codeaudit 1.2.0__tar.gz → 1.3.0__tar.gz

{codeaudit-1.2.0 → codeaudit-1.3.0}/CHANGELOG.md

@@ -1,6 +1,27 @@
 # Change Log
 
-# Version 1.2: Changes and Updates
+
+
+
+## Version 1.3: Changes and Updates
+
+
+* **Documentation:** General improvements and clarifications.
+* **Environment:** Updated `project.toml` — now compatible with **Python 3.14**.
+
+  * ⚠️ *Note:* The **Altair** dependency for Python 3.14 requires an update; final wording will depend on the release status of the next Altair version. The current working version of Altair (`altair-5.6.0.dev0 with typing-extensions-4.15.0` ) was used to validate correct working of all functionality of **Python Code Audit** for Python 3.14.
+
+* **Validation Enhancements:**
+
+  * Added validation for use of the class `pickle.Unpickler`, which may process untrusted binary pickle data streams.
+  * Added validation for use of the class `shelve.DbfilenameShelf`.
+  * Extended validation to detect potentially unsafe calls to the `random` module.
+
+* **CLI:** Improved help text for the `cld` command.
+
+
+
+## Version 1.2: Changes and Updates
 
 * fix: Improved error handling — when performing a file scan on a single Python file that cannot be parsed, the CLI now correctly displays an error message.
 

{codeaudit-1.2.0 → codeaudit-1.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 1.2.0
+Version: 1.3.0
 Summary: Simplified static security checks for Python 
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -14,8 +14,10 @@ Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers
 Classifier: Intended Audience :: Science/Research
 Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Security
 Classifier: Topic :: Software Development :: Quality Assurance
 Requires-Python: >=3.8
@@ -28,9 +30,12 @@ Description-Content-Type: text/markdown
 
 ![CodeauditLogo](https://github.com/nocomplexity/codeaudit/raw/main/docs/images/codeauditlogo.png)
 
+[![PythonCodeAudit Badge](https://img.shields.io/badge/Python%20Code%20Audit-Security%20Verified-FF0000?style=flat-square)](https://github.com/nocomplexity/codeaudit)
 [![PyPI - Version](https://img.shields.io/pypi/v/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10970/badge)](https://www.bestpractices.dev/projects/10970)
+[![Documentation](https://img.shields.io/badge/Python%20Code%20Audit%20Handbook-Available-blue)](https://nocomplexity.com/documents/codeaudit/intro.html)
+[![License](https://img.shields.io/badge/License-GPLv3-FFD700)](https://nocomplexity.com/documents/codeaudit/license.html)
 [![PyPI Downloads](https://static.pepy.tech/badge/codeaudit)](https://pepy.tech/projects/codeaudit)
 
 Python Code Audit - A modern Python source code analyzer based on distrust.

{codeaudit-1.2.0 → codeaudit-1.3.0}/README.md

@@ -2,9 +2,12 @@
 
 ![CodeauditLogo](https://github.com/nocomplexity/codeaudit/raw/main/docs/images/codeauditlogo.png)
 
+[![PythonCodeAudit Badge](https://img.shields.io/badge/Python%20Code%20Audit-Security%20Verified-FF0000?style=flat-square)](https://github.com/nocomplexity/codeaudit)
 [![PyPI - Version](https://img.shields.io/pypi/v/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/codeaudit.svg)](https://pypi.org/project/codeaudit)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10970/badge)](https://www.bestpractices.dev/projects/10970)
+[![Documentation](https://img.shields.io/badge/Python%20Code%20Audit%20Handbook-Available-blue)](https://nocomplexity.com/documents/codeaudit/intro.html)
+[![License](https://img.shields.io/badge/License-GPLv3-FFD700)](https://nocomplexity.com/documents/codeaudit/license.html)
 [![PyPI Downloads](https://static.pepy.tech/badge/codeaudit)](https://pepy.tech/projects/codeaudit)
 
 Python Code Audit - A modern Python source code analyzer based on distrust.

