qlint 0.1.0__py3-none-any.whl

pry/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.0"

pry/cli.py

@@ -0,0 +1,169 @@
+"""pry — multi-language code quality scanner."""
+
+import argparse
+import hashlib
+import os
+import platform
+import subprocess
+import sys
+from collections import defaultdict
+
+from pry.core.traversal import walk_codebase
+from pry.core.metrics import analyze_file
+from pry.core.complexity import analyze_complexity
+from pry.core.smells import analyze_smells
+from pry.core.security import scan_security
+from pry.core.duplicates import find_duplicates
+from pry.core.quality import calculate_quality_score
+from pry.reports.report_json import generate_json
+from pry.reports.report_html import generate_html
+
+
+def _results_dir() -> str:
+    return os.path.join(os.getcwd(), 'scan_results')
+
+
+def make_output_dir(target_path: str) -> str:
+    abs_path = os.path.abspath(target_path)
+    dirname = os.path.basename(abs_path.rstrip('/\\')) or 'scan'
+    slug = ''.join(c if c.isalnum() or c in '-' else '_' for c in dirname).strip('_')
+    short_hash = hashlib.sha1(abs_path.encode()).hexdigest()[:7]
+    out_dir = os.path.join(_results_dir(), f'{slug}_{short_hash}')
+    os.makedirs(out_dir, exist_ok=True)
+    return out_dir
+
+
+def open_file(path: str) -> None:
+    system = platform.system()
+    try:
+        if system == 'Darwin':
+            subprocess.run(['open', path], check=False)
+        elif system == 'Windows':
+            os.startfile(path)  # type: ignore[attr-defined]
+        else:
+            subprocess.run(['xdg-open', path], check=False)
+    except Exception:
+        pass
+
+
+def scan(root: str, verbose: bool = False) -> dict:
+    print(f"Scanning: {root}", file=sys.stderr)
+    raw_files = walk_codebase(root)
+    print(f"Found {len(raw_files)} files", file=sys.stderr)
+
+    analyzed = []
+    for file_info in raw_files:
+        if verbose:
+            print(f"  Analyzing: {file_info['relative_path']}", file=sys.stderr)
+        af = analyze_file(file_info)
+        af['complexity'] = analyze_complexity(af)
+        af['smells'] = analyze_smells(af)
+        af['security_issues'] = scan_security(af)
+        analyzed.append(af)
+
+    print("Running duplication analysis...", file=sys.stderr)
+    duplicates = find_duplicates(analyzed)
+
+    languages: dict = defaultdict(lambda: {'files': 0, 'lines': 0})
+    for f in analyzed:
+        languages[f['language']]['files'] += 1
+        languages[f['language']]['lines'] += f['metrics']['loc']
+
+    total_files = len(analyzed)
+    total_lines = sum(f['metrics']['loc'] for f in analyzed)
+    flagged = sum(f.get('complexity', {}).get('flagged_count', 0) for f in analyzed)
+    avg_c = sum(f.get('complexity', {}).get('avg_complexity', 0) for f in analyzed) / max(total_files, 1)
+
+    analysis = {
+        'root': os.path.abspath(root),
+        'files': analyzed,
+        'total_files': total_files,
+        'total_lines': total_lines,
+        'languages': dict(languages),
+        'duplicates': duplicates,
+        'total_smells': sum(len(f.get('smells', [])) for f in analyzed),
+        'total_security_issues': sum(len(f.get('security_issues', [])) for f in analyzed),
