codeaudit 1.4.2__py3-none-any.whl → 1.6.0__py3-none-any.whl

codeaudit/security_checks.py

@@ -49,9 +49,9 @@ def perform_validations(sourcefile):
 
     name_of_file = get_filename_from_path (sourcefile)
     
-    result = {'Name file' : name_of_file ,
+    result = {'file_name' : name_of_file ,
               'file_location': sourcefile ,
-              'Checks done:' : constructs ,
+              'checks_done:' : constructs ,
               'result': scan_result}
 
     return result

codeaudit/simple.css

@@ -24,7 +24,7 @@ p {
 
 /* Body base styles */
 body {
-    font-family: Arial, Helvetica, sans-serif;
+    font-family: Inter, Roboto, Arial, Helvetica, sans-serif;
     background-color: #FFFFFF;
     color: #333;
     line-height: 1.6;
@@ -175,11 +175,37 @@ pre {
 }
 
 footer {
-    background-color: #FFFFFF;
-    color: red;
+    background-color: #E6E6E6; /* nocx grey background */
+    color: #555;               /* Softer text color for better readability */
     text-align: center;
-    padding: 10px;
-  }
+    padding: 30px 10px;
+    margin-top: 10px;
+    border-top: 1px solid #eee;
+    font-size: 14px;
+}
+
+
+.footer-links {
+    margin-top: 10px;
+    line-height: 2;
+}
+
+.footer-links a {
+    color: #ff0000;
+    font-weight: 500;
+    transition: color 0.2s;
+}
+
+.footer-links a:hover {
+    color: #cc0000;
+    text-decoration: underline;
+}
+
+.heart {
+    color: #ff0000;
+}
+
+
 
