codeaudit 1.6.6__tar.gz → 1.7.1__tar.gz

{codeaudit-1.6.6 → codeaudit-1.7.1}/CHANGELOG.md

@@ -1,5 +1,41 @@
 # Change Log
 
+## Version 1.7.1:
+
+
+**Added**
+
+* **PyPI Update Indicator:** Added an indicator for the last update of PyPI packages, implemented for both the CLI version and the Dashboard version.
+* **Test Coverage:** Added extra tests to improve codebase stability.
+* **Dashboard Overview (WASM version):** The total number of weaknesses is now displayed directly in the overview tab.
+
+**Changed**
+
+* **CLI Report Optimization (Modules):** The CLI report now only displays modules when they are actually found.
+* **CLI Report Optimization (Tips):** The CLI report now only displays the tip to check external modules for vulnerabilities if vulnerabilities are actually present in a file.
+
+
+**Fixed**
+
+* **Windows 11 Compatibility:** Fixed an issue to ensure `codeaudit overview` works properly on Windows 11, specifically resolving a bug in the `count_lines_iterate` function.
+* **Altair Visuals:** Fixed stability issues with the Altair Visual overview in the `codeaudit overview` section, making it stable again.
+
+**Documentation**
+
+* General documentation updates and minor fixes.
+
+## Version 1.7.0:
+
+**Added**
+
+* **CI Option:** Added a new Continuous Integration (CI) option. (See [issue #24](https://github.com/nocomplexity/codeaudit/issues/24))
+
+**Documentation**
+
+* **Fixes & Updates:** Minor documentation fixes and content updates.
+
+
+
 ## Version 1.6.6:
 
 **Added:**

{codeaudit-1.6.6 → codeaudit-1.7.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 1.6.6
+Version: 1.7.1
 Summary: A modern Python security source code analyzer (SAST) based on distrust.
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -44,10 +44,9 @@ Description-Content-Type: text/markdown
 [![License](https://img.shields.io/badge/License-GPLv3-FFD700)](https://nocomplexity.com/documents/codeaudit/license.html)
 [![PyPI Downloads](https://static.pepy.tech/badge/codeaudit)](https://pepy.tech/projects/codeaudit)
 
-Python Code Audit - A modern Python source code analyzer based on distrust.
-
-Python Code Audit is a tool to find **security weaknesses** in Python code. This static application security testing (SAST) tool has **great** features to simplify the necessary security tasks and make it fun and easy. 
+Python Code Audit - A modern Python security source code analyzer based on distrust.
 
+Python Code Audit is a static application security testing (SAST) tool designed to identify **security weaknesses** in Python source code. It combines **powerful analysis features** with an intuitive workflow, making essential security audits both simple and engaging.
 
 This tool is designed for anyone who uses or creates Python programs and wants to understand and mitigate potential security risks.
 
@@ -73,6 +72,7 @@ Python Code Audit has the following features:
 
 * **External Egress Detection**: Identifies embedded API keys and logic that enables communication with remote services, helping uncover hidden data exfiltration paths.
 
+* **CI/CD Ready:** Integrates seamlessly into any CI/CD workflow.
 
 * **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
 
@@ -84,11 +84,20 @@ Python Code Audit has the following features:
 
 ## Installation
 
+> [!TIP]
+> Try it instantly—no installs, no setup, no excuses.
+> 
+> 👉 Launch the browser version [here](https://nocomplexity.com/codeauditapp/dashboardapp.html)
+
+It runs 100% locally in your browser using WebAssembly (WASM). See the power of the tool in under 60 seconds.
+No downloads. No dependencies. Just click and do a security audit on Python Code.
+
+Loved the browser version? Unlock the full power. For advanced security code inspections, CI/CD integration, and all professional features, install the complete Python package:
+
 ```console
 pip install -U codeaudit
 ```
 
-If you would like to test this security tool without installing it, simply use the WASM version [available here](https://nocomplexity.com/codeauditapp/dashboardapp.html).
 
