codeaudit 1.6.5__tar.gz → 1.6.6__tar.gz

{codeaudit-1.6.5 → codeaudit-1.6.6}/CHANGELOG.md

@@ -1,7 +1,25 @@
 # Change Log
 
-## Version 1.6.5:
+## Version 1.6.6:
+
+**Added:**
+
+* Extended checking capabilities for Base64 encoding to improve validation rigor.
 
+**Changed**
+
+* Updated `pyproject.toml` configuration to align with the new WebAssembly (WASM) release requirements.
+
+**Fixed**
+
+* Resolved compatibility issues and bugs to fully support the new stable WASM version.
+
+**Documentation**
+
+* Miscellaneous documentation improvements and updates for clarity and coverage.
+
+
+## Version 1.6.5:
 
 **Added:**
 

{codeaudit-1.6.5 → codeaudit-1.6.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 1.6.5
+Version: 1.6.6
 Summary: A modern Python security source code analyzer (SAST) based on distrust.
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -23,7 +23,7 @@ Classifier: Topic :: Software Development :: Quality Assurance
 Requires-Python: >=3.11
 Requires-Dist: altair==6.0.0
 Requires-Dist: fire==0.7.1
-Requires-Dist: pandas==3.0.2
+Requires-Dist: pandas>=2.3
 Provides-Extra: test
 Requires-Dist: black; extra == 'test'
 Requires-Dist: pylint; extra == 'test'

{codeaudit-1.6.5 → codeaudit-1.6.6}/docs/astlines.md

@@ -109,5 +109,3 @@ def example():
 5. **Why the Difference Matters**
 - `wc -l` is useful for getting a raw count of lines in a file, often used for file statistics or quick checks.
 - `count_ast_lines` is more relevant for analyzing **executable code complexity** or **code coverage**, as it focuses on lines that represent actual Python syntax nodes, ignoring non-executable content like comments or blank lines.
-
-Let me know if you need further examples or clarification!

codeaudit-1.6.6/docs/checks/base64_check.md

@@ -0,0 +1,88 @@
+# Base64 Statements
+
+The Python Code Audit tool detects obfuscated content, particularly code that uses `base64` (and related encodings) for encoding or decoding data.
+
+It specifically checks for the following calls:
+
+* `base64.b64decode`
+* `base64.b64encode`
+* `base64.b85encode`
+* `base64.z85decode`
+
+## Rationale
+
+Obfuscation using Base64 is a **long-standing and simple technique** commonly employed to conceal malicious code in Python projects. It enables attackers to hide payloads that would otherwise be easily identified.
+
+The use of obfuscated content is uncommon in well-structured, legitimate Python code and is therefore considered a strong indicator of potential security risks.
+
+It is strongly recommended that any code containing Base64 encoding/decoding be carefully reviewed before deployment to production. **Python Code Audit** performs this check automatically.
+
+**Key red flags include:**
+* `base64.b64decode` followed immediately by `exec()` or `eval()`
+* Long Base64 strings embedded in Python scripts
+* Constructs such as `exec(base64.b64decode(...))` from untrusted sources
+
+## Common Malware Patterns
+
+Base64 encoding patterns are frequently found in Python-based malware and droppers:
+
+| Pattern              | Code Snippet                                      | Why It Is Detected                              | Implemented |
+|----------------------|---------------------------------------------------|--------------------------------------------------|-------------|
+| Standard b64 + exec | `exec(base64.b64decode(long_string))`            | Extremely common obfuscation technique           | ✅          |
+| Compressed           | `exec(zlib.decompress(base64.b64decode(...)))`   | Suggests larger hidden payload and evasion       | ✅          |
+| Multi-layer          | `base64.b64decode(base64.b64decode(...))`        | Attempts to bypass simple pattern matching       | ✅          |
+| Bytes decode         | `exec(base64.b64decode(data).decode())`          | Hides intent by decoding to string               | ✅          |
+| Using aliases        | `b64 = base64.b64decode; exec(b64(payload))`     | Evasion of basic static analysis                 | ✅          |
+| Z85 / b85            | `base64.b85decode(...)` or `base64.z85decode(...)` | Non-standard encodings often indicate stealth    | ✅          |
+
+## Security Considerations
+
+Base encoding does not provide confidentiality. As noted in RFC 4648 (Section 12), care must be taken when implementing base encoding and decoding to avoid introducing vulnerabilities.
+
+Security considerations section from RFC 4648 (section 12):
+
+```text
+Security Considerations
+
+   When base encoding and decoding is implemented, care should be taken
+   not to introduce vulnerabilities to buffer overflow attacks, or other
+   attacks on the implementation.  A decoder should not break on invalid
+   input including, e.g., embedded NUL characters (ASCII 0).
+
+   If non-alphabet characters are ignored, instead of causing rejection
+   of the entire encoding (as recommended), a covert channel that can be
+   used to "leak" information is made possible.  The ignored characters
+   could also be used for other nefarious purposes, such as to avoid a
+   string equality comparison or to trigger implementation bugs.  The
+   implications of ignoring non-alphabet characters should be understood
+   in applications that do not follow the recommended practice.
+   Similarly, when the base 16 and base 32 alphabets are handled case
+   insensitively, alteration of case can be used to leak information or
+   make string equality comparisons fail.
+
+   When padding is used, there are some non-significant bits that
+   warrant security concerns, as they may be abused to leak information
+   or used to bypass string equality comparisons or to trigger
+   implementation problems.
+
+   Base encoding visually hides otherwise easily recognized information,
+   such as passwords, but does not provide any computational
+   confidentiality.  This has been known to cause security incidents
+   when, e.g., a user reports details of a network protocol exchange
+   (perhaps to illustrate some other problem) and accidentally reveals
+   the password because she is unaware that the base encoding does not
+   protect the password.
+
+   Base encoding adds no entropy to the plaintext, but it does increase
+   the amount of plaintext available and provide a signature for
+   cryptanalysis in the form of a characteristic probability
+   distribution.
+```
+
+
+## References
+
+* [Python Documentation – base64](https://docs.python.org/3/library/base64.html)
+* [RFC 4648 – Security Considerations](https://datatracker.ietf.org/doc/html/rfc4648#section-12)
+* [Base64 Malleability in Practice](https://eprint.iacr.org/2022/361.pdf)
+