 .json-display {
     background-color: #2d2d2d;   /* dark gray background */

codeaudit/suppression.py

@@ -0,0 +1,233 @@
+import ast
+import tokenize
+from collections import defaultdict
+import re
+import sys
+
+def get_all_comments_by_line(filename):
+    """
+    Tokenize the file once and collect all real # comments
+    grouped by their starting line number.
+    """
+    comments_by_line = defaultdict(list)
+
+    try:
+        with tokenize.open(filename) as f:
+            for token in tokenize.generate_tokens(f.readline):
+                if token.type == tokenize.COMMENT:
+                    text = token.string.lstrip("# \t").rstrip()
+                    if text:
+                        comments_by_line[token.start[0]].append(text)
+
+    except (OSError, UnicodeDecodeError, tokenize.TokenError) as exc:
+        # Fail loudly with context instead of silently ignoring
+        raise RuntimeError(
+            f"Failed to extract comments from {filename}"
+        ) from exc
+
+    return {
+        line: "\n".join(texts)
+        for line, texts in comments_by_line.items()
+    }
+
+
+
+
+
+
+def get_start_to_end_lines(filename):
+    """
+    Parse the file once using AST and build a mapping:
+    start_line → highest end_lineno found for any node starting on that line.
+
+    Returns:
+        dict[int, int] — line numbers are 1-based
+        Returns empty dict if the file cannot be read or parsed.
+    """
+    end_lines = {}
+
+    try:
+        with open(filename, 'r', encoding='utf-8') as f:
+            source = f.read()
+
+        try:
+            tree = ast.parse(source, filename=filename)
+
+            for node in ast.walk(tree):
+                # Most nodes have lineno, but some (like comprehension ifs) might not
+                if not hasattr(node, 'lineno'):
+                    continue
+
+                start = node.lineno
+                # end_lineno may be missing in very old Python versions → fallback to start
+                end = getattr(node, 'end_lineno', start)
+
+                # Keep the maximum span for nodes starting on the same line
+                if start not in end_lines or end > end_lines[start]:
+                    end_lines[start] = end
+
+        except SyntaxError as e:
+            print(
+                f"Syntax error in {filename} (line {e.lineno}): {e.msg}",
+                file=sys.stderr
+            )
+            return {}
+        except (ValueError, UnicodeDecodeError) as e:
+            print(
+                f"Cannot read {filename} properly: {type(e).__name__}: {e}",
+                file=sys.stderr
+            )
+            return {}
+        except MemoryError:
+            print(f"Out of memory while parsing {filename}", file=sys.stderr)
+            return {}
+        except Exception as e:
+            print(
+                f"Unexpected error parsing AST of {filename}: "
+                f"{type(e).__name__}: {e}",
+                file=sys.stderr
+            )
+            return {}
+
+    except FileNotFoundError:
+        print(f"File not found: {filename}", file=sys.stderr)
+        return {}
+    except PermissionError:
+        print(f"Permission denied: {filename}", file=sys.stderr)
+        return {}
+    except IsADirectoryError:
+        print(f"Is a directory, not a file: {filename}", file=sys.stderr)
+        return {}
+    except OSError as e:
+        print(f"OS error opening {filename}: {e}", file=sys.stderr)
+        return {}
+    except Exception as e:
+        print(
+            f"Critical error while accessing {filename}: "
+            f"{type(e).__name__}: {e}",
+            file=sys.stderr
+        )
+        return {}
+
+    return end_lines
+
+
+# def get_start_to_end_lines(filename):
+#     """
+#     Parse AST once and build mapping: start_line → highest end_line found for nodes
+#     starting on that line.
+#     """
+#     end_lines = {}
+
+#     try:
+#         with open(filename, 'r', encoding='utf-8') as f:
+#             source = f.read()
+#         tree = ast.parse(source)
+
+#         for node in ast.walk(tree):
+#             if not hasattr(node, 'lineno'):
+#                 continue
+#             start = node.lineno
+#             end = getattr(node, 'end_lineno', start)
+#             # Take the maximum end line if multiple nodes start on same line
+#             if start not in end_lines or end > end_lines[start]:
+#                 end_lines[start] = end
+#     except Exception:
+#         pass
+
+#     return end_lines
+
+
+def is_suppressed(line, comments_by_line, start_to_end, match_func):
+    """
+    Check if the statement starting at `line` is suppressed by looking at comments
+    from start_line to end_line inclusive.
+    """
+    end = start_to_end.get(line, line)
+    for comment_line in range(line, end + 1):
+        comment = comments_by_line.get(comment_line, "")
+        if match_func(comment):
+            return True
+    return False
+
+
+def filter_sast_results(sast_dict):
+    """
+    Returns a new filtered dictionary with suppressed findings removed.
+    Parses & tokenizes the file only once.
+    Respects multi-line statements via AST end_lineno.
+    Empty lists and their keys are removed from the result.
+    """
+    file_location = sast_dict["file_location"]
+    original_result = sast_dict.get("result", {})
+
+    if not original_result:
+        return sast_dict.copy()
+
+    # Collect all unique line numbers that have findings
+    all_issue_lines = set()
+    for lines in original_result.values():
+        if isinstance(lines, list):
+            all_issue_lines.update(lines)
+
+    if not all_issue_lines:
+        return sast_dict.copy()
+
+    # Parse and tokenize **once**
+    comments_by_line = get_all_comments_by_line(file_location)
+    start_to_end = get_start_to_end_lines(file_location)
+
+    # Decide which lines to KEEP
+    keep_lines = set()
+    for line in sorted(all_issue_lines):
+        if not is_suppressed(line, comments_by_line, start_to_end, match_suppression_keyword):
+            keep_lines.add(line)
+
+    # Build new result dictionary
+    new_result = {}
+    for key, value in original_result.items():
+        if isinstance(value, list):
+            filtered = [ln for ln in value if ln in keep_lines]
+            if filtered:
+                new_result[key] = filtered
+        else:
+            new_result[key] = value
+
+    # Return new full dictionary
+    filtered_dict = sast_dict.copy()
+    filtered_dict["result"] = new_result
+    return filtered_dict
+
+
+def match_suppression_keyword(comment_line):
+    """
+    Checks if a SAST suppression marker is present in the comment.
+    """
+
+    MARKER_LIST = [
+        "nosec",
+        "nosemgrep",
+        "sast-ignore",
+        "ignore-sast",
+        "security-ignore",
+        "ignore-security",
+        "NOSONAR",
+        "noqa",
+        # False positive / risk handling
+        "false-positive",
+        "falsepositive",
+        "risk-accepted",
+        "security-accepted",
+        "security-reviewed",
+        "security-exception",
+    ]
+
+    if not comment_line:
+        return False
+
+    normalized = " ".join(
+        word.lstrip("#").lower()
+        for word in comment_line.split()
+    )
+    tokens = re.split(r"[^\w\-]+", normalized)
+    return any(marker.lower() in tokens for marker in MARKER_LIST)

{codeaudit-1.4.2.dist-info → codeaudit-1.6.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 1.4.2
+Version: 1.6.0
 Summary: Simplified static security checks for Python 
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -64,6 +64,10 @@ Python Code Audit has the following features:
 
 * **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
 
+
+* **External Egress Detection**: Identifies embedded API keys and logic that enables communication with remote services, helping uncover hidden data exfiltration paths.
+
+
 * **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
 
 
@@ -100,6 +104,7 @@ This will show all commands:
 
 Python Code Audit - A modern Python security source code analyzer based on distrust.
 