 
 

{codeaudit-1.6.6 → codeaudit-1.7.1}/README.md

@@ -10,10 +10,9 @@
 [![License](https://img.shields.io/badge/License-GPLv3-FFD700)](https://nocomplexity.com/documents/codeaudit/license.html)
 [![PyPI Downloads](https://static.pepy.tech/badge/codeaudit)](https://pepy.tech/projects/codeaudit)
 
-Python Code Audit - A modern Python source code analyzer based on distrust.
-
-Python Code Audit is a tool to find **security weaknesses** in Python code. This static application security testing (SAST) tool has **great** features to simplify the necessary security tasks and make it fun and easy. 
+Python Code Audit - A modern Python security source code analyzer based on distrust.
 
+Python Code Audit is a static application security testing (SAST) tool designed to identify **security weaknesses** in Python source code. It combines **powerful analysis features** with an intuitive workflow, making essential security audits both simple and engaging.
 
 This tool is designed for anyone who uses or creates Python programs and wants to understand and mitigate potential security risks.
 
@@ -39,6 +38,7 @@ Python Code Audit has the following features:
 
 * **External Egress Detection**: Identifies embedded API keys and logic that enables communication with remote services, helping uncover hidden data exfiltration paths.
 
+* **CI/CD Ready:** Integrates seamlessly into any CI/CD workflow.
 
 * **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
 
@@ -50,11 +50,20 @@ Python Code Audit has the following features:
 
 ## Installation
 
+> [!TIP]
+> Try it instantly—no installs, no setup, no excuses.
+> 
+> 👉 Launch the browser version [here](https://nocomplexity.com/codeauditapp/dashboardapp.html)
+
+It runs 100% locally in your browser using WebAssembly (WASM). See the power of the tool in under 60 seconds.
+No downloads. No dependencies. Just click and do a security audit on Python Code.
+
+Loved the browser version? Unlock the full power. For advanced security code inspections, CI/CD integration, and all professional features, install the complete Python package:
+
 ```console
 pip install -U codeaudit
 ```
 
-If you would like to test this security tool without installing it, simply use the WASM version [available here](https://nocomplexity.com/codeauditapp/dashboardapp.html).
 
 
 

{codeaudit-1.6.6 → codeaudit-1.7.1}/docs/CONTRIBUTE.md

@@ -22,6 +22,8 @@ These are all activities we’d like to get help with :
 - Website design and development
 :::
 
+Or just make a [donation](donate-label)!
+
 The **Codeaudit** code repository is hosted at [Github](https://github.com/nocomplexity/codeaudit).
 
 Simple Guidelines:

{codeaudit-1.6.6 → codeaudit-1.7.1}/docs/_toc.yml

@@ -10,7 +10,11 @@ parts:
   - file: whatissast
   - file: whysast
   - url: https://securitytesting.nocomplexity.com/ 
-    title: Mastering Security Testing for Python
+    title: Security Testing for Python
+  - url: http://securitybydesign.nocomplexity.com/
+    title: Security By Design
+  - url: https://nocomplexity.github.io/pythonsecurity/
+    title: Python Security Handbook
   
   
 
@@ -27,13 +31,12 @@ parts:
     sections:
     - file: data_egress_implementation
   - file: issues
-  - file: markingissues
-  - file: securecoding
+  - file: markingissues  
   - file: complexitycheck
   - file: warnings
   - file: handling_errors
-  - file: implementedvalidations
-  - file: validatetips
+  - file: cimode
+  - file: implementedvalidations  
   - file: checksinformation
     sections:
     - file: checks/assert_check
@@ -65,9 +68,7 @@ parts:
  
 
 - caption: Architecture 
-  chapters:     
-  #- file: astlines
-  # - file: astlines2  
+  chapters:       
   - file: architecture
   - file: makeitbetter
   - file: project_philosophy  

{codeaudit-1.6.6 → codeaudit-1.7.1}/docs/about.md

@@ -19,14 +19,14 @@ Currently, I lead initiatives at NoComplexity.com, an innovative IT company focu
 :gutter: 3 
 
 :::{grid-item-card}
-:link: https://nocomplexity.com/documents/securityarchitecture/introduction.html
+:link: https://securitytesting.nocomplexity.com/
 :link-type: url
-{octicon}`book;2em;caption-text` **Open Security Reference Architecture**        
+{octicon}`book;2em;caption-text` **Mastering Security Testing for Python**        
 ^^^
-Cyber security can still be simple and effective.
-Use this Playbook to create better and faster security solutions for your security use case.
+Gain a deep understanding of the methodologies and specialised tools to conduct security validation for Python applications.
 :::
 
