qgis-plugin-analyzer 1.4.0__tar.gz → 1.5.0__tar.gz

{qgis_plugin_analyzer-1.4.0 → qgis_plugin_analyzer-1.5.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qgis-plugin-analyzer
-Version: 1.4.0
+Version: 1.5.0
 Summary: A professional static analysis tool for QGIS (PyQGIS) plugins
 Author-email: geociencio <juanbernales@gmail.com>
 License: GPL-3.0-or-later
@@ -34,13 +34,16 @@ Dynamic: license-file
 ![License](https://img.shields.io/badge/License-GPLv3-blue.svg)
 ![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)
 ![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-yellow.svg?logo=git)
-![Quality Score](https://img.shields.io/badge/Module%20Stability-55.6%2F100-yellow)
-![Maintainability](https://img.shields.io/badge/Maintainability-100.0%2F100-brightgreen)
+![Quality Score](https://img.shields.io/badge/Module%20Stability-92.3%2F100-brightgreen)
+![Maintainability](https://img.shields.io/badge/Maintainability-84.1%2F100-green)
+![Security Score](https://img.shields.io/badge/Security--Bandit-98.7%2F100-brightgreen)
 
 The **QGIS Plugin Analyzer** is a static analysis tool designed specifically for QGIS (PyQGIS) plugin developers. Its goal is to elevate plugin quality by ensuring they follow community best practices and are optimized for AI-assisted development.
 
 ## ✨ Main Features
 
+- **Security Core (Bandit-inspired)**: Professional vulnerability scanning detecting `eval`, `exec`, shell injections, and SQL injection risks.
+- **Deep Entropy Secret Scanner**: Detects hardcoded API keys, passwords, and sensitive tokens using regex and information entropy.
 - **High-Performance Engine**: Parallel analysis powered by `ProcessPoolExecutor` for ultra-fast execution on multi-core systems.
 - **Project Auto-Detection**: Intelligently distinguishes between official QGIS Plugins and Generic Python Projects, tailoring validation logic accordingly.
 - **Advanced Ignore Engine**: Robust `.analyzerignore` support with non-anchored patterns and smart default excludes (`.venv`, `build`, etc.).
@@ -63,9 +66,8 @@ The **QGIS Plugin Analyzer** is a static analysis tool designed specifically for
 | **QGIS-Specific Rules**| ✅ (Precise AST) | ✅ (Regex/AST) | ❌ | ✅ |
 | **Interactive Auto-Fix**| ✅ | ❌ | ❌ | ❌ |
 | **Semantic Analysis**  | ✅ | ❌ | ❌ | ❌ |
-| **Compliance Checks**  | ✅ | ❌ | ❌ | ✅ |
-| **i18n / API Audit**   | ✅ | ❌ | ❌ | ✅ |
-| **Architecture Audit** | ✅ (UI/Core) | ❌ | ❌ | ❌ |
+| **Security Audit**     | ✅ (Bandit-style) | ❌ | ❌ | ❌ |
+| **Secret Scanning**    | ✅ (Entropy) | ❌ | ❌ | ❌ |
 | **HTML/MD Reports**    | ✅ | ❌ | ❌ | ❌ |
 | **AI Context Gen**      | ✅ (Project Brain) | ❌ | ❌ | ❌ |
 
@@ -129,7 +131,7 @@ You can run `qgis-plugin-analyzer` automatically before every commit to ensure q
 
 ```yaml
   - repo: https://github.com/geociencio/qgis-plugin-analyzer
-    rev: v1.4.0  # Use the latest tag
+    rev: v1.5.0  # Use the latest tag
     hooks:
       - id: qgis-plugin-analyzer
 ```
@@ -210,6 +212,17 @@ Shows a professional, color-coded summary of findings directly in your terminal.
 | `-b`, `--by` | Granularity of the summary: `total`, `modules`, `functions`, `classes`. | `total` |
 | `-i`, `--input` | Path to the `project_context.json` file to summarize. | `analysis_results/project_context.json` |
 