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/_toc.yml

@@ -5,13 +5,13 @@ parts:
 - caption: Quick Start
   chapters:    
   - file: features
+  - file: howtoscan
   - file: userguide
     sections:
     - file: codeauditoverview    
     - file: filescan
     - file: modulescan
-    - file: codeauditchecks
-  - file: howtoscan
+    - file: codeauditchecks  
   - file: whatissast
   - file: whysast
   - file: issues
@@ -54,8 +54,10 @@ parts:
   #- file: astlines
   # - file: astlines2
   - file: makeitbetter
+  - file: project_philosophy
   - file: complexitycheck
   - file: warnings
+  - file: handling_errors
   - file: codeauditcommands  
   - file: changelog
   

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/checks/pickle_check.md

@@ -5,7 +5,7 @@ Codeaudit checks on the use of the `pickle` statement.
 :::{danger} 
 Unpickling will import any class or function that it finds in the pickle data. This is a severe security concern as it permits the unpickler to import and invoke arbitrary code. 
 
-**Never use `pickle.load()` or `pickle.loads()` on data received from an untrusted or unauthenticated source.**
+**Never use `pickle.load()` , `pickle.loads()` or `pickle.Unpickler` on data received from an untrusted or unauthenticated source.**
 
 :::
 

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/codeauditcommands.md

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Commands Overview
-Python Code Audit commands for: version: 1.1.0
+Python Code Audit commands for: version: 1.2.0
 ```
 ----------------------------------------------------
  _                    __             _             
@@ -16,8 +16,8 @@ Usage: codeaudit COMMAND [PATH or FILE]  [OUTPUTFILE]
 Depending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.
 
 Commands:
-  overview             Reports Complexity and statistics per Python file from a directory.
-  filescan             Scans Python files or directories(packages) for vulnerabilities and reports potential issues.
+  overview             Reports complexity and statistics for Python files in a project directory.
+  filescan             Scans Python projects/files, reporting potential security weaknesses.
   modulescan           Reports module vulnerability information.
   checks               Creates an HTML report of all implemented security checks.
   version              Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].
@@ -28,7 +28,7 @@ Check https://simplifysecurity.nocomplexity.com/
 ```
 ## Code Audit overview
 ```text
-Reports Complexity and statistics per Python file from a directory.
+Reports complexity and statistics for Python files in a project directory.
 
 Parameters:
     directory (str): Path to the directory to scan.
@@ -59,7 +59,7 @@ errors defaults to 'strict'.
 ```
 ## Code Audit filescan
 ```text
-Scans Python files or directories(packages) for vulnerabilities and reports potential issues.
+Scans Python projects/files, reporting potential security weaknesses.
     
 This function performs security validations on the specified file or directory, 
 formats the results into an HTML report, and writes the output to an HTML file. 

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/examples/demoscan.json

@@ -1,7 +1,7 @@
 {
   "name": "Python_Code_Audit",
-  "version": "1.1.0",
-  "generated_on": "2025-10-10 19:20",
+  "version": "1.2.0",
+  "generated_on": "2025-10-15 15:23",
   "file_security_info": {
     "0": {
       "FileName": "demofile.py",

codeaudit-1.3.0/docs/handling_errors.md

@@ -0,0 +1,13 @@
+# Handling parsing errors
+
+Only Python files that can be fully parsed are included in the **Python Code Security audit** scans.
+
+Files are parsed using Python’s Abstract Syntax Tree (AST) module. If a file cannot be parsed due to invalid syntax or incompatibility with Python 3.x, an error will be reported (e.g., in the CLD). Such files cannot be analyzed and must be fixed to be included in the audit.
+
+## Parsing Errors vs. Warnings
+It is important to distinguish between parsing errors and warnings:
+* **Parsing Errors**: Files that cause a parsing error are not analyzed. These errors indicate the code is fundamentally unreadable by the AST and **should be fixed**.
+* **Warnings**: Python files may contain warnings, but these files are still fully parsed and analyzed. However, from a security standpoint, you should **also fix** Python files that produce warnings, as warnings often point to questionable or deprecated code practices.
+
+
+See also the section of [Python warnings](warnings) to learn how **Python Code Audit** handles warnings.

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/help.md

@@ -10,12 +10,41 @@ Everyone can help with improving this tool!
 :::
 
 
+## Promote Your Commitment to Python Code Audit
 
 
-Helping is possible in multiple ways:
 * [Support this work](sponsors)
-* Share and promote the use of this solid simple tool
+
+* If you use **Python Code Audit**, showcase your dedication to secure coding by adding the badge ![PythonCodeAudit Badge](https://img.shields.io/badge/Python%20Code%20Audit-Security%20Verified-FF0000?style=flat-square) to your public repository.
+Displaying the badge signals that you take Python security seriously and have proactively audited your code for potential vulnerabilities.
+
+You can display the badge, ![PythonCodeAudit Badge](https://img.shields.io/badge/Python%20Code%20Audit-Security%20Verified-FF0000?style=flat-square), by embedding the following snippet in your Markdown file:
+
+```markdown
+[![PythonCodeAudit Badge](https://img.shields.io/badge/Python%20Code%20Audit-Security%20Verified-FF0000?style=flat-square)](https://github.com/nocomplexity/codeaudit)
+```
+Or by embedding this in your HTML page:
+
+```html
+<href="https://github.com/nocomplexity/codeaudit"><img alt="PythonCodeAudit Badge" src="https://img.shields.io/badge/Python%20Code%20Audit-Security%20Verified-FF0000?style=flat-square"></a>
+```
+
+:::{admonition} When using the Python Code Audit badge, inform your users!
