PyPI - codeaudit - Versions diffs - 1.6.1__tar.gz → 1.6.2__tar.gz - Mend

codeaudit 1.6.1tar.gz → 1.6.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (199) hide show

{codeaudit-1.6.1 → codeaudit-1.6.2}/CHANGELOG.md RENAMED Viewed

@@ -1,5 +1,26 @@
 # Change Log
+## Version 1.6.2:
+## Changelog
+**Added**
+* **Automated Python Testing:** Implemented automation for testing across various Python versions to ensure cross-version compatibility.
+**Changed**
+* **Internal Logic Improvements:** Enhanced the `count_privacy_check_results` function to provide more robust egress count testing.
+* **CLI Reporting:** Updated the command-line interface to dynamically toggle between "issue" (singular) and "issues" (plural) based on the findings.
+* **Architecture Refactoring:** Refined internal logic for increased stability and to ensure the codebase is **WASM ready**.
+* **License Standardization:** Updated the **GPLv3** license banner across key Python files for stylistic consistency. (see also issue #4)
+**Fixed**
+* **Issue #6 (Defensive Coding):** Resolved `KeyError` and syntax error during code snippet creation through more defensive programming practices.
+**Documentation**
+* Typos fixed and various improvements.
 ## Version 1.6.1:
 **Added**

{codeaudit-1.6.1 → codeaudit-1.6.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 1.6.1
+Version: 1.6.2
 Summary: A modern Python security source code analyzer (SAST) based on distrust.
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues

{codeaudit-1.6.1 → codeaudit-1.6.2}/docs/codeauditcommands.md RENAMED Viewed

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Commands Overview
-Python Code Audit commands for: version: 1.6.0
+Python Code Audit commands for: version: 1.6.2
 ```
 ----------------------------------------------------
  _                    __             _
@@ -70,7 +70,7 @@ Returns:
 Raises:
     SystemExit: If the provided path is not a directory, contains no Python
         files, or is neither a valid local directory nor a valid PyPI
-        package name.
+        package name.
 str(object='') -> str
 str(bytes_or_buffer[, encoding[, errors]]) -> str
@@ -191,7 +191,7 @@ FLAGS
 -n, --nosec=NOSEC
     Default: False
 Args:
 -f, --filename=FILENAME
@@ -213,7 +213,7 @@ Returns:
     None: The function writes a static HTML security report to disk.
 Raises:
-    None: Errors and invalid inputs are reported to stdout.
+    None: Errors and invalid inputs are reported to stdout.
 str(object='') -> str
 str(bytes_or_buffer[, encoding[, errors]]) -> str
@@ -230,8 +230,8 @@ errors defaults to 'strict'.
 Creates an HTML report of all implemented security checks.
-This report provides a user-friendly overview of the static security checks
-currently supported by Python Code Audit. It is intended to make it easier to review
+This report provides a user-friendly overview of the static security checks
+currently supported by Python Code Audit. It is intended to make it easier to review
 the available validations without digging through the codebase.
 The generated HTML includes:
@@ -240,12 +240,12 @@ The generated HTML includes:
 - The version of Python Code Audit (codeaudit) used
 - A disclaimer about version-specific reporting
-The report is saved to the specified filename and is formatted to be
+The report is saved to the specified filename and is formatted to be
 embeddable in larger multi-report documents.
 Help me continue developing Python Code Audit as free and open-source software.
 Join the community to contribute to the most complete, local first , Python Security Static scanner.
-Help!!  Join the journey, check: https://github.com/nocomplexity/codeaudit#contributing
+Help!!  Join the journey, check: https://github.com/nocomplexity/codeaudit#contributing
 Parameters:

{codeaudit-1.6.1 → codeaudit-1.6.2}/docs/data_egress_implementation.md RENAMED Viewed

@@ -11,7 +11,7 @@ No single technique can detect telemetry or data exfiltration with 100% accuracy
 ## Detection Approaches
-Common techniques for detecting potential data exfiltration include in Python code are:
+Common techniques for detecting potential data exfiltration in Python code are:
 * Entropy analysis – Detects high-entropy strings that may represent API keys or tokens.

{codeaudit-1.6.1 → codeaudit-1.6.2}/docs/examples/codeauditchecks.html RENAMED Viewed

@@ -738,4 +738,4 @@ footer {
       <td>Vulnerable to path traversal attacks if used with untrusted archives.</td>
     </tr>
   </tbody>
-</table><br><p>Number of implemented security validations:<b>83</b></p><p>Version of codeaudit: <b>1.6.0</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-03-12 11:12</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.0</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>
+</table><br><p>Number of implemented security validations:<b>83</b></p><p>Version of codeaudit: <b>1.6.2</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-04-08 10:10</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.2</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>

{codeaudit-1.6.1 → codeaudit-1.6.2}/docs/examples/demoscan.json RENAMED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "Python_Code_Audit",
-  "version": "1.6.0",
-  "generated_on": "2026-03-12 11:12",
+  "version": "1.6.2",
+  "generated_on": "2026-04-08 10:09",
   "file_security_info": {
     "0": {
       "FileName": "demofile.py",

{codeaudit-1.6.1 → codeaudit-1.6.2}/docs/help.md RENAMED Viewed

@@ -42,7 +42,7 @@ You should carefully evaluate all reported weaknesses.
 Not every issue requires fixing; depending on your program and the environment in which it operates, **some detected weaknesses may not be relevant**.
-However, it is important to document your decisions and inform your users about the design choices you have made and the rationale behind them.
+However, it is important to document your decisions and inform your users about the design choices you have made and the rationale behind them. Minimal [place markers in your code](markingissues). But also document your architecture and design decisions regarding security.
 :::
 * Send me a line that you use this tool within your company.

{codeaudit-1.6.1 → codeaudit-1.6.2}/docs/intro.md RENAMED Viewed

@@ -77,11 +77,13 @@ Contribute and Join the team!
 %end grid
-:::{danger}
-A **security weakness** in Python code is an implementation flaw that could potentially become a **security vulnerability**. [Validating](https://nocomplexity.com/scan-before-installing/) Python files or packages on security weaknesses is vital to minimize security risks.
+:::{admonition} Python programs are not immune to cybersecurity threats.
+:class: danger
+Validating Python code for **security weaknesses** is essential, whether you are writing your own programs or relying on third-party applications.
 :::
 **Python Code Audit** offers a powerful yet straightforward security solution:
 * **Ease of Use**: Simple to operate for quick audits.
@@ -90,14 +92,9 @@ A **security weakness** in Python code is an implementation flaw that could pote
 * **Impactful Analysis**: Powerful detection of security weaknesses that have the potential to become critical vulnerabilities.
+Enjoying **Python Code Audit**? Support us with a [GitHub star](https://github.com/nocomplexity/codeaudit)! It’s a simple way to help others find us and contributes to a more secure Python ecosystem. ⭐️
-:::{warning}
-**Python Code Audit** gives you insight into potential security issues in your Python programs.
-*Are you ready to discover what's lurking in your Python code?*
-:::
 ## Features
@@ -135,10 +132,8 @@ A **security weakness** in Python code is an implementation flaw that could pote
 ## Background
 The availability of good, maintained FOSS SAST tools for Python is limited. While Bandit is a known tool, its usefulness is significantly limited: it struggles to identify a broad range of security weaknesses and fails to perform many crucial Python security validations. Additionally, its Command Line Interface (CLI) can present a steep learning curve for non-technical users.
+To keep up with current threats, you need a Python Application Security Testing tool that evolves to deliver deeper insights and [high accuracy](https://nocomplexity.com/stop-using-bandit/).
-:::{hint}
-[To keep up with current threats, you need a Python Application Security Testing tool that evolves to deliver deeper insights and higher accuracy.](https://nocomplexity.com/stop-using-bandit/)
-:::

{codeaudit-1.6.1 → codeaudit-1.6.2}/docs/markingissues.md RENAMED Viewed

@@ -1,7 +1,9 @@
 # Marking False Positives
-**Python Code Audit**  allows you to mark identified security weaknesses so they are excluded from future SAST (Static Application Security Testing) scans.
+:::{hint}
+**Python Code Audit** enables you to flag identified security weaknesses for exclusion from future Static Application Security Testing (SAST) scans.
+:::
 ## When to Use This Feature
 Only suppress a finding if one of the following conditions is met:

{codeaudit-1.6.1 → codeaudit-1.6.2}/docs/sponsors.md RENAMED Viewed

@@ -1,8 +1,19 @@
 # Sponsors
-We offer sponsor options for:
+:::{admonition} Sponsor this project with a donation
+:class: tip
+Python Code Audit – Modern Python security analysis rooted in distrust.
+```{button-link} https://buy.stripe.com/5kQ6oH3dm4RO1ujaOUgbm02
+:color: danger
+Make A Donation
+```
+:::
+Beyond making a one-off donation, there are opportunities to become a sponsor for this project. Our sponsorship options include:
 * Your logo and some text about your company in this manual.
-* Your advertisement for a cyber security vacancy in our frequently published [Open Security News Overview](https://nocomplexity.com/open-security-news/).
+* Your advertisement for a cybersecurity vacancy in our frequently published [Open Security News Overview](https://nocomplexity.com/open-security-news/).
 * Your logo in one or more [NO|Complexity Playbooks](about).

{codeaudit-1.6.1 → codeaudit-1.6.2}/pyproject.toml RENAMED Viewed

@@ -52,6 +52,10 @@ extra-dependencies = [
 [tool.hatch.envs.types.scripts]
 check = "mypy --install-types --non-interactive {args:src/codeaudit tests}"
+[[tool.hatch.envs.hatch-test.matrix]]
+python = ["3.14","3.13","3.12", "3.11"]
 [tool.coverage.run]
 source_pkgs = ["codeaudit", "tests"]
 branch = true

codeaudit-1.6.2/src/codeaudit/__about__.py ADDED Viewed

@@ -0,0 +1,4 @@
+# SPDX-FileCopyrightText: 2025-present Maikel Mardjan
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+__version__ = "1.6.2"

codeaudit-1.6.2/src/codeaudit/__init__.py ADDED Viewed

@@ -0,0 +1,4 @@
+# SPDX-FileCopyrightText: 2025-present Maikel Mardjan - https://nocomplexity.com/
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+from . __about__ import __version__

codeaudit 1.6.1__tar.gz → 1.6.2__tar.gz

codeaudit 1.6.1tar.gz → 1.6.2tar.gz