qgis-plugin-analyzer 1.4.0__py3-none-any.whl → 1.5.0__py3-none-any.whl

analyzer/__init__.py

@@ -16,4 +16,5 @@
 #  *   the Free Software Foundation; either version 2 of the License, or     *
 #  *   (at your option) any later version.                                   *
 #  *                                                                         *
-#  ***************************************************************************/
+#
+__version__ = "1.5.0"

analyzer/cli.py

@@ -23,7 +23,15 @@ import argparse
 import pathlib
 import sys
 
-from .engine import ProjectAnalyzer
+from . import __version__
+from .commands import (
+    handle_analyze,
+    handle_fix,
+    handle_init,
+    handle_list_rules,
+    handle_security,
+    handle_summary,
+)
 from .utils import logger, setup_logger
 
 
@@ -36,6 +44,7 @@ def _setup_argument_parser() -> argparse.ArgumentParser:
     parser = argparse.ArgumentParser(
         description="QGIS Plugin Analyzer - A guardian for your PyQGIS code"
     )
+    parser.add_argument("-v", "--version", action="version", version=f"%(prog)s {__version__}")
     subparsers = parser.add_subparsers(dest="command", help="Command to execute")
 
     # Analyze Command
@@ -60,6 +69,27 @@ def _setup_argument_parser() -> argparse.ArgumentParser:
         default="default",
     )
 
+    # Security Command
+    security_parser = subparsers.add_parser("security", help="Run a focused security scan")
+    security_parser.add_argument("project_path", help="Path to the QGIS project to scan")
+    security_parser.add_argument(
+        "-o",
+        "--output",
+        help="Output directory for reports",
+        default="./analysis_results",
+    )
+    security_parser.add_argument(
+        "-p",
+        "--profile",
+        help="Configuration profile from pyproject.toml",
+        default="default",
+    )
+    security_parser.add_argument(
+        "--deep",
+        action="store_true",
+        help="Run more intensive (but slower) security checks",
+    )
+
     # Fix Command
     fix_parser = subparsers.add_parser("fix", help="Auto-fix common QGIS plugin issues")
     fix_parser.add_argument("path", type=str, help="Path to the QGIS plugin directory")
@@ -90,6 +120,9 @@ def _setup_argument_parser() -> argparse.ArgumentParser:
     # List Rules Command
     subparsers.add_parser("list-rules", help="List all available QGIS audit rules")
 
+    # Version Command
+    subparsers.add_parser("version", help="Show the current version of the analyzer")
+
     # Init Command
     subparsers.add_parser("init", help="Initialize a new .analyzerignore with defaults")
 
@@ -114,141 +147,6 @@ def _setup_argument_parser() -> argparse.ArgumentParser:
     return parser
 