+### `qgis-analyzer security`
+Performs a focused security scan on a file or directory.
+
+| Argument | Description | Default |
+| :--- | :--- | :--- |
+| `path` | **(Required)** Path to the file or directory to scan. | N/A |
+| `-p`, `--profile`| Configuration profile. | `default` |
+
+### `qgis-analyzer version`
+Shows the current version of the analyzer.
+
 **Example:**
 ```bash
 # Executive summary

{qgis_plugin_analyzer-1.4.0 → qgis_plugin_analyzer-1.5.0}/README.md

@@ -6,13 +6,16 @@
 ![License](https://img.shields.io/badge/License-GPLv3-blue.svg)
 ![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)
 ![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-yellow.svg?logo=git)
-![Quality Score](https://img.shields.io/badge/Module%20Stability-55.6%2F100-yellow)
-![Maintainability](https://img.shields.io/badge/Maintainability-100.0%2F100-brightgreen)
+![Quality Score](https://img.shields.io/badge/Module%20Stability-92.3%2F100-brightgreen)
+![Maintainability](https://img.shields.io/badge/Maintainability-84.1%2F100-green)
+![Security Score](https://img.shields.io/badge/Security--Bandit-98.7%2F100-brightgreen)
 
 The **QGIS Plugin Analyzer** is a static analysis tool designed specifically for QGIS (PyQGIS) plugin developers. Its goal is to elevate plugin quality by ensuring they follow community best practices and are optimized for AI-assisted development.
 
 ## ✨ Main Features
 
+- **Security Core (Bandit-inspired)**: Professional vulnerability scanning detecting `eval`, `exec`, shell injections, and SQL injection risks.
+- **Deep Entropy Secret Scanner**: Detects hardcoded API keys, passwords, and sensitive tokens using regex and information entropy.
 - **High-Performance Engine**: Parallel analysis powered by `ProcessPoolExecutor` for ultra-fast execution on multi-core systems.
 - **Project Auto-Detection**: Intelligently distinguishes between official QGIS Plugins and Generic Python Projects, tailoring validation logic accordingly.
 - **Advanced Ignore Engine**: Robust `.analyzerignore` support with non-anchored patterns and smart default excludes (`.venv`, `build`, etc.).
@@ -35,9 +38,8 @@ The **QGIS Plugin Analyzer** is a static analysis tool designed specifically for
 | **QGIS-Specific Rules**| ✅ (Precise AST) | ✅ (Regex/AST) | ❌ | ✅ |
 | **Interactive Auto-Fix**| ✅ | ❌ | ❌ | ❌ |
 | **Semantic Analysis**  | ✅ | ❌ | ❌ | ❌ |
-| **Compliance Checks**  | ✅ | ❌ | ❌ | ✅ |
-| **i18n / API Audit**   | ✅ | ❌ | ❌ | ✅ |
-| **Architecture Audit** | ✅ (UI/Core) | ❌ | ❌ | ❌ |
+| **Security Audit**     | ✅ (Bandit-style) | ❌ | ❌ | ❌ |
+| **Secret Scanning**    | ✅ (Entropy) | ❌ | ❌ | ❌ |
 | **HTML/MD Reports**    | ✅ | ❌ | ❌ | ❌ |
 | **AI Context Gen**      | ✅ (Project Brain) | ❌ | ❌ | ❌ |
 
@@ -101,7 +103,7 @@ You can run `qgis-plugin-analyzer` automatically before every commit to ensure q
 