+:class: tip, dropdown
+
+When you use **Python Code Audit**, you are in control.
+
+No AI agent should decide what is necessary — only you fully understand your design and its complete context.
+
+You should carefully evaluate all reported weaknesses. 
+
+Not every issue requires fixing; depending on your program and the environment in which it operates, **some detected weaknesses may not be relevant**.
+
+However, it is important to document your decisions and inform your users about the design choices you have made and the rationale behind them.
+:::
+
 * Send me a line that you use this tool within your company. 
+
 * [Contribute](CONTRIBUTE)
 
 Guideline to contribute:

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/intro.md

@@ -1,7 +1,10 @@
 # Introduction
 
+[![PythonCodeAudit Badge](https://img.shields.io/badge/Python%20Code%20Audit-Security%20Verified-FF0000?style=flat-square)](https://github.com/nocomplexity/codeaudit)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10970/badge)](https://www.bestpractices.dev/projects/10970) 
 [![PyPI - Version](https://img.shields.io/pypi/v/codeaudit.svg)](https://pypi.org/project/codeaudit)
+[![Documentation](https://img.shields.io/badge/Python%20Code%20Audit%20Handbook-Available-blue)](https://nocomplexity.com/documents/codeaudit/intro.html)
+[![License](https://img.shields.io/badge/License-GPLv3-FFD700)](https://nocomplexity.com/documents/codeaudit/license.html)
 
 ![CodeauditLogo](images/codeauditlogo.png)
 

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/license.md

@@ -6,7 +6,11 @@ Open accessible information should not available as easy as possible without bor
 
 So I choose to use a Creative Commons Attribution-ShareAlike License for documentation. This license allows you to freely use and share all the information as long as you follow the simple terms that come with this open access license. Using this license creates a brighter future for us all.
 
-For the **Codeaudit** tool all code is available under the GPL license. 
+For the **Python Code Audit** tool all code is available under the FOSS (Free and Open Source Software) GPLv3 license. 
+Transparency builds trust. Openness is key. 
+
+You should only use [open security solutions (products, methods, and documentation)](https://nocomplexity.com/documents/securitysolutions/intro.html) that are open and can be improved so that we all benefit. 
+
 
 ## Documentation license
 
@@ -55,7 +59,7 @@ material.
 ## Software License
 
    
-Codeaudit is a Python program to check for potential security issues in Python files.
+**Python Code Audit** is a Python program to check for security weaknesses in Python files.
 
 Copyright (C) 2025  BM-Support.org Foundation and Maikel Mardjan. 
 

codeaudit-1.3.0/docs/project_philosophy.md

@@ -0,0 +1,55 @@
+# Project Philosophy
+
+The rapid growth and increasing complexity of Python-based web applications and systems have made robust security testing more important than ever. 
+
+To strengthen cyber security, we must make protection both **better and simpler** — simpler to use, simpler to maintain, and simpler to understand.
+
+Too often, complex security tools end up **reducing security** rather than improving it. The goal should be to **do the simple things well** — ensuring strong fundamentals rather than adding unnecessary complexity.
+
+Security validation for Python code should be **fast, straightforward, and effective**.
+
+
+However, there are almost no **high-quality Free and Open Source (FOSS)** Static Application Security Testing (SAST) tools available for Python. 
+
+## Design Approach and Solution
+
+
+We believe that static security testing of Python code should be carried out more frequently and to a higher standard — but it should also be **extremely simple for everyone** to perform. Whether you’re a professional developer or an occasional Python user, **anyone** should be able to run a SAST test quickly and easily.
+
+
+Python Code Audit is built on strong design principles:
+* **Better be safe than sorry!** **Python Code Audit** takes a defensive security approach. 
+
+* **Local first**: No data leakage and no reliance on third-party services. Security should never be outsourced to a “black box” environment.
+
+
+* **Simple to use**: Designed for ease of use by anyone, regardless of experience level.
+
+
+* **Simple to extend**: Easy to adapt and build upon for future needs.
+
+
+* **Simple to maintain**: We follow [0Complexity design principles](https://nocomplexity.com/documents/0complexity/abstract.html): simplicity enhances security. This means minimising dependencies and keeping both design and implementation straightforward and transparent.
+
+
+* **Transparent**: All code is released under a FOSS (Free and Open Source Software) [licence](license). Transparency builds trust.
+
+
+* **Trust is good, but validation is better**: The tool validates against numerous common weaknesses often found in Python code. 
+
+* **Limited scope**: No tool can do everything well. Complex checks such as SQL injection detection, TLS certificate validation, or cryptographic misuse analysis are intentionally out of scope. These areas are difficult to automate reliably and often create a false sense of security. Instead, we focus on delivering a **simple, trustworthy security tool** that performs its defined tasks exceptionally well — without compromise.
+
+* **You are in charge**: No AI agent should decide what is needed — only you fully understand the context. The tool is there to assist, but it remains **your responsibility** to determine whether a weakness could develop into a vulnerability that requires fixing.
+
+
+## Read our Manifesto
+
+:::{admonition} Cyber security protection can be much better and simpler.
+:class: tip
+[**Read our Manifesto**](https://nocomplexity.com/simplifysecurity-manifesto/)
+
+:::
+
+
+
+

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/userguide.md

@@ -61,16 +61,13 @@ codeaudit
 This will show:
 