 
-def _handle_fix_command(args: argparse.Namespace) -> bool:
-    """Handles the execution of the 'fix' command.
-
-    Args:
-        args: Parsed command line arguments.
-
-    Returns:
-        True if the fix process completed successfully, False otherwise.
-    """
-    import json
-
-    from .fixer import AutoFixer
-
-    project_path = pathlib.Path(args.path).resolve()
-    if not project_path.exists():
-        print(f"❌ Path not found: {project_path}")
-        return False
-
-    # Run analysis first
-    print("🔍 Analyzing project for fixable issues...")
-    analyzer = ProjectAnalyzer(
-        str(project_path),
-        args.output if hasattr(args, "output") else "./analysis_results",
-        args.profile if hasattr(args, "profile") else "default",
-    )
-    analyzer.run()
-
-    # Load issues
-    context_file = analyzer.output_dir / "project_context.json"
-    with open(context_file) as f:
-        context = json.load(f)
-
-    all_issues = []
-    for module in context.get("modules", []):
-        all_issues.extend(module.get("ast_issues", []))
-
-    if args.rules:
-        rule_ids = [r.strip() for r in args.rules.split(",")]
-        all_issues = [i for i in all_issues if i.get("type") in rule_ids]
-
-    fixer = AutoFixer(project_path, dry_run=not args.apply)
-    fixable = fixer.get_fixable_issues(all_issues)
-
-    if not fixable:
-        print("✅ No fixable issues found!")
-        return True
-
-    print(f"\n📋 Found {len(fixable)} fixable issue(s)")
-    if not args.apply:
-        print("\n⚠️  DRY RUN MODE (use --apply to execute changes)\n")
-
-    stats = fixer.apply_fixes(fixable, interactive=not args.auto_approve)
-    print(
-        f"\n📊 Summary: Applied: {stats['applied']}, Skipped: {stats['skipped']}, Failed: {stats['failed']}"
-    )
-    return True
-
-
-def _handle_analyze_command(args: argparse.Namespace) -> None:
-    """Handles the execution of the 'analyze' command.
-
-    Args:
-        args: Parsed command line arguments.
-    """
-    # Force generate_html based on flag, overriding profile if necessary for CLI usage
-    # We pass it via a temporary config override or modify the analyzer init
-    # For now, let's pass it to the analyzer constructor or modify config after init
-
-    analyzer = ProjectAnalyzer(args.project_path, args.output, args.profile)
-
-    # Override config based on CLI flag
-    if hasattr(args, "report") and args.report:
-        analyzer.config["generate_html"] = True
-    else:
-        analyzer.config["generate_html"] = False
-
-    success = analyzer.run()
-
-    # Always show terminal summary
-    from .reporters.summary_reporter import report_summary
-
-    # If we didn't generate reports, we might still want to show the summary
-    # using the in-memory data or the context file if it was saved.
-    # Engine saves json context by default? Let's check engine.py.
-    # Assuming engine saves project_context.json always or we need to access results directly.
-    # To keep it simple, we depend on the engine saving the context or returning it.
-    # Current engine.run retuns bool.
-
-    context_path = analyzer.output_dir / "project_context.json"
-    if context_path.exists():
-        report_summary(context_path)
-
-    if not success:
-        sys.exit(1)
-
-
-def _handle_list_rules_command() -> None:
-    """Handles the 'list-rules' command by displaying available audit rules."""
-    from .rules import get_qgis_audit_rules
-
-    rules = get_qgis_audit_rules()
-    print("\n📋 QGIS Audit Rules Catalog:")
-    print("=" * 30)
-    for r in rules:
-        print(f"- [{r['severity'].upper()}] {r['id']}: {r['message']}")
-    print(f"\nTotal: {len(rules)} rules.\n")
-
-
-def _handle_init_command() -> None:
-    """Handles the 'init' command by creating a default .analyzerignore file."""
-    from .utils import DEFAULT_EXCLUDE
-
-    ignore_file = pathlib.Path(".analyzerignore")
-    if ignore_file.exists():
-        print("⚠️  .analyzerignore already exists. Skipping.")
-    else:
-        with open(ignore_file, "w") as f:
-            f.write("# QGIS Plugin Analyzer Ignore File\n")
-            for p in DEFAULT_EXCLUDE:
-                f.write(f"{p}\n")
-        print("✅ Created .analyzerignore with default excludes.")
-
-
-def _handle_summary_command(args: argparse.Namespace) -> None:
-    """Handles the 'summary' command by displaying a terminal report.
-
-    Args:
-        args: Parsed command line arguments.
-    """
-    from .reporters.summary_reporter import report_summary
-
-    input_path = pathlib.Path(args.input).resolve()
-    report_summary(input_path, by=args.by)
-
-
 def main() -> None:
     """Main entry point for the QGIS Plugin Analyzer CLI.
 
@@ -260,6 +158,8 @@ def main() -> None:
     # Legacy support / default to analyze if no command provided
     if len(sys.argv) > 1 and sys.argv[1] not in [
         "analyze",
+        "security",
+        "version",
         "fix",
         "list-rules",
         "init",
@@ -278,17 +178,20 @@ def main() -> None:
     output_dir.mkdir(parents=True, exist_ok=True)
     setup_logger(output_dir)
 
