PyPI - codeaudit - Versions diffs - 0.9.1__tar.gz → 0.9.3__tar.gz - Mend

codeaudit 0.9.1tar.gz → 0.9.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

{codeaudit-0.9.1 → codeaudit-0.9.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 0.9.1
+Version: 0.9.3
 Summary: Simplified static security checks for Python
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -31,6 +31,7 @@ Description-Content-Type: text/markdown
 [![PyPI - Version](https://img.shields.io/pypi/v/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10970/badge)](https://www.bestpractices.dev/projects/10970)
+[![PyPI Downloads](https://static.pepy.tech/badge/codeaudit)](https://pepy.tech/projects/codeaudit)
 Python Codeaudit - A modern Python source code analyzer based on distrust.

{codeaudit-0.9.1 → codeaudit-0.9.3}/README.md RENAMED Viewed

@@ -5,6 +5,7 @@
 [![PyPI - Version](https://img.shields.io/pypi/v/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10970/badge)](https://www.bestpractices.dev/projects/10970)
+[![PyPI Downloads](https://static.pepy.tech/badge/codeaudit)](https://pepy.tech/projects/codeaudit)
 Python Codeaudit - A modern Python source code analyzer based on distrust.

{codeaudit-0.9.1 → codeaudit-0.9.3}/docs/CONTRIBUTE.md RENAMED Viewed

@@ -1,13 +1,13 @@
 # Contribute
-Great that you see this page and want to contribute!
+Great that you want to contribute!
 :::{tip}
 All contributions are welcome!
 Think of corrections on the manual, code and more or better tests.
 :::
-The **Codeaudit** code repository is hosted at [Github](github.com/nocomplexity/codeaudit).
+The **Codeaudit** code repository is hosted at [Github](https://github.com/nocomplexity/codeaudit).
 Simple Guidelines:

{codeaudit-0.9.1 → codeaudit-0.9.3}/docs/_config.yml RENAMED Viewed

@@ -6,7 +6,7 @@
 # Book settings
 #title                       : SimplifiedNLP Documentation # The title of the book. Will be placed in the left navbar.
 title : ""
-author                      : '<a href="https://nocomplexity.com/">Maikel Mardjan (nocomplexity.com)</a>' # The author of the book
+author                      : '<a href="https://nocomplexity.com/">Maikel Mardjan (nocomplexity.com)</a>  and all contributors.' # The author of the book
 copyright                   : '2025- Maikel Mardjan - Business Management Support Foundation'  # Copyright year to be placed in the footer
 logo                        : "images/nocxbanner.png"  # A path to the book logo
 # Patterns to skip when building the book. Can be glob-style (e.g. "*skip.ipynb")

{codeaudit-0.9.1 → codeaudit-0.9.3}/docs/_toc.yml RENAMED Viewed

@@ -13,6 +13,7 @@ parts:
     - file: modulescan
     - file: codeauditchecks
   - file: whysast
+  - file: issues
 - caption: Security Checks