{codeaudit-1.6.5 → codeaudit-1.6.6}/docs/checks/exception_check.md

@@ -1,15 +1,26 @@
-# Exception statements
+## Exception Statements
 
-Codeaudit checks the `onpass` in a except block.
+Codeaudit detects the use of `pass` within an `except` block.
 
-The Python code `try: do_some_stuff() except Exception: pass` presents potential security risks due to its overly broad exception handling and silent failure option.
+The Python pattern:
+```python
+try:
+    do_some_stuff()
+except Exception:
+    pass
+```
 
-This also applies when using `continue`!
+presents potential security risks due to:
+- **Overly broad exception handling** – catching `Exception` masks virtually all errors
+- **Silent failure** – using `pass` suppresses all evidence that something went wrong
+
+This security concern also applies when using `continue` inside an exception block, as it similarly bypasses error reporting.
+
+**Python Code Audit detects:**
+
+- `pass` statements in exception clauses
+- `continue` statements in exception clauses
 
-So Codeaudit also checks on:
-*  `pass` and 
-* `continue` 
-statements in exception clauses.
 
 ## Background
 

{codeaudit-1.6.5 → codeaudit-1.6.6}/docs/codeauditcommands.md

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Commands Overview
-Python Code Audit commands for: version: 1.6.5rc4
+Python Code Audit commands for: version: 1.6.5
 ```
 ----------------------------------------------------
  _                    __             _             

{codeaudit-1.6.5 → codeaudit-1.6.6}/docs/examples/codeauditchecks.html

@@ -744,4 +744,4 @@ footer {
       <td>Vulnerable to path traversal attacks if used with untrusted archives.</td>
     </tr>
   </tbody>
-</table><br><p>Number of implemented security validations:<b>84</b></p><p>Version of codeaudit: <b>1.6.5rc4</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-05-11 16:12</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.5rc4</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>
+</table><br><p>Number of implemented security validations:<b>84</b></p><p>Version of codeaudit: <b>1.6.5</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-05-11 16:42</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.5</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>

{codeaudit-1.6.5 → codeaudit-1.6.6}/docs/examples/demoscan.json

@@ -1,7 +1,7 @@
 {
   "name": "Python_Code_Audit",
-  "version": "1.6.5rc4",
-  "generated_on": "2026-05-11 16:12",
+  "version": "1.6.5",
+  "generated_on": "2026-05-11 16:42",
   "file_security_info": {
     "0": {
       "FileName": "demofile.py",

{codeaudit-1.6.5 → codeaudit-1.6.6}/docs/features.md

@@ -1,7 +1,7 @@
 # Features
 
+**Python Code Audit** is a modern security-focused source code analysis tool for Python, built on a **zero-trust** mindset. It identifies security risks, hidden behaviours, and trust boundaries without ever executing the code. This makes it safe to use on both your own projects and third-party code.
 
-**Python Code Audit** is a modern Python **security** source code analysis tool built on a *zero-trust* mindset. It focuses on identifying security risks, hidden behaviors, and trust boundaries in Python code—without executing it.
 
 :::{admonition} Key Features of Python Code Audit
 :class: tip

codeaudit-1.6.6/docs/installation.md

@@ -0,0 +1,45 @@
+# Installation
+
+Python Code Audit is compatible with both Unix-based systems (Linux/macOS) and Windows.
+
+## Try without installation
+
+You can use Python Code Audit without installing it on your system:
+
+```{button-link} https://nocomplexity.com/codeauditapp/dashboardapp.html
+:color: danger
+Launch web-based version
+```
+
+:::{note} 
+The browser-based version runs 100% locally; however, please note that not all functionality is available. You can perform a security scan on packages available from PyPI. 
+:::
+
+## Install for full functionality
+
+To enable all features of Python Code Audit, install the package locally.
+
+### Installation command
+
