codeaudit 0.8.0__tar.gz → 0.9.0__tar.gz

{codeaudit-0.8.0 → codeaudit-0.9.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 0.8.0
+Version: 0.9.0
 Summary: Simplified static security checks for Python 
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/codeauditchecks.md

@@ -1,4 +1,4 @@
-# Codeaudit checks
+# Command `codeaudit checks`
 
 The Codeaudit checks command creates a report with all security validation implemented for that are used for the `filescan` or `directory` scan commands. 
 

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/codeauditcommands.md

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Overview of Codeaudit commands
-Codeaudit commands for: version: 0.7.0
+Codeaudit commands for: version: 0.8.0
 ```
 --------------------------------------------------
    _____          _                      _ _ _   
@@ -20,9 +20,9 @@ Depending on the command, a directory or file name must be specified. The output
 
 Commands:
   overview             Reports Complexity and statistics per Python file from a directory.
-  modulescan           Reports module information per file.
-  filescan             Reports potential security issues for a single Python file.
   directoryscan        Reports potential security issues for all Python files found in a directory.
+  filescan             Reports potential security issues for a single Python file.
+  modulescan           Reports module information per file.
   checks               Generate an HTML report of all implemented codeaudit security checks.
   version              Prints the module version. Use [-v] [--v] [-version] or [--version].
 

codeaudit-0.9.0/docs/codeauditoverview.md

@@ -0,0 +1,78 @@
+
+# Command `codeaudit overview`
+
+The command:
+
+```
+codeaudit overview
+```
+is created to give a quick insights in possible security concerns.
+
+For every Python file the following **security** relevant statistics are determined:
+
+* **Number Of Code Lines**: Too many Lines Of Code (LoC) means a higher risk. Large code bases require a lot of effort to keep the security risks manageable. A large number of LoCs (Lines Of Code) means extra effort for maintenance there is a severe risks that new features or fixes will introduce new security risks.
+
+* **Number of AST_Nodes**: Codeaudit calculates the number or 'AST Nodes' based on creating an Abstract Syntax Tree (AST) of a file. This to give a solid insight in the complexity of Python source code. Code Audit does not simply counts nodes, but complexity is determined by an algorithm where e.g. the number of `if-else` loops is counted and weighted. More information about complexity can be found in the section [Codeaudit complexity Check](complexitycheck).
+
+* **Number of Modules**: A high the number of used modules used within a Python file can mean more security risks. This since there are more dependencies to manage. To get more insight in modules used in a Python file you **SHOULD** use the `codeaudit modulescan` command!
+
+* **Number of Functions**. There is no such thing as a perfect architecture for Python programs. However there are many programs that are simple **bad** designed. Too many functions in one Python file in combination with one of the other statistics is an indication for possible security risks.
+
+* **Number of Classes**. 
+
+* **Number of Comment_Lines**. Python files with too little or too many comment lines can have impact on maintenance from a security point of view. 
+
+* **Complexity_Score**: Per file the complexity of file is determined. A high complexity score can in potential result in more possible security risks. More information about complexity can be found in the section [Codeaudit complexity Check](complexitycheck).
+
+* **Number of Warnings**: A normal Python source file should not give Warnings. Warnings should be solved to prevent security risks in future. 
+
+
+
+To get a quick overview and core statistics that gives a **solid** insight in possible security risks of Python files of a Python program (module) or directory of Python files do:
+
+```text
+codeaudit overview <DIRECTORY> [OUTPUTFILE]
+```
+
+The `DIRECTORY` is mandatory. Codeaudit will search for **all** Python files in this directory. It can even be e.g.:
+* `.` for scanning and using the current directory for an overview report.
+* `\src` for scanning and reporting on Python files found in the `\src` directory.
+
+If you do not specify a HTML output file, a HTML report file is created in the current directory and will be named `codeaudit-report.html`.
+
+
+## Example
+
+Example of an [overview report](examples/overview.html) that is generated with the command:
+
+```
+codeaudit overview /src/linkaudit
+```
+
+An overview plot  is generated to quickly get insight in possible problematic files. E.g. files that have a high complexity count or files that a large number of Lines Of Code (LoCs). Large files and files with a high complexity rating should be distrusted by default from a security perspective. 
+
+Example of an overview plot:
+![overview visual](overviewplot.png)
+
+## Syntax
+
+```text
+NAME
+    codeaudit overview - Reports Complexity and statistics per Python file from a directory.
+
+SYNOPSIS
+    codeaudit overview DIRECTORY <flags>
+
+DESCRIPTION
