codeaudit 1.4.2__py3-none-any.whl → 1.5.0__py3-none-any.whl

codeaudit/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Maikel Mardjan <mike@bm-support.org>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
-__version__ = "1.4.2"
+__version__ = "1.5.0"

codeaudit/data/secretslist.txt

@@ -0,0 +1,135 @@
+
+_KEY
+_passwd
+_PASSWORD
+access_key
+access_key_id
+ACCESS_SECRET
+ACCESS_TOKEN
+AccountKey
+AI21_API_KEY
+ALIBABA_CLOUD_ACCESS_KEY_ID
+ALIBABA_CLOUD_ACCESS_KEY_SECRET
+ANTHROPIC_API_KEY
+api_key
+API_TOKEN
+ApiKey
+ApiSecret
+APP_KEY
+APP_SECRET
+AUTH
+auth_key
+AUTH_SECRET
+auth_token
+AUTH_TOKEN
+Authorization
+AWS_ACCESS_KEY_ID
+aws_account_id
+aws_secret_access_key
+AWS_SECRET_ACCESS_KEY
+aws_session_token
+AWS_SESSION_TOKEN
+AZURE_OPENAI_API_KEY
+AZURE_OPENAI_API_VERSION
+AZURE_OPENAI_ENDPOINT
+AzureStorageKey
+BAIDU_API_KEY
+BAIDU_SECRET_KEY
+BASIC_AUTH
+BEARER
+BEARER_TOKEN
+BEDROCK_REGION
+CLIENT_ID
+client_key
+CLIENT_SECRET
+ClientSecret
+COHERE_API_KEY
+CONNECTION_STRING
+credential
+credentials
+CREDENTIALS_JSON
+creds
+CSRF_TOKEN
+DASHSCOPE_API_KEY
+DEEPSEEK_API_KEY
+DEPLOY_KEY
+encryptedPassword
+ENCRYPTION_SECRET
+EncryptionKey
+FERNET_KEY
+FIREWORKS_API_KEY
+GCP_SERVICE_ACCOUNT_KEY
+GEMINI_API_KEY
+get_api_token
+get_secret
+get_token
+GITHUB_TOKEN
+GOOGLE_API_KEY
+GOOGLE_API_KEY
+HMAC_KEY
+HUGGINGFACE_API_TOKEN
+IBM_WATSONX_API_KEY
+IBM_WATSONX_PROJECT_ID
+ID_TOKEN
+INTEGRATION_KEY
+JWT_ACCESS_TOKEN
+JWT_ALGORITHM
+JWT_AUDIENCE
+JWT_ISSUER
+JWT_PRIVATE_KEY
+JWT_PUBLIC_KEY
+JWT_REFRESH_TOKEN
+JWT_SECRET
+JWT_SECRET_KEY
+JWT_SIGNING_KEY
+JWT_TOKEN
+KEYFILE
+KUBE_TOKEN
+MASTER_KEY
+MISTRAL_API_KEY
+MLAB_PASS
+MOONSHOT_API_KEY
+NetworkCredential
+NVIDIA_API_KEY
+OAUTH_TOKEN
+OLLAMA_API_BASE
+OPENAI_API_KEY
+OPENROUTER_API_KEY
+OTEL_EXPORTER
+PASSPHRASE
+password
+POSTGRES_PASSWORD
+PPLX_API_KEY
+PRIVATE_KEY
+PRIVATE_TOKEN
+REDIS_PASSWORD
+REFRESH_TOKEN
+REPLICATE_API_TOKEN
+ROOT_PASSWORD
+RSA_PRIVATE_KEY
+SAS_TOKEN
+secret
+secret_key
+secret_key_base
+SECRET_TOKEN
+SERVICE_ACCOUNT_KEY
+SESSION_KEY
+SIGNING_KEY
+SILICONFLOW_API_KEY
+SLACK_TOKEN
+SMTP_PASSWORD
+SSH_KEY
+static_key
+STRIPE_API_KEY
+SYSTEM_PASSWORD
+TENCENT_HUNYUAN_API_KEY
+TLS_PRIVATE_KEY
+TOGETHER_API_KEY
+TOKEN
+VAULT_TOKEN
+WEBHOOK_SECRET
+WEBHOOK_TOKEN
+X_API_KEY
+XAI_API_KEY
+YI_API_KEY
+ZHIPUAI_API_KEY

codeaudit/filehelpfunctions.py

@@ -24,7 +24,7 @@ def read_in_source_file(file_path):
 
     if file_path.is_dir():
         print(
-            "Error: The given path is a directory.\nUse 'codeaudit directoryscan' to audit all Python files in a directory.\nThe 'codeaudit modulescan' command works per file only, not on a directory.\nUse codeaudit -h for help"
+            "Error: The given path is a directory.\nUse 'codeaudit filescan' to security audit Python files in a directory or PyPI package.\nThe 'codeaudit modulescan' command works per file only, not on a directory.\nUse codeaudit -h for help"
         )
         sys.exit(1)
 