+To install or upgrade to the latest version, run the following command in your terminal or command prompt:
+
+```bash
+pip install -U codeaudit
+```
+
+### Verify your installation
+
+Once the installation is complete, you can begin scanning Python packages immediately. Open a new shell or Command Prompt window and execute any of the Python Code Audit commands to verify the setup.
+
+### Example usage
+
+```bash
+codeaudit filescan ultrafastrss
+```
+
+This command scans the `ultrafastrss` package directly from PyPI.org and generates an HTML report.
+
+:::{hint} 
+We recommend using `pip` for installation. 
+:::
+

{codeaudit-1.6.5 → codeaudit-1.6.6}/docs/intro.md

@@ -136,7 +136,7 @@ To keep up with current threats, you need a Python Application Security Testing
 :::{note}
 This `Python Code Audit` tool is built to be fast, lightweight, and easy to use.
 
-By default, the tool scans Python code against more than **84 rules** to detect potential security vulnerabilities. These rules target unsafe constructs of the standard Python libraries that could pose a security risk. 
+By default, the tool scans Python code against more than **87 rules** to detect potential security vulnerabilities. These rules target unsafe constructs of the standard Python libraries that could pose a security risk. 
 
 :::
 

{codeaudit-1.6.5 → codeaudit-1.6.6}/pyproject.toml

@@ -7,7 +7,7 @@ name = "codeaudit"
 dynamic = ["version"] # This tells Hatch that version is dynamically determined
 description = 'A modern Python security source code analyzer (SAST) based on distrust.'
 readme = "README.md"
-dependencies = ["fire==0.7.1","pandas==3.0.2","altair==6.0.0"]
+dependencies = ["fire==0.7.1","pandas>=2.3","altair==6.0.0"]
 requires-python = ">=3.11"
 license = "GPL-3.0-or-later"
 keywords = ["SAST", "Python SAST", "SAST API", "Complexity Checker"]

{codeaudit-1.6.5 → codeaudit-1.6.6}/src/codeaudit/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Maikel Mardjan
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
-__version__ = "1.6.5"
+__version__ = "1.6.6"

{codeaudit-1.6.5 → codeaudit-1.6.6}/src/codeaudit/api_helpers.py

@@ -12,8 +12,6 @@ You should have received a copy of the GNU General Public License along with thi
 Function to create nice APIs. So API helper functions.
 """
 
-import pandas as pd
-
 from codeaudit.api_interfaces import get_modules, get_overview, _build_weakness_details
 from codeaudit.checkmodules import get_all_modules
 from codeaudit.filehelpfunctions import (

{codeaudit-1.6.5 → codeaudit-1.6.6}/src/codeaudit/api_interfaces.py

@@ -23,7 +23,7 @@ from pathlib import Path
 import altair as alt
 import pandas as pd
 
-from codeaudit import __version__
+from codeaudit.__about__ import __version__  # using robust imports for WASM version
 
 
 from codeaudit.checkmodules import (

{codeaudit-1.6.5 → codeaudit-1.6.6}/src/codeaudit/dashboard_reports.py

@@ -12,10 +12,8 @@ You should have received a copy of the GNU General Public License along with thi
 API functions: Used for dashboard reporting (Panel / WASM) and notebooks, or to build custom reports.
 """
 
-
 from codeaudit.__about__ import __version__
 
-
 SAST_REPORT_CSS = """
 <style>
 .sast-report {
@@ -83,11 +81,12 @@ details summary {
 </style>
 """
 
+
 def _require_panel():
     """Import the optional Panel dependency safely."""
     try:
         import panel as pn
-        pn.extension()
+
         return pn
     except ImportError:
         raise ImportError(
@@ -177,11 +176,11 @@ def report_sast_results(scanresult):
 
     # --- Input validation ---
     if not scanresult or not isinstance(scanresult, dict):
-        return '<br><h2>⚠️ No scan result provided</h2>'
+        return "<br><h2>⚠️ No scan result provided</h2>"
 
     file_security_info = scanresult.get("file_security_info")
     if not isinstance(file_security_info, dict) or len(file_security_info) == 0:
-        return '<br><h2>⚠️ No file security info found</h2>'
+        return "<br><h2>⚠️ No file security info found</h2>"
 