+    Reports Complexity and statistics per Python file from a directory.
+
+POSITIONAL ARGUMENTS
+    DIRECTORY
+        Path to the directory to scan.
+
+FLAGS
+    -f, --filename=FILENAME
+        Default: 'codeaudit-report.html'
+        Output filename for the HTML report.
+
+```

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/directoryscan.md

@@ -1,4 +1,4 @@
-# Codeaudit directoryscan
+# Command `codeaudit directoryscan`
 
 The Codeaudit directoryscan command creates a report with valuable security information for potential security issues from all Python file present in a directory.
 

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/examples/checks_example.html

@@ -222,7 +222,7 @@ footer {
       <td>Base encoding visually hides otherwise easily recognized information such as passwords, but does not provide any computational confidentiality.</td>
     </tr>
     <tr>
-      <td>Built-in Functions: Check on compile usuage.</td>
+      <td>Built-in Functions: Check on compile usage.</td>
       <td>compile</td>
       <td>High</td>
       <td>It is possible to crash the Python interpreter when using this function.</td>
@@ -240,13 +240,13 @@ footer {
       <td>Too broad exception handling risk when not used correctly.</td>
     </tr>
     <tr>
-      <td>Check on eval usuage</td>
+      <td>Check on eval usage</td>
       <td>eval</td>
       <td>High</td>
       <td>This function can executes arbitrary code.</td>
     </tr>
     <tr>
-      <td>Built-in Functions: Check for exec usuage.</td>
+      <td>Built-in Functions: Check for exec usage.</td>
       <td>exec</td>
       <td>High</td>
       <td>This built-in function can execute code you do not want and/or aware of. So check and validate if it is used correct.</td>
@@ -264,13 +264,13 @@ footer {
       <td>Use of insecure hashing algorithms detected.</td>
     </tr>
     <tr>
-      <td>HTTP servers: Check on usuage.</td>
+      <td>HTTP servers: Check on usage.</td>
       <td>http.server<br>BaseHTTPRequestHandler</td>
       <td>High</td>
       <td>Insecure for production use.</td>
     </tr>
     <tr>
-      <td>HTTP servers: Check on usuage.</td>
+      <td>HTTP servers: Check on usage.</td>
       <td>http.server<br>HTTPServer</td>
       <td>High</td>
       <td>Insecure for production use.</td>
@@ -533,12 +533,36 @@ footer {
       <td>Medium</td>
       <td>Use of the subprocess module calls should be analyzed in-depth.</td>
     </tr>
+    <tr>
+      <td>Sys calls</td>
+      <td>sys.call_tracing</td>
+      <td>Medium</td>
+      <td>Sys functions that can give ow-level access to the interpreter's execution flow.</td>
+    </tr>
+    <tr>
+      <td>Sys calls</td>
+      <td>sys.setprofile</td>
+      <td>Medium</td>
+      <td>Sys functions that can give ow-level access to the interpreter's execution flow.</td>
+    </tr>
+    <tr>
+      <td>Sys calls</td>
+      <td>sys.settrace</td>
+      <td>Medium</td>
+      <td>Sys functions that can give ow-level access to the interpreter's execution flow.</td>
+    </tr>
     <tr>
       <td>Tarfile</td>
       <td>tarfile.TarFile</td>
       <td>High</td>
       <td>Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used.</td>
     </tr>
+    <tr>
+      <td>tempfile</td>
+      <td>tempfile.mktemp</td>
+      <td>Low</td>
+      <td>This function may introduce race conditions which could negatively impact security.</td>
+    </tr>
     <tr>
       <td>XML - client</td>
       <td>xmlrpc.client</td>
@@ -558,4 +582,4 @@ footer {
       <td>Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used.</td>
     </tr>
   </tbody>
-</table><br><p>Number of implemented security validations:<b>58</b></p><p>Version of codeaudit: <b>0.1.1</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b><i>This SAST tool 'codeaudit' provides a powerful automatic security analysis for Python source code. However it's not a substitute for human review in combination with business knowledge. <b>Undetected vulnerabilities may still exist</b>. There is and will never be a single security tool that gives 100% automatic guarantees. By reporting any issues you find, you contribute to a better tool for everyone.</i></p><footer><hr><p><small>This security report is created on: 2025-07-22 21:30, with <a href="https://github.com/nocomplexity">codeaudit</a> version 0.1.1 </small></p><p><small>Check the documentation for help on found issues. <a href="https://github.com/nocomplexity">Codeaudit</a> is made with &#10084; by cyber security professionals who advocate for <a href="https://simplifysecurity.nocomplexity.com" target="_blank">simpler cyber solutions</a> that are transparent and just work. Help to make this FOSS software better!</small></p></footer></div></body></html>
