codeaudit 0.5.5__tar.gz → 0.6.0__tar.gz

{codeaudit-0.5.5 → codeaudit-0.6.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 0.5.5
+Version: 0.6.0
 Summary: Simplified static security checks for Python 
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -26,10 +26,11 @@ Description-Content-Type: text/markdown
 
 # Codeaudit
 
-![CodeauditLogo](docs/images/codeauditlogo.png)
+![CodeauditLogo](https://github.com/nocomplexity/codeaudit/raw/main/docs/images/codeauditlogo.png)
 
 [![PyPI - Version](https://img.shields.io/pypi/v/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/codeaudit.svg)](https://pypi.org/project/codeaudit)
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10970/badge)](https://www.bestpractices.dev/projects/10970)
 
 Python Codeaudit - A modern Python source code analyzer based on distrust.
 
@@ -42,24 +43,22 @@ This tool is created for:
 
 
 > [!WARNING]
-> Python Codeaudit is currently in *beta status*. Consider [contributing](CONTRIBUTING.md) to make Codeaudit the coolest open source Python SAST tool. Codeaudit is currently in a thorough testing phase. So use the Codeaudit now to and contribute to make it better!
+> Python Codeaudit is currently in *beta status*. Consider [contributing](CONTRIBUTING.md) to make Codeaudit the coolest open source Python SAST tool. Codeaudit is currently in a thorough testing phase. Use Python Codeaudit now and contribute to make it better!
 
 ## Features
 
 Python Codeaudit has the following features:
 
-* Detecting and reporting potential vulnerabilities of from all Python files collected in a directory. This is a must **do** check when researching python packages on possible security issues.
+* **Vulnerability Detection**: Identifies security vulnerabilities in Python files, essential for package security research.
 
-*  Detect and reports complexity and statistics relevant for security per Python file or from Python files found in a directory. 
+* **Complexity & Statistics**: Reports security-relevant complexity using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count via Python's AST.
 
-* Python Codeaudit implements a light weight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count, using Python’s Abstract Syntax Tree module. The codeaudit complexity check is designed to determine security risks in Python files very quick!
+* **Module Usage & External Vulnerabilities**: Detects used modules and reports vulnerabilities in external ones.
 
+* **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
 
-*  Detect and reports which module are used within a Python file. Also vulnerability information found from used external modules is reported.
+* **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
 
-*  Detecting and reporting potential vulnerability issues within a Python file. Per detected issue the line number shown, with the lines that *could* cause a security issue.
-
-* All output is saved in simple static HTML-reports. These reports can be examined in every browser. 
 
 
 > [!IMPORTANT]
@@ -129,10 +128,16 @@ Per line a the in construct that can cause a security risks is shown, along with
 
 To scan a Python file on possible security issues, do:
 
-```
-codeaudit filescan ./codeaudit/tests/validationfiles/allshit.py 
+```bash
+codeaudit filescan ../codeaudit/tests/validationfiles/allshit.py 
+
+=====================================================================
 Codeaudit report file created!
-Check the report file: file:///home/jamesbrown/tmp/codeaudit-report.html
+Paste the line below directly into your browser bar:
+	file:///home/usainbolt/tmp/codeaudit-report.html
+
+=====================================================================
+
 ```
 
 ![Example view of filescan report](filescan.png)

{codeaudit-0.5.5 → codeaudit-0.6.0}/README.md

@@ -1,9 +1,10 @@
 # Codeaudit
 
-![CodeauditLogo](docs/images/codeauditlogo.png)
+![CodeauditLogo](https://github.com/nocomplexity/codeaudit/raw/main/docs/images/codeauditlogo.png)
 
 [![PyPI - Version](https://img.shields.io/pypi/v/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/codeaudit.svg)](https://pypi.org/project/codeaudit)
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10970/badge)](https://www.bestpractices.dev/projects/10970)
 
 Python Codeaudit - A modern Python source code analyzer based on distrust.
 
@@ -16,24 +17,22 @@ This tool is created for:
 
 
 > [!WARNING]
-> Python Codeaudit is currently in *beta status*. Consider [contributing](CONTRIBUTING.md) to make Codeaudit the coolest open source Python SAST tool. Codeaudit is currently in a thorough testing phase. So use the Codeaudit now to and contribute to make it better!
+> Python Codeaudit is currently in *beta status*. Consider [contributing](CONTRIBUTING.md) to make Codeaudit the coolest open source Python SAST tool. Codeaudit is currently in a thorough testing phase. Use Python Codeaudit now and contribute to make it better!
 
 ## Features
 
 Python Codeaudit has the following features:
 
-* Detecting and reporting potential vulnerabilities of from all Python files collected in a directory. This is a must **do** check when researching python packages on possible security issues.
+* **Vulnerability Detection**: Identifies security vulnerabilities in Python files, essential for package security research.
 
-*  Detect and reports complexity and statistics relevant for security per Python file or from Python files found in a directory. 
+* **Complexity & Statistics**: Reports security-relevant complexity using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count via Python's AST.
 
-* Python Codeaudit implements a light weight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count, using Python’s Abstract Syntax Tree module. The codeaudit complexity check is designed to determine security risks in Python files very quick!
+* **Module Usage & External Vulnerabilities**: Detects used modules and reports vulnerabilities in external ones.
 
+* **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
 
-*  Detect and reports which module are used within a Python file. Also vulnerability information found from used external modules is reported.
+* **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
 
-*  Detecting and reporting potential vulnerability issues within a Python file. Per detected issue the line number shown, with the lines that *could* cause a security issue.
-
-* All output is saved in simple static HTML-reports. These reports can be examined in every browser. 
 
 
 > [!IMPORTANT]
@@ -103,10 +102,16 @@ Per line a the in construct that can cause a security risks is shown, along with
 
 To scan a Python file on possible security issues, do:
 
-```
-codeaudit filescan ./codeaudit/tests/validationfiles/allshit.py 
+```bash
+codeaudit filescan ../codeaudit/tests/validationfiles/allshit.py 
+
+=====================================================================
 Codeaudit report file created!
-Check the report file: file:///home/jamesbrown/tmp/codeaudit-report.html
+Paste the line below directly into your browser bar:
+	file:///home/usainbolt/tmp/codeaudit-report.html
+
+=====================================================================
+
 ```
 