{codeaudit-0.9.1 → codeaudit-0.9.3}/docs/checks/assert_check.md RENAMED Viewed

@@ -11,7 +11,11 @@ Using `assert` can be problematic from a security perspective!
 1. Assertions are primarily for debugging and development, **NOT** for production validation or error handling.
-* **They can be disabled:** When Python is run in optimized mode (with the `-O` or `-OO` flags, or by setting the `PYTHONOPTIMIZE` environment variable), `assert` statements are completely ignored. This means any crucial checks you rely on for security or data integrity will simply vanish, leaving your application vulnerable.
+* **They can be disabled:** When Python is run in optimized mode (with the `python -O` or `python -OO` flags, or by setting the `PYTHONOPTIMIZE` environment variable), `assert` statements are completely ignored.
+When using `python -O` or `python -OO` the Python interpreter removes all assert statements from the bytecode.
+This means any crucial checks you rely on for security or data integrity will simply vanish, leaving your application vulnerable.
 * **Not for user input validation:** So never use `assert` to validate user input or external data. If assertions are disabled in production, malicious or malformed input will bypass your checks, potentially leading to crashes, data corruption, or even arbitrary code execution. Use `if/else` statements with proper exception handling (e.g., `ValueError`, `TypeError`) for this.
@@ -31,10 +35,65 @@ Using `assert` can be problematic from a security perspective!
  `assert` statements **SHOULD** be removed when not running in debug mode (i.e. when invoking the Python command with the -O or -OO options).
+## Example
+The following Python example shows how trusting on `assert` can lead to another behaviour.
+```python
+"""Example of Python script using the assert statement - which can lead to security issues!"""
+def divide_numbers(x,y):
+    """
+    Divides two numbers.
+    Uses an assert statement to ensure the denominator is not zero.
+    """
+    # Assert that the denominator is not zero.
+    # If denominator is 0, an AssertionError will be raised with the given message.
+    assert y != 2, "Error: diving is crying!"
+    return x / y
+print("--- Demonstrating danger of assertions ---")
+result = divide_numbers(10, 3)
+print(f"Dividing result : {result}")
+result2 = 'Error- Dividing is crying!' # A default value to show
+try:
+    # If run with 'python -O', the 'assert y != 0' line above will be removed.
+    # In that scenario, this call will directly raise a ZeroDivisionError,
+    # as the assert check won't be present.
+    result2 = divide_numbers(10, 2)
+except AssertionError as e:
+    # This block will be executed if assert is active (without -O)
+    print(f"Caught an AssertionError: {e}")
+    print('Never divide! Take it all or divide in more parts.')
+print(f"Dividing result - Result should be error, not 5! - : {result2}")
+```
+Run this program with:
+```
+python assert_example.py
+```
+And after that another time with:
+```
+python -O assert_example.py
+```
+And notice the different outcome.
+So this examples shows that if you rely on `assert` to prevent an `AssertionError` (or any other critical condition), that check will simply disappear in an optimized environment!
+Instead of catching an `AssertionError`, a program will run differently when `python -O` is used. And this can and will have consequences for the functional working of a program. But worse it can have severe security consequences. E.g. if asserts are used to validate user input to prevent sql injections e.g.
+For robust validation and error handling in production code, always use standard if statements combined with raising appropriate exceptions (like `ValueError`, `TypeError`, or custom exceptions) rather than assert.
 ## More information
 * [The assert statement - Python Documentation](https://docs.python.org/3/reference/simple_stmts.html#the-assert-statement)
 * [The dangers of assert in Python](https://snyk.io/blog/the-dangers-of-assert-in-python/)
-* [Feature: Python assert should be consider harmful](https://community.sonarsource.com/t/feature-python-assert-should-be-consider-harmful/38501) But note that Sonar did not implement this check.
+* [Feature: Python assert should be consider harmful](https://community.sonarsource.com/t/feature-python-assert-should-be-consider-harmful/38501) But note that Sonar did not implement this check.

codeaudit-0.9.3/docs/checks/hash_check.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Insecure hashing
+Codeaudit checks the use of insecure hashing functions.
+The Python library `hashlib` is great. But using insecure hashing algorithms is still possible and should be avoided!
+So CodeAudit performs a check on usage of the insecure hash algorithms:
+* md5
+* sha1
+[From Python 3.9 and higher](https://docs.python.org/3/library/hashlib.html#hashlib-usedforsecurity):
+* All hashlib constructors take a keyword-only argument `usedforsecurity` with default value True. A false value allows the use of insecure and blocked hashing algorithms in restricted environments. False indicates that the hashing algorithm is not used in a security context, e.g. as a non-cryptographic one-way compression function.
+:::{danger}
+Unless there is a very good reason to still use `md5` or `sha1`, which is almost impossible, you should demand a fix. Or if you are the developer of the code make the fix.
+:::
+## More information
+* https://docs.python.org/3/library/hashlib.html#hashlib-usedforsecurity
+* [Attacks on cryptographic hash algorithms](https://en.wikipedia.org/wiki/Cryptographic_hash_function#Attacks_on_cryptographic_hash_algorithms)
+* https://cwe.mitre.org/data/definitions/327.html
+* [OWASP Top 10:2021 ](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/)
+* [CWE-327: Use of a Broken or Risky Cryptographic Algorithm](https://cwe.mitre.org/data/definitions/327.html)
+* [CWE-328: Use of Weak Hash](https://cwe.mitre.org/data/definitions/328.html)