+</table><br><p>Number of implemented security validations:<b>62</b></p><p>Version of codeaudit: <b>0.8.0</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b><i>This SAST tool 'codeaudit' provides a powerful automatic security analysis for Python source code. However it's not a substitute for human review in combination with business knowledge. <b>Undetected vulnerabilities may still exist</b>. There is and will never be a single security tool that gives 100% automatic guarantees. By reporting any issues you find, you contribute to a better tool for everyone.</i></p><footer><hr><p><small>This security report is created on: 2025-08-01 19:24, with <a href="https://github.com/nocomplexity/codeaudit">codeaudit</a> version 0.8.0 </small></p><p><small>Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues. <a href="https://github.com/nocomplexity/codeaudit">Codeaudit</a> is made with &#10084; by cyber security professionals who advocate for <a href="https://simplifysecurity.nocomplexity.com" target="_blank">simpler cyber solutions</a> that are transparent and just work. Help to make this FOSS software better!</small></p></footer></div></body></html>

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/features.md

@@ -2,36 +2,40 @@
 
 Codeaudit is a modern Python source code analyzer based on distrust.
 
+
 :::{admonition} This Python Code Audit tool has the following features:
 :class: tip
 
 
-* **Vulnerability Detection**: Identifies security vulnerabilities in Python files, essential for package security research.
+* **Vulnerability Detection**: Identifies potential security issues in Python files. Crucial to check trust in Python modules and essential for security research.
 
 +++
 
-* **Complexity & Statistics**: Reports security-relevant complexity using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count via Python's AST.
+* **Complexity & Statistics**: Reports security-relevant complexity statistics using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count by using Python AST.
 
 +++
 
-* **Module Usage & External Vulnerabilities**: Detects used modules and reports vulnerabilities in external ones.
+* **Module Usage & External Vulnerabilities**: Detects used modules and reports existing vulnerabilities in used modules.
 
 
 +++
-* **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
+* **Inline Issue Reporting**: Shows potential security issues with line numbers and crucial code snippets. 
 
 
 +++
-* **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
-
+* **HTML Reports**: All output is saved in simple, static HTML reports. Viewable in any browser.
 
 :::
 
+## More comprehensive outline:
+
+
 
-More in detph outlined:
+Codeaudit has the has the following capabilities:
 
-Codeaudit has the following features:
-*  Detect and reports complexity and statistics per Python file or from a directory. Collected statistics are: 
+*  Detect and reports complexity and statistics per Python file or from a directory. 
+
+Collected statistics are: 
     * Number_Of_Files
     * Number_Of_Lines
     * AST_Nodes
@@ -52,3 +56,5 @@ Per detected issue the line number is given, along with the lines that *could* c
 
 * Detecting and reporting potential vulnerabilities from all Python files collected in a directory.
 This is typically a must check when researching python packages on possible security issues.
+
+

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/filescan.md

@@ -1,4 +1,4 @@
-# Codeaudit filescan
+# Command `codeaudit filescan`
 
 The Codeaudit filescan command creates a report with valuable security information for potential security issues in the Python file.
 See section [validations](checksinformation) for all security checks implemented!

codeaudit-0.9.0/docs/intro.md

@@ -0,0 +1,48 @@
+# Introduction
+
+![CodeauditLogo](images/codeauditlogo.png)
+
+Codeaudit is a Python Static Application Security Testing (SAST) tool to find **potential security issues** in Python source files.
+
+Codeaudit is designed to be:
+* Simple to use.
+* Simple to extend for various use cases.
+* Powerful to determine *potential* security issues within Python code.
+
+## Features
+
+:::{admonition} This Python Code Audit tool has the following features:
+:class: tip
+
+
+* **Vulnerability Detection**: Identifies potential security issues in Python files. Crucial to check trust in Python modules and essential for security research.
+
++++
+
+* **Complexity & Statistics**: Reports security-relevant complexity statistics using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count by using Python AST.
+
++++
+
+* **Module Usage & External Vulnerabilities**: Detects used modules and reports existing vulnerabilities in used modules.
+
+
++++
+* **Inline Issue Reporting**: Shows potential security issues with line numbers and crucial code snippets. 
+
+
++++
+* **HTML Reports**: All output is saved in simple, static HTML reports. Viewable in any browser.
+
+:::
+
+
+
+## Background
+
+There are not many good and maintained FOSS SAST tools for Python available. A well known Python SAST tool is `Bandit`. However `Bandit` is limited in identifying security issues and has constrains that makes the use not simple. `Bandit` lacks crucial Python code validations from a security perspective!
+
+
+:::{note}
+This `codeaudit` tool is designed to be complete, fast and simple and easy to maintain library that can be extended for all needs.
+:::
+

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/modulescan.md

@@ -1,4 +1,4 @@
-# Codeaudit modulescan
+# Command `codeaudit modulescan`
 
 The Codeaudit `modulescan` command creates a report with valuable security information on used modules.
 

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/userguide.md

@@ -2,7 +2,7 @@
 
 ## Installation
 
-Codeaudit can be installed using `pip`:
+Codeaudit **SHOULD** be installed using `pip`:
 