     # Collect files that have SAST results
     files_with_findings = []
@@ -194,7 +193,7 @@ def report_sast_results(scanresult):
             files_with_findings.append(file_info)
 
     if not files_with_findings:
-        return '<br><h2>✅ No security weaknesses found</h2>'
+        return "<br><h2>✅ No security weaknesses found</h2>"
 
     # --- Safe statistics handling ---
     stats = scanresult.get("statistics_overview")
@@ -304,7 +303,7 @@ def report_used_modules(scanresult):
     # --- Input validation ---
     card1 = ""
     if not scanresult or not isinstance(scanresult, dict):
-        return '<br><h2>⚠️ No scan result provided</h2>'
+        return "<br><h2>⚠️ No scan result provided</h2>"
     modules_discovered = scanresult["module_overview"]
     core_modules = modules_discovered["core_modules"]
     external_modules = modules_discovered["imported_modules"]
@@ -417,13 +416,14 @@ def get_info_text():
     )
     return infotext
 
+
 def get_disclaimer_text():
     """defines the sidebar disclaimer text"""
     pn = _require_panel()  # Panel module is needed for this function
-    
-    # Get the version string 
+
+    # Get the version string
     version_id = __version__
-        
+
     disclaimer = (
         f"<br><b>Disclaimer:</b> This scan only evaluates Python files. "
         f"Security weaknesses can also exist in other files used by a Python package.<br><br>"
@@ -432,7 +432,7 @@ def get_disclaimer_text():
         f"However, it's not a substitute for human review in combination with business knowledge. "
         f"Undetected vulnerabilities may still exist."
         f'<p><strong><a href="https://nocomplexity.com/documents/codeaudit/intro.html">Python Code Audit</a></strong> '
-        f'Dashboard - version {version_id}</p>'                
+        f"Dashboard - version {version_id}</p>"
     )
 
     disclaimer_text = pn.pane.HTML(disclaimer)

{codeaudit-1.6.5 → codeaudit-1.6.6}/src/codeaudit/data/sastchecks.csv

@@ -52,7 +52,10 @@ Subprocess Usage,subprocess.check_output,Medium,Requires careful input validatio
 Subprocess Usage,subprocess.getstatusoutput,Medium,Requires careful input validation to prevent command injection vulnerabilities.
 Subprocess Usage,subprocess.getoutput,Medium,Requires careful input validation to prevent command injection vulnerabilities.
 Tarfile Extraction,tarfile.TarFile,High,Vulnerable to path traversal attacks if used with untrusted archives.
-Base64 Encoding ,base64,Low,"Base64 encoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code."
+Base64 Decoding ,base64.b64decode,Medium,"Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code."
+Base64 Decoding ,base64.z85decode,Medium,Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.
+Base64 Decoding ,base64.b85encode,Low,Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.
+Base64 Decoding ,base64.b64encode,Low,Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.
 XML-RPC Client,xmlrpc.client,High,Vulnerable to denial-of-service via decompression bombs.
 XML-RPC Server,xmlrpc.server.SimpleXMLRPCServer,High,Vulnerable to denial-of-service via decompression bombs.
 Cryptographically Unsafe Randomness,random.random,Low,The pseudo-random generators in this module are not suitable for security purposes. 

{codeaudit-1.6.5 → codeaudit-1.6.6}/src/dashboard/dashboardapp.py

@@ -336,7 +336,7 @@ main_pane = pn.Column(tabs, sizing_mode="stretch_both")
 
 
 app = pn.template.MaterialTemplate(
-    header_background="#262626",
+    header_background="#1E2937",
     title="Python Security Code Audit",
     sidebar=[ca_sidebar],
     main=[main_pane],

codeaudit-1.6.6/src/dashboard/module_load_validation.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Pyodide - Test codeaudit</title>
+    <script src="https://cdn.jsdelivr.net/pyodide/v0.29.4/full/pyodide.js"></script>
+    <style>
+        body { font-family: Arial, sans-serif; padding: 20px; }
+        pre { background: #f4f4f4; padding: 10px; border-radius: 5px; }