 ```text
---------------------------------------------------
-   _____          _                      _ _ _   
-  / ____|        | |                    | (_) |  
- | |     ___   __| | ___  __ _ _   _  __| |_| |_ 
- | |    / _ \ / _` |/ _ \/ _` | | | |/ _` | | __|
- | |___| (_) | (_| |  __/ (_| | |_| | (_| | | |_ 
-  \_____\___/ \__,_|\___|\__,_|\__,_|\__,_|_|\__|
---------------------------------------------------
+----------------------------------------------------
+ _                    __             _             
+|_) \/_|_|_  _ __    /   _  _| _    |_|    _| o _|_
+|   /  |_| |(_)| |   \__(_)(_|(/_   | ||_|(_| |  |_
+----------------------------------------------------
 
-Codeaudit - Modern Python source code analyzer based on distrust.
+Python Code Audit - A modern Python security source code analyzer based on distrust.
 
 Commands to evaluate Python source code:
 Usage: codeaudit COMMAND [PATH or FILE]  [OUTPUTFILE] 
@@ -78,12 +75,11 @@ Usage: codeaudit COMMAND [PATH or FILE]  [OUTPUTFILE]
 Depending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.
 
 Commands:
-  overview             Reports Complexity and statistics per Python file from a directory.
-  modulescan           Reports module information per file.
-  filescan             Reports potential security issues for a single Python file.
-  directoryscan        Reports potential security issues for all Python files found in a directory.
-  checks               Generate an HTML report of all implemented codeaudit security checks.
-  version              Prints the module version. Use [-v] [--v] [-version] or [--version].
+  overview             Reports complexity and statistics for Python files in a project directory.
+  filescan             Scans Python projects/files, reporting potential security weaknesses.
+  modulescan           Reports module vulnerability information.
+  checks               Creates an HTML report of all implemented security checks.
+  version              Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].
 
 Use the Codeaudit documentation to check the security of Python programs and make your Python programs more secure!
 Check https://simplifysecurity.nocomplexity.com/ 

{codeaudit-1.2.0 → codeaudit-1.3.0}/docs/warnings.md

@@ -1,6 +1,6 @@
-# Warnings
+# Python Warnings
 
-Code Audit captures Python warnings.
+**Python Code Audit** captures Python warnings.
 