codeaudit/privacy_lint.py

@@ -0,0 +1,292 @@
+from codeaudit.api_interfaces import version
+from codeaudit.filehelpfunctions import get_filename_from_path , collect_python_source_files , is_ast_parsable , read_in_source_file
+from codeaudit.pypi_package_scan import get_pypi_download_info , get_package_source
+
+
+import ast
+from pathlib import Path
+import datetime 
+import re
+
+
+from importlib.resources import files
+
+
+SECRETS_LIST = files("codeaudit.data").joinpath("secretslist.txt") 
+
+def secret_scan(input_path):
+    """Scans Python file or a PyPI package for potential privacy leaks.
+
+    This function analyzes Python code for possible privacy-related issues
+    (which often overlap with security weaknesses). The input can be:
+    - A local directory containing a Python package
+    - A single Python file
+    - A PyPI package name (which will be downloaded and scanned)
+
+    Depending on the input type, the function performs an AST-based scan
+    and returns structured metadata along with scan results.
+
+    Args:
+        input_path (str): Path to a local directory, path to a Python
+            file, or the name of a PyPI package to scan.
+
+    Returns:
+        dict: A dictionary containing scan metadata and results. The
+        structure varies depending on the input:
+            - For a directory or PyPI package, results include package-level
+              privacy findings.
+            - For a single Python file, results include file-level privacy
+              findings.
+            - If the input is invalid, an error dictionary is returned with
+              an `"Error"` key.
+
+    Raises:
+        None: All errors are handled internally and reported in the
+        returned dictionary.
+    """
+    file_output = {}
+    file_path = Path(input_path)
+    ca_version_info = version()
+    now = datetime.datetime.now()
+    timestamp_str = now.strftime("%Y-%m-%d %H:%M")
+    output = ca_version_info | {"generated_on" : timestamp_str}    
+    # Check if the input is a valid directory or a single valid Python file
+    if file_path.is_dir(): #local directory scan
+        package_name = get_filename_from_path(input_path)
+        output |= {"package_name": package_name}
+        spycheck_output = _codeaudit_directory_spyscan(input_path)        
+        output |= spycheck_output
+        return output            
+    elif file_path.suffix.lower() == ".py" and file_path.is_file() and is_ast_parsable(input_path):   #check on parseable single Python file   
+        # do a file spy check        
+        name_of_file = get_filename_from_path(input_path)
+        name_dict = {"FileName": name_of_file}
+        spycheck_output = spy_check(input_path)                
+        file_output["0"] = spycheck_output #there is only 1 file , so index 0 equals as for package to make functionality that use the output that works on the dict or json can equal for a package or a single file!
+        output |= { "file_name": name_dict,
+                   "file_privacy_check" : file_output}        
+        return output
+    elif (pypi_data := get_pypi_download_info(input_path)):    
+        package_name = input_path #The variable input_path is now equal to the package name        
+        url = pypi_data['download_url']
+        release = pypi_data['release']
+        if url is not None:
+            src_dir, tmp_handle = get_package_source(url)            
+            output |= {"package_name": package_name,
+                       "package_release": release}
+            try:                
+                spycheck_output = _codeaudit_directory_spyscan(src_dir)  
+                output |= spycheck_output
+            finally:
+                # Cleaning up temp directory
+                tmp_handle.cleanup()  # deletes everything from temp directory
+            return output
+    else:
+        # Its not a directory nor a valid Python file:
+        return {"Error" : "File is not a *.py file, does not exist or is not a valid directory path towards a Python package."}
+
+
+def spy_check(file):
+    """runs the AST function to get spy info"""
+    code = read_in_source_file(file)
+    spy_output = collect_secret_values(code)
+    name_of_file = get_filename_from_path(file)    
+    output = { "file_name": name_of_file,
+                "privacy_check_result" : spy_output}  
+    return output
+
+
+def _codeaudit_directory_spyscan(input_path):
+    """Performs a spyscan on a local directory
+    Function is also used with scanning directory PyPI.org packages, since in that case a tmp directory is used
+    """
+    output ={}
+    file_output = {}
+    files_to_check = collect_python_source_files(input_path)    
+    if len(files_to_check) > 1:                        
+        for i,file in enumerate(files_to_check):                                                
+            file_output[i] = spy_check(file)
+        output |= { "file_privacy_check" : file_output}
+        return output
+    else:
+        output_msg = f'Directory path {input_path} contains no Python files.'
+        return {"Error" : output_msg}
+
+
+def load_secrets_list(filename=SECRETS_LIST):
+    """
+    Load secrets from SECRETS_LIST and return a list of lines,
+    excluding empty lines and lines starting with '#'.
+    """
+    secrets_patterns = []
+
+    with open(filename, "r", encoding="utf-8") as f:
+        for line in f:
+            line = line.strip()
+            if not line or line.startswith("#"):
+                continue
+            secrets_patterns.append(line.lower()) #lower all patterns
+
+    return secrets_patterns
+
+
+def match_secret(secrets, name, value):
+    """
+    Check whether a name or value contains a secret.
+
+    Assumptions:
+    - `secrets` are already lowercased.
+
+    Matching rules (in priority order):
+    1. Whole-word match in name
+    2. Whole-word match in value
+
+    Returns:
+        The matching secret (lowercased) if found, otherwise None.
+    """
+    name_lower = str(name).lower()
+    value_lower = str(value).lower()
+
+    # Shorter secrets first to preserve original behavior
+    for secret in sorted(secrets, key=len):
+        pattern = re.compile(rf"\b{re.escape(secret)}\b")
+
+        if pattern.search(name_lower) or pattern.search(value_lower):
+            return secret
+
+    return None
+
+
+def collect_secret_values(source_code, secrets_file=SECRETS_LIST):
+    secrets = load_secrets_list(secrets_file)
+    results = []
+    source_lines = source_code.splitlines()
+
+    # -------------------------
+    # Helpers
+    # -------------------------
+    def get_constant(node):
+        return getattr(node, "value", None)
+
+    def is_os_environ(node):
+        return (
+            getattr(getattr(node, "value", None), "attr", None) == "environ"
+            and getattr(getattr(getattr(node, "value", None), "value", None), "id", None) == "os"
+        )
+
+    def get_target_repr(node):
+        if hasattr(node, "id"):
+            return node.id
+        if hasattr(node, "attr") or hasattr(node, "slice"):
+            return ast.unparse(node)
+        return None
+
+    def classify_value(node):
+        if node is None:
+            return None
+
+        if isinstance(node, ast.Constant):
+            return node.value
+
+        if hasattr(node, "slice"):
+            if is_os_environ(node):
+                return get_constant(node.slice)
+            return ast.unparse(node)
+
+        if hasattr(node, "func") and getattr(node, "args", None):
+            first_arg = node.args[0]
+            if isinstance(first_arg, ast.Constant):
+                return first_arg.value
+
+        if hasattr(node, "id") or hasattr(node, "attr"):
+            return ast.unparse(node)
+
+        return ast.unparse(node)
+    
+    def get_original_line(node):
+        lineno = getattr(node, "lineno", None)
+        if lineno is None:
+            return None
+        lines = []
+        # line before
+        if lineno > 1:
+            lines.append(source_lines[lineno - 2].rstrip())
+
+        # current line
+        if 1 <= lineno <= len(source_lines):
+            lines.append(source_lines[lineno - 1].rstrip())
+
+        # line after
+        if lineno < len(source_lines):
+            lines.append(source_lines[lineno].rstrip())
+
+        return "\n".join(lines)
+
+   
+    def add_value(name, value_node, node):
+            value = classify_value(value_node)
+            matched = match_secret(secrets, name, value)
+            if matched is not None: #when no match is found, no results will be added to the result dict.
+                results.append(
+                    {
+                        "lineno": getattr(node, "lineno", None),
+                        "code": get_original_line(node),
+                       # "name": name,
+                       # "value": value,
+                        "matched": matched,
+                    }
+                )
+
+
+    # -------------------------
+    # Walk all AST nodes
+    # -------------------------
+    tree = ast.parse(source_code)
+    for node in ast.walk(tree):
+
+        # Assignments
+        for target in getattr(node, "targets", []):
+            name = get_target_repr(target)
+            if name:
+                add_value(name, getattr(node, "value", None), node)
+                
+
+        # Annotated assignments
+        if isinstance(node, ast.AnnAssign):
+            name = get_target_repr(node.target)
+            if name:
+                add_value(name, getattr(node, "value", None), node)
+                
+
+        # Function calls (keyword arguments only)
+        if isinstance(node, ast.Call):
+            for kw in node.keywords:
+                if kw.arg:
+                    add_value(kw.arg, kw.value, kw)
+                    
+
+    return sorted(results, key=lambda item: item["lineno"])
+
+def has_privacy_findings(data):
+    """
+    Returns True if at least one file has a non-empty
+    'privacy_check_result' list, otherwise False.
+    """
+    filesscanned = data.get("file_privacy_check", {})
+
+    for file_info in filesscanned.values():
+        results = file_info.get("privacy_check_result")
+        if results and len(results) > 0:
+            return True
+
+    return False
+
+def count_privacy_check_results(data):
+    """
+    count number of secrets found for a dict created with secret_scan(filename)
+    
+    :param data: Description
+    """
+    return len(
+        data["file_privacy_check"]["0"]["privacy_check_result"]
+    )

