openscap_api.xccdf.benchmark_import benchmark.get_results() crash at NameError on RHEL 8

  • Whenever a user is trying to interpret oscap evaluated system results crash happens
  • These are steps to reproduce on RHEL-8 system.
    1] Install openscap and related packages.
# yum install openscap openscap-python3 scap-security-guide

2] Create a python file to interpret the scan results.

# vim /root/
import openscap_api

benchmark = openscap_api.xccdf.benchmark_import("/tmp/scap-results.xml")

# Print the ID to show that simple characters work
print("Title is: {0}".format(benchmark.get_id()))

# Print the results array to show that arrays also work and show the number of items to show that this is a python array
results = benchmark.get_results()
print("Number of items: {0}".format(len(results)))

3] Scan the system using oscap.

# oscap xccdf eval --results /tmp/scap-results.xml --profile xccdf_org.ssgproject.content_profile_ospp /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml

4] Interpret the results using script earlier and see the Exception.

# python3
Title is: xccdf_org.ssgproject.content_benchmark_RHEL-8
Traceback (most recent call last):
  File "", line 17, in <module>
    results = benchmark.get_results()
  File "/usr/lib64/python3.6/site-packages/", line 196, in __getter_wrapper
  File "/usr/lib64/python3.6/site-packages/", line 89, in generate
    while iterator.has_more():
  File "/usr/lib64/python3.6/site-packages/", line 277, in __call__
    raise NameError("name '"+self.object+"' is not defined")
NameError: name 'wig Object of type 'struct xccdf_result_iterator *' at 0x7f7f7dc20090>_has_more' is not defined
Exception ignored in: <bound method OSCAP_List.__del__ of []>
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/", line 81, in __del__
  File "/usr/lib64/python3.6/site-packages/", line 314, in free
    raise Exception("Can't free %s" % (self.object,))
Exception: Can't free wig Object of type 'struct xccdf_result_iterator *' at 0x7f7f7dc20090>


  • Red Hat Enterprise Linux 8.X