+
 :::{grid-item-card}
 :link: http://securitybydesign.nocomplexity.com/
 :link-type: url
@@ -37,31 +37,32 @@ Master the topic quickly with this eBook.
 :::
 
 :::{grid-item-card}
-:link: https://nocomplexity.com/documents/securitysolutions/intro.html
+:link: https://nocomplexity.com/documents/reports/SimplifySecurity.pdf
 :link-type: url
-{octicon}`book;2em;caption-text` **Open Security Solutions**        
+{octicon}`book;2em;caption-text` **Simplify Cyber Manifest**        
 ^^^
-Given the vast array of FOSS cybersecurity products available, this publication offers a handcrafted curated selection.
+A manifesto to revolutionize cybersecurity through simplification.
 :::
 
+
 :::{grid-item-card}
-:link: https://nocomplexity.com/documents/reports/SimplifySecurity.pdf
+:link: https://nocomplexity.github.io/pythonsecurity/
 :link-type: url
-{octicon}`book;2em;caption-text` **Simplify Cyber Manifest**        
+{octicon}`book;2em;caption-text` **Python Security Handbook**        
 ^^^
-A manifesto to revolutionize cybersecurity through simplification.
+This book will give you a deep understanding of how to develop secure Python applications. It also equips you with the knowledge needed to assess the security of Python code written by others.
 :::
 
 
 :::{grid-item-card}
-:link: https://nocomplexity.com/documents/simplifysecurity/intro.html#
+:link: https://nocomplexity.com/documents/securityarchitecture/introduction.html
 :link-type: url
-{octicon}`book;2em;caption-text` **Simplify Security**        
+{octicon}`book;2em;caption-text` **Open Security Reference Architecture**        
 ^^^
-Find open simple cyber solutions that work. Simplify cyber security to accelerate its effectiveness.
+Cyber security can still be simple and effective.
+Use this Playbook to create better and faster security solutions for your security use case.
 :::
 
-
 :::{grid-item-card}
 :link: https://nocomplexity.com/documents/simplifyprivacy/intro.html
 :link-type: url
@@ -71,6 +72,15 @@ This digital Playbook is all about protecting *your* digital privacy.
 :::
 
 
+:::{grid-item-card}
+:link: https://nocomplexity.com/documents/securitysolutions/intro.html
+:link-type: url
+{octicon}`book;2em;caption-text` **Open Security Solutions**        
+^^^
+Given the vast array of FOSS cybersecurity products available, this publication offers a handcrafted curated selection.
+:::
+
+
 ::::
 % End of Cards grid
 

{codeaudit-1.6.6 → codeaudit-1.7.1}/docs/architecture.md

@@ -56,13 +56,19 @@ We focus on delivering a simple, trustworthy security tool that performs its def
 
 The following design choices have been made for Python Code Audit:
 
-* **The Python AST library is used for complex validations.**  
+* **The Python AST library is used to determine weaknesses and perform code validation.**  
   * **Rationale:** As we are creating a Python-specific security checker, using the `ast` module provides **significant** advantages:  
     1. Code is not executed during examination, which is a major benefit when validating potentially malicious code.  
     2. Implementing basic checks using complex regex patterns would make the code and its maintenance unnecessarily difficult.  
     3. Users can add extra validations in a simple, straightforward manner.  
+
++++
+
 * **Python Code Audit is not designed for identifying weaknesses in web applications.**  
   * **Rationale:** We check Python source code, but do not perform XSS or SQL injection checks. Every Python web application **should** use a battle-tested FOSS framework that prevents these vulnerabilities by design. Testing for these would require building a fuzzer rather than a static code scanner. There are other tools that **must** always be used for validating web applications.  
+
++++
+
 * **Postpone code performance optimisations until truly necessary.**  
   * **Rationale:** We aim for a loosely coupled architecture of key functions; performance optimisations can be introduced at a later stage if required. In practice, performance optimisations are rarely needed. Most time will be spent by humans analysing results before deciding whether to use a Python package, or making security improvements to their own code. The baseline performance for scanning a 10MB Python package should be the priority.  
   * **Implication:** Ensure that performance optimisations can be applied later to specific functional blocks if they are found to be causing bottlenecks for users.

