codeaudit 0.5.3__py3-none-any.whl

codeaudit/simple.css

@@ -0,0 +1,200 @@
+/* Reset some default styles for consistency */
+/* GPLv3 - (c) Maikel Mardjan - simple works fine */
+
+* {
+    box-sizing: border-box;
+}
+
+/* Base container */
+.container {
+    max-width: 1200px;
+    margin: 0 auto;
+    padding: 0 10px;
+}
+
+/* Remove default margins/paddings */
+body,
+h1,
+h2,
+h3,
+p {
+    margin: 0;
+    padding: 0;
+}
+
+/* Body base styles */
+body {
+    font-family: Arial, Helvetica, sans-serif;
+    background-color: #FFFFFF;
+    color: #333;
+    line-height: 1.6;
+    padding: 30px;
+}
+
+/* Headings */
+h1, h2, h3 {
+    color: #ff0000; /* Set heading text color to red */
+}
+
+/* Headings */
+h1 {
+    font-size: 36px;
+    margin-bottom: 20px;
+}
+
+h2 {
+    font-size: 28px;
+    margin-bottom: 15px;
+}
+
+h3 {
+    font-size: 22px;
+    margin-bottom: 10px;
+}
+
+/* Paragraphs and links */
+p {
+    margin-bottom: 15px;
+}
+
+a {
+    color: black;
+    text-decoration: none;
+}
+
+a:hover {
+    text-decoration: underline;
+}
+
+/* Responsive images */
+img {
+    max-width: 100%;
+    height: auto;
+}
+
+/* Lists */
+ul,
+ol {
+    margin-left: 20px;
+    margin-bottom: 15px;
+}
+
+/* Buttons */
+.button {
+    display: inline-block;
+    padding: 10px 20px;
+    background-color: #007bff;
+    color: #fff;
+    text-decoration: none;
+    border: none;
+    cursor: pointer;
+    border-radius: 5px;
+}
+
+.button:hover {
+    background-color: #0056b3;
+}
+
+/* Footer */
+footer {
+    background-color: #333;
+    color: #fff;
+    text-align: center;
+    padding: 10px;
+}
+
+/* Tables */
+table {
+    border-collapse: collapse;
+    width: 100%;
+}
+
+th,
+td {
+    border: 1px solid #d8d8dd;
+    padding: 8px;
+    text-align: left;
+}
+
+/* Media queries for responsiveness */
+@media (max-width: 768px) {
+    header {
+        font-size: 24px;
+        padding: 15px;
+    }
+
+    h1 {
+        font-size: 28px;
+    }
+
+    h2 {
+        font-size: 24px;
+    }
+
+    h3 {
+        font-size: 20px;
+    }
+
+    .container {
+        padding: 0 10px;
+    }
+}
+
+/* Altair (Vega-Embed) tweaks */
+#vis.vega-embed {
+    width: 100%;
+    display: flex;
+}
+
+#vis.vega-embed details,
+#vis.vega-embed details summary {
+    position: relative;
+}
+
+/* Code blocks */
+pre {
+    font-size: 1.25em;        
+    border-radius: 5px;
+    overflow-x: auto;
+    width: 100%;
+    max-width: 600px;
+}
+
+/* Base style for Python code blocks */
+.language-python {
+    background-color: #2d2d2d;   /* dark gray background */
+    color: #f8f8f2;              /* light text */
+    font-family: Consolas, Monaco, 'Courier New', monospace;
+    font-size: 14px;
+    line-height: 1.5;
+    padding: 1em;
+    border-radius: 6px;
+    display: block;
+    overflow-x: auto;
+    white-space: pre;
+}
+
+footer {
+    background-color: #FFFFFF;
+    color: red;
+    text-align: center;
+    padding: 10px;
+  }
+
+.json-display {
+    background-color: #2d2d2d;   /* dark gray background */
+    color: #f8f8f2;              /* light text */
+    white-space: pre-wrap;         /* Preserves indentation & wraps lines */
+    word-wrap: break-word;         /* Breaks long words */
+    overflow-wrap: break-word;     /* Modern equivalent */    
+    font-family: Consolas, Monaco, 'Courier New', monospace;
+    font-size: 14px;
+    line-height: 1.5;
+    padding: 1em;
+    
+  }
+  
+
+/* nocxdataframe for table css */
+
+  