 But:
 :::{caution} 

{codeaudit-1.2.0 → codeaudit-1.3.0}/pyproject.toml

@@ -22,8 +22,10 @@ classifiers = [
   "Topic :: Software Development :: Quality Assurance",
   "Development Status :: 4 - Beta",
   "Programming Language :: Python",
+  "Programming Language :: Python :: 3.11",
   "Programming Language :: Python :: 3.12",
   "Programming Language :: Python :: 3.13", 
+  "Programming Language :: Python :: 3.14", 
 ]
 
 

{codeaudit-1.2.0 → codeaudit-1.3.0}/src/codeaudit/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Maikel Mardjan <mike@bm-support.org>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
-__version__ = "1.2.0"
+__version__ = "1.3.0"

{codeaudit-1.2.0 → codeaudit-1.3.0}/src/codeaudit/data/sastchecks.csv

@@ -21,6 +21,7 @@ Insecure Hashing Algorithm,hashlib.sha1,High,SHA-1 is cryptographically broken a
 Logging Configuration,logging.config,Medium,Parsing untrusted logging configurations can lead to vulnerabilities if not handled correctly.
 Pickle Usage,pickle.loads,High,Deserializing untrusted data with `pickle` can lead to arbitrary code execution.
 Pickle Usage,pickle.load,High,Deserializing untrusted data with `pickle` can lead to arbitrary code execution.
+Pickle Usage,pickle.Unpickler,High,Deserializing untrusted data with `pickle` can lead to arbitrary code execution.
 OS Execution,os.system,High,Direct OS function calls can have significant security implications and require careful review.
 OS Execution,os.execl,High,Direct OS function calls can have significant security implications and require careful review.
 OS Execution,os.execle,High,Direct OS function calls can have significant security implications and require careful review.
@@ -51,8 +52,15 @@ Base64 Encoding ,base64,Low,"Base64 encoding is not for security. It only visual
 XML-RPC Client,xmlrpc.client,High,Vulnerable to denial-of-service via decompression bombs.
 XML-RPC Server,xmlrpc.server.SimpleXMLRPCServer,High,Vulnerable to denial-of-service via decompression bombs.
 Cryptographically Unsafe Randomness,random.random,Low,The pseudo-random generators in this module are not suitable for security purposes. 
+Cryptographically Unsafe Randomness,random.Random,Low,The pseudo-random generators in this module are not suitable for security purposes. 
+Cryptographically Unsafe Randomness,random.randrange,Low,The pseudo-random generators in this module are not suitable for security purposes. 
+Cryptographically Unsafe Randomness,random.randint,Low,The pseudo-random generators in this module are not suitable for security purposes. 
+Cryptographically Unsafe Randomness,random.uniform,Low,The pseudo-random generators in this module are not suitable for security purposes. 
+Cryptographically Unsafe Randomness,random.triangular,Low,The pseudo-random generators in this module are not suitable for security purposes. 
 Cryptographically Unsafe Randomness,random.seed,Low,The pseudo-random generators in this module are not suitable for security purposes. 
+Cryptographically Unsafe Randomness,random.randbytes,Low,The pseudo-random generators in this module are not suitable for security purposes. 
 Shelve Usage,shelve.open,High,"The `shelve` module uses `pickle` internally, making it unsafe for untrusted data."
+Shelve Usage,shelve.DbfilenameShelf,High,"The `shelve` module uses `pickle` internally, making it unsafe for untrusted data."
 Unsafe Deserialization: multiprocessing,connection.recv,High,"Uses pickle, which can execute arbitrary code when receiving data. "
 Unsafe Deserialization: multiprocessing,multiprocessing.connection.Connection,High,Relies on pickle; dangerous with untrusted data. 
 Zipfile Extraction,zipfile.ZipFile,High,Vulnerable to path traversal attacks if used with untrusted archives.