+        button { padding: 10px 16px; font-size: 16px; }
+    </style>
+</head>
+<body>
+    <h1>Testing your <code>codeaudit</code> package in Pyodide</h1>
+    <button onclick="runTest()">Install & Test codeaudit</button>
+    <pre id="output"></pre>
+
+    <script>
+        async function runTest() {
+            const output = document.getElementById("output");
+            output.textContent = "Loading Pyodide...\n";
+
+            try {
+                // Load Pyodide
+                let pyodide = await loadPyodide({
+                    indexURL: "https://cdn.jsdelivr.net/pyodide/v0.29.4/full/"
+                });
+
+                output.textContent += "Pyodide loaded successfully.\n";
+                output.textContent += "Loading micropip...\n";
+
+                await pyodide.loadPackage("micropip");
+                const micropip = pyodide.pyimport("micropip");
+
+                output.textContent += "Installing codeaudit from PyPI...\n";
+
+                // Install your package
+                await micropip.install("codeaudit");
+
+                output.textContent += "✅ codeaudit installed successfully!\n\n";
+
+                // Run Python code to test it
+                await pyodide.runPythonAsync(`
+                    import codeaudit
+                    print("Package imported successfully!")
+                    print("Version:", codeaudit.__version__ if hasattr(codeaudit, "__version__") else "Unknown")
+                    
+                    # Add any basic test calls here
+                    # Example:
+                    # result = codeaudit.scan("example")
+                    # print(result)
+                `);
+
+                output.textContent += "All tests passed! 🎉\n";
+
+            } catch (err) {
+                output.textContent += "❌ Error: " + err.message + "\n";
+                console.error(err);
+            }
+        }
+    </script>
+</body>
+</html>

codeaudit-1.6.6/src/dashboard/module_load_validation2.html

@@ -0,0 +1,112 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Pyodide - Test codeaudit</title>
+    <script src="https://cdn.jsdelivr.net/pyodide/v0.29.4/full/pyodide.js"></script>
+    <style>
+        body { font-family: Arial, sans-serif; padding: 20px; line-height: 1.6; }
+        pre { background: #f4f4f4; padding: 12px; border-radius: 6px; overflow-x: auto; max-height: 500px; }
+        button { padding: 10px 18px; font-size: 16px; margin: 5px; cursor: pointer; }
+        h1 { color: #333; }
+        .success { color: green; }
+        .error { color: red; }
+    </style>
+</head>
+<body>
+    <h1>Pyodide Test Environment — <code>codeaudit</code></h1>
+    
+    <button onclick="installAndTest()">1. Install & Test codeaudit</button>
+    <button onclick="listPackages()">2. List All Installed Packages</button>
+    <button onclick="clearOutput()">Clear Output</button>
+
+    <pre id="output">Click a button to start...</pre>
+
+    <script>
+        let pyodideInstance = null;
+
+        async function getPyodide() {
+            const output = document.getElementById("output");
+            if (!pyodideInstance) {
+                output.textContent = "Loading Pyodide (first time can take 10–20 seconds)...\n";
+                
+                pyodideInstance = await loadPyodide({
+                    indexURL: "https://cdn.jsdelivr.net/pyodide/v0.29.4/full/"
+                });
+
+                await pyodideInstance.loadPackage("micropip");
+                output.textContent += "✅ Pyodide + micropip ready.\n";
+            }
+            return pyodideInstance;
+        }
+
+        async function installAndTest() {
+            const output = document.getElementById("output");
+            try {
+                const pyodide = await getPyodide();
+                const micropip = pyodide.pyimport("micropip");
+
+                output.textContent += "\nInstalling codeaudit...\n";
+                await micropip.install("http://127.0.0.1:8000/pyodide/codeaudit-1.6.6a0-py3-none-any.whl");