 ```bash
 pip install codeaudit
@@ -14,10 +14,24 @@ or use:
 pip install -U codeaudit
 ```
 
-If you have installed Python Codeaudit in the past and want to make sure you use the latest checks and features.
+If you have installed and used Python Codeaudit in the past and want to make benefit  of new checks and features.
 
 :::{hint} 
-It is recommended to use `pip` for installation. `Hatch` is used for packaging. By default [`Hatch`](https://hatch.pypa.io/latest/config/build/#reproducible-builds) supports [reproducible builds](https://nocomplexity.com/documents/securityarchitecture/prevention/reproduciblebuilds.html#reproducible-builds).
+It is recommended to use `pip` for installation. 
+
+`Hatch` is used for packaging. By default [`Hatch`](https://hatch.pypa.io/latest/config/build/#reproducible-builds) supports [reproducible builds](https://nocomplexity.com/documents/securityarchitecture/prevention/reproduciblebuilds.html#reproducible-builds).
+:::
+
+:::{admonition} A default workflow
+:class: tip
+
+If you want to inspect a package or directory of Python files a simple workflow is:
+
+1. Start with an overview: `codeaudit overview`
+2. Do a directory scan: `codeaudit directoryscan` OR
+3. OR Scan files of interest with: `codeaudit filescan` 
+4. Inspect the used modules of a file on reported vulnerabilties by: `codeaudit modulescan`
+
 :::
 
 ## CodeAudit commands
@@ -29,12 +43,11 @@ Codeaudit has a few powerful CLI commands to satisfy your curiosity about securi
 
 
 
-
 ## Getting help
 
-After installation you can get an overview of all implemented commands. Just type in your terminal:
+After installation you can get an overview of all implemented commands. Type in your terminal:
 
-```text
+```bash
 codeaudit
 ```
 