{codeaudit-1.6.6 → codeaudit-1.7.1}/docs/checks/assert_check.md

@@ -129,3 +129,7 @@ For robust validation and error handling in production code, always use standard
 * [The assert statement - Python Documentation](https://docs.python.org/3/reference/simple_stmts.html#the-assert-statement)
 * [The dangers of assert in Python](https://snyk.io/blog/the-dangers-of-assert-in-python/)
 * [Feature: Python assert should be consider harmful](https://community.sonarsource.com/t/feature-python-assert-should-be-consider-harmful/38501) But note that Sonar did not implement this check.
+* [CVE-2017-1000433](https://nvd.nist.gov/vuln/detail/CVE-2017-1000433) and see the related [issues/451](https://github.com/IdentityPython/pysaml2/issues/451) 
+* [Advisory: pysaml2 Improper Authentication vulnerability](https://github.com/advisories/GHSA-924m-4pmx-c67h) 
+
+* [Rethinking Python Asserts in SAST](https://nocomplexity.com/python-asserts/)

codeaudit-1.7.1/docs/cimode.md

@@ -0,0 +1,276 @@
+# CI Integration
+
+Python Code Audit is a fast, local-first SAST tool for analysing Python code and detecting potential security weaknesses. While it is particularly useful for auditing third-party code, it should also be run regularly on your own projects to ensure continuous security validation.
+
+Python Code Audit integrates easily into CI/CD pipelines and standard code quality workflows. A CI job can be configured in just a few steps, supporting our goal of simple, effective security tooling. This allows you to focus on reviewing findings and applying fixes based on [Security by Design principles](https://nocomplexity.github.io/securitybydesign/securityprinciples/).
+
+If you have improvements or CI configuration tips, contributions via pull requests to this documentation are welcome.
+
+:::{note}
+[Data Exfiltration Detection functionality](data_exfiltration_detection) is not yet available in CI pipelines.
+:::
+
+
+:::{admonition} By default, CI scan mode uses the same analysis engine as the CLI version
+:class: important
+
+So Keep in mind:
+
+* [Some directories are excluded from SAST scanning](excluded_directories)
+* Findings marked with [markissues-label](markissues-label) are ignored by default in CI mode
+:::
+
+
+## CI Mode Command
+
+CI mode is enabled using the following CLI command:
+
+```bash
+codeaudit cimode [file|directory] [--output text|html|json] [--nosec True|False]
+```
+
+### Default behaviour
+
+* Output format: `text`
+* `nosec=True` (ignores lines marked with `# nosec`)
+
+
+
+### Quick Test Run
+
+You can test CI mode locally before integrating it into your pipeline:
+
+```bash
+codeaudit cimode .
+```
+
+Here, `.` represents the current working directory.
+
+
+### Command Options
+
+
+| Option         | Description                                                |
+| -------------- | ---------------------------------------------------------- |
+| `-o, --output` | Output format: `text`, `html`, or `json` (default: `text`) |
+| `-n, --nosec`  | Ignore findings marked with `# nosec` (default: `True`)    |
+
+
+
+
+## GitLab CI Integration
+
+
+Integrating Python Code Audit with [GitLab.com](https://gitlab.com) is straightforward and can be completed in just a few minutes.
+
+For GitLab CI jobs, it is recommended to always save **artifacts**, even when the job fails. This ensures that scan results are available for review in all cases. It is especially useful when using the HTML report format, as it allows you to quickly view findings directly in the browser via the CI artifacts interface.
+
+If needed, you can also export the `json` output for further processing in a separate secure environment, for example to integrate results into dashboards, ticketing systems, or additional analysis pipelines.
+
+
+### HTML report example 
+
+
+```yaml
+# SAST scan with Python Code Audit on GitLab.com
+image: python:3.13-slim
+
+stages:
+  - scan
+
+codeaudit-scan:
+  stage: scan
+
+  before_script:
+    - python -m pip install --upgrade pip
+
+  script:
+    - pip install codeaudit
+    - codeaudit --version
+    - codeaudit cimode . --output html > codeaudit-output.html