codeaudit/reporting.py

@@ -18,6 +18,7 @@ import os
 from pathlib import Path
 
 import pandas as pd
+import html
 import datetime
 
 from codeaudit.security_checks import perform_validations , ast_security_checks
@@ -25,15 +26,20 @@ from codeaudit.filehelpfunctions import get_filename_from_path , collect_python_
 from codeaudit.altairplots import multi_bar_chart
 from codeaudit.totals import get_statistics , overview_count , overview_per_file , total_modules
 from codeaudit.checkmodules import get_imported_modules , check_module_vulnerability , get_all_modules , get_imported_modules_by_file
-from codeaudit.htmlhelpfunctions import dict_to_html , json_to_html , dict_list_to_html_table
+from codeaudit.htmlhelpfunctions import json_to_html , dict_list_to_html_table
 from codeaudit import __version__
 from codeaudit.pypi_package_scan import get_pypi_download_info , get_package_source
-
-from codeaudit.api_interfaces import filescan
+from codeaudit.privacy_lint import secret_scan , has_privacy_findings
 
 from importlib.resources import files
 
-DISCLAIMER_TEXT = "<p><b>Disclaimer:</b><i>This SAST tool <b>Python Code Audit</b> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist. <b>There is, and will never be, a single security tool that gives 100% automatic guarantees</b>. By reporting any issues you find, you contribute to a better tool for everyone.</i>"
+
+PYTHON_CODE_AUDIT_TEXT = '<a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a>'
+DISCLAIMER_TEXT = (
+    "<p><b>Disclaimer:</b> <i>This SAST tool "
+    + PYTHON_CODE_AUDIT_TEXT
+    + " provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p>"
+)
 
 
 SIMPLE_CSS_FILE = files('codeaudit') / 'simple.css'
@@ -49,6 +55,9 @@ def overview_report(directory, filename=DEFAULT_OUTPUT_FILE):
     - A local directory containing Python source files
     - The name of a package hosted on PyPI.org
 
+    So:
+    codeaudit overview <package-name|directory> [reportname.html]
+
     For PyPI packages, the source distribution (sdist) is downloaded,
     extracted to a temporary directory, scanned, and removed after the report
     is generated.
@@ -84,6 +93,7 @@ def overview_report(directory, filename=DEFAULT_OUTPUT_FILE):
             package name.    
     """
     clean_up = False
+    advice = None
     if os.path.exists(directory):
         # Check if the path is actually a directory
         if not os.path.isdir(directory):
@@ -102,6 +112,7 @@ def overview_report(directory, filename=DEFAULT_OUTPUT_FILE):
         pypi_data = get_pypi_download_info(package_name)
         url = pypi_data['download_url']
         release = pypi_data['release']
+        advice = f'<p>&#128073; To perform a SAST scan on the source code, run:<pre><code class="language-python">codeaudit filescan {package_name}</code></pre></p>'
         if url is not None:
             print(f'Creating Python Code Audit overview for package:\n{url}')            
             src_dir, tmp_handle = get_package_source(url)                    
@@ -117,52 +128,84 @@ def overview_report(directory, filename=DEFAULT_OUTPUT_FILE):
     df['Std-Modules'] = modules['Std-Modules']
     df['External-Modules'] = modules['External-Modules']
     overview_df = overview_count(df)
-    html = '<h1>' + f'Python Code Audit overview report' + '</h1><br>'
+    output = '<h1>' + f'Python Code Audit overview report' + '</h1><br>'
     if clean_up:
-        html += f'<p>Codeaudit overview scan of package:<b> {package_name}</b></p>' 
-        html += f'<p>Version:<b>{release}</b></p>'
+        output += f'<p>Codeaudit overview scan of package:<b> {package_name}</b></p>' 
+        output += f'<p>Version:<b>{release}</b></p>'
     else:
-        html += f'<p>Codeaudit overview scan of the directory:<b> {directory}</b></p>' 
-    html += f'<h2>Summary</h2>'
-    html += overview_df.to_html(escape=True,index=False)
-    html += '<br><br>'
+        output += f'<p>Overview for the directory:<b> {directory}</b></p>' 
+    output += f'<h2>Summary</h2>'
+    output += overview_df.to_html(escape=True,index=False)
+    output += '<br><br>'
     security_based_on_max_complexity = overview_df.loc[0,'Maximum_Complexity']
     if security_based_on_max_complexity > 40:        
-        html += '<p>Based on the maximum found complexity in a source file: Security concern rate is <b>HIGH</b>'
+        output += '<p>Based on the maximum found complexity in a source file: Security concern rate is <b>&#10060; HIGH</b>.'
     else:
-        html += '<p>Based on the maximum found complexity in a source file: Security concern rate is <b>LOW</b>'
+        output += '<p>Based on the maximum found complexity in a source file: Security concern rate is <b>&#x2705; LOW</b>.'
     security_based_on_loc = overview_df.loc[0,'Number_Of_Lines']
     if security_based_on_loc > 2000:
-        html += '<p>Based on the total Lines of Code (LoC) : Security concern rate is <b>HIGH</b>'
+        output += '<p>Based on the total Lines of Code (LoC) : Security concern rate is <b>&#10060; HIGH</b>.'
     else:
-        html += '<p>Based on the total Lines of Code (LoC) : Security concern rate is <b>LOW</b>'
-    html += '<br>'
-    ## Module overview    
-    modules_discovered = get_all_modules(directory)
+        output += '<p>Based on the total Lines of Code (LoC) : Security concern rate is <b>&#x2705; LOW</b>.'
+    output += '<br>'
+    ## Module overview
+    modules_discovered = get_all_modules(directory)    
     if clean_up:
         tmp_handle.cleanup() #Clean up tmp directory if overview is created directly from PyPI package
-    html += '<details>' 
-    html += '<summary>Click to see all discovered modules.</summary>'         
-    html+=dict_to_html(modules_discovered)
-    html += '<p><i>The command "codeaudit modulescan" can be used to check if vulnerabilities are reported in an external module.</i></p>' 
-    html += '</details>'           
-    html += f'<h2>Detailed overview per source file</h2>'
-    html += '<details>'     
-    html += '<summary>Click to see the report details.</summary>'
+    output += '<details>' 
+    output += '<summary>View all discovered modules.</summary>'
+    output += display_found_modules(modules_discovered)    
+    output += '</details>'           
+    output += f'<h2>Detailed overview per source file</h2>'
+    output += '<details>'     
+    output += '<summary>View the report details.</summary>'
     df_plot = pd.DataFrame(result) # again make the df from the result variable         
-    html += df_plot.to_html(escape=True,index=False)        
-    html += '</details>'           
+    output += df_plot.to_html(escape=True,index=False)        
+    output += '</details>'           
     # I now want only a plot for LoC, so drop other columns from Dataframe
     df_plot = pd.DataFrame(result) # again make the df from the result variable
     df_plot = df_plot.drop(columns=['FilePath'])
     plot = multi_bar_chart(df_plot)
     plot_html = plot.to_html()    
-    html += '<br><br>'
-    html += '<h2>Visual Overview</h2>'    
-    html += extract_altair_html(plot_html)    
-    create_htmlfile(html,filename)
-        
-        
+    output += '<br><br>'
+    output += '<h2>Visual Overview</h2>'    
+    output += extract_altair_html(plot_html)
+    output += '<p><b>&#128172; Advice:</b></p>'
+    if advice is not None and advice != "":    
+        output += advice
+    else:
+        output += f'<p>&#128073; To perform a SAST scan on the source code, run:<pre><code class="language-python">codeaudit filescan {directory}</code></pre></p>'    
+    create_htmlfile(output,filename)
+
+
+def display_found_modules(modules_discovered):
+    """Formats discovered Python modules into an HTML string.
+
+    Args:
+        modules_discovered (dict): Dictionary containing discovered modules with
+            keys 'core_modules' and 'imported_modules', each mapping to an
+            iterable of module names.
+
+    Returns:
+        str: HTML-formatted string listing standard library modules and
+        imported external packages.
+    """
+    core_modules = modules_discovered["core_modules"]
+    external_modules = modules_discovered["imported_modules"]
+    output = "<p><b>Used Python Standard libraries:</b></p>"
+    output += (
+        "<ul>\n"
+        + "\n".join(f"  <li>{module}</li>" for module in core_modules)
+        + "\n</ul>"
+    )
+    output += "<p><b>Imported libraries (packages):</b></p>"
+    output += (
+        "<ul>\n"
+        + "\n".join(f"  <li>{module}</li>" for module in external_modules)
+        + "\n</ul>"
+    )
+    return output
+
 