+        'complexity_summary': {'flagged_count': flagged, 'avg_complexity': round(avg_c, 2)},
+    }
+    analysis['quality'] = calculate_quality_score(analysis)
+    return analysis
+
+
+def print_summary(analysis: dict) -> None:
+    q = analysis['quality']
+    print(f"\n{'='*50}")
+    print(f"  pry — Code Quality Report")
+    print(f"{'='*50}")
+    print(f"  Grade:           {q['grade']} ({q['score']}/100)")
+    print(f"  Files:           {analysis['total_files']}")
+    print(f"  Total Lines:     {analysis['total_lines']:,}")
+    print(f"  Languages:       {', '.join(analysis['languages'].keys())}")
+    print(f"  Security Issues: {analysis['total_security_issues']}")
+    print(f"  Code Smells:     {analysis['total_smells']}")
+    print(f"  Dup Blocks:      {analysis['duplicates'].get('total_duplicate_blocks', 0)}")
+    print(f"{'='*50}\n")
+
+
+def prompt_path() -> str:
+    print("pry — no path specified.")
+    while True:
+        raw = input("Enter directory to scan (or 'q' to quit): ").strip()
+        if raw.lower() in ('q', 'quit', 'exit'):
+            sys.exit(0)
+        path = os.path.expanduser(raw)
+        if os.path.isdir(path):
+            return path
+        print(f"  Not a directory: '{raw}'. Please try again.")
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser(
+        prog='pry',
+        description='pry — multi-language code quality scanner',
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog='''\
+examples:
+  pry                        # interactive: prompts for path
+  pry /path/to/repo          # scan and open HTML report
+  pry /path/to/repo --no-open
+  pry /path/to/repo --json-only
+  pry /path/to/repo -v       # verbose per-file output
+        ''',
+    )
+    parser.add_argument('path', nargs='?', help='Directory to scan (prompts if omitted)')
+    parser.add_argument('--output', '-o', help='Custom JSON output path')
+    parser.add_argument('--html', help='Custom HTML output path')
+    parser.add_argument('--json-only', action='store_true', help='Skip HTML, print JSON to stdout')
+    parser.add_argument('--no-open', action='store_true', help='Do not auto-open HTML report')
+    parser.add_argument('--verbose', '-v', action='store_true', help='Show per-file progress')
+    parser.add_argument('--version', action='version', version='pry 0.1.0')
+    args = parser.parse_args()
+
+    target = args.path
+    if not target:
+        target = prompt_path()
+    else:
+        target = os.path.expanduser(target)
+        if not os.path.isdir(target):
+            print(f"pry: '{target}' is not a directory", file=sys.stderr)
+            sys.exit(1)
+
+    analysis = scan(target, verbose=args.verbose)
+    print_summary(analysis)
+
+    if args.json_only:
+        print(generate_json(analysis))
+        return
+
+    out_dir = make_output_dir(target)
+    json_path = args.output or os.path.join(out_dir, 'report.json')
+    html_path = args.html or os.path.join(out_dir, 'report.html')
+
+    generate_json(analysis, output_path=json_path)
+    generate_html(analysis, output_path=html_path)
+
+    print(f"JSON: {json_path}", file=sys.stderr)
+    print(f"HTML: {html_path}", file=sys.stderr)
+
+    if not args.no_open:
+        open_file(html_path)