+
+                output.textContent += "✅ codeaudit installed successfully!\n\n";
+
+                await pyodide.runPythonAsync(`
+                    import codeaudit
+                    print("Package imported successfully!")
+                    print("Version :", getattr(codeaudit, "__version__", "Unknown"))
+                `);
+
+                output.textContent += "🎉 Test completed!\n";
+
+            } catch (err) {
+                output.textContent += "❌ Error: " + err.message + "\n";
+                console.error(err);
+            }
+        }
+
+        async function listPackages() {
+            const output = document.getElementById("output");
+            try {
+                const pyodide = await getPyodide();
+
+                output.textContent += "\nFetching list of installed packages...\n";
+
+                const pkgList = await pyodide.runPythonAsync(`
+                    import micropip
+                    import sys
+                    from io import StringIO
+
+                    # Capture output properly
+                    old_stdout = sys.stdout
+                    sys.stdout = mystdout = StringIO()
+
+                    packages = micropip.list()
+                    print("=== INSTALLED PACKAGES IN PYODIDE ===")
+                    print(f"Total packages: {len(packages)}")
+                    print("-" * 60)
+                    
+                    for name in sorted(packages.keys()):
+                        pkg = packages[name]
+                        print(f"{name:25} {pkg.version:15} {pkg.source}")
+                    
+                    sys.stdout = old_stdout
+                    mystdout.getvalue()
+                `);
+
+                output.textContent += pkgList || "No output returned.";
+                output.textContent += "\n✅ Package list retrieved.\n";
+
+            } catch (err) {
+                output.textContent += "❌ Error listing packages: " + err.message + "\n";
+                console.error(err);
+            }
+        }
+
+        function clearOutput() {
+            document.getElementById("output").textContent = "";
+        }
+    </script>
+</body>
+</html>

codeaudit-1.6.6/tests/test_base64.py

@@ -0,0 +1,31 @@
+# SPDX-FileCopyrightText: 2025-present Maikel Mardjan(https://nocomplexity.com/) and all contributors!
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import pytest
+from pathlib import Path
+
+from codeaudit.security_checks import perform_validations
+
+
+def test_base64_use():
+    current_file_directory = Path(__file__).parent
+
+    # validation1.py is in a subfolder:
+    validation_file_path = current_file_directory / "validationfiles" / "base64.py"
+
+    result = perform_validations(validation_file_path)
+
+    # actual_data = find_constructs(source, constructs)
+    actual_data = result["result"]
+
+    # This is the expected dictionary
+    expected_data = {
+        "base64.b64encode": [9],
+        "base64.b64decode": [12, 15],
+        "base64.z85decode": [13],
+        "exec": [16],
+        "base64.b85encode": [13],
+    }
+
+    # Assert that the actual data matches the expected data
+    assert actual_data == expected_data

{codeaudit-1.6.5 → codeaudit-1.6.6}/tests/test_standardlibconstructs.py

@@ -42,26 +42,6 @@ def test_os_interfaces():
     assert actual_data == expected_data
 
 
-def test_base64encoding():
-    current_file_directory = Path(__file__).parent
-
-    # validation1.py is in a subfolder:
-    validation_file_path = current_file_directory / "validationfiles" / "base64.py"
-
-    source = read_in_source_file(validation_file_path)
-
-    constructs = {"base64"}
-    actual_data = find_constructs(source, constructs)
-
-    # This is the expected dictionary
-    expected_data = {
-        "base64": [2, 3],
-    }
-
-    # Assert that the actual data matches the expected data
-    assert actual_data == expected_data
-
-
 def test_httpserver_usage():
     current_file_directory = Path(__file__).parent