 def scan_report(input_path, filename=DEFAULT_OUTPUT_FILE):
     """Scans Python source code or PyPI packages for security weaknesses.
@@ -174,6 +217,8 @@ def scan_report(input_path, filename=DEFAULT_OUTPUT_FILE):
     - A single local Python file 
     - A package name hosted on PyPI.org
 
+    codeaudit filescan <pythonfile|package-name|directory> [reportname.html]
+
     Depending on the input type, the function analyzes the source code for
     potential security issues, generates an HTML report summarizing the
     findings, and writes the report to a static HTML file.
@@ -217,16 +262,19 @@ def scan_report(input_path, filename=DEFAULT_OUTPUT_FILE):
         directory_scan_report(input_path , filename ) #create a package aka directory scan report
     elif file_path.suffix == ".py" and file_path.is_file() and is_ast_parsable(input_path):        
         #create a sast file check report
-        scan_output = perform_validations(input_path)
-        file_report_html = single_file_report(input_path , scan_output)    
+        scan_output = perform_validations(input_path) #scans for weaknesses in the file
+        spy_output = secret_scan(input_path) #scans for secrets in the file
+        file_report_html = single_file_report(input_path , scan_output)
+        secrets_report_html = secrets_report(spy_output)
         name_of_file = get_filename_from_path(input_path)
-        html = '<h1>Python Code Audit Report</h1>' #prepared to be embedded to display multiple reports, so <h2> used
-        html += f'<h2>Result of scan of file {name_of_file}</h2>'    
-        html += '<p>' + f'Location of the file: {input_path} </p>'  
-        html += file_report_html    
-        html += '<br>'
-        html += DISCLAIMER_TEXT
-        create_htmlfile(html,filename)
+        html_output = '<h1>Python Code Audit Report</h1>' #prepared to be embedded to display multiple reports, so <h2> used
+        html_output += f'<h2>Security scan: {name_of_file}</h2>'    
+        html_output += '<p>' + f'Location of the file: {input_path} </p>'  
+        html_output += file_report_html    
+        html_output += secrets_report_html    
+        html_output += '<br>'
+        html_output += DISCLAIMER_TEXT
+        create_htmlfile(html_output,filename)
     elif get_pypi_download_info(input_path):
         package_name = input_path #The variable input_path is now equal to the package name
         print(f"Package: {package_name} exist on PyPI.org!")
@@ -247,8 +295,70 @@ def scan_report(input_path, filename=DEFAULT_OUTPUT_FILE):
     else:
         #File is NOT a valid Python file, can not be parsed or directory is invalid.
         print(f"Error: '{input_path}' isn't a valid Python file, directory path to a package or a package on PyPI.org.")
-        
-   
+
+def secrets_report(spy_output):
+    """
+    Generate an HTML report section for detected secrets and external egress risks.
+
+    This function analyzes the provided static analysis output to determine
+    whether logic for connecting to external or remote services is present.
+    If such logic is detected, it generates an HTML report section describing
+    the potential external egress risk and includes a detailed, tabular analysis
+    of where connection-related variables are used. If no such logic is found,
+    a success message indicating low data exfiltration risk is returned.
+
+    Args:
+        filename (str): Name of the file being analyzed. This parameter is used
+            for contextual identification and reporting purposes.
+        spy_output (object): Output from the secrets or static analysis process
+            containing findings used to detect external service connections.
+
+    Returns:
+        str: An HTML string representing the secrets and external egress risk
+        report section.
+    """    
+    if has_privacy_findings(spy_output):
+        output = '<br><p>&#9888;&#65039; <b>External Egress Risk</b>: Possible API keys or logic for connecting to remote services found.</p>'
+        output += '<details>'
+        output += '<summary>View detailed analysis for suspected locations where secrets are found or used in the code.</summary>'        
+        pylint_df = pylint_reporting(spy_output)
+        output += pylint_df.to_html(escape=False,index=False) 
+        output += '</details>'
+        output += '<br>'   
+    else:        
+        output = f'<br><p>&#x2705; No Logic for connecting to remote services found. Risk of data exfiltration to external systems is <b>low</b>.</p>'
+    return output
+
+
+def pylint_reporting(result):
+    """
+    Creates a pandas DataFrame of privacy findings with columns:
+    'lineno' and 'code'.
+    HTML-escaped and newlines converted to <br> for safe display.
+    """
+    rows = []
+
+    # Check that file_privacy_check exists and is not empty
+    if result.get("file_privacy_check"):
+        for item in result["file_privacy_check"].values():
+            for entry in item.get("privacy_check_result", []):
+                # Escape HTML special characters
+                escaped_code = html.escape(entry["code"])
+                # Convert newlines to <br> and wrap in <pre><code>
+                code_html = f'<pre><code class="language-python">{escaped_code.replace("\n", "<br>")}</code></pre>'
+                # Add a row to the list
+                rows.append({
+                    "lineno": entry["lineno"],
+                    "matched" : entry["matched"],
+                    "code": code_html
+                })
+
+    # Convert to pandas DataFrame
+    df = pd.DataFrame(rows, columns=["lineno", "matched", "code"])
+    df = df.rename(columns={"lineno": "line", "matched": "found"}) #rename to UI frienly names
+
+    return df
+
 