{codeaudit-0.8.0 → codeaudit-0.9.0}/src/codeaudit/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Maikel Mardjan <mike@bm-support.org>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
-__version__ = "0.8.0"
+__version__ = "0.9.0"

{codeaudit-0.8.0 → codeaudit-0.9.0}/src/codeaudit/checkmodules.py

@@ -18,6 +18,7 @@ import sys
 import json
 import urllib.request
 
+from codeaudit.filehelpfunctions import collect_python_source_files , read_in_source_file 
 
 def get_imported_modules(source_code):
     tree = ast.parse(source_code)
@@ -98,3 +99,38 @@ def check_module_on_vuln(module):
     result = query_osv(module)
     vulnerability_info = extract_vuln_info(result)
     return vulnerability_info
+
+
+def get_all_modules(directory_to_scan):
+    "Function to get all modules of a package or directory of Python files - never trust requirements.txt or project.toml"    
+    files_to_check = collect_python_source_files(directory_to_scan)
+    all_int_modules = set()
+    all_ext_modules = set()
+    for python_file in files_to_check:
+        source = read_in_source_file(python_file)
+        used_modules = get_imported_modules(source)
+        core_modules = used_modules['core_modules']
+        external_modules = used_modules['imported_modules']         
+        all_int_modules.update(core_modules)
+        all_ext_modules.update(external_modules)
+    all_modules_discovered = {
+        "core_modules": sorted(all_int_modules),
+        "imported_modules": sorted(all_ext_modules) }    
+    return all_modules_discovered
+
+
+def get_imported_modules_by_file(python_file_name):
+    "Function to get all modules of a package or directory of Python files - never trust requirements.txt or project.toml"
+    #total_result=[]        
+    source = read_in_source_file(python_file_name)
+    used_modules = get_imported_modules(source)
+    core_modules = used_modules['core_modules']
+    external_modules = used_modules['imported_modules'] 
+    # result = { "filename" : python_file ,
+    #             "used_modules" : core_modules,
+    #             "external_modules": external_modules } 
+    #total_result.append(result)
+    all_modules_discovered = {
+        "core_modules": sorted(core_modules),
+        "imported_modules": sorted(external_modules) }    
+    return all_modules_discovered

{codeaudit-0.8.0 → codeaudit-0.9.0}/src/codeaudit/codeaudit.py

@@ -42,8 +42,8 @@ def display_help():
     print('Usage: codeaudit COMMAND [PATH or FILE]  [OUTPUTFILE] \n')
     print('Depending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.\n')
     print('Commands:')
-    commands = ["overview", "modulescan", "filescan", "directoryscan","checks","version"]  # commands on CLI
-    functions = [overview_report, report_module_information, file_scan_report, directory_scan_report, report_implemented_tests,display_version]  # Related functions relevant for help
+    commands = ["overview", "directoryscan", "filescan", "modulescan",  "checks","version"]  # commands on CLI
+    functions = [overview_report, directory_scan_report, file_scan_report, report_module_information, report_implemented_tests,display_version]  # Related functions relevant for help
     for command, function in zip(commands, functions):
         docstring = function.__doc__.strip().split('\n')[0] or ""  
         summary = docstring.split("\n", 1)[0]

{codeaudit-0.8.0 → codeaudit-0.9.0}/src/codeaudit/htmlhelpfunctions.py

@@ -15,7 +15,6 @@ HTML helper functions for codeaudit
 import json
 from html import escape
 