+    # Command Dispatcher
+    dispatch = {
+        "fix": lambda: handle_fix(args),
+        "analyze": lambda: handle_analyze(args),
+        "list-rules": lambda: handle_list_rules(),
+        "init": lambda: handle_init(),
+        "summary": lambda: handle_summary(args),
+        "security": lambda: handle_security(args),
+        "version": lambda: print(f"qgis-analyzer {__version__}"),
+    }
+
     try:
-        if args.command == "fix":
-            _handle_fix_command(args)
-        elif args.command == "analyze":
-            _handle_analyze_command(args)
-        elif args.command == "list-rules":
-            _handle_list_rules_command()
-        elif args.command == "init":
-            _handle_init_command()
-        elif args.command == "summary":
-            _handle_summary_command(args)
+        if args.command in dispatch:
+            dispatch[args.command]()
         else:
             parser.print_help()
 

analyzer/commands.py

@@ -0,0 +1,163 @@
+"""Command handlers for the QGIS Plugin Analyzer CLI.
+
+This module contains the implementation of individual CLI commands to separate
+interface definition (cli.py) from execution logic.
+"""
+
+import argparse
+import json
+import pathlib
+import sys
+
+from .engine import ProjectAnalyzer
+from .fixer import AutoFixer
+from .reporters.summary_reporter import report_summary
+from .rules import get_qgis_audit_rules
+from .utils import DEFAULT_EXCLUDE
+
+
+def handle_fix(args: argparse.Namespace) -> bool:
+    """Handles the execution of the 'fix' command.
+
+    Args:
+        args: Parsed command line arguments.
+
+    Returns:
+        True if the fix process completed successfully, False otherwise.
+    """
+    project_path = pathlib.Path(args.path).resolve()
+    if not project_path.exists():
+        print(f"❌ Path not found: {project_path}")
+        return False
+
+    # Run analysis first
+    print("🔍 Analyzing project for fixable issues...")
+    analyzer = ProjectAnalyzer(
+        str(project_path),
+        args.output if hasattr(args, "output") else "./analysis_results",
+        args.profile if hasattr(args, "profile") else "default",
+    )
+    analyzer.run()
+
+    # Load issues
+    context_file = analyzer.output_dir / "project_context.json"
+    if not context_file.exists():
+        print("❌ Analysis failed to generate context file.")
+        return False
+
+    with open(context_file) as f:
+        context = json.load(f)
+
+    all_issues = []
+    for module in context.get("modules", []):
+        all_issues.extend(module.get("ast_issues", []))
+
+    if args.rules:
+        rule_ids = [r.strip() for r in args.rules.split(",")]
+        all_issues = [i for i in all_issues if i.get("type") in rule_ids]
+
+    fixer = AutoFixer(project_path, dry_run=not args.apply)
+    fixable = fixer.get_fixable_issues(all_issues)
+
+    if not fixable:
+        print("✅ No fixable issues found!")
+        return True
+
+    print(f"\n📋 Found {len(fixable)} fixable issue(s)")
+    if not args.apply:
+        print("\n⚠️  DRY RUN MODE (use --apply to execute changes)\n")
+
+    stats = fixer.apply_fixes(fixable, interactive=not args.auto_approve)
+    print(
+        f"\n📊 Summary: Applied: {stats['applied']}, Skipped: {stats['skipped']}, Failed: {stats['failed']}"
+    )
+    return True
+
+
+def handle_analyze(args: argparse.Namespace) -> None:
+    """Handles the execution of the 'analyze' command.
+
+    Args:
+        args: Parsed command line arguments.
+    """
+    analyzer = ProjectAnalyzer(args.project_path, args.output, args.profile)
+
+    # Override config based on CLI flag
+    if hasattr(args, "report") and args.report:
+        analyzer.config["generate_html"] = True
+    else:
+        analyzer.config["generate_html"] = False
+
+    success = analyzer.run()
+
+    context_path = analyzer.output_dir / "project_context.json"
+    if context_path.exists():
+        report_summary(context_path)
+
+    if not success:
+        sys.exit(1)
+
+
+def handle_list_rules() -> None:
+    """Handles the 'list-rules' command by displaying available audit rules."""
+    rules = get_qgis_audit_rules()
+    print("\n📋 QGIS Audit Rules Catalog:")
+    print("=" * 30)
+    for r in rules:
+        print(f"- [{r['severity'].upper()}] {r['id']}: {r['message']}")
+    print(f"\nTotal: {len(rules)} rules.\n")
+
+
+def handle_init() -> None:
+    """Handles the 'init' command by creating a default .analyzerignore file."""
+    ignore_file = pathlib.Path(".analyzerignore")
+    if ignore_file.exists():
+        print("⚠️  .analyzerignore already exists. Skipping.")
+    else:
+        with open(ignore_file, "w") as f:
+            f.write("# QGIS Plugin Analyzer Ignore File\n")
+            for p in DEFAULT_EXCLUDE:
+                f.write(f"{p}\n")
+        print("✅ Created .analyzerignore with default excludes.")
+
+
+def handle_summary(args: argparse.Namespace) -> None:
+    """Handles the 'summary' command by displaying a terminal report.
+
+    Args:
+        args: Parsed command line arguments.
+    """
+    input_path = pathlib.Path(args.input).resolve()
+    report_summary(input_path, by=args.by)
+
+
+def handle_security(args: argparse.Namespace) -> None:
+    """Handles the execution of the 'security' command.
+
+    Args:
+        args: Parsed command line arguments.
+    """
+    project_path = pathlib.Path(args.project_path).resolve()
+    if not project_path.exists():
+        print(f"❌ Path not found: {project_path}")
+        sys.exit(1)
+
+    print(f"🛡️  Starting focused security scan for: {project_path.name}...")
+
+    # Run analyzer with current profile
+    analyzer = ProjectAnalyzer(str(project_path), args.output, args.profile)
+
+    # We could potentially add a flag to 'deep' mode in the analyzer config
+    if args.deep:
+        analyzer.config["security_deep_scan"] = True
+        print("🔍 Deep scan enabled (Entropy analysis and full secret detection)")
+
+    success = analyzer.run()
+
+    context_path = analyzer.output_dir / "project_context.json"
+    if context_path.exists():
+        # Use the specialized security reporter
+        report_summary(context_path, by="security")
+
+    if not success:
+        sys.exit(1)