codeaudit-0.9.3/docs/checks/zipfile_check.md ADDED Viewed

@@ -0,0 +1,28 @@
+# Check on zipfiles extraction
+When using the Python module `zipfile` there is a risk processing maliciously prepared `.zip files`. This can availability issues due to storage exhaustion.
+Validations are done on `zipfile` methods:
+* `.extractall`
+* `.open` and more.
+And `gzip` methods:
+* `gzip.open`
+## Gzip potential danger
+When using `gzip.open` the potential security issue is related to resource consumption if the file is untrusted.
+This can lead to:
+* **Denial of Service via Resource Exhaustion**
+If a gzip file is controlled by a malicious user, they could create a highly compressed file that expands to an enormous size when decompressed. This is known as a "zip bomb."
+Such `gzip` file could quickly consume all of the system's available RAM, causing the application to crash or the server to become unresponsive. This is a common attack vector when processing user-uploaded or external compressed files.
+* **Potential Path Traversal**
+A path traversal vulnerability could arise if the file in the `gzip` file is constructed from user input. For example, if the path came from a web request, a user could provide a path like ../../../../etc/passwd.gz to access sensitive files outside of the intended directory. This is a critical security consideration for any code that handles file paths based on external data that is decompressed with `gzip.open`.
+## More information
+* https://docs.python.org/3/library/zipfile.html#zipfile-resources-limitations
+* https://docs.python.org/3/library/gzip.html