codeaudit/totals.py

@@ -0,0 +1,137 @@
+"""
+License GPLv3 or higher.
+
+(C) 2025 Created by Maikel Mardjan - https://nocomplexity.com/
+
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. 
+
+Simple checker reporting #source code, #comments in Python files
+"""
+
+import ast
+import warnings
+
+from codeaudit.filehelpfunctions import read_in_source_file , get_filename_from_path , collect_python_source_files
+from codeaudit.complexitycheck import calculate_complexity , count_static_warnings_in_file
+
+
+def count_ast_objects(source):
+    """
+    Counts AST nodes and objects.
+    This gives an indication of complexity and code maintainability.
+    Suppresses SyntaxWarnings like invalid escape sequences.
+    """
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=SyntaxWarning)
+        tree = ast.parse(source)
+
+    ast_nodes = 0 
+    ast_functions = 0 
+    ast_modules = 0 
+    ast_classes = 0 
+
+    for node in ast.walk(tree):
+        if hasattr(node, 'lineno') and isinstance(node, (ast.stmt, ast.Expr)):      
+            ast_nodes += 1
+        if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef)):
+            ast_functions += 1
+        if isinstance(node, (ast.Import, ast.ImportFrom)):
+            ast_modules += 1
+        if isinstance(node, ast.ClassDef):
+            ast_classes += 1        
+
+    result = {
+        'AST_Nodes': ast_nodes,
+        'Modules': ast_modules,
+        'Functions': ast_functions,
+        'Classes': ast_classes
+    }
+
+    return result
+
+
+def count_comment_lines(source):
+    """Counts lines with comments and all lines inside triple-double-quoted strings """
+    comment_lines = set()
+    lines = source.splitlines()
+    in_triple_double = False
+
+    for i, line in enumerate(lines, start=1):
+        stripped = line.strip()
+        # Check for triple-double-quote boundaries
+        if stripped.count('"""')  == 1:
+            # Start or end of a multiline string
+            in_triple_double = not in_triple_double
+            comment_lines.add(i)  # Count this line            
+        elif stripped.count('"""')  >= 2:
+            # Triple quotes open and close on the same line
+            comment_lines.add(i)            
+        elif in_triple_double:
+            comment_lines.add(i)            
+        elif line.startswith('#'):        
+            # Regular comment - note that inline comment are NOT counted as comment lines
+            comment_lines.add(i)
+    result = { 'Comment_Lines' : len(comment_lines)}      
+    return result
+
+def count_lines_iterate(filepath):
+    """
+    Counts the number of lines in a file by iterating through the file object.
+    This method is memory-efficient for large files.
+    """
+    count = 0
+    try:
+        with open(filepath, 'r') as f:
+            for line in f:
+                count += 1
+        return count
+    except FileNotFoundError:
+        print(f"Error: File not found at {filepath}")
+        return -1
+    except Exception as e:
+        print(f"An error occurred: {e}")
+        return -1
+
+    
+
+def get_statistics(directory):
+    """Get codeaudit statistics from source files in a directory"""
+    files_to_check = collect_python_source_files(directory)    
+    total_result = [] 
+    for python_file in files_to_check:
+        result = overview_per_file(python_file)       
+        total_result.append(result)
+    return total_result
+
+def overview_per_file(python_file):
+    """gets the overview per file."""
+    result ={}
+    source = read_in_source_file(python_file)
+    name_of_file = get_filename_from_path (python_file)
+    name_dict = { 'FileName' : name_of_file}
+    file_location = {'FilePath' : python_file}
+    number_of_lines = count_lines_iterate(python_file)
+    lines = {'Number_Of_Lines' : number_of_lines}
+    complexity_score = calculate_complexity(source)
+    complexity = {'Complexity_Score' : complexity_score}
+    warnings = count_static_warnings_in_file (python_file)
+    result = name_dict | file_location | lines | count_ast_objects(source) | count_comment_lines(source) | complexity | warnings # merge the dicts
+    return result
+
+
+
+def overview_count(df):
+    """returns a dataframe with simple overview of all files"""
+    columns_to_sum = ['Number_Of_Lines', 'AST_Nodes', 'Modules', 'Functions', 'Classes', 'Comment_Lines']
+    df_totals = df[columns_to_sum].sum().to_frame().T  # .T to make it a single row
+    total_number_of_files = df.shape[0]    
+    df_totals.insert(0, 'Number_Of_Files', total_number_of_files) #insert new column as first colum    
+    median_complexity = round(df['Complexity_Score'].mean(), 1)
+    df_totals['Median_Complexity'] = median_complexity
+    maximum_complexity = df['Complexity_Score'].max()
+    df_totals['Maximum_Complexity'] = maximum_complexity
+    return df_totals