 ![Example view of filescan report](filescan.png)

{codeaudit-0.5.5 → codeaudit-0.6.0}/docs/codeauditcommands.md

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Overview of Codeaudit commands
-Codeaudit commands for: version: 0.5.4
+Codeaudit commands for: version: 0.5.5
 ```
 --------------------------------------------------
    _____          _                      _ _ _   

codeaudit-0.6.0/docs/features.md

@@ -0,0 +1,54 @@
+# Features
+
+Codeaudit is a modern Python source code analyzer based on distrust.
+
+:::{admonition} This Python Code Audit tool has the following features:
+:class: tip
+
+
+* **Vulnerability Detection**: Identifies security vulnerabilities in Python files, essential for package security research.
+
++++
+
+* **Complexity & Statistics**: Reports security-relevant complexity using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count via Python's AST.
+
++++
+
+* **Module Usage & External Vulnerabilities**: Detects used modules and reports vulnerabilities in external ones.
+
+
++++
+* **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
+
+
++++
+* **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
+
+
+:::
+
+
+More in detph outlined:
+
+Codeaudit has the following features:
+*  Detect and reports complexity and statistics per Python file or from a directory. Collected statistics are: 
+    * Number_Of_Files
+    * Number_Of_Lines
+    * AST_Nodes
+    * Number of used modules 
+    * Functions
+    * Classes
+    * Comment_Lines
+
+* All statistics are gathered per Python file. A summary is given for the inspected directory.
+
+*  Detect and reports which module are used within a Python file.
+
+*  Reports valuable known security information on used modules.
+
+*  Detecting and reporting **potential vulnerability issues** within a Python file.
+Per detected issue the line number is given, along with the lines that *could* cause a security issue.
+
+
+* Detecting and reporting potential vulnerabilities from all Python files collected in a directory.
+This is typically a must check when researching python packages on possible security issues.

codeaudit-0.6.0/docs/intro.md

@@ -0,0 +1,51 @@
+# Introduction
+
+![CodeauditLogo](images/codeauditlogo.png)
+
+Codeaudit is a Python Static Application Security Testing (SAST) tool to find **potential security issues** in Python source files.
+
+Codeaudit is designed to be:
+* Simple to use.
+* Simple to extend for various use cases.
+* Powerful to determine *potential* security issues within Python code.
+
+## Features
+:::{admonition} This Python Code Audit tool has the following features:
+:class: tip
+
+
+* **Vulnerability Detection**: Identifies security vulnerabilities in Python files, essential for package security research.
+
++++
+
+* **Complexity & Statistics**: Reports security-relevant complexity using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count via Python's AST.
+
++++
+
+* **Module Usage & External Vulnerabilities**: Detects used modules and reports vulnerabilities in external ones.
+
+
++++
+* **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
+
+
++++
+* **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
+
+
+:::
+
+
+
+## Background
+
+There are not many good FOSS SAST tools for Python available. A good one is `Bandit`. However this `Bandit` has some constrains that makes the use not simple and lacks crucial but needed validations from a security perspective!
+
+
+:::{note}
+This `codeaudit` tool is designed to be fast and simple and easy to maintain library that can be extended for future needs.
+:::
+
+
+```{tableofcontents}
+```

{codeaudit-0.5.5 → codeaudit-0.6.0}/docs/userguide.md

@@ -14,8 +14,11 @@ or use:
 pip install -U codeaudit
 ```
 
-If you have installed Codeaudit in the past and want to make sure you use the latest checks and features.
+If you have installed Python Codeaudit in the past and want to make sure you use the latest checks and features.
 