{codeaudit-0.9.1 → codeaudit-0.9.3}/docs/codeauditcommands.md RENAMED Viewed

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Overview of Codeaudit commands
-Codeaudit commands for: version: 0.8.0
+Codeaudit commands for: version: 0.9.2
 ```
 --------------------------------------------------
    _____          _                      _ _ _

codeaudit-0.9.3/docs/complexitycheck.md ADDED Viewed

@@ -0,0 +1,102 @@
+# Codeaudit complexity Check
+The Python `codeaudit` tool implements a Simple Cyclomatic complexity check.
+[Cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) is a software metric used to indicate the complexity of a program. It was developed by Thomas J. McCabe, Sr. in 1976.
+Calculating the Cyclomatic complexity for Python sources is complex to do right. And seldom needed! Most implementations for calculating a very thorough Cyclomatic Complexity end up being opinionated sooner or later.
+:::{note}
+Codeaudit takes a pragmatic and simple approach to determine and calculate the complexity of a source file.
+**BUT:**
+The Complexity Score that Codeaudit presents gives a **good and solid** representation for the complexity of a Python source file.
+:::
+But I known the complexity score is not an exact exhaustive cyclomatic complexity measurement.
+The complexity is determined per file, and not per function within a Python source file. I have worked long ago with companies that calculated [function points](https://en.wikipedia.org/wiki/Function_point) for software that needed to be created or adjusted. Truth is: Calculating exact metrics about complexity for software code projects is a lot of work, is seldom done correctly and are seldom used with nowadays devops or scrum development teams.
+:::{tip}
+The complexity score of source code gives presented gives a solid indication from a security perspective.
+:::
+Complex code has a lot of disadvantages when it comes to managing security risks. Making corrections is difficult and errors are easily made.
+## What is reported
+Python Code Audit overview displays:
+* `Median_Complexity` (middle value) as score in an overview report (`codeaudit overview`) for all files of a package or a directory.
+* `Maximum_Complexity` as score in an overview report (`codeaudit overview`). This to see in one appearance if a file that **SHOULD** require a closer look from a security perspective is present.
+## How is Complexity determined
+Python Code Audit calculates the cyclomatic complexity of Python code using Python’s built-in `ast` (Abstract Syntax Tree) module.
+## What is Cyclomatic Complexity?
+From a security perspective the having an objective number for Python code complexity is crucial. Complex code has another risks profile from a security perspective. Think of cost, validations needed, expertise needed and so on. Complex code is known to be more vulnerable.
+:::{admonition} Definition
+:class: note
+Cyclomatic complexity is a software metric used to measure the number of independent paths through a program's source code. More paths mean more logic branches and greater potential for bugs, testing effort, or maintenance complexity.
+:::
+## How does Code Audit calculates the Complexity?
+Every function, method, or script starts with a base complexity of 1 (i.e., one execution path with no branching).
+It adds 1 for each control structure or branching point:
+| **AST Node Type** | **Reason for Increasing Complexity** |
+|---|---|
+| If | Conditional branch (if/elif/else) |
+| For, While | Loop constructs (create additional paths) |
+| Try | Potential for exception handling (adds branch) |
+| ExceptHandler | Each except adds a new error-handling path |
+| With | Context manager entry/exit paths |
+| BoolOp | and / or are logical branches |
+| Match | Match statement (like switch in other langs) |
+| MatchCase | Each case adds an alternative path |
+| Assert | Introduces an exit point if the condition fails |
+Example:
+```
+"""complexity of code below should count to 4
+Complexity breakdown:
+1 (base)
++1 (if)
++1 (and) operator inside if
++1 (elif) — counted as another If node in AST
+ = 4
+"""
+def test(x):
+    if x > 0 and x < 10:
+        print("Single digit positive")
+    elif x >= 10:
+        print("Two digits or more")
+    else:
+        print("Non-positive")
+```
+You can verify the complexity of any Python file the command:
+```
+ codeaudit filescan <filename.py>
+```
+Summary:
+* Python Code Audit only analyzes the top-level structure. It doesn't distinguish between functions on purpose, unless the input is separated accordingly.
+* Python Code Audit uses a simplified cyclomatic complexity approach to get fast inside from a security perspective. This may differ from tools, especially since implementation choices that are made for dealing with comprehensions, nested functions will be different.

{codeaudit-0.9.1 → codeaudit-0.9.3}/docs/help.md RENAMED Viewed

@@ -16,7 +16,7 @@ Helping is possible in multiple ways:
 * [Support this work](sponsors)
 * Share and promote the use of this solid simple tool
 * Send me a line that you use this tool within your company.
-* [Contribute](contribute)
+* [Contribute](CONTRIBUTE)
 Guideline to contribute:
 * For questions, feature requests and Bug Reports please use on the [Github Issue Tracker](https://github.com/nocomplexity/codeaudit/issues).

codeaudit-0.9.3/docs/issues.md ADDED Viewed

@@ -0,0 +1,100 @@
+# Mitigating security issues
+Python Code Audit scans and checks for **potential security issues**. A potential security issue is a weakness that **can** lead to a security vulnerability with impact.
+There is an important difference between a **potential security issue** and a **security vulnerability** in Python code:
+:::{important}
+A **potential security issue** or weakness is a general flaw, error, mistake or sloppy programming habit in a programs design, implementation, or operation that could lead to security problems. It's a potential area of concern that might not be immediately exploitable but increases the risk of a vulnerability emerging.