analyzer/engine.py

@@ -102,6 +102,15 @@ class ProjectAnalyzer:
             A sorted list of pathlib.Path objects for all detected Python files.
         """
         python_files = []
+        project_path = pathlib.Path(self.project_path)
+
+        # Handle direct file input
+        if project_path.is_file():
+            if project_path.suffix == ".py":
+                return [project_path]
+            return []
+
+        # Handle directory scan
         for root, dirs, files in os.walk(self.project_path):
             root_path = pathlib.Path(root)
 
@@ -254,6 +263,8 @@ class ProjectAnalyzer:
         binaries: List[str],
         package_size: float,
         url_status: Dict[str, str],
+        security_score: float,
+        all_security_issues: List[Dict[str, Any]],
     ) -> Dict[str, Any]:
         """Consolidates analysis results into a single dictionary.
 
@@ -282,6 +293,7 @@ class ProjectAnalyzer:
             "total_lines": sum(m["lines"] for m in modules_data),
             "quality_score": round(code_score, 1),
             "maintainability_score": round(maint_score, 1),
+            "security_score": round(security_score, 1),
         }
 
         if self.project_type == "qgis":
@@ -292,6 +304,11 @@ class ProjectAnalyzer:
             "project_type": self.project_type,
             "metrics": metrics_summary,
             "ruff_findings": ruff_findings,
+            "security": {
+                "findings": all_security_issues,
+                "count": len(all_security_issues),
+                "score": round(security_score, 1),
+            },
             "semantic": {"circular_dependencies": cycles, "coupling_metrics": metrics},
             "modules": modules_data,
         }
@@ -395,7 +412,6 @@ class ProjectAnalyzer:
         cycles = semantic_res[0] if len(semantic_res) > 0 else []
         metrics = semantic_res[1] if len(semantic_res) > 1 else {}
         missing_resources = semantic_res[2] if len(semantic_res) > 2 else []
-
         # Calculate scores
         scores = self._calculate_scores(
             modules_data,
@@ -408,10 +424,16 @@ class ProjectAnalyzer:
             binaries,
             package_size,
         )
-        # Handle potential return length mismatches gracefully (Robustness v1.0.0+)
+
         code_score = scores[0] if len(scores) > 0 else 0.0
         maint_score = scores[1] if len(scores) > 1 else 0.0
         qgis_score = scores[2] if len(scores) > 2 else 0.0
+        security_score = scores[3] if len(scores) > 3 else 0.0
+
+        # Aggregate all security findings
+        all_security_issues = []
+        for m in modules_data:
+            all_security_issues.extend(m.get("security_issues", []))
 