pry/core/complexity.py

@@ -0,0 +1,76 @@
+import ast
+import re
+
+
+class ComplexityVisitor(ast.NodeVisitor):
+    def __init__(self):
+        self.functions = []
+
+    def _calc_complexity(self, node):
+        complexity = 1
+        for child in ast.walk(node):
+            if isinstance(child, (ast.If, ast.While, ast.For, ast.ExceptHandler,
+                                   ast.With, ast.Assert, ast.comprehension)):
+                complexity += 1
+            elif isinstance(child, ast.BoolOp):
+                complexity += len(child.values) - 1
+        return complexity
+
+    def visit_FunctionDef(self, node):
+        complexity = self._calc_complexity(node)
+        self.functions.append({
+            'name': node.name,
+            'line': node.lineno,
+            'complexity': complexity,
+            'flagged': complexity > 10,
+        })
+        self.generic_visit(node)
+
+    visit_AsyncFunctionDef = visit_FunctionDef
+
+
+def analyze_python_complexity(content: str) -> dict:
+    try:
+        tree = ast.parse(content)
+        visitor = ComplexityVisitor()
+        visitor.visit(tree)
+        functions = visitor.functions
+        if not functions:
+            return {'functions': [], 'avg_complexity': 0, 'max_complexity': 0, 'flagged_count': 0}
+        avg = sum(f['complexity'] for f in functions) / len(functions)
+        max_c = max(f['complexity'] for f in functions)
+        return {
+            'functions': functions,
+            'avg_complexity': round(avg, 2),
+            'max_complexity': max_c,
+            'flagged_count': sum(1 for f in functions if f['flagged']),
+        }
+    except SyntaxError:
+        return {'functions': [], 'avg_complexity': 0, 'max_complexity': 0, 'flagged_count': 0}
+
+
+def analyze_generic_complexity(content: str, language: str) -> dict:
+    decision_patterns = {
+        'JavaScript': r'\b(if|else if|while|for|switch|catch|&&|\|\|)\b',
+        'TypeScript': r'\b(if|else if|while|for|switch|catch|&&|\|\|)\b',
+        'Java': r'\b(if|else if|while|for|switch|catch|&&|\|\|)\b',
+        'Go': r'\b(if|else if|for|switch|select|&&|\|\|)\b',
+    }
+    pattern = decision_patterns.get(language)
+    if not pattern:
+        return {'avg_complexity': 0, 'max_complexity': 0, 'flagged_count': 0}
+    count = len(re.findall(pattern, content))
+    complexity = 1 + count
+    return {
+        'avg_complexity': complexity,
+        'max_complexity': complexity,
+        'flagged_count': 1 if complexity > 10 else 0,
+    }
+
+
+def analyze_complexity(file_info: dict) -> dict:
+    lang = file_info['language']
+    content = file_info.get('content', '')
+    if lang == 'Python':
+        return analyze_python_complexity(content)
+    return analyze_generic_complexity(content, lang)

pry/core/duplicates.py

@@ -0,0 +1,51 @@
+import hashlib
+from collections import defaultdict
+
+
+def _normalize_line(line: str) -> str:
+    return line.strip()
+
+
+def _chunk_lines(lines: list[str], size: int = 6) -> list[tuple]:
+    normalized = [_normalize_line(l) for l in lines]
+    chunks = []
+    for i in range(len(normalized) - size + 1):
+        block = normalized[i:i + size]
+        if any(b for b in block):
+            chunks.append((i + 1, tuple(block)))
+    return chunks
+
+
+def find_duplicates(all_files: list[dict]) -> dict:
+    chunk_map = defaultdict(list)
+
+    for file_info in all_files:
+        content = file_info.get('content', '')
+        lines = content.splitlines()
+        if len(lines) < 6:
+            continue
+        for line_num, chunk in _chunk_lines(lines):
+            h = hashlib.md5('\n'.join(chunk).encode()).hexdigest()
+            chunk_map[h].append({
+                'file': file_info['relative_path'],
+                'line': line_num,
+                'preview': chunk[0][:80],
+            })
+
+    duplicates = {k: v for k, v in chunk_map.items() if len(v) > 1}
+
+    file_dup_counts = defaultdict(int)
+    for locations in duplicates.values():
+        seen_files = set()
+        for loc in locations:
+            if loc['file'] not in seen_files:
+                file_dup_counts[loc['file']] += 1
+                seen_files.add(loc['file'])
+
+    top_offenders = sorted(file_dup_counts.items(), key=lambda x: x[1], reverse=True)[:5]
+
+    return {
+        'total_duplicate_blocks': len(duplicates),
+        'top_offenders': [{'file': f, 'duplicate_blocks': c} for f, c in top_offenders],
+        'duplication_percentage': round(len(duplicates) / max(sum(len(chunk_map[k]) for k in chunk_map) / 6, 1) * 100, 1) if chunk_map else 0,
+    }