+
 Commands to evaluate Python source code:
 Usage: codeaudit COMMAND <directory|package>  [report.html] 
 
@@ -108,7 +113,7 @@ Depending on the command, you must specify a local directory, a Python file, or
 Commands:
   overview             Generates an overview report of code complexity and security indicators.
   filescan             Scans Python source code or PyPI packages for security weaknesses.
-  modulescan           Generates a vulnerability report for imported Python modules.
+  modulescan           Generate a report on known vulnerabilities in Python modules and packages.
   checks               Creates an HTML report of all implemented security checks.
   version              Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].
 

codeaudit-1.6.0.dist-info/RECORD

@@ -0,0 +1,25 @@
+codeaudit/__about__.py,sha256=EZ0swjOPnWsY4bG29vXRMJsA2zyCpDKGUv7nXcLLL5E,144
+codeaudit/__init__.py,sha256=YGs6qU0BVHPGtXCS-vfBDLO4TOfJDLTWMgaFDTmi_Iw,157
+codeaudit/altairplots.py,sha256=gBXN1_wxUmjzTNizvzbOeCKvUxpClGPdZmK7ICK1x68,4531
+codeaudit/api_interfaces.py,sha256=6GGz7k1fuSkzEXGjoqavQCmawTh0PVQNglttzSArFWI,17573
+codeaudit/api_reporting.py,sha256=W8eutTJ0d-TENbv5cCmAOfu4GEp_RwiQ4XU5FCmfkoI,1736
+codeaudit/checkmodules.py,sha256=aiF34KO-9HZDRgVBtSwVFdeUxT5_Ka5VtmlfgoLgNVs,5582
+codeaudit/codeaudit.py,sha256=g2HzRX6a3fckKUhyRrk6n3-5qNdVYtZRI1gqQ-QNl10,3775
+codeaudit/complexitycheck.py,sha256=A3_a5v-U0YQr80pWQwSVvOsY_eQtqwNkQf9Txr9mNtQ,3722
+codeaudit/filehelpfunctions.py,sha256=-5kIymEUcc7j0bRBS4XblvE3pbi3rWjkU5O2M_tinvM,4374
+codeaudit/htmlhelpfunctions.py,sha256=-SMsyfF7TRIfJkrUqoJuh7AoG1RVrYFsZfFljoxVHXc,3246
+codeaudit/issuevalidations.py,sha256=zf2Gr7KpyvA05K17IX05pQy-1oQWnbapVIvcUMcbNn8,6441
+codeaudit/privacy_lint.py,sha256=Rcefen7RswwJWnoE-Vrr2iE3zFjNoE19qW_O7LjGfN4,10264
+codeaudit/pypi_package_scan.py,sha256=dmk3xBUL0mZ5aCIc1fRVpuI1UIx1ejnOqfc4qB04748,4730
+codeaudit/reporting.py,sha256=AHgkbKOaAjBSh2ePZFFqm-MWdb2ZYTMmcFvOJy1wdLQ,43298
+codeaudit/security_checks.py,sha256=IuJMo99188TgJoYfTpMQiCs3Dchw4EvCGWuwh_Cds7k,2167
+codeaudit/simple.css,sha256=H7KT61oXJkVr9qXVrC5ME_Zph9jI-uR2IxOsXG1xs5k,4013
+codeaudit/suppression.py,sha256=zSLarg79pahStnXFklf_ERQvDXFgOr375BtPXEVSQjA,7060
+codeaudit/totals.py,sha256=b6OkzcMdqGKPwuGBKrwAeCxBOJxHa5FHauGWnEb-6zM,6387
+codeaudit/data/sastchecks.csv,sha256=dZDOgpVqFz3jPWWiLI-6CXE_SmOQ9Ay6N98NV72ay5w,10122
+codeaudit/data/secretslist.txt,sha256=BoVX6bijqaL5g-2JRGGf0x-S8NhZWtt7fzovZ1NrEK8,1905
+codeaudit-1.6.0.dist-info/METADATA,sha256=KMLuS8-HAhww_uVHYyEgWANkx5RZJTqcPDfxZgX5bC8,7814
+codeaudit-1.6.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+codeaudit-1.6.0.dist-info/entry_points.txt,sha256=7w6I8zii62nJHIIF30CRP5g1z8enMqF1pZEDdlw4HcQ,55
+codeaudit-1.6.0.dist-info/licenses/LICENSE.txt,sha256=-5gWaMGKJ54oX8TYP7oeg2zITdTapzyWl9PP0tispuA,34674
+codeaudit-1.6.0.dist-info/RECORD,,