+Depending on the **context** where a Python program is executed, found security issues should be fixed, or can be neglected.
+:::
+Examples of **potential security issues** or weaknesses that Python Code Audit discovers:
+* Risks of running untrusted code by using Python statements that allow this. Think of `compile`, `eval` or `exec`.
+* Availability risks. Operating systems functions that can create directories or files can cause availability risks.
+* Risks of changing permission on files or directories. Python files are too often run with too broad permissions. This can lead to severe risks on data leakage or integrity issues on files.
+See [section `command codeaudit checks`](codeauditchecks) to get more insight on implemented security validations.
+Issues in Python code are not necessarily directly exploitable on their own, but detected security issues are a fertile ground for vulnerabilities to appear.
+A vulnerability is an exploitable weakness. So minimize the risks for vulnerabilities and take the reported **potential security issues** serious.
+:::{danger}
+If a weakness in Python code exists, and **if** a method is found to take advantage of that weakness to cause harm, then it becomes a vulnerability.
+Addressing weaknesses [proactively](https://nocomplexity.com/documents/simplifysecurity/shiftleft.html#shift-left) helps prevent vulnerabilities from emerging, while patching vulnerabilities reactively addresses known exploitable flaws.
+:::
+## Dealing with false positives
+:::{note}
+Python Code Audit only reports **potential security issues**.
+It is up to the user, developer, security tester or someone with the required **security** and **Python** knowledge to decide if action is needed.
+This Python Code Audit SAST tool, but this accounts for all SAST tools, analyze code in isolation. So without the runtime environment or how the any knowledge on how code interacts with other components and who the users are.
+For good security you always need to construct a [threat model](https://nocomplexity.com/documents/securityarchitecture/architecture/threadmodels.html#threat-models) in able to evaluate if potential issues should be resolved.
+Despite the rise of AI, no single tool can judge the **context** where a program is used, how it is used and by whom. So if you are in doubt if action on a reported issues is needed, you **SHOULD** contact a security specialist who has deep technical knowledge of cyber security also solid knowledge on developing secure Python programs. In our [section sponsors](sponsors) you find agencies or consultants that can provide the needed assistance. Do not hesitate to get professional help, cyber security is a complex area!
+:::
+:::{warning}
+DO **NOT** rely on SAST scanners that are powered by AI-agents / LLM systems to solve your cyber security problems!
+Most are just far from good enough.
+In the best case scenario, you'll only be disappointed. But the risk of a false sense of security is enormous.
+:::
+:::{note}
+The static nature of the Python Code Audit SAST scan is that it can’t identify vulnerabilities, but only reports **potential security issues**
+:::
+Python Code Audit is designed to minimize so called 'false positives`.
+A false positive arises when a static analysis tool falsely claims that a construct in the code is insecure. Python Code Audit has no false positives, it will only reports on **potential security issues**.
+Python Code Audit is created for:
+* Security researchers
+* Users and
+* Developers
+Every user group has its own requirements and needs. And will review the found issues from a different perspective and context.
+Python Code Audit will **not** detect and report imported modules that are commented out. E.g. in the following file:
+```python
+"""Sample file for module check"""
+import linkaudit #has no data in OSV DB
+import pandas #has some minor data in OSV
+import requests #has lots of OSV data
+#import numpy #has lots of OSV data! (a lot!!)
+import os
+import random
+import csv
+def donothing():
+    print('no way!')
+    os.chmod('ooooooooooooono.txt',0x777) #this will give an alert on codeaudit filescan!
+```
+The `numpy` module is not reported on a module check and is not counted in the statistics that Python Code Audit created. This because this module is commented out. Modules that are imported, but not yet used are reported. This because it is likely that the modules will be used in a next iteration of the Python file. And checking as fast as possible on possible security issues for modules that *could* be used makes sense.
+:::{note}
+Python Code Audit architecture, design , implementation overcome the shortcoming of many 'legacy' SAST tools who are good at reporting false positives, but lack good validation for correct secure Python use.
+:::

{codeaudit-0.9.1 → codeaudit-0.9.3}/docs/license.md RENAMED Viewed

@@ -55,7 +55,7 @@ material.
 ## Software License
-Codeaudit is a Python program to check potential security issues in Python files.
+Codeaudit is a Python program to check for potential security issues in Python files.
 Copyright (C) 2025  BM-Support.org Foundation and Maikel Mardjan.

{codeaudit-0.9.1 → codeaudit-0.9.3}/docs/whysast.md RENAMED Viewed

@@ -1,4 +1,4 @@
-# Why Security testing on code
+# Why Security Testing
 :::{note}
 Static application security testing(SAST) for python source code is a MUST!
@@ -8,7 +8,7 @@ Static application security testing(SAST) for python source code is a MUST!
 :::
-Python is for one of the most used programming language to date. Especially in the AI/ML world and the cyber security world, most tools are based on Python programs.
+Python is one of the most used programming language to date. Especially in the AI/ML world and the cyber security world, most tools are based on Python programs.
 Large and small businesses use and trust Python to run their business. Python is from security perspective a **good** choice. However even when using Python the risk on security issues is never zero.