pry/core/metrics.py

@@ -0,0 +1,91 @@
+import ast
+import re
+
+
+COMMENT_PATTERNS = {
+    'Python': r'^\s*#',
+    'JavaScript': r'^\s*//',
+    'TypeScript': r'^\s*//',
+    'Java': r'^\s*//',
+    'Go': r'^\s*//',
+    'C': r'^\s*//',
+    'C++': r'^\s*//',
+    'C#': r'^\s*//',
+    'Ruby': r'^\s*#',
+    'Shell': r'^\s*#',
+    'PHP': r'^\s*(//)|(#)',
+    'Rust': r'^\s*//',
+}
+
+
+def count_lines(content: str, language: str) -> dict:
+    lines = content.splitlines()
+    total = len(lines)
+    blank = sum(1 for l in lines if not l.strip())
+    comment_pattern = COMMENT_PATTERNS.get(language)
+    if comment_pattern:
+        comment = sum(1 for l in lines if re.match(comment_pattern, l))
+    else:
+        comment = 0
+    return {
+        'total': total,
+        'code': total - blank - comment,
+        'blank': blank,
+        'comment': comment,
+    }
+
+
+def count_functions_classes_python(content: str) -> dict:
+    try:
+        tree = ast.parse(content)
+        functions = sum(1 for n in ast.walk(tree) if isinstance(n, (ast.FunctionDef, ast.AsyncFunctionDef)))
+        classes = sum(1 for n in ast.walk(tree) if isinstance(n, ast.ClassDef))
+        return {'functions': functions, 'classes': classes}
+    except SyntaxError:
+        return {'functions': 0, 'classes': 0}
+
+
+def count_functions_classes_generic(content: str, language: str) -> dict:
+    patterns = {
+        'JavaScript': (r'\bfunction\s+\w+\s*\(', r'\bclass\s+\w+'),
+        'TypeScript': (r'\bfunction\s+\w+\s*\(', r'\bclass\s+\w+'),
+        'Java': (r'\b(?:public|private|protected|static)?\s+\w+\s+\w+\s*\(', r'\bclass\s+\w+'),
+        'Go': (r'\bfunc\s+\w+', r'\btype\s+\w+\s+struct'),
+        'Ruby': (r'\bdef\s+\w+', r'\bclass\s+\w+'),
+    }
+    if language not in patterns:
+        return {'functions': 0, 'classes': 0}
+    func_pat, class_pat = patterns[language]
+    return {
+        'functions': len(re.findall(func_pat, content, re.MULTILINE)),
+        'classes': len(re.findall(class_pat, content, re.MULTILINE)),
+    }
+
+
+def analyze_file(file_info: dict) -> dict:
+    try:
+        with open(file_info['path'], 'r', encoding='utf-8', errors='ignore') as f:
+            content = f.read()
+    except (PermissionError, OSError):
+        return {**file_info, 'metrics': {'loc': 0, 'comments': 0, 'blank': 0, 'code': 0, 'functions': 0, 'classes': 0}, 'content': ''}
+
+    lang = file_info['language']
+    line_counts = count_lines(content, lang)
+
+    if lang == 'Python':
+        sym_counts = count_functions_classes_python(content)
+    else:
+        sym_counts = count_functions_classes_generic(content, lang)
+
+    return {
+        **file_info,
+        'content': content,
+        'metrics': {
+            'loc': line_counts['total'],
+            'code': line_counts['code'],
+            'comments': line_counts['comment'],
+            'blank': line_counts['blank'],
+            'functions': sym_counts['functions'],
+            'classes': sym_counts['classes'],
+        }
+    }