codeaudit-0.5.3.dist-info/METADATA

@@ -0,0 +1,156 @@
+Metadata-Version: 2.4
+Name: codeaudit
+Version: 0.5.3
+Summary: Simplified static security checks for Python 
+Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
+Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
+Project-URL: Source, https://github.com/nocomplexity/codeaudit
+Author-email: Maikel Mardjan <mike@bm-support.org>
+License-Expression: GPL-3.0-or-later
+License-File: LICENSE.txt
+Classifier: Development Status :: 4 - Beta
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Requires-Python: >=3.8
+Requires-Dist: altair>=5.5
+Requires-Dist: fire>=0.7.0
+Requires-Dist: pandas>=2.3
+Description-Content-Type: text/markdown
+
+# codeaudit
+
+[![PyPI - Version](https://img.shields.io/pypi/v/codeaudit.svg)](https://pypi.org/project/codeaudit)
+[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/codeaudit.svg)](https://pypi.org/project/codeaudit)
+
+Codeaudit - A modern Python source code analyzer based on distrust.
+
+Codeaudit is a tool designed to find security issues in Python code. This static application security testing (SAST) tool has great features to simplify the necessary security tasks and make it fun and easy. 
+
+This tool is created for:
+* Anyone who want or must check security risks with Python programs.
+* Anyone who loves to create functionality using Python. So not only professional programs , but also occasional Python programmers or programmers who are used to working with other languages.
+* Anyone who wants an easy way to get insight in possible security risks Python programs.
+
+
+> [!WARNING]
+> Codeaudit is still is currently in *beta status*. There are still bugs in the software that need to be fixed. Consider [contributing](CONTRIBUTING.md) to make Codeaudit a cool modern Python SAST tool. Codeaudit is currently in a thorough testing period and changes and fixes are frequently applied. 
+
+## Features
+
+Codeaudit has the following features:
+
+* Detecting and reporting potential vulnerabilities of from all Python files collected in a directory. This is a must **do** check when researching python packages on possible security issues.
+
+*  Detect and reports complexity and statistics relevant for security per Python file or from Python files found in a directory. 
+
+* Codeaudit implements a light weight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) using Python’s Abstract Syntax Tree module. The codeaudit implemented check is by far good enough for determining security risks in Python files very quick!
+
+
+*  Detect and reports which module are used within a Python file. Also vulnerability information found from used external modules is shown.
+
+*  Detecting and reporting potential vulnerability issues within a Python file. Per detected issue the line number shown, with the lines that *could* cause a security issue.
+
+* All output is saved in simple static HTML-reports. These reports can be examined in every browser. 
+
+
+> [!IMPORTANT]
+> Codeaudit uses the Python's Abstract Syntax Tree (AST) to get robust and reliable result. Using the Python AST makes contextual Vulnerability Detection possible and false positive are minimized.
+
+
+## Installation
+
+```console
+pip install codeaudit
+```
+
+or use:
+
+```bash
+pip install -U codeaudit
+```
+
+If you have installed Codeaudit in the past and want to make sure you use the latest checks and features.
+
+## Usage
+
+After installation you can get an overview of all implemented commands. Just type in your terminal:
+
+```text
+codeaudit
+```
+
+This will show all commands:
+
+```text
+--------------------------------------------------
+   _____          _                      _ _ _   
+  / ____|        | |                    | (_) |  
+ | |     ___   __| | ___  __ _ _   _  __| |_| |_ 
+ | |    / _ \ / _` |/ _ \/ _` | | | |/ _` | | __|
+ | |___| (_) | (_| |  __/ (_| | |_| | (_| | | |_ 
+  \_____\___/ \__,_|\___|\__,_|\__,_|\__,_|_|\__|
+--------------------------------------------------
+
+Codeaudit - Modern Python source code analyzer based on distrust.
+
+Commands to evaluate Python source code:
+Usage: codeaudit COMMAND [PATH or FILE]  [OUTPUTFILE] 
+
+Depending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.
+
+Commands:
+  overview             Reports Complexity and statistics per Python file from a directory.
+  modulescan           Reports module information per file.
+  filescan             Reports potential security issues for a single Python file.
+  directoryscan        Reports potential security issues for all Python files found in a directory.
+  checks               Generate an HTML report of all implemented codeaudit security checks.
+  version              Prints the module version. Use [-v] [--v] [-version] or [--version].
+
+Use the Codeaudit documentation to check the security of Python programs and make your Python programs more secure!
+Check https://simplifysecurity.nocomplexity.com/ 
+```
+
+## Example
+
+By running the `codeaudit filescan` command, detailed security information is determined for a Python file based on more than **60 validations** implemented. 
+
+The `codeaudit filescan` command shows all **potential** security issues that are detected in the source file in a HTML-report.
+
+Per line a the in construct that can cause a security risks is shown, along with the relevant code lines where the issue is detected.
+
+To scan a Python file on possible security issues, do:
+
+```
+codeaudit filescan ./codeaudit/tests/validationfiles/allshit.py 
+Codeaudit report file created!
+Check the report file: file:///home/jamesbrown/tmp/codeaudit-report.html
+```
+
+![Example view of filescan report](filescan.png)
+
+
+## Contributing
+
+All contributions are welcome! Think of corrections on the documentation, code or more and better tests.
+
+Simple Guidelines:
+
+* Questions, Feature Requests, Bug Reports please use on the Github Issue Tracker.
+
+**Pull Requests are welcome!** 
+
+When you contribute to Codeaudit, your contributions are made under the same license as the file you are working on. 
+
+
+> [!NOTE]
+> This is an open community driven project. Contributors will be mentioned in the documentation.
+
+We adopt the [Collective Code Construction Contract(C4)](https://rfc.zeromq.org/spec/42/) to streamline collaboration.
+
+## License
+
+
+`codeaudit` is distributed under the terms of the [GPL-3.0-or-later](https://spdx.org/licenses/GPL-3.0-or-later.html) license.
+
+