{codeaudit-0.9.1 → codeaudit-0.9.3}/src/codeaudit/__about__.py RENAMED Viewed

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Maikel Mardjan <mike@bm-support.org>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
-__version__ = "0.9.1"
+__version__ = "0.9.3"

{codeaudit-0.9.1 → codeaudit-0.9.3}/src/codeaudit/data/sastchecks.csv RENAMED Viewed

@@ -54,6 +54,7 @@ Shelve module,shelve.open,High,Only loading a shelve from a trusted source is se
 Multiprocessing ,connection.recv,High,Connection.recv() uses pickle
 Multiprocessing ,multiprocessing.connection.Connection,High,Connection.recv() uses pickle
 Zipfile,zipfile.ZipFile,High,Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used.
+Gzip,gzip.open,Medium,Potential resource consumption if the file is untrusted.
 shutil,shutil.unpack_archive,Medium,Extracting files within a program should not be trusted by default.
 shutil,shutil.copy,Medium,Information can be transfered without permission.
 shutil,shutil.copy2,Medium,Information can be transfered without permission.

{codeaudit-0.9.1 → codeaudit-0.9.3}/src/codeaudit/reporting.py RENAMED Viewed

@@ -82,8 +82,9 @@ def overview_report(directory, filename=DEFAULT_OUTPUT_FILE):
     html += '</details>'
     html += f'<h2>Detailed overview per source file</h2>'
     html += '<details>'
-    html += '<summary>Click to see the report details.</summary>'
-    html += df.to_html(escape=True,index=False)
+    html += '<summary>Click to see the report details.</summary>'
+    df_plot = pd.DataFrame(result) # again make the df from the result variable
+    html += df_plot.to_html(escape=True,index=False)
     html += '</details>'
     # I now want only a plot for LoC, so drop other columns from Dataframe
     df_plot = pd.DataFrame(result) # again make the df from the result variable

{codeaudit-0.9.1 → codeaudit-0.9.3}/src/codeaudit/security_checks.py RENAMED Viewed

@@ -40,8 +40,7 @@ def ast_security_checks():
 def perform_validations(sourcefile):
     """For now a list defined here in this file"""
-    checks = ast_security_checks()
-    #df = pd.DataFrame(security_validations)
+    checks = ast_security_checks()
     constructs = checks['construct'].to_list()
     source = read_in_source_file(sourcefile)

{codeaudit-0.9.1 → codeaudit-0.9.3}/src/codeaudit/totals.py RENAMED Viewed

@@ -155,7 +155,7 @@ def overview_per_file(python_file):
 def overview_count(df):
-    """returns a dataframe with simple overview of all files"""
+    """returns a dataframe with simple overview for all files"""
     columns_to_sum = [
         "Number_Of_Lines",
         "AST_Nodes",

{codeaudit-0.9.1 → codeaudit-0.9.3}/tests/test_constructspart2.py RENAMED Viewed

@@ -150,5 +150,24 @@ def test_tempfile_incorrect_use():
     expected_data = {'tempfile.mktemp': [3]}
+    # Assert that the actual data matches the expected data
+    assert actual_data == expected_data
+def test_gzip_use():
+    current_file_directory = Path(__file__).parent
+    # validation1.py is in a subfolder:
+    validation_file_path = current_file_directory / "validationfiles" / "gzip.py"
+    result = perform_validations(validation_file_path)
+    #actual_data = find_constructs(source, constructs)
+    actual_data = result['result']
+    # This is the expected dictionary
+    expected_data = {'gzip.open': [4]}
     # Assert that the actual data matches the expected data
     assert actual_data == expected_data

codeaudit-0.9.3/tests/test_totalscheck.py ADDED Viewed

@@ -0,0 +1,55 @@
+import pytest
+from pathlib import Path
+from codeaudit.filehelpfunctions import read_in_source_file
+from codeaudit.totals import read_in_source_file , overview_per_file , count_ast_objects
+def test_overview_per_file_check():
+    current_file_directory = Path(__file__).parent
+    # validation1.py is in a subfolder:
+    validation_file_path = current_file_directory / "validationfiles" / "correctcounts.py"
+    # source = read_in_source_file(validation_file_path)
+    actual_data = overview_per_file(validation_file_path)
+    actual_data.pop('FilePath', None)
+    # This is the expected dictionary
+    expected_data = {
+        "FileName": "correctcounts.py",
+        "Number_Of_Lines": 115,
+        "AST_Nodes": 57,
+        "Std-Modules": 2,
+        "External-Modules": 2,
+        "Functions": 6,
+        "Classes": 0,
+        "Comment_Lines": 24,
+        "Complexity_Score": 9,
+        "warnings": 0,
+    }
+    # Assert that the actual data matches the expected data
+    assert actual_data == expected_data
+def test_count_ast_objects():
+    current_file_directory = Path(__file__).parent
+    # validation1.py is in a subfolder:
+    validation_file_path = current_file_directory / "validationfiles" / "correctcounts.py"
+    source = read_in_source_file(validation_file_path)
+    actual_data = count_ast_objects(source)
+    # This is the expected dictionary
+    expected_data = {
+        "AST_Nodes": 57,
+        "Std-Modules": 2,
+        "External-Modules": 2,
+        "Functions": 6,
+        "Classes": 0,
+    }
+    # Assert that the actual data matches the expected data
+    assert actual_data == expected_data

{codeaudit-0.9.1 → codeaudit-0.9.3}/tests/validationfiles/allshit.py RENAMED Viewed

@@ -420,3 +420,10 @@ def run_with_trace2():
 import tempfile
 temp_filename = tempfile.mktemp()
+"""Checking on gzip.open"""
+import gzip as untrusteddanger
+content = b"Lots of content here"
+with untrusteddanger.open('/home/joe/file.txt.gz', 'wb') as f:
+    f.write(content)

codeaudit-0.9.3/tests/validationfiles/complexitycheck.py ADDED Viewed

@@ -0,0 +1,22 @@
+"""complexity of code below should count to 4
+Complexity breakdown:
+1 (base)
++1 (if)
++1 (and) operator inside if
++1 (elif) — counted as another If node in AST
+ = 4
+"""
+def test(x):
+    if x > 0 and x < 10:
+        print("Single digit positive")
+    elif x >= 10:
+        print("Two digits or more")
+    else:
+        print("Non-positive")

codeaudit 0.9.1__tar.gz → 0.9.3__tar.gz

codeaudit 0.9.1tar.gz → 0.9.3tar.gz