pry/core/quality.py

@@ -0,0 +1,42 @@
+def _complexity_penalty(analysis: dict) -> float:
+    flagged = analysis.get('complexity_summary', {}).get('flagged_count', 0)
+    total_funcs = max(
+        sum(f['metrics'].get('functions', 0) for f in analysis.get('files', [])), 1
+    )
+    return min(flagged / total_funcs, 1.0) * 30
+
+
+def _duplication_penalty(analysis: dict) -> float:
+    dup_pct = analysis.get('duplicates', {}).get('duplication_percentage', 0)
+    return min(dup_pct / 100, 1.0) * 25
+
+
+def _smells_penalty(analysis: dict) -> float:
+    files = analysis.get('files', [])
+    per_file = sum(len(f.get('smells', [])) for f in files) / max(len(files), 1)
+    return min(per_file / 5, 1.0) * 25
+
+
+def _security_penalty(analysis: dict) -> float:
+    files = analysis.get('files', [])
+    critical = sum(1 for f in files for i in f.get('security_issues', []) if i['severity'] == 'critical')
+    errors = sum(1 for f in files for i in f.get('security_issues', []) if i['severity'] == 'error')
+    return min((critical * 10 + errors * 3) / 20, 1.0) * 20
+
+
+def _grade(score: int) -> str:
+    if score >= 90: return 'A'
+    if score >= 80: return 'B'
+    if score >= 70: return 'C'
+    if score >= 60: return 'D'
+    return 'F'
+
+
+def calculate_quality_score(analysis: dict) -> dict:
+    score = 100.0
+    score -= _complexity_penalty(analysis)
+    score -= _duplication_penalty(analysis)
+    score -= _smells_penalty(analysis)
+    score -= _security_penalty(analysis)
+    rounded = round(max(0.0, min(100.0, score)))
+    return {'score': rounded, 'grade': _grade(rounded)}