         # Build results
         analyses = self._build_analysis_results(
@@ -430,6 +452,8 @@ class ProjectAnalyzer:
             binaries,
             package_size,
             url_status,
+            security_score,
+            all_security_issues,
         )
 
         # Save reports
@@ -480,50 +504,83 @@ class ProjectAnalyzer:
             A tuple of (module_stability, maintainability, qgis_compliance) scores out of 100.
         """
         if not modules_data:
-            return 0.0, 0.0, 0.0
+            return 0.0, 0.0, 0.0, 0.0
+
+        module_score = self._get_mi_score(modules_data)
+        maintainability_score = self._get_maint_score(modules_data, ruff_findings)
+        modernization_bonus = self._get_modernization_bonus(modules_data)
+        maintainability_score = min(100.0, maintainability_score + modernization_bonus)
+
+        # Security context
+        security_penalty = self._get_security_penalty(modules_data)
+        security_score = max(0.0, 100.0 - security_penalty)
+
+        # Global penalties (e.g., circular dependencies)
+        penalty = len(cycles) * 10
+        module_score = max(0, module_score - penalty)
+        maintainability_score = max(0, maintainability_score - penalty)
+
+        if self.project_type == "generic":
+            return (
+                round(module_score, 1),
+                round(maintainability_score, 1),
+                0.0,
+                round(security_score, 1),
+            )
+
+        qgis_score = self._get_qgis_score(
+            compliance,
+            structure,
+            metadata,
+            missing_resources,
+            binaries,
+            package_size,
+            security_penalty,
+        )
+
+        return (
+            round(module_score, 1),
+            round(maintainability_score, 1),
+            round(qgis_score, 1),
+            round(security_score, 1),
+        )
 
-        # 1. Module stability based on Maintainability Index (MI)
-        # Formula: MI = max(0, (171 - 0.23 * CC - 16.2 * ln(SLOC)) * 100 / 171)
+    def _get_mi_score(self, modules_data: List[Dict[str, Any]]) -> float:
+        """Calculates module stability based on Maintainability Index (MI)."""
         mi_scores = []
         for m in modules_data:
             cc = m.get("complexity", 1)
             sloc = max(1, m.get("lines", 1))
+            # Formula: MI = (171 - 0.23 * CC - 16.2 * ln(SLOC)) * 100 / 171
             mi = (171 - 0.23 * cc - 16.2 * math.log(sloc)) * 100 / 171
             mi_scores.append(max(0, mi))
+        return sum(mi_scores) / len(mi_scores) if mi_scores else 0.0
 
-        module_score = sum(mi_scores) / len(mi_scores) if mi_scores else 0.0
-
-        # 2. Maintainability based on Function Complexity
+    def _get_maint_score(
+        self, modules_data: List[Dict[str, Any]], ruff_findings: List[Dict[str, Any]]
+    ) -> float:
+        """Calculates maintainability based on function complexity and linting penalties."""
+        # 1. Function Complexity Score
         all_func_comp = []
         for m in modules_data:
             for f in m.get("functions", []):
                 all_func_comp.append(f["complexity"])
 
         avg_func_comp = sum(all_func_comp) / len(all_func_comp) if all_func_comp else 1.0
-        # Function complexity score: 100 is perfect, -5 per point over 10
         func_score = max(0, 100 - (max(0, avg_func_comp - 10) * 5))
 
-        # 3. Lint Scoring (Pylint style)
-        # 10 - ((5*E + W + R + C) / statements) * 10
+        # 2. Lint Scoring (Pylint style)
         total_lines = sum(m.get("lines", 0) for m in modules_data)
-        errors = 0
-        others = 0
-        for find in ruff_findings:
-            code = find.get("code", "")
-            if code.startswith(("E", "F")):
-                errors += 1
-            else:
-                others += 1
+        errors = sum(1 for f in ruff_findings if f.get("code", "").startswith(("E", "F")))
+        others = len(ruff_findings) - errors
 
         lint_penalty = ((5 * errors + others) / max(1, total_lines / 10)) * 10
         lint_score = max(0, 100 - lint_penalty)
 