-
 def dict_to_html(data):
     """Creates simple HTML from a dict with values that are list:
     Example {'core_modules': ['os', 'hashlib', 'socket', 'logging.config', 'tarfile'],
@@ -25,9 +24,15 @@ def dict_to_html(data):
 
     if not isinstance(data, dict):
         html_output += "<p>None</p>\n"
-        return
+        return html_output
 
     for key, items in data.items():
+        # Check if items are missing, empty, or not iterable
+        if not items or not isinstance(items, (list, tuple)):
+            html_output += f"<h3>{key.capitalize()}</h3>\n - not found<ul>\n"
+            html_output += "</ul>\n"
+            continue
+
         html_output += f"<h3>{key.capitalize()}</h3>\n<ul>\n"
         try:
             for item in items:
@@ -35,6 +40,7 @@ def dict_to_html(data):
         except Exception:
             html_output += "  <li>None</li>\n"
         html_output += "</ul>\n"
+
     return html_output
 
 

{codeaudit-0.8.0 → codeaudit-0.9.0}/src/codeaudit/reporting.py

@@ -20,10 +20,10 @@ import pandas as pd
 import datetime
 
 from codeaudit.security_checks import perform_validations , ast_security_checks
-from codeaudit.filehelpfunctions import get_filename_from_path , collect_python_source_files
+from codeaudit.filehelpfunctions import get_filename_from_path , collect_python_source_files , read_in_source_file 
 from codeaudit.altairplots import multi_bar_chart
-from codeaudit.totals import read_in_source_file , get_statistics , overview_count , overview_per_file
-from codeaudit.checkmodules import get_imported_modules , check_module_on_vuln
+from codeaudit.totals import get_statistics , overview_count , overview_per_file
+from codeaudit.checkmodules import get_imported_modules , check_module_on_vuln , get_all_modules , get_imported_modules_by_file
 from codeaudit.htmlhelpfunctions import dict_to_html , json_to_html , dict_list_to_html_table
 from codeaudit import __version__
 
@@ -69,9 +69,16 @@ def overview_report(directory, filename=DEFAULT_OUTPUT_FILE):
         html += '<p>Based on the total Lines of Code (LoC) : Security concern rate is <b>HIGH</b>'
     else:
         html += '<p>Based on the total Lines of Code (LoC) : Security concern rate is <b>LOW</b>'
-    html += '<br><br>'
-    html += f'<h2>Detailed overview per source file</h2>'
+    html += '<br>'
+    ## Module overview    
+    modules_discovered = get_all_modules(directory)
     html += '<details>' 
+    html += '<summary>Click to see all discovered modules.</summary>'         
+    html+=dict_to_html(modules_discovered)
+    html += '<p><i>The command "codeaudit modulescan" can be used to check if vulnerabilities are reported in an external module.</i></p>' 
+    html += '</details>'           
+    html += f'<h2>Detailed overview per source file</h2>'
+    html += '<details>'     
     html += '<summary>Click to see the report details.</summary>'         
     html += df.to_html(escape=True,index=False)        
     html += '</details>'           
@@ -150,6 +157,14 @@ def single_file_report(filename , scan_output):
     html += f'<summary>Click to see details for file {filename}</summary>'                 
     html += df_overview.to_html(escape=True,index=False)        
     html += '</details>'           
+    #imported modules
+    html += '<br>'
+    html += '<details>' 
+    html += '<summary>Click to see details for used modules in this file.</summary>' 
+    modules_found = get_imported_modules_by_file(filename)
+    html += dict_to_html(modules_found)
+    html += f'<p><i>Use the command:<br><b><code>codeaudit modulescan {filename}</code></b><br> to check if vulnerabilities are reported in an external module used by this file.</i></p>' 
+    html += '</details>'           
     return html 
 