 def single_file_report(filename , scan_output):
     """Function to DRY for a codescan when used for single for CLI or within a directory scan"""
@@ -275,28 +385,30 @@ def single_file_report(filename , scan_output):
     df['code'] = df['code'].str.replace(r'\n', '<br>', regex=True)  # to convert \n to \\n for display    
     df['validation'] = df['validation'].apply(replace_second_dot) #Make the validation column smaller - this is the simplest way! without using styling options from Pandas!
     df = df[["line", "validation", "severity", "info", "code"]] # reorder the columns before converting to html
-    df = df.sort_values(by="line") # sort by line number    
-    html = f'<p>Number of potential security issues found: {number_of_issues}</p>'
-    html += '<details>' 
-    html += '<summary>Click to view identified security weaknesses.</summary>'         
-    html += df.to_html(escape=False,index=False)        
-    html += '</details>'
+    df = df.sort_values(by="line") # sort by line number 
+    if number_of_issues > 0:
+        output = f'<p>&#9888;&#65039; <b>{number_of_issues}</b> potential <b>security issues</b> found!</p>'
+        output += '<details>'
+        output += '<summary>View identified security weaknesses.</summary>'    
+        output += df.to_html(escape=False,index=False)        
+        output += '</details>'
+        output += '<br>'
+    else:
+        output = '' # No weaknesses found, no message, since privacy breaches may be present.        
     file_overview = overview_per_file(filename)    
-    df_overview = pd.DataFrame([file_overview])
-    html += '<br>'
-    html += '<details>'     
-    html += f'<summary>Click to see file details.</summary>'                 
-    html += df_overview.to_html(escape=True,index=False)        
-    html += '</details>'           
-    #imported modules
-    html += '<br>'
-    html += '<details>' 
-    html += '<summary>Click to see details for used modules in this file.</summary>' 
+    df_overview = pd.DataFrame([file_overview])    
+    output += '<details>'     
+    output += f'<summary>View detailed analysis of security relevant file details.</summary>'                 
+    output += df_overview.to_html(escape=True,index=False)        
+    output += '</details>'
+    output += '<br>'
+    output += '<details>' 
+    output += '<summary>View used modules in this file.</summary>' 
     modules_found = get_imported_modules_by_file(filename)
-    html += dict_to_html(modules_found)
-    html += f'<p>To check for <b>reported vulnerabilities</b> in external modules used by this file, use the command:<br><div class="code-box">codeaudit modulescan {filename}</div><br></p>'     
-    html += '</details>'           
-    return html 
+    output += display_found_modules(modules_found)    
+    output += f'<p>To check for <b>reported vulnerabilities</b> in external modules used by this file, use the command:<br><div class="code-box">codeaudit modulescan {filename}</div><br></p>'     
+    output += '</details>'           
+    return output 
 
 
 def directory_scan_report(directory_to_scan , filename=DEFAULT_OUTPUT_FILE , package_name=None , release=None):
@@ -321,101 +433,160 @@ def directory_scan_report(directory_to_scan , filename=DEFAULT_OUTPUT_FILE , pac
         exit(1) 
 
     collection_ok_files = [] # create a collection of files with no issues found    
-    html = '<h1>Python Code Audit Report</h1>'     
+    output = '<h1>Python Code Audit Report</h1>'     
     files_to_check = collect_python_source_files(directory_to_scan)
-    html += '<h2>Directory scan report</h2>'         
+    output += '<h2>Directory scan report</h2>'         
     name_of_package = get_filename_from_path(directory_to_scan)
     if package_name is not None:
         #Use real package name and retrieved release info
-        html += f'<p>Below the result of the Codeaudit scan of (Package name - Release):</p>'
-        html += f'<p><b> {package_name} - {release} </b></p>'
+        output += f'<p>Below the result of the Codeaudit scan of (Package name - Release):</p>'
+        output += f'<p><b> {package_name} - {release} </b></p>'
     else:
-        html += f'<p>Below the result of the Codeaudit scan of the directory:<b> {name_of_package}</b></p>' 
-    html += f'<p>Total Python files found: <b>{len(files_to_check)}</b></p>'
+        output += f'<p>Below the result of the Codeaudit scan of the directory:<b> {name_of_package}</b></p>' 
+    output += f'<p>Total Python files found: <b>{len(files_to_check)}</b></p>'
     number_of_files = len(files_to_check)
     print(f'Number of files that are checked for security issues:{number_of_files}')
     printProgressBar(0, number_of_files, prefix='Progress:', suffix='Complete', length=50)    
     for i,file_to_scan in enumerate(files_to_check):
         printProgressBar(i + 1, number_of_files, prefix='Progress:', suffix='Complete', length=50)
         scan_output = perform_validations(file_to_scan)
+        spy_output = secret_scan(file_to_scan) #scans for secrets in the file 
         data = scan_output["result"]
-        if data:
+        if data or has_privacy_findings(spy_output):
             file_report_html = single_file_report(file_to_scan , scan_output)             
             name_of_file = get_filename_from_path(file_to_scan)            
-            html += f'<h3>Result for file {name_of_file}</h3>'    
+            output += f'<h3>Security scan: {name_of_file}</h3>'    
             if package_name is None:
-                html += '<p>' + f'Location of the file: {file_to_scan} </p>'          
-            html += file_report_html            
+                output += '<p>' + f'Location of the file: {file_to_scan} </p>'          
+            output += file_report_html 
+            secrets_report_html = secrets_report(spy_output)
+            output += secrets_report_html                     
         else:
             file_name_with_no_issue = get_filename_from_path(file_to_scan)
             collection_ok_files.append({'filename' : file_name_with_no_issue ,
-                                        'directory': file_to_scan})
-    html += '<h2>Files in directory with no security issues</h2>'
-    html += f'<p>Total Python files <b>without</b> detected security issues: {len(collection_ok_files)}</p>'
-    html += '<p>The Python files with no security issues <b>detected</b> by codeaudit are:<p>'        
-    html += dict_list_to_html_table(collection_ok_files)     
-    html += '<br>'
+                                        'directory': file_to_scan})        
+    output += '<h2>Files in directory with no security issues</h2>'
+    output += f'<p>&#x2705; Total Python files <b>without</b> detected security issues: {len(collection_ok_files)}</p>'
+    output += '<p>The Python files with no security issues <b>detected</b> by codeaudit are:<p>'        
+    output += dict_list_to_html_table(collection_ok_files)     
+    output += '<br>'
     if package_name is not None:
-        html += f'<p><b>Note:</b><i>Since this check is done on a package on PyPI.org, the temporary local directories are deleted. To examine the package in detail, you should download the sources locally and run the command:<code>codeaudit filescan</code> again.</i></p>'
-    html += '<p><b>Disclaimer:</b><i>Only Python source files are taken into account for this scan. Sometimes security issues are present in configuration files, like ini,yaml or json files!</i></p>'
-    html += DISCLAIMER_TEXT
-    create_htmlfile(html,filename)  
+        output += f'<p><b>Note:</b><i>Since this check is done on a package on PyPI.org, the temporary local directories are deleted. To examine the package in detail, you should download the sources locally and run the command:<code>codeaudit filescan</code> again.</i></p>'
+    output += '<p><b>Disclaimer:</b><i>This scan only evaluates Python files. Please note that security vulnerabilities may also exist in other files associated with the Python module.</i></p>'
+    output += DISCLAIMER_TEXT
+    create_htmlfile(output,filename)  
+
 