codeaudit-0.5.3.dist-info/RECORD

@@ -0,0 +1,19 @@
+codeaudit/__about__.py,sha256=rgYySBYwOF29ZZo8euSGDDMVqO7c0NkbOpyk6Sq-zVY,144
+codeaudit/__init__.py,sha256=YGs6qU0BVHPGtXCS-vfBDLO4TOfJDLTWMgaFDTmi_Iw,157
+codeaudit/altairplots.py,sha256=VvlxOwYJS40TerP0Wee1KjOF1sdVTyBtkxDIaNF7VUc,2046
+codeaudit/checkmodules.py,sha256=GdGyF5wTdSipkCCdrTTRqRM0et2G5Dcv-pTetr5nbks,3505
+codeaudit/codeaudit.py,sha256=LYaCMVXyEncq-zqBYAvUrlu7ivgQMBdgWJjtO-h2vX4,3606
+codeaudit/complexitycheck.py,sha256=fMwDjFcbqJpqgF7uh5f29XqmacUsd0lOO5tHje2fiVM,3735
+codeaudit/filehelpfunctions.py,sha256=RzN8aW2el-WG8ocAUVomGLzRgp9AVdcjnpw92d93XVU,3739
+codeaudit/htmlhelpfunctions.py,sha256=sps5voMc6v_GX5sRhxiS0w2kzdhDkH7Wqt9MZTTCjvk,2982
+codeaudit/issuevalidations.py,sha256=bluJKFbs3fEkzR4hzwZWQXTJBxyCpNTNgtaq-eutVfw,5594
+codeaudit/reporting.py,sha256=h0751seo_qRoY8dEpVsQDlG51jDLsaK3uBcqSFqXHJU,19723
+codeaudit/security_checks.py,sha256=n_FMF2b--vpkX3E4wvFcXr9pJO-_sdUq2NHuj6mvMvw,2208
+codeaudit/simple.css,sha256=QyqcZKLqj4JXByTskabrOEJYfn2L2o8XfTLyeO1RxeI,3210
+codeaudit/totals.py,sha256=JnPh47NJh1X7nzz6K6gyh1UbCnNRQlV74Wu-cd63ZMU,5297
+codeaudit/data/sastchecks.csv,sha256=8bG0jaiG2bHYYOl1kApF4K1P1-aTG3fK0X-lU5J72Qw,6533
+codeaudit-0.5.3.dist-info/METADATA,sha256=EgviHwzybyuL44EdiOcPl-unoaf3HjCB6KE0rpUDLaA,6563
+codeaudit-0.5.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+codeaudit-0.5.3.dist-info/entry_points.txt,sha256=7w6I8zii62nJHIIF30CRP5g1z8enMqF1pZEDdlw4HcQ,55
+codeaudit-0.5.3.dist-info/licenses/LICENSE.txt,sha256=-5gWaMGKJ54oX8TYP7oeg2zITdTapzyWl9PP0tispuA,34674
+codeaudit-0.5.3.dist-info/RECORD,,

codeaudit-0.5.3.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.27.0
+Root-Is-Purelib: true
+Tag: py3-none-any

codeaudit-0.5.3.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+codeaudit = codeaudit.codeaudit:main