 
@@ -214,8 +229,9 @@ def report_module_information(inputfile,reportname=DEFAULT_OUTPUT_FILE):
     html = '<h1>Codeaudit Report</h1>'
     html += f'<h2>Module information for file {inputfile}</h2>'    
     html += dict_to_html(used_modules)    
-    #Now vuln info per external module    
-    html += '<h2>Vulnerability information for detected modules</h2>'    
+    #Now vuln info per external module        
+    if external_modules:
+        html += '<h2>Vulnerability information for detected modules</h2>'    
     for i,module in enumerate(external_modules):  #sorted for nicer report
         printProgressBar(i + 1, l, prefix='Progress:', suffix='Complete', length=50)
         vuln_info = check_module_on_vuln(module)
@@ -262,7 +278,7 @@ def create_htmlfile(html_input,outputfile):
     code_audit_version = __version__    
     output += '<footer>'
     output += '<hr>'
-    output += f'<p><small>This security report is created on: {timestamp_str}, with <a href="https://github.com/nocomplexity">codeaudit</a> version {code_audit_version} </small></p>'
+    output += f'<p><small>This security report is created on: {timestamp_str}, with <a href="https://github.com/nocomplexity/codeaudit">codeaudit</a> version {code_audit_version} </small></p>'
     output += '<p><small>Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues. <a href="https://github.com/nocomplexity/codeaudit">Codeaudit</a> is made with &#10084; by cyber security professionals who advocate for <a href="https://simplifysecurity.nocomplexity.com" target="_blank">simpler cyber solutions</a> that are transparent and just work. Help to make this FOSS software better!</small></p>'    
     output += '</footer>' 
     output += '</div>' #base container

{codeaudit-0.8.0 → codeaudit-0.9.0}/src/codeaudit/totals.py

@@ -126,7 +126,7 @@ def overview_per_file(python_file):
     lines = {"Number_Of_Lines": number_of_lines}
     complexity_score = calculate_complexity(source)
     complexity = {"Complexity_Score": complexity_score}
-    warnings = count_static_warnings_in_file(python_file)
+    warnings_count = count_static_warnings_in_file(python_file)
     result = (
         name_dict
         | file_location
@@ -134,7 +134,7 @@ def overview_per_file(python_file):
         | count_ast_objects(source)
         | count_comment_lines(source)
         | complexity
-        | warnings
+        | warnings_count
     )  # merge the dicts
     return result
 

codeaudit-0.9.0/tests/test_modulecheck.py

@@ -0,0 +1,21 @@
+import pytest
+from pathlib import Path
+
+from codeaudit.filehelpfunctions import read_in_source_file
+from codeaudit.checkmodules import get_imported_modules
+
+def test_module_check():
+    current_file_directory = Path(__file__).parent
+    # validation1.py is in a subfolder:
+    validation_file_path = current_file_directory / "validationfiles" / "modulecheck.py"
+    source = read_in_source_file(validation_file_path)
+    
+        
+    actual_data = get_imported_modules(source) 
+
+    # This is the expected dictionary
+    expected_data = {'core_modules': ['csv','os', 'random' ],
+                     'imported_modules': ['linkaudit', 'pandas', 'requests']}
+
+    # Assert that the actual data matches the expected data
+    assert actual_data == expected_data

{codeaudit-0.8.0 → codeaudit-0.9.0}/tests/validationfiles/modulecheck.py

@@ -7,6 +7,7 @@ import requests #has lots of OSV data
 
 import os
 import random
+import csv
 
 def donothing():
     print('no way!')