+    
+  allow_failure: true
+
+  artifacts:
+    when: always
+    name: "codeaudit-${CI_COMMIT_REF_NAME}"
+    paths:
+      - codeaudit-output.html
+    expire_in: 1 week
+    expose_as: "Python Code Audit Report"
+```
+
+If a scan detects security weaknesses, the job will fail by default. In many workflows, it is common to allow CI failures so that issues are visible without blocking all development activity.
+
+After the job completes, results are available in the CI **artifacts**. Use *Browse artifacts* to open the HTML report directly in your browser.
+
+
+### Plain Text Output Example
+
+For simple readable output in CI logs:
+
+```yaml
+codeaudit-scan:
+  stage: scan
+
+  before_script:
+    - python -m pip install --upgrade pip
+
+  script:
+    - pip install codeaudit
+    - codeaudit --version
+    - codeaudit cimode . | tee codeaudit-output.txt
+
+  allow_failure: true
+
+  artifacts:
+    when: always
+    name: "codeaudit-${CI_COMMIT_REF_NAME}"
+    paths:
+      - codeaudit-output.txt
+    expire_in: 1 week
+    expose_as: "Python Code Audit Report"
+```
+
+
+### JSON Output Example
+
+For structured processing or integration with other tools:
+
+```yaml
+codeaudit-scan:
+  stage: scan
+
+  before_script:
+    - python -m pip install --upgrade pip
+
+  script:
+    - pip install codeaudit
+    - codeaudit --version
+    - codeaudit cimode . --output json | tee codeaudit-output.json
+
+  allow_failure: true
+
+  artifacts:
+    when: always
+    name: "codeaudit-${CI_COMMIT_REF_NAME}"
+    paths:
+      - codeaudit-output.json
+    expire_in: 1 week
+    expose_as: "Python Code Audit Report"
+```
+
+
+## GitHub.com CI Integration
+
+### For readable output in CI logs
+
+You can use the following example CI configuration:
+
+```yaml
+# SAST scan with Python Code Audit on GitHub Actions
+
+name: Python Code Audit SAST Scan
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  codeaudit-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: Upgrade pip
+        run: python -m pip install --upgrade pip
+
+      - name: Install Python Code Audit
+        run: pip install codeaudit
+
+      - name: Show version
+        run: codeaudit --version
+
+      - name: Run SAST scan
+        run: |
+           codeaudit cimode . --output text | tee codeaudit-output.text
+           exit ${PIPESTATUS[0]}
+        
+      - name: Upload scan artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: codeaudit-${{ github.ref_name }}
+          path: codeaudit-output.text
+
+```
+
+
+### HTML output 
+
+
+```yaml
+# SAST scan with Python Code Audit on GitHub Actions
+
+name: Python Code Audit SAST Scan
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  codeaudit-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: Upgrade pip
+        run: python -m pip install --upgrade pip
+
+      - name: Install Python Code Audit
+        run: pip install codeaudit
+        
+      - name: Show version
+        run: codeaudit --version
+
+      - name: Run SAST scan (HTML output)
+        run: codeaudit cimode . --output html > codeaudit-output.html
+
+      - name: Upload scan artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: codeaudit-${{ github.ref_name }}
+          path: codeaudit-output.html
+
+```
+
+On GitHub Actions, HTML reports are **not rendered directly in the browser** like a live page. They are stored as **workflow artifacts**. 
+
+
+To download SAST result artifacts from the workflow run:
+
+After the job finishes:
+
+1. Go to your repository on GitHub
+2. Open the **Actions** tab
+3. Select the workflow run
+4. Scroll to the **Artifacts** section
+5. Download the artifact (usually a `.zip` file)
+6. Extract it locally
+7. Open `codeaudit-output.html` in your browser
+
+
+

{codeaudit-1.6.6 → codeaudit-1.7.1}/docs/codeauditcommands.md

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Commands Overview
-Python Code Audit commands for: version: 1.6.5
+Python Code Audit commands for: version: 1.7.1
 ```
 ----------------------------------------------------
  _                    __             _