-        # Composite Maintainability Score
-        maintainability_score = (func_score * 0.7) + (lint_score * 0.3)
+        return float((func_score * 0.7) + (lint_score * 0.3))
 
-        # 4. Research-based Bonuses & Modernization
-        total_public_items = 0
-        has_docstring_count = 0
+    def _get_modernization_bonus(self, modules_data: List[Dict[str, Any]]) -> float:
+        """Calculates modernization bonuses based on type hints and documentation styles."""
         total_functions = 0
         total_params = 0
         annotated_params = 0
@@ -532,55 +589,61 @@ class ProjectAnalyzer:
 
         for m in modules_data:
             metrics = m.get("research_metrics", {})
-            d_stats = metrics.get("docstring_stats", {})
-            total_public_items += d_stats.get("total_public_items", 0)
-            has_docstring_count += d_stats.get("has_docstring", 0)
-
             t_stats = metrics.get("type_hint_stats", {})
             total_functions += t_stats.get("total_functions", 0)
             total_params += t_stats.get("total_parameters", 0)
             annotated_params += t_stats.get("annotated_parameters", 0)
             has_return_hint += t_stats.get("has_return_hint", 0)
-
             detected_styles.update(metrics.get("docstring_styles", []))
 
-        # Bonuses
-        modernization_bonus = 0.0
-        # Type Hint Bonus: > 80% coverage on params and returns
+        bonus = 0.0
         if total_params > 0 or total_functions > 0:
             param_cov = annotated_params / max(1, total_params)
             ret_cov = has_return_hint / max(1, total_functions)
             if param_cov >= 0.8 and ret_cov >= 0.8:
-                modernization_bonus += 5.0
+                bonus += 5.0
 
-        # Docstring Style Bonus: Standardized formats (Google/NumPy)
         if detected_styles:
-            modernization_bonus += 2.0
-
-        maintainability_score = min(100.0, maintainability_score + modernization_bonus)
-
-        # Global penalties
-        penalty = len(cycles) * 10
-        module_score = max(0, module_score - penalty)
-        maintainability_score = max(0, maintainability_score - penalty)
-
-        if self.project_type == "generic":
-            return round(module_score, 1), round(maintainability_score, 1), 0.0
+            bonus += 2.0
+        return bonus
 
-        # ... (qgis_score logic remains same) ...
-        qgis_score = 100.0
-        qgis_score -= compliance.get("issues_count", 0) * 2
+    def _get_qgis_score(
+        self,
+        compliance: Dict[str, Any],
+        structure: Dict[str, Any],
+        metadata: Dict[str, Any],
+        missing_resources: List[str],
+        binaries: List[str],
+        package_size: float,
+        security_penalty: float = 0.0,
+    ) -> float:
+        """Calculates QGIS-specific compliance score."""
+        score = 100.0
+        score -= compliance.get("issues_count", 0) * 2
         if not structure.get("is_valid", True):
-            qgis_score -= 20
+            score -= 20
         if not metadata.get("is_valid", True):
-            qgis_score -= 10
-        qgis_score -= len(missing_resources) * 5
-        qgis_score -= len(binaries) * 50
+            score -= 10
+        score -= len(missing_resources) * 5
+        score -= len(binaries) * 50
         if package_size > 20:
-            qgis_score -= 10
+            score -= 10
 
-        return (
-            round(module_score, 1),
-            round(maintainability_score, 1),
-            round(max(0, qgis_score), 1),
-        )
+        # Security penalty
+        score -= security_penalty
+
+        return float(max(0, score))
+
+    def _get_security_penalty(self, modules_data: List[Dict[str, Any]]) -> float:
+        """Calculates total penalty for security vulnerabilities."""
+        penalty = 0.0
+        for m in modules_data:
+            for issue in m.get("security_issues", []):
+                sev = issue.get("severity", "medium").lower()
+                if sev == "high":
+                    penalty += 10.0
+                elif sev == "medium":
+                    penalty += 5.0
+                else:
+                    penalty += 2.0
+        return penalty