Jan 2026 15:13:15 -0600 Subject: [PATCH 3/6] Convert conditional assign to remove prefix --- ssg/build_guides.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ssg/build_guides.py b/ssg/build_guides.py index c13f920be794..cbe8fdd1c6f0 100644 --- a/ssg/build_guides.py +++ b/ssg/build_guides.py @@ -123,9 +123,7 @@ def _is_skipped_profile(profile_id): def _get_guide_filename(path_base, profile_id, benchmark_id, benchmarks): profile_id_for_path = "default" if not profile_id else profile_id benchmark_id_for_path = benchmark_id - if benchmark_id_for_path.startswith(OSCAP_DS_STRING): - benchmark_id_for_path = \ - benchmark_id_for_path[len(OSCAP_DS_STRING):] + benchmark_id_for_path = benchmark_id_for_path.removeprefix(OSCAP_DS_STRING) if len(benchmarks) == 1 or len(benchmark_id_for_path) == len("RHEL-X"): # treat the base RHEL benchmark as a special case to preserve From ec0f0b0e42341b538341d34778294f76b5f60d1a Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 26 Jan 2026 15:17:10 -0600 Subject: [PATCH 4/6] Convert remove .readlines() on looping over a file Should be more memory efficient --- tests/cces-removed.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cces-removed.py b/tests/cces-removed.py index d4705dfd1aa2..1f3f956b3f15 100755 --- a/tests/cces-removed.py +++ b/tests/cces-removed.py @@ -43,7 +43,7 @@ def _get_cces_in_use(data: dict, products: str) -> Set[str]: def _get_avail_cces(cce_list: str) -> Set[str]: avail_cces: Set[str] = set() with open(cce_list) as f: - for line in f.readlines(): + for line in f: avail_cces.add(line.strip()) return avail_cces From 9d009cc7a3cc6df2c7066fec9b9ca2afd846c578 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 26 Jan 2026 15:17:35 -0600 Subject: [PATCH 5/6] Move some printing to list comprehension --- ssg/build_remediations.py | 3 +-- ssg/playbook_builder.py | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py index 3756992c7825..004123133321 100644 --- a/ssg/build_remediations.py +++ b/ssg/build_remediations.py @@ -535,8 +535,7 @@ def write_fix_to_file(fix, file_path): """ fix_contents, config = fix with open(file_path, "w") as f: - for k, v in config.items(): - f.write("# %s = %s\n" % (k, v)) + f.writelines("# %s = %s\n" % (k, v) for k, v in config.items()) f.write(fix_contents) diff --git a/ssg/playbook_builder.py b/ssg/playbook_builder.py index 0be06e2adf43..2d72436d8bd9 100644 --- a/ssg/playbook_builder.py +++ b/ssg/playbook_builder.py @@ -165,8 +165,7 @@ def create_playbook(self, snippet_path, rule_id, variables, playbook_path = os.path.join(output_dir, rule_id + ".yml") with open(playbook_path, "w") as playbook_file: # write remediation metadata (complexity, strategy, etc.) first - for k, v in fix.config.items(): - playbook_file.write("# %s = %s\n" % (k, v)) + playbook_file.writelines("# %s = %s\n" % (k, v) for k, v in fix.config.items()) ssg.yaml.ordered_dump( playbook, playbook_file, default_flow_style=False ) From c5ac76d9ffe1351c115cfb75251033a77f73e980 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 26 Jan 2026 15:17:47 -0600 Subject: [PATCH 6/6] Add refurb to ruff config --- ruff.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/ruff.toml b/ruff.toml index d5e89e0e13c1..9f8918f84860 100644 --- a/ruff.toml +++ b/ruff.toml @@ -11,6 +11,7 @@ select = [ "T10", # flake8-debugger "PLE", # pylint-error "YTT", # flake8-2020 + "FURB", # refurb ] ignore = [