codeaudit-0.8.0/docs/codeauditoverview.md

@@ -1,65 +0,0 @@
-
-# Codeaudit Overview
-
-`Codeaudit overview` is created to give a quick insight in possible security issues.
-
-For every Python file the following security relevant statistics are determined:
-* Number Of Code Lines: Too much means more energy to keep the security risks manageable. Files with a large number of LoCs (Lines Of Code) means besides extra effort for maintenance and activities needed to keep security risks zero.
-* Number of AST_Nodes: Codeaudit calculates Abstract Syntax Trees (ASTs) to give a solid insight in the complexity of Python source code.
-* Number of Modules: A high the number of used modules can mean more security risks. To get more insight in modules used in a Python file you **SHOULD** use the `codeaudit modulescan` command!
-* Number of Functions.
-* Number of Classes 
-* Number of Comment_Lines
-* Complexity_Score: Per file the complexity of file is determined. A high score means more possible security risks.
-* Number of Warnings: A normal Python source file should not give Warnings. Warnings should be solved to prevent security risks in future.
-
-
-
-To get a quick overview and core statistics that give a **solid** insight in the security of Python files of a directory do:
-
-```text
-codeaudit overview <DIRECTORY> [OUTPUTFILE]
-```
-
-The `DIRECTORY` is mandatory. Codeaudit will search for **all** Python files in this directory. It can even be e.g.:
-* `.` for scanning and using the current directory for an overview report.
-* `\src` for scanning and reporting on Python files found in the `\src` directory.
-
-If you do not specify a HTML output file, a HTML report file is created in the current directory and will be named `codeaudit-report.html`.
-
-
-## Example
-
-Example of an [overview report](examples/overview.html) that is generated with the command:
-
-```
-codeaudit overview /src/linkaudit
-```
-
-An overview plot  is generated to quickly get insight in possible problematic files. E.g. files that have a high complexity count or files that a large number of Lines Of Code (LoCs). Large files and files with a high complexity rating should be distrusted by default from a security perspective. 
-
-Example of an overview plot:
-![overview visual](overviewplot.png)
-
-## Syntax
-
-```text
-NAME
-    codeaudit overview - Reports Complexity and statistics per Python file from a directory.
-
-SYNOPSIS
-    codeaudit overview DIRECTORY <flags>
-
-DESCRIPTION
-    Reports Complexity and statistics per Python file from a directory.
-
-POSITIONAL ARGUMENTS
-    DIRECTORY
-        Path to the directory to scan.
-
-FLAGS
-    -f, --filename=FILENAME
-        Default: 'codeaudit-report.html'
-        Output filename for the HTML report.
-
-```

codeaudit-0.8.0/docs/intro.md

@@ -1,51 +0,0 @@
-# Introduction
-
-![CodeauditLogo](images/codeauditlogo.png)
-
-Codeaudit is a Python Static Application Security Testing (SAST) tool to find **potential security issues** in Python source files.
-
-Codeaudit is designed to be:
-* Simple to use.
-* Simple to extend for various use cases.
-* Powerful to determine *potential* security issues within Python code.
-
-## Features
-:::{admonition} This Python Code Audit tool has the following features:
-:class: tip
-
-
-* **Vulnerability Detection**: Identifies security vulnerabilities in Python files, essential for package security research.
-
-+++
-
-* **Complexity & Statistics**: Reports security-relevant complexity using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count via Python's AST.
-
-+++
-
-* **Module Usage & External Vulnerabilities**: Detects used modules and reports vulnerabilities in external ones.
-
-
-+++
-* **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
-
-
-+++
-* **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
-
-
-:::
-
-
-
-## Background
-
-There are not many good FOSS SAST tools for Python available. A good one is `Bandit`. However this `Bandit` has some constrains that makes the use not simple and lacks crucial but needed validations from a security perspective!
-
-
-:::{note}
-This `codeaudit` tool is designed to be fast and simple and easy to maintain library that can be extended for future needs.
-:::
-
-
-```{tableofcontents}
-```

{codeaudit-0.8.0 → codeaudit-0.9.0}/docs/_toc.yml

@@ -8,9 +8,9 @@ parts:
   - file: userguide
     sections:
     - file: codeauditoverview
-    - file: modulescan
-    - file: filescan
     - file: directoryscan
+    - file: filescan
+    - file: modulescan
     - file: codeauditchecks
   - file: whysast