codeaudit-1.4.2.dist-info/RECORD

@@ -1,22 +0,0 @@
-codeaudit/__about__.py,sha256=ZFZWLshIXTzzWzLpG6F82-bf1qgOivq-oT9i9-lECak,144
-codeaudit/__init__.py,sha256=YGs6qU0BVHPGtXCS-vfBDLO4TOfJDLTWMgaFDTmi_Iw,157
-codeaudit/altairplots.py,sha256=gBXN1_wxUmjzTNizvzbOeCKvUxpClGPdZmK7ICK1x68,4531
-codeaudit/api_interfaces.py,sha256=zWJrLDM8b3b2-rN0gCoPdflEFMzKUz3M7PfXtXvDpd4,15358
-codeaudit/api_reporting.py,sha256=W8eutTJ0d-TENbv5cCmAOfu4GEp_RwiQ4XU5FCmfkoI,1736
-codeaudit/checkmodules.py,sha256=aiF34KO-9HZDRgVBtSwVFdeUxT5_Ka5VtmlfgoLgNVs,5582
-codeaudit/codeaudit.py,sha256=g2HzRX6a3fckKUhyRrk6n3-5qNdVYtZRI1gqQ-QNl10,3775
-codeaudit/complexitycheck.py,sha256=A3_a5v-U0YQr80pWQwSVvOsY_eQtqwNkQf9Txr9mNtQ,3722
-codeaudit/filehelpfunctions.py,sha256=tx7HDCyTkZuw8YieXipQXM8iRfrDfIVZyKb7vjmkEFY,4358
-codeaudit/htmlhelpfunctions.py,sha256=-SMsyfF7TRIfJkrUqoJuh7AoG1RVrYFsZfFljoxVHXc,3246
-codeaudit/issuevalidations.py,sha256=-WdaXT_R-P9w0JbQpJ5ngVoVhG9Yee2ri0aH5SoC1Ao,6404
-codeaudit/pypi_package_scan.py,sha256=yxCXrRvjc4r0YsJYHvHJuJTyHC5QZl3sRQp73akCXx8,4723
-codeaudit/reporting.py,sha256=GXIiq2fzN5vvSDjSTDKsEuR0hfEWybbvid7DYzAjsZg,30029
-codeaudit/security_checks.py,sha256=wEO_A054zXmLccWGREi6cNADa4IgoOPxHsq-Je5iMIY,2167
-codeaudit/simple.css,sha256=7auhDAUwjdluFIyoCskl-Vfh503prXKqftQrmo0-e_g,3565
-codeaudit/totals.py,sha256=b6OkzcMdqGKPwuGBKrwAeCxBOJxHa5FHauGWnEb-6zM,6387
-codeaudit/data/sastchecks.csv,sha256=fIcyZgymCtAluPta9fTEk6a9DJ2AGJczZYRPUIQuSag,9738
-codeaudit-1.4.2.dist-info/METADATA,sha256=RtT5hL75GoLxYNav079UwxBdpMkLMfbfID-HX6Ijx_E,7628
-codeaudit-1.4.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-codeaudit-1.4.2.dist-info/entry_points.txt,sha256=7w6I8zii62nJHIIF30CRP5g1z8enMqF1pZEDdlw4HcQ,55
-codeaudit-1.4.2.dist-info/licenses/LICENSE.txt,sha256=-5gWaMGKJ54oX8TYP7oeg2zITdTapzyWl9PP0tispuA,34674
-codeaudit-1.4.2.dist-info/RECORD,,