 ```yaml
   - repo: https://github.com/geociencio/qgis-plugin-analyzer
-    rev: v1.4.0  # Use the latest tag
+    rev: v1.5.0  # Use the latest tag
     hooks:
       - id: qgis-plugin-analyzer
 ```
@@ -182,6 +184,17 @@ Shows a professional, color-coded summary of findings directly in your terminal.
 | `-b`, `--by` | Granularity of the summary: `total`, `modules`, `functions`, `classes`. | `total` |
 | `-i`, `--input` | Path to the `project_context.json` file to summarize. | `analysis_results/project_context.json` |
 
+### `qgis-analyzer security`
+Performs a focused security scan on a file or directory.
+
+| Argument | Description | Default |
+| :--- | :--- | :--- |
+| `path` | **(Required)** Path to the file or directory to scan. | N/A |
+| `-p`, `--profile`| Configuration profile. | `default` |
+
+### `qgis-analyzer version`
+Shows the current version of the analyzer.
+
 **Example:**
 ```bash
 # Executive summary

{qgis_plugin_analyzer-1.4.0 → qgis_plugin_analyzer-1.5.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "qgis-plugin-analyzer"
-version = "1.4.0"
+version = "1.5.0"
 description = "A professional static analysis tool for QGIS (PyQGIS) plugins"
 readme = "README.md"
 requires-python = ">=3.8"
@@ -43,6 +43,7 @@ dev = [
     "ruff>=0.9.0",
     "mypy>=1.0.0",
     "qgis-stubs>=0.1",
+    "pytest>=8.3.5",
 ]
 
 [tool.mypy]

{qgis_plugin_analyzer-1.4.0 → qgis_plugin_analyzer-1.5.0}/src/analyzer/__init__.py

@@ -16,4 +16,5 @@
 #  *   the Free Software Foundation; either version 2 of the License, or     *
 #  *   (at your option) any later version.                                   *
 #  *                                                                         *
-#  ***************************************************************************/
+#
+__version__ = "1.5.0"

{qgis_plugin_analyzer-1.4.0 → qgis_plugin_analyzer-1.5.0}/src/analyzer/cli.py

@@ -23,7 +23,15 @@ import argparse
 import pathlib
 import sys
 
-from .engine import ProjectAnalyzer
+from . import __version__
+from .commands import (
+    handle_analyze,
+    handle_fix,
+    handle_init,
+    handle_list_rules,
+    handle_security,
+    handle_summary,
+)
 from .utils import logger, setup_logger
 
 
@@ -36,6 +44,7 @@ def _setup_argument_parser() -> argparse.ArgumentParser:
     parser = argparse.ArgumentParser(
         description="QGIS Plugin Analyzer - A guardian for your PyQGIS code"
     )
+    parser.add_argument("-v", "--version", action="version", version=f"%(prog)s {__version__}")
     subparsers = parser.add_subparsers(dest="command", help="Command to execute")
 
     # Analyze Command
@@ -60,6 +69,27 @@ def _setup_argument_parser() -> argparse.ArgumentParser:
         default="default",
     )
 
+    # Security Command
+    security_parser = subparsers.add_parser("security", help="Run a focused security scan")
+    security_parser.add_argument("project_path", help="Path to the QGIS project to scan")
+    security_parser.add_argument(
+        "-o",
+        "--output",
+        help="Output directory for reports",
+        default="./analysis_results",
+    )
+    security_parser.add_argument(
+        "-p",
+        "--profile",
+        help="Configuration profile from pyproject.toml",
+        default="default",
+    )
+    security_parser.add_argument(
+        "--deep",
+        action="store_true",
+        help="Run more intensive (but slower) security checks",
+    )
+
     # Fix Command
     fix_parser = subparsers.add_parser("fix", help="Auto-fix common QGIS plugin issues")
     fix_parser.add_argument("path", type=str, help="Path to the QGIS plugin directory")
@@ -90,6 +120,9 @@ def _setup_argument_parser() -> argparse.ArgumentParser:
     # List Rules Command
     subparsers.add_parser("list-rules", help="List all available QGIS audit rules")
 
+    # Version Command
+    subparsers.add_parser("version", help="Show the current version of the analyzer")
+
     # Init Command
     subparsers.add_parser("init", help="Initialize a new .analyzerignore with defaults")
 