{codeaudit-1.2.0 → codeaudit-1.3.0}/src/codeaudit/reporting.py

@@ -30,7 +30,7 @@ from codeaudit import __version__
 
 from importlib.resources import files
 
-DISCLAIMER_TEXT = "<p><b>Disclaimer:</b><i>This SAST tool 'codeaudit' provides a powerful automatic security analysis for Python source code. However it's not a substitute for human review in combination with business knowledge. <b>Undetected vulnerabilities may still exist</b>. There is and will never be a single security tool that gives 100% automatic guarantees. By reporting any issues you find, you contribute to a better tool for everyone.</i></p>"
+DISCLAIMER_TEXT = "<p><b>Disclaimer:</b><i>This SAST tool <b>Python Code Audit</b> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist. <b>There is, and will never be, a single security tool that gives 100% automatic guarantees</b>. By reporting any issues you find, you contribute to a better tool for everyone.</i>"
 
 
 SIMPLE_CSS_FILE = files('codeaudit') / 'simple.css'
@@ -38,7 +38,7 @@ SIMPLE_CSS_FILE = files('codeaudit') / 'simple.css'
 DEFAULT_OUTPUT_FILE = 'codeaudit-report.html'
 
 def overview_report(directory, filename=DEFAULT_OUTPUT_FILE):
-    """Reports Complexity and statistics per Python file from a directory.
+    """Reports complexity and statistics for Python files in a project directory.
     
     Parameters:
         directory (str): Path to the directory to scan.
@@ -104,7 +104,7 @@ def overview_report(directory, filename=DEFAULT_OUTPUT_FILE):
         
 
 def scan_report(input_path , filename=DEFAULT_OUTPUT_FILE):
-    """Scans Python files or directories(packages) for vulnerabilities and reports potential issues.
+    """Scans Python projects/files, reporting potential security weaknesses.
         
     This function performs security validations on the specified file or directory, 
     formats the results into an HTML report, and writes the output to an HTML file. 
@@ -119,7 +119,7 @@ def scan_report(input_path , filename=DEFAULT_OUTPUT_FILE):
     Returns:
         None - A HTML report is written as output
     """
-      # Check if the input is a valid directory or a single valid Python file
+    # Check if the input is a valid directory or a single valid Python file
     file_path = Path(input_path)
     if file_path.is_dir():
         directory_scan_report(input_path , filename ) #create a package aka directory scan report

{codeaudit-1.2.0 → codeaudit-1.3.0}/tests/test_constructspart2.py

@@ -12,20 +12,14 @@ def test_shelve_usage():
 
     # validation1.py is in a subfolder:
     validation_file_path = current_file_directory / "validationfiles" / "shelve.py"
-
-        
-    #We run now constructs based on definitions!
-    # constructs = {'random.random',
-    #               'random.seed'}
     
     result = perform_validations(validation_file_path)
 
-    #actual_data = find_constructs(source, constructs) 
+    # actual_data = find_constructs(source, constructs)
     actual_data = result['result']
 
     # This is the expected dictionary
-    expected_data = {'shelve.open': [3] ,
-                     }
+    expected_data = {"shelve.DbfilenameShelf": [7], "shelve.open": [3]}
 
     # Assert that the actual data matches the expected data
     assert actual_data == expected_data

{codeaudit-1.2.0 → codeaudit-1.3.0}/tests/test_random.py

@@ -12,19 +12,22 @@ def test_random_usage():
     # validation1.py is in a subfolder:
     validation_file_path = current_file_directory / "validationfiles" / "random.py"
 
-    source = read_in_source_file(validation_file_path)
-    
-    # constructs = {'random.random',
-    #               'random.seed'}
-    
     result = perform_validations(validation_file_path)
 
-    #actual_data = find_constructs(source, constructs) 
-    actual_data = result['result']
+    # actual_data = find_constructs(source, constructs)
+    actual_data = result["result"]
 
     # This is the expected dictionary
-    expected_data = {'random.random': [14] ,
-                     'random.seed': [15] }
+    expected_data = {
+        "random.Random": [19],
+        "random.randrange": [22],
+        "random.randint": [24],
+        "random.uniform": [26],
+        "random.triangular": [28],
+        "random.randbytes": [31],
+        "random.random": [14],
+        "random.seed": [15],
+    }
 
     # Assert that the actual data matches the expected data
-    assert actual_data == expected_data
+    assert actual_data == expected_data