 def report_module_information(inputfile, reportname=DEFAULT_OUTPUT_FILE):
-    """Generates a vulnerability report for imported Python modules.
+    """
+    Generate a report on known vulnerabilities in Python modules and packages.
 
-    This function analyzes a single Python source file to identify imported
-    modules and checks externally imported modules against the OSV vulnerability
-    database. The results are compiled into a static HTML report.
+    This function analyzes a single Python file to identify imported
+    external modules and checks those modules against the OSV vulnerability
+    database. The collected results are written to a static HTML report.
 
-    For each detected external module, the report indicates whether known
-    vulnerability information exists and, if available, includes detailed
-    vulnerability data.
+    If the input refers to a valid PyPI package name instead of a local Python
+    file, the function generates a vulnerability report directly for that
+    package.
 
-    Progress information is printed to stdout while processing modules.
+    While processing modules, progress information is printed to standard
+    output.
 
     Example:
         Generate a module vulnerability report for a Python file::
 
-            codeaudit modulescan mypythonfile.py 
+            codeaudit modulescan <pythonfile>|<package> [yourreportname.html]
+
+            codeaudit modulescan mypythonfile.py
 
     Args:
-        inputfile (str): Path to the Python source file to analyze.
-        reportname (str, optional): Name (and optional path) of the HTML file
-            to write the module vulnerability report to. The filename should
-            use the ``.html`` extension. Defaults to ``DEFAULT_OUTPUT_FILE``.
+        inputfile (str): Path to a Python source file (*.py) to analyze, or the
+            name of a package available on PyPI.
+        reportname (str, optional): Name (and optional path) of the HTML file to
+            write the vulnerability report to. The filename should use the
+            ``.html`` extension. Defaults to ``DEFAULT_OUTPUT_FILE``.
 
     Returns:
-        None. The function writes a static HTML report to disk.
+        None: The function writes a static HTML report to disk.
 
     Raises:
-        None explicitly. File reading errors or invalid input are reported
-        via standard output.
-    
-    """
-    source = read_in_source_file(inputfile)
-    used_modules = get_imported_modules(source)
-    # Initial call to print 0% progress
-    external_modules = used_modules['imported_modules']    
-    l = len(external_modules)
-    printProgressBar(0, l, prefix='Progress:', suffix='Complete', length=50)    
-    html = '<h1>Python Code Audit Report</h1>'
-    html += f'<h2>Module information for file {inputfile}</h2>'    
-    html += dict_to_html(used_modules)    
-    #Now vuln info per external module        
-    if external_modules:
-        html += '<h2>Vulnerability information for detected modules</h2>'    
-    for i,module in enumerate(external_modules):  #sorted for nicer report
-        printProgressBar(i + 1, l, prefix='Progress:', suffix='Complete', length=50)
-        vuln_info = check_module_vulnerability(module)
-        if not vuln_info:
-            html += f'<h3>Vulnerability information for module <b>{module}</b></h3> '
-            html += f'<li>No information found in OSV Database for module: <b>{module}</b>.</li> '
+        SystemExit: If the input is not a valid Python file or a valid PyPI
+            package. File parsing and I/O errors are reported via standard
+            output before exiting.
+    """    
+    html_output = '<h1>Python Code Audit Report</h1>'    
+    file_path = Path(inputfile)
+    if file_path.is_dir():
+        print("codeaudit modulescan only works on single python files (*.py) or packages present on PyPI.org")
+        print("See codeaudit modulescan -h or check the manual https://codeaudit.nocomplexity.com")
+        exit(1)        
+    elif file_path.suffix == ".py" and file_path.is_file() and is_ast_parsable(inputfile):   
+        source = read_in_source_file(inputfile)
+        used_modules = get_imported_modules(source)
+        # Initial call to print 0% progress
+        external_modules = used_modules['imported_modules']    
+        l = len(external_modules)
+        printProgressBar(0, l, prefix='Progress:', suffix='Complete', length=50)        
+        html_output += f'<h2>Module scan report</h2>' 
+        html_output += f'<p>Security information for file: <b>{inputfile}</b></p>'
+        html_output += f'<p>Total Dependencies Scanned: {l} </p>'
+        if external_modules:
+            html_output += '<details>' 
+            html_output += '<summary>View scanned module dependencies(imported packages).</summary>' 
+            html_output += "<ul>\n" + "\n".join(f"  <li>{module}</li>" for module in external_modules) + "\n</ul>"
+            html_output += '</details>' 
         else:
-            html += f'<h3>Vulnerability information for module: <b>{module}</b></h3> '
-            html += f'<li>Found vulnerability information in OSV Database for module: <b>{module}</b>:</li>'
-            html += json_to_html(vuln_info)    
-    create_htmlfile(html,reportname)  
+            html_output += '<p>&#x2705; No external modules found!' 
+        # Now vuln info per external module
+        if external_modules:
+            html_output += '<h3>Vulnerability information for detected modules</h3>'    
+        for i,module in enumerate(external_modules):  #sorted for nicer report
+            printProgressBar(i + 1, l, prefix='Progress:', suffix='Complete', length=50)
+            html_output += module_vulnerability_check(module) + '<br>'
+        html_output += f'<br><p>&#128161; To check for <b>security weaknesses</b> in this package, use the command:<div class="code-box">codeaudit filescan {inputfile}</div><br></p>'
+        html_output += '<br>' + DISCLAIMER_TEXT
+        create_htmlfile(html_output,reportname)
+    elif get_pypi_download_info(inputfile):    
+        package_name = inputfile #The input variable  is now equal to the package name         
+        html_output += f'<h2>Package scan report for known vulnerabilities</h2>'
+        html_output += module_vulnerability_check(package_name)
+        html_output += f'<br><p>&#128161; To check for <b>security weaknesses</b> in this package, use the command:<div class="code-box">codeaudit filescan {package_name}</div><br></p>'        
+        html_output += '<br>' + DISCLAIMER_TEXT
+        create_htmlfile(html_output,reportname)
+    else:
+        # File is NOT a valid Python file, or package does not exist on PyPI.
+        print(f"Error: '{inputfile}' isn't a valid Python file(*.py), or a valid package on PyPI.org.")
+        exit(1) 
+
+
+def module_vulnerability_check(module):
+    """
+    Build the HTML fragment for the module vulnerability section of a code audit
+    module scan report.
+
+    The function checks whether vulnerability information is available for the
+    given Python package/module and returns an HTML snippet accordingly:
+    - If no vulnerabilities are found, a success message is rendered.
+    - If vulnerabilities are found, a collapsible HTML <details> section is
+      generated containing the formatted vulnerability data.
+
+    Args:
+        module (str): Name of the Python package/module to check.
+
+    Returns:
+        str: HTML string representing the vulnerability scan result for the module.
+    """   
+    output = ""
+    vuln_info = check_module_vulnerability(module)
+    if not vuln_info:
+        # here SAST scan for package? - not needed (now)- do a filescan on Python package manually - dependency trees can be deep and for complex package are never Python only.
+        output += f"<p>&#x2705; No known vulnerabilities found for package: <b>{module}</b>.</p>"
+    else:
+        output += "<details>"
+        output += f"<summary>&#9888;&#65039; View vulnerability information for package <b>{module}</b>.</summary>"
+        output += json_to_html(vuln_info)
+        output += "</details>"
+    return output
 