+:::{hint} 
+It is recommended to use `pip` for installation. `Hatch` is used for packaging. By default [`Hatch`](https://hatch.pypa.io/latest/config/build/#reproducible-builds) supports [reproducible builds](https://nocomplexity.com/documents/securityarchitecture/prevention/reproduciblebuilds.html#reproducible-builds).
+:::
 
 ## CodeAudit commands
 

{codeaudit-0.5.5 → codeaudit-0.6.0}/docs/whysast.md

@@ -1,24 +1,32 @@
 # Why Security testing on code
 
-Static Application Security Testing (SAST) for Python is a **MUST**.
-
 :::{note} 
-Static application security testing(SAST) for python source code is a MUST:
-1. Prevent security issues when creating Python software.
-2. Inspect Python code (packages, modules, etc) from other before running.
+Static application security testing(SAST) for python source code is a MUST!
+
+1. To prevent security issues when creating Python software and
+2. To inspect downloaded Python software (packages, modules, etc) before running.
 :::
 
 
-Python is for one of the most used programming language to date. Especially in the AI/ML world and the cyber security world, most tools are based on Python programs. This is a consequence of the fact that the Python programming language is simple use for problem solving. And programming is fundamentally about problem-solving. 
+Python is for one of the most used programming language to date. Especially in the AI/ML world and the cyber security world, most tools are based on Python programs. 
 
 Large and small businesses use and trust Python to run their business. Python is from security perspective a **good** choice. However even when using Python the risk on security issues is never zero.
 
-When creating solutions for problems creating new cyber security problems is never on the list. But creating secure software is not simple. 
+When creating solutions practicing [Security-By-Design](https://nocomplexity.com/documents/securitybydesign/intro.html) to prevent security issues is too often not the standard way-of-working. 
+
+:::{warning} 
+Creating secure software by design is not simple. 
+:::
+
 
-So when you create software that in potential will be used by others and will be run on different systems than yours **MUST** take security into account.
+When you create software that in potential will be used by others you **MUST** take security into account.
 
+:::{tip} 
 Static application security testing (SAST) tools , like this `codeaudit` program **SHOULD BE** used to prevent security risks or be aware of potential risks that comes with running the software.
 
+:::
+
+
 This `codeaudit` SAST tool is an advanced tool to automate reviewing source code of Python software to identify sources of potential security issues.
 
 At a function level, `codeaudit` makes use of a common technique to scan the `python` source files by making use of 'Abstract Syntax Tree' to do indepth checks of in potential vulnerable constructs. 

{codeaudit-0.5.5 → codeaudit-0.6.0}/src/codeaudit/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Maikel Mardjan <mike@bm-support.org>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
-__version__ = "0.5.5"
+__version__ = "0.6.0"

codeaudit-0.5.5/docs/features.md

@@ -1,27 +0,0 @@
-# Features
-
-Codeaudit is a modern Python source code analyzer based on distrust.
-
-Codeaudit has the following features:
-*  Detect and reports complexity and statistics per Python file or from a directory. Collected statistics are: 
-    * Number_Of_Files
-    * Number_Of_Lines
-    * AST_Nodes
-    * Number of used modules 
-    * Functions
-    * Classes
-    * Comment_Lines
-
-All statistics are gathered per Python file. A summary  is given for the inspected directory.
-
-*  Detect and reports which module are used within a Python file.
-
-
-
-*  Detecting and reporting potential vulnerability issues within a Python file.
-Per detected issue the line number is given, along with the lines that *could* cause a security issue.
-
-
-
-* Detecting and reporting potential vulnerabilities of from all Python files collected in a directory.
-This is typically a must check when researching python packages on possible security issues.

codeaudit-0.5.5/docs/intro.md

@@ -1,43 +0,0 @@
-# Introduction
-
-![CodeauditLogo](images/codeauditlogo.png)
-
-Codeaudit is a Python Static Application Security Testing (SAST) tool to find **potential security issues** in Python source files.
-
-Codeaudit is designed to be:
-* Simple to use.
-* Simple to extend for various use cases.
-* Powerful to determine *potential* security issues within Python code.
-
-## Features
-:::{admonition} This Python Code Audit tool has the following features:
-:class: tip
-
-* Detecting and reporting potential vulnerabilities of from all Python files collected in a directory. This is a must **do** check when researching python packages on possible security issues.
-
-*  Detect and reports complexity and statistics relevant for security per Python file or from Python files found in a directory. 
-
-* Codeaudit implements a light weight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) using Python’s Abstract Syntax Tree module. The codeaudit implemented check is by far good enough for determining security risks in Python files very quick!
-
-
-*  Detect and reports which module are used within a Python file. Also vulnerability information found from used external modules is shown.
-
-*  Detecting and reporting potential vulnerability issues within a Python file. Per detected issue the line number shown, with the lines that *could* cause a security issue.
-
-* All output is saved in simple static HTML-reports. These reports can be examined in every browser. 
-:::
-
-
-
-## Background
-
-There are not many FOSS SAST tools for Python available that are simple. The most used and certainly a good one is `Bandit`. However this `Bandit` has some constrains that makes the use not simple and lacks crucial but needed validations.
-
-
-:::{note}
-This `codeaudit` tool is designed to be fast and simple and easy to maintain library that can be extended for future needs.
-:::
-
-
-```{tableofcontents}
-```