@@ -114,141 +147,6 @@ def _setup_argument_parser() -> argparse.ArgumentParser:
     return parser
 
 
-def _handle_fix_command(args: argparse.Namespace) -> bool:
-    """Handles the execution of the 'fix' command.
-
-    Args:
-        args: Parsed command line arguments.
-
-    Returns:
-        True if the fix process completed successfully, False otherwise.
-    """
-    import json
-
-    from .fixer import AutoFixer
-
-    project_path = pathlib.Path(args.path).resolve()
-    if not project_path.exists():
-        print(f"❌ Path not found: {project_path}")
-        return False
-
-    # Run analysis first
-    print("🔍 Analyzing project for fixable issues...")
-    analyzer = ProjectAnalyzer(
-        str(project_path),
-        args.output if hasattr(args, "output") else "./analysis_results",
-        args.profile if hasattr(args, "profile") else "default",
-    )
-    analyzer.run()
-
-    # Load issues
-    context_file = analyzer.output_dir / "project_context.json"
-    with open(context_file) as f:
-        context = json.load(f)
-
-    all_issues = []
-    for module in context.get("modules", []):
-        all_issues.extend(module.get("ast_issues", []))
-
-    if args.rules:
-        rule_ids = [r.strip() for r in args.rules.split(",")]
-        all_issues = [i for i in all_issues if i.get("type") in rule_ids]
-
-    fixer = AutoFixer(project_path, dry_run=not args.apply)
-    fixable = fixer.get_fixable_issues(all_issues)
-
-    if not fixable:
-        print("✅ No fixable issues found!")
-        return True
-
-    print(f"\n📋 Found {len(fixable)} fixable issue(s)")
-    if not args.apply:
-        print("\n⚠️  DRY RUN MODE (use --apply to execute changes)\n")
-
-    stats = fixer.apply_fixes(fixable, interactive=not args.auto_approve)
-    print(
-        f"\n📊 Summary: Applied: {stats['applied']}, Skipped: {stats['skipped']}, Failed: {stats['failed']}"
-    )
-    return True
-
-
-def _handle_analyze_command(args: argparse.Namespace) -> None:
-    """Handles the execution of the 'analyze' command.
-
-    Args:
-        args: Parsed command line arguments.
-    """
-    # Force generate_html based on flag, overriding profile if necessary for CLI usage
-    # We pass it via a temporary config override or modify the analyzer init
-    # For now, let's pass it to the analyzer constructor or modify config after init
-
-    analyzer = ProjectAnalyzer(args.project_path, args.output, args.profile)
-
-    # Override config based on CLI flag
-    if hasattr(args, "report") and args.report:
-        analyzer.config["generate_html"] = True
-    else:
-        analyzer.config["generate_html"] = False
-
-    success = analyzer.run()
-
-    # Always show terminal summary
-    from .reporters.summary_reporter import report_summary
-
-    # If we didn't generate reports, we might still want to show the summary
-    # using the in-memory data or the context file if it was saved.
-    # Engine saves json context by default? Let's check engine.py.
-    # Assuming engine saves project_context.json always or we need to access results directly.
-    # To keep it simple, we depend on the engine saving the context or returning it.
-    # Current engine.run retuns bool.
-
-    context_path = analyzer.output_dir / "project_context.json"
-    if context_path.exists():
-        report_summary(context_path)
-
-    if not success:
-        sys.exit(1)
-
-
-def _handle_list_rules_command() -> None:
-    """Handles the 'list-rules' command by displaying available audit rules."""
-    from .rules import get_qgis_audit_rules
-
-    rules = get_qgis_audit_rules()
-    print("\n📋 QGIS Audit Rules Catalog:")
-    print("=" * 30)
-    for r in rules:
-        print(f"- [{r['severity'].upper()}] {r['id']}: {r['message']}")
-    print(f"\nTotal: {len(rules)} rules.\n")
-
-
-def _handle_init_command() -> None:
-    """Handles the 'init' command by creating a default .analyzerignore file."""
-    from .utils import DEFAULT_EXCLUDE
-
-    ignore_file = pathlib.Path(".analyzerignore")
-    if ignore_file.exists():
-        print("⚠️  .analyzerignore already exists. Skipping.")
-    else:
-        with open(ignore_file, "w") as f:
-            f.write("# QGIS Plugin Analyzer Ignore File\n")
-            for p in DEFAULT_EXCLUDE:
-                f.write(f"{p}\n")
-        print("✅ Created .analyzerignore with default excludes.")
-
-
-def _handle_summary_command(args: argparse.Namespace) -> None:
-    """Handles the 'summary' command by displaying a terminal report.
-
-    Args:
-        args: Parsed command line arguments.
-    """
-    from .reporters.summary_reporter import report_summary
-
-    input_path = pathlib.Path(args.input).resolve()
-    report_summary(input_path, by=args.by)
-
-
 def main() -> None:
     """Main entry point for the QGIS Plugin Analyzer CLI.
 