 
 def collect_issue_lines(filename, line):    
@@ -431,13 +602,13 @@ def collect_issue_lines(filename, line):
 def create_htmlfile(html_input,outputfile):
     """ Creates a clean html file based on html input given """ 
     # Read CSS from the file - So it is included in the reporting HTML file
-    
+
     with open(SIMPLE_CSS_FILE, 'r') as css_file:
         css_content = css_file.read()
     # Start building the HTML
     output = '<!DOCTYPE html><html lang="en-US"><head>'
     output += '<meta charset="UTF-8"/>'
-    output += '<title>Standard Generated Output File</title>'
+    output += '<title>Python_Code_Audit_SecurityReport</title>'
     # Inline CSS inside <style> block
     output += f'<style>\n{css_content}\n</style>'    
     output += '<script src="https://cdn.jsdelivr.net/npm/vega@5"></script>' # needed for altair plots
@@ -449,11 +620,23 @@ def create_htmlfile(html_input,outputfile):
     now = datetime.datetime.now()
     timestamp_str = now.strftime("%Y-%m-%d %H:%M")
     code_audit_version = __version__    
-    output += '<footer>'
+    output += (
+        f"<p>This Python security report was created on: <b>{timestamp_str}</b> with "
+        + PYTHON_CODE_AUDIT_TEXT
+        + f" version <b>{code_audit_version}</b></p>"
+    )
     output += '<hr>'
-    output += f'<p><small>This security report is created on: {timestamp_str}, with <a href="https://github.com/nocomplexity/codeaudit">codeaudit</a> version {code_audit_version} </small></p>'
-    output += '<p><small>Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues. <a href="https://github.com/nocomplexity/codeaudit">Codeaudit</a> is made with &#10084; by cyber security professionals who advocate for <a href="https://simplifysecurity.nocomplexity.com" target="_blank">open simple cyber security solutions</a>. Join the community and <a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">contribute </a> to make this Python Security Code Audit tool better!</small></p>'    
-    output += '</footer>' 
+    output += '<footer>'    
+    output += (
+        '<div class="footer-links">'
+        'Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" '
+        'target="_blank">documentation</a> for help on found issues.<br>'
+        'Codeaudit is made with <span class="heart">&#10084;</span> by cyber security '
+        'professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br>'
+        '<a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!'
+        "</div>"
+    )
+    output += "</footer>"
     output += '</div>' #base container
     output += '</body></html>'
     # Now create the HTML output file
@@ -474,10 +657,6 @@ def create_htmlfile(html_input,outputfile):
     print("=====================================================================\n")
 
 
-
-
-
-
 def extract_altair_html(plot_html):
     match = re.search(r"<body[^>]*>(.*?)</body>", plot_html, re.DOTALL | re.IGNORECASE)
     if match:
@@ -562,17 +741,17 @@ def report_implemented_tests(filename=DEFAULT_OUTPUT_FILE):
     df_checks = ast_security_checks()
     df_checks['construct'] = df_checks['construct'].apply(replace_second_dot) #Make the validation column smaller - this is the simplest way! without using styling options from Pandas!
     df_checks_sorted = df_checks.sort_values(by='construct')
-    html = '<h1>Python Code Audit Implemented validations</h1>' #prepared to be embedded to display multiple reports, so <h2> used
+    output = '<h1>Python Code Audit Implemented validations</h1>' #prepared to be embedded to display multiple reports, so <h2> used
     number_of_test = len(df_checks)
     
-    html += df_checks_sorted.to_html(escape=False,index=False)   
+    output += df_checks_sorted.to_html(escape=False,index=False)   
     code_audit_version = __version__
-    html += '<br>'
-    html += f'<p>Number of implemented security validations:<b>{number_of_test}</b></p>'
-    html += f'<p>Version of codeaudit: <b>{code_audit_version}</b>'
-    html += '<p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p>'
-    html += DISCLAIMER_TEXT
-    create_htmlfile(html,filename)
+    output += '<br>'
+    output += f'<p>Number of implemented security validations:<b>{number_of_test}</b></p>'
+    output += f'<p>Version of codeaudit: <b>{code_audit_version}</b>'
+    output += '<p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p>'
+    output += DISCLAIMER_TEXT
+    create_htmlfile(output,filename)
 
 
 def printProgressBar(iteration, total, prefix='', suffix='', decimals=1, length=100, fill='█', printEnd="\r"):

codeaudit/simple.css

@@ -24,7 +24,7 @@ p {
 
 /* Body base styles */
 body {
-    font-family: Arial, Helvetica, sans-serif;
+    font-family: Inter, Roboto, Arial, Helvetica, sans-serif;
     background-color: #FFFFFF;
     color: #333;
     line-height: 1.6;
@@ -175,11 +175,37 @@ pre {
 }
 
 footer {
-    background-color: #FFFFFF;
-    color: red;
+    background-color: #E6E6E6; /* nocx grey background */
+    color: #555;               /* Softer text color for better readability */
     text-align: center;
-    padding: 10px;
-  }
+    padding: 30px 10px;
+    margin-top: 10px;
+    border-top: 1px solid #eee;
+    font-size: 14px;
+}
+
+
+.footer-links {
+    margin-top: 10px;
+    line-height: 2;
+}
+
+.footer-links a {
+    color: #ff0000;
+    font-weight: 500;
+    transition: color 0.2s;
+}
+
+.footer-links a:hover {
+    color: #cc0000;
+    text-decoration: underline;
+}
+
+.heart {
+    color: #ff0000;
+}
+
+
 