{codeaudit-1.2.0 → codeaudit-1.3.0}/tests/test_standardlibconstructs.py

@@ -3,6 +3,7 @@ from pathlib import Path
 
 from codeaudit.filehelpfunctions import read_in_source_file
 from codeaudit.issuevalidations import find_constructs
+from codeaudit.security_checks import perform_validations
 
 
 def test_xml_usage():
@@ -83,20 +84,18 @@ def test_httpserver_usage():
 
 def test_pickle_usage():
     current_file_directory = Path(__file__).parent
-
-    # validation1.py is in a subfolder:
+    
     validation_file_path = current_file_directory / "validationfiles" / "pickle.py"
 
-    source = read_in_source_file(validation_file_path)
+       
+    result = perform_validations(validation_file_path)
+    #actual_data = find_constructs(source, constructs) 
+    actual_data = result['result']
+     # This is the expected dictionary
     
-    constructs = {'pickle.load',
-                  'pickle.loads'}
-    actual_data = find_constructs(source, constructs) 
+    expected_data = {'pickle.loads': [3, 12], 'pickle.Unpickler': [16], 'pickle.load': [7]}
 
-    # This is the expected dictionary
-    expected_data = {'pickle.load': [7] ,
-                     'pickle.loads': [3,12] }
-
-    # Assert that the actual data matches the expected data
+    
+    # # Assert that the actual data matches the expected data
     assert actual_data == expected_data
 

codeaudit-1.3.0/tests/validationfiles/pickle.py

@@ -0,0 +1,19 @@
+    
+import pickle
+pickle.loads(b"cos\nsystem\n(S'echo hello world'\ntR.")
+
+def donotdothis():
+    with open('data.pickle', 'rb') as f:
+        data = pickle.load(f)
+
+
+from pickle import loads as importmalware
+
+importmalware('mysafefile.txt')
+
+
+#The pickle.Unpickler class is the deserialization engine of the pickle module.
+unpickler = pickle.Unpickler(pickled_data_stream)
+
+# Call the load() method to deserialize the data
+unpickled_data = unpickler.load()

codeaudit-1.3.0/tests/validationfiles/random.py

@@ -0,0 +1,31 @@
+
+import random
+
+def generate_random_float():
+  """
+  Generates a random floating-point number between 0.0 (inclusive) and 1.0 (exclusive).
+
+  The random.random() function from Python's built-in 'random' module is used
+  to produce this number.
+
+  Returns:
+    float: A random float between 0.0 and 1.0.
+  """
+  random_number = random.random()
+  random.seed(23)
+  return random_number
+
+# Create a Random instance with a fixed seed for reproducibility
+rng = random.Random(42)
+
+# Generate a random number from 0 up to (but not including) 10
+num1 = random.randrange(10)
+
+num = random.randint(1, 10)
+
+num_uni = random.uniform(1.0, 10.0)
+
+num_tri = random.triangular(1.0, 10.0, 5.0)
+
+# Generate a larger block of random bytes (e.g., 16 bytes)
+more_data = random.randbytes(16)

codeaudit-1.3.0/tests/validationfiles/shelve.py

@@ -0,0 +1,7 @@
+import shelve
+
+with shelve.open('spam') as db:
+    db['eggs'] = 'eggs'
+
+#line belows also is a weakness, since shelve uses the pickle module
+db = shelve.DbfilenameShelf('mydata.db', flag='c', protocol=None, writeback=False)

codeaudit-1.2.0/tests/validationfiles/pickle.py

@@ -1,12 +0,0 @@
-    
-import pickle
-pickle.loads(b"cos\nsystem\n(S'echo hello world'\ntR.")
-
-def donotdothis():
-    with open('data.pickle', 'rb') as f:
-        data = pickle.load(f)
-
-
-from pickle import loads as importmalware
-
-importmalware('mysafefile.txt')

codeaudit-1.2.0/tests/validationfiles/random.py

@@ -1,16 +0,0 @@
-
-import random
-
-def generate_random_float():
-  """
-  Generates a random floating-point number between 0.0 (inclusive) and 1.0 (exclusive).
-
-  The random.random() function from Python's built-in 'random' module is used
-  to produce this number.
-
-  Returns:
-    float: A random float between 0.0 and 1.0.
-  """
-  random_number = random.random()
-  random.seed(23)
-  return random_number

codeaudit-1.2.0/tests/validationfiles/shelve.py

@@ -1,4 +0,0 @@
-import shelve
-
-with shelve.open('spam') as db:
-    db['eggs'] = 'eggs'