@@ -260,6 +158,8 @@ def main() -> None:
     # Legacy support / default to analyze if no command provided
     if len(sys.argv) > 1 and sys.argv[1] not in [
         "analyze",
+        "security",
+        "version",
         "fix",
         "list-rules",
         "init",
@@ -278,17 +178,20 @@ def main() -> None:
     output_dir.mkdir(parents=True, exist_ok=True)
     setup_logger(output_dir)
 
+    # Command Dispatcher
+    dispatch = {
+        "fix": lambda: handle_fix(args),
+        "analyze": lambda: handle_analyze(args),
+        "list-rules": lambda: handle_list_rules(),
+        "init": lambda: handle_init(),
+        "summary": lambda: handle_summary(args),
+        "security": lambda: handle_security(args),
+        "version": lambda: print(f"qgis-analyzer {__version__}"),
+    }
+
     try:
-        if args.command == "fix":
-            _handle_fix_command(args)
-        elif args.command == "analyze":
-            _handle_analyze_command(args)
-        elif args.command == "list-rules":
-            _handle_list_rules_command()
-        elif args.command == "init":
-            _handle_init_command()
-        elif args.command == "summary":
-            _handle_summary_command(args)
+        if args.command in dispatch:
+            dispatch[args.command]()
         else:
             parser.print_help()
 