 .json-display {
     background-color: #2d2d2d;   /* dark gray background */

{codeaudit-1.4.2.dist-info → codeaudit-1.5.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 1.4.2
+Version: 1.5.0
 Summary: Simplified static security checks for Python 
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -64,6 +64,10 @@ Python Code Audit has the following features:
 
 * **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
 
+
+* **External Egress Detection**: Identifies embedded API keys and logic that enables communication with remote services, helping uncover hidden data exfiltration paths.
+
+
 * **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
 
 
@@ -100,6 +104,7 @@ This will show all commands:
 
 Python Code Audit - A modern Python security source code analyzer based on distrust.
 
+
 Commands to evaluate Python source code:
 Usage: codeaudit COMMAND <directory|package>  [report.html] 
 
@@ -108,7 +113,7 @@ Depending on the command, you must specify a local directory, a Python file, or
 Commands:
   overview             Generates an overview report of code complexity and security indicators.
   filescan             Scans Python source code or PyPI packages for security weaknesses.
-  modulescan           Generates a vulnerability report for imported Python modules.
+  modulescan           Generate a report on known vulnerabilities in Python modules and packages.
   checks               Creates an HTML report of all implemented security checks.
   version              Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].
 

{codeaudit-1.4.2.dist-info → codeaudit-1.5.0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-codeaudit/__about__.py,sha256=ZFZWLshIXTzzWzLpG6F82-bf1qgOivq-oT9i9-lECak,144
+codeaudit/__about__.py,sha256=m0MoVjbAY6gx2X7P9BlRpPZOet3Ry3xAdoXoKNHrJXk,144
 codeaudit/__init__.py,sha256=YGs6qU0BVHPGtXCS-vfBDLO4TOfJDLTWMgaFDTmi_Iw,157
 codeaudit/altairplots.py,sha256=gBXN1_wxUmjzTNizvzbOeCKvUxpClGPdZmK7ICK1x68,4531
 codeaudit/api_interfaces.py,sha256=zWJrLDM8b3b2-rN0gCoPdflEFMzKUz3M7PfXtXvDpd4,15358
@@ -6,17 +6,19 @@ codeaudit/api_reporting.py,sha256=W8eutTJ0d-TENbv5cCmAOfu4GEp_RwiQ4XU5FCmfkoI,17
 codeaudit/checkmodules.py,sha256=aiF34KO-9HZDRgVBtSwVFdeUxT5_Ka5VtmlfgoLgNVs,5582
 codeaudit/codeaudit.py,sha256=g2HzRX6a3fckKUhyRrk6n3-5qNdVYtZRI1gqQ-QNl10,3775
 codeaudit/complexitycheck.py,sha256=A3_a5v-U0YQr80pWQwSVvOsY_eQtqwNkQf9Txr9mNtQ,3722
-codeaudit/filehelpfunctions.py,sha256=tx7HDCyTkZuw8YieXipQXM8iRfrDfIVZyKb7vjmkEFY,4358
+codeaudit/filehelpfunctions.py,sha256=-5kIymEUcc7j0bRBS4XblvE3pbi3rWjkU5O2M_tinvM,4374
 codeaudit/htmlhelpfunctions.py,sha256=-SMsyfF7TRIfJkrUqoJuh7AoG1RVrYFsZfFljoxVHXc,3246
 codeaudit/issuevalidations.py,sha256=-WdaXT_R-P9w0JbQpJ5ngVoVhG9Yee2ri0aH5SoC1Ao,6404
+codeaudit/privacy_lint.py,sha256=TNS_BnWFXv14PslK9mBsQLwt73Ujcn9FbI7TQSYT0k8,10252
 codeaudit/pypi_package_scan.py,sha256=yxCXrRvjc4r0YsJYHvHJuJTyHC5QZl3sRQp73akCXx8,4723
-codeaudit/reporting.py,sha256=GXIiq2fzN5vvSDjSTDKsEuR0hfEWybbvid7DYzAjsZg,30029
+codeaudit/reporting.py,sha256=s3OuiPj6au5oELz-kmI6n-8NooJXjqvBLWKs4tzEg7s,38269
 codeaudit/security_checks.py,sha256=wEO_A054zXmLccWGREi6cNADa4IgoOPxHsq-Je5iMIY,2167
-codeaudit/simple.css,sha256=7auhDAUwjdluFIyoCskl-Vfh503prXKqftQrmo0-e_g,3565
+codeaudit/simple.css,sha256=H7KT61oXJkVr9qXVrC5ME_Zph9jI-uR2IxOsXG1xs5k,4013
 codeaudit/totals.py,sha256=b6OkzcMdqGKPwuGBKrwAeCxBOJxHa5FHauGWnEb-6zM,6387
 codeaudit/data/sastchecks.csv,sha256=fIcyZgymCtAluPta9fTEk6a9DJ2AGJczZYRPUIQuSag,9738
-codeaudit-1.4.2.dist-info/METADATA,sha256=RtT5hL75GoLxYNav079UwxBdpMkLMfbfID-HX6Ijx_E,7628
-codeaudit-1.4.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-codeaudit-1.4.2.dist-info/entry_points.txt,sha256=7w6I8zii62nJHIIF30CRP5g1z8enMqF1pZEDdlw4HcQ,55
-codeaudit-1.4.2.dist-info/licenses/LICENSE.txt,sha256=-5gWaMGKJ54oX8TYP7oeg2zITdTapzyWl9PP0tispuA,34674
-codeaudit-1.4.2.dist-info/RECORD,,
+codeaudit/data/secretslist.txt,sha256=2Jqt9B5UfcRNeNpys8okmXCn4SYkp9M3_rJrI-KXCbE,1891
+codeaudit-1.5.0.dist-info/METADATA,sha256=ZWeMEYTu4ASLGJU5l8Stk8GjMcogzAFDF6NEdFsFmeA,7814
+codeaudit-1.5.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+codeaudit-1.5.0.dist-info/entry_points.txt,sha256=7w6I8zii62nJHIIF30CRP5g1z8enMqF1pZEDdlw4HcQ,55
+codeaudit-1.5.0.dist-info/licenses/LICENSE.txt,sha256=-5gWaMGKJ54oX8TYP7oeg2zITdTapzyWl9PP0tispuA,34674
+codeaudit-1.5.0.dist-info/RECORD,,