qgis_plugin_analyzer-1.5.0/src/analyzer/commands.py

@@ -0,0 +1,163 @@
+"""Command handlers for the QGIS Plugin Analyzer CLI.
+
+This module contains the implementation of individual CLI commands to separate
+interface definition (cli.py) from execution logic.
+"""
+
+import argparse
+import json
+import pathlib
+import sys
+
+from .engine import ProjectAnalyzer
+from .fixer import AutoFixer
+from .reporters.summary_reporter import report_summary
+from .rules import get_qgis_audit_rules
+from .utils import DEFAULT_EXCLUDE
+
+
+def handle_fix(args: argparse.Namespace) -> bool:
+    """Handles the execution of the 'fix' command.
+
+    Args:
+        args: Parsed command line arguments.
+
+    Returns:
+        True if the fix process completed successfully, False otherwise.
+    """
+    project_path = pathlib.Path(args.path).resolve()
+    if not project_path.exists():
+        print(f"❌ Path not found: {project_path}")
+        return False
+
+    # Run analysis first
+    print("🔍 Analyzing project for fixable issues...")
+    analyzer = ProjectAnalyzer(
+        str(project_path),
+        args.output if hasattr(args, "output") else "./analysis_results",
+        args.profile if hasattr(args, "profile") else "default",
+    )
+    analyzer.run()
+
+    # Load issues
+    context_file = analyzer.output_dir / "project_context.json"
+    if not context_file.exists():
+        print("❌ Analysis failed to generate context file.")
+        return False
+
+    with open(context_file) as f:
+        context = json.load(f)
+
+    all_issues = []
+    for module in context.get("modules", []):
+        all_issues.extend(module.get("ast_issues", []))
+
+    if args.rules:
+        rule_ids = [r.strip() for r in args.rules.split(",")]
+        all_issues = [i for i in all_issues if i.get("type") in rule_ids]
+
+    fixer = AutoFixer(project_path, dry_run=not args.apply)
+    fixable = fixer.get_fixable_issues(all_issues)
+
+    if not fixable:
+        print("✅ No fixable issues found!")
+        return True
+
+    print(f"\n📋 Found {len(fixable)} fixable issue(s)")
+    if not args.apply:
+        print("\n⚠️  DRY RUN MODE (use --apply to execute changes)\n")
+
+    stats = fixer.apply_fixes(fixable, interactive=not args.auto_approve)
+    print(
+        f"\n📊 Summary: Applied: {stats['applied']}, Skipped: {stats['skipped']}, Failed: {stats['failed']}"
+    )
+    return True
+
+
+def handle_analyze(args: argparse.Namespace) -> None:
+    """Handles the execution of the 'analyze' command.
+
+    Args:
+        args: Parsed command line arguments.
+    """
+    analyzer = ProjectAnalyzer(args.project_path, args.output, args.profile)
+
+    # Override config based on CLI flag
+    if hasattr(args, "report") and args.report:
+        analyzer.config["generate_html"] = True
+    else:
+        analyzer.config["generate_html"] = False
+
+    success = analyzer.run()
+
+    context_path = analyzer.output_dir / "project_context.json"
+    if context_path.exists():
+        report_summary(context_path)
+
+    if not success:
+        sys.exit(1)
+
+
+def handle_list_rules() -> None:
+    """Handles the 'list-rules' command by displaying available audit rules."""
+    rules = get_qgis_audit_rules()
+    print("\n📋 QGIS Audit Rules Catalog:")
+    print("=" * 30)
+    for r in rules:
+        print(f"- [{r['severity'].upper()}] {r['id']}: {r['message']}")
+    print(f"\nTotal: {len(rules)} rules.\n")
+
+
+def handle_init() -> None:
+    """Handles the 'init' command by creating a default .analyzerignore file."""
+    ignore_file = pathlib.Path(".analyzerignore")
+    if ignore_file.exists():
+        print("⚠️  .analyzerignore already exists. Skipping.")
+    else:
+        with open(ignore_file, "w") as f:
+            f.write("# QGIS Plugin Analyzer Ignore File\n")
+            for p in DEFAULT_EXCLUDE:
+                f.write(f"{p}\n")
+        print("✅ Created .analyzerignore with default excludes.")
+
+
+def handle_summary(args: argparse.Namespace) -> None:
+    """Handles the 'summary' command by displaying a terminal report.
+
+    Args:
+        args: Parsed command line arguments.
+    """
+    input_path = pathlib.Path(args.input).resolve()
+    report_summary(input_path, by=args.by)
+
+
+def handle_security(args: argparse.Namespace) -> None:
+    """Handles the execution of the 'security' command.
+
+    Args:
+        args: Parsed command line arguments.
+    """
+    project_path = pathlib.Path(args.project_path).resolve()
+    if not project_path.exists():
+        print(f"❌ Path not found: {project_path}")
+        sys.exit(1)
+
+    print(f"🛡️  Starting focused security scan for: {project_path.name}...")
+
+    # Run analyzer with current profile
+    analyzer = ProjectAnalyzer(str(project_path), args.output, args.profile)
+
+    # We could potentially add a flag to 'deep' mode in the analyzer config
+    if args.deep:
+        analyzer.config["security_deep_scan"] = True
+        print("🔍 Deep scan enabled (Entropy analysis and full secret detection)")
+
+    success = analyzer.run()
+
+    context_path = analyzer.output_dir / "project_context.json"
+    if context_path.exists():
+        # Use the specialized security reporter
+        report_summary(context_path, by="security")
+
+    if not success:
+        sys.exit(1)