pry/core/security.py

@@ -0,0 +1,120 @@
+import ast
+import re
+
+SECRET_PATTERNS = [
+    (r'(?i)(api[_-]?key|apikey)\s*[=:]\s*["\']([A-Za-z0-9_\-]{16,})["\']', 'Hardcoded API key'),
+    (r'(?i)(password|passwd|pwd)\s*[=:]\s*["\']([^"\']{6,})["\']', 'Hardcoded password'),
+    (r'(?i)(secret[_-]?key|secret)\s*[=:]\s*["\']([A-Za-z0-9_\-]{16,})["\']', 'Hardcoded secret'),
+    (r'(?i)(token|auth[_-]?token)\s*[=:]\s*["\']([A-Za-z0-9_\-\.]{20,})["\']', 'Hardcoded token'),
+    (r'(?i)(aws[_-]?access[_-]?key|aws[_-]?secret)\s*[=:]\s*["\']([A-Z0-9]{16,})["\']', 'AWS credentials'),
+    (r'(?i)(private[_-]?key)\s*[=:]\s*["\']([A-Za-z0-9_\-]{16,})["\']', 'Hardcoded private key'),
+    (r'-----BEGIN (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----', 'Embedded private key'),
+]
+
+JS_TS_PATTERNS = [
+    (r'\beval\s*\(', 'Use of eval()'),
+    (r'\bnew\s+Function\s*\(', 'Use of Function constructor'),
+    (r'\bdocument\.write\s*\(', 'Use of document.write()'),
+    (r'innerHTML\s*=', 'Direct innerHTML assignment (XSS risk)'),
+]
+
+
+class _PyDangerousCallVisitor(ast.NodeVisitor):
+    _DIRECT = {
+        'eval': 'Use of eval()',
+        'exec': 'Use of exec()',
+        '__import__': 'Dynamic import via __import__',
+    }
+    _ATTR = {
+        ('pickle', 'loads'): 'Unsafe pickle deserialization',
+        ('pickle', 'load'): 'Unsafe pickle deserialization',
+        ('os', 'system'): 'Use of os.system()',
+    }
+
+    def __init__(self):
+        self.issues = []
+
+    def visit_Call(self, node):
+        if isinstance(node.func, ast.Name) and node.func.id in self._DIRECT:
+            self.issues.append({
+                'type': 'dangerous_function',
+                'severity': 'error',
+                'line': node.lineno,
+                'message': self._DIRECT[node.func.id],
+            })
+        elif isinstance(node.func, ast.Attribute) and isinstance(node.func.value, ast.Name):
+            key = (node.func.value.id, node.func.attr)
+            if key == ('subprocess', 'call'):
+                has_shell = any(
+                    kw.arg == 'shell' and isinstance(kw.value, ast.Constant) and kw.value.value is True
+                    for kw in node.keywords
+                )
+                if has_shell:
+                    self.issues.append({
+                        'type': 'dangerous_function',
+                        'severity': 'error',
+                        'line': node.lineno,
+                        'message': 'Shell injection risk: subprocess.call with shell=True',
+                    })
+            elif key in self._ATTR:
+                self.issues.append({
+                    'type': 'dangerous_function',
+                    'severity': 'error',
+                    'line': node.lineno,
+                    'message': self._ATTR[key],
+                })
+        self.generic_visit(node)
+
+
+def _scan_python_dangerous(content: str) -> list[dict]:
+    try:
+        tree = ast.parse(content)
+        visitor = _PyDangerousCallVisitor()
+        visitor.visit(tree)
+        return visitor.issues
+    except SyntaxError:
+        return []
+
+
+def _outside_string(line: str, pos: int) -> bool:
+    """Heuristic: true when pos appears to be in code, not a quoted string."""
+    before = line[:pos]
+    return (before.count('"') % 2 == 0) and (before.count("'") % 2 == 0)
+
+
+def _scan_js_ts_dangerous(content: str) -> list[dict]:
+    issues = []
+    for i, line in enumerate(content.splitlines(), 1):
+        for pattern, message in JS_TS_PATTERNS:
+            m = re.search(pattern, line)
+            if m and _outside_string(line, m.start()):
+                issues.append({
+                    'type': 'dangerous_function',
+                    'severity': 'error',
+                    'line': i,
+                    'message': message,
+                })
+    return issues
+
+
+def scan_security(file_info: dict) -> list[dict]:
+    content = file_info.get('content', '')
+    lang = file_info['language']
+    issues = []
+
+    for i, line in enumerate(content.splitlines(), 1):
+        for pattern, message in SECRET_PATTERNS:
+            if re.search(pattern, line):
+                issues.append({
+                    'type': 'secret',
+                    'severity': 'critical',
+                    'line': i,
+                    'message': message,
+                })
+
+    if lang == 'Python':
+        issues += _scan_python_dangerous(content)
+    elif lang in ('JavaScript', 'TypeScript'):
+        issues += _scan_js_ts_dangerous(content)
+
+    return issues

pry/core/smells.py

@@ -0,0 +1,90 @@
+import ast
+import re
+
+
+class SmellVisitor(ast.NodeVisitor):
+    def __init__(self, lines: list[str]):
+        self.lines = lines
+        self.smells = []
+
+    def _get_nesting(self, node):
+        depth = 0
+        for child in ast.walk(node):
+            if isinstance(child, (ast.If, ast.For, ast.While, ast.With, ast.Try)):
+                depth = max(depth, self._node_depth(child))
+        return depth
+
+    def _node_depth(self, node, current=0):
+        max_d = current
+        for child in ast.iter_child_nodes(node):
+            if isinstance(child, (ast.If, ast.For, ast.While, ast.With, ast.Try)):
+                max_d = max(max_d, self._node_depth(child, current + 1))
+        return max_d
+
+    def visit_FunctionDef(self, node):
+        end_line = getattr(node, 'end_lineno', node.lineno + len(self.lines))
+        length = end_line - node.lineno + 1
+        if length > 50:
+            self.smells.append({
+                'type': 'long_function',
+                'severity': 'warning' if length <= 100 else 'error',
+                'line': node.lineno,
+                'message': f'Function "{node.name}" is {length} lines (limit: 50)',
+            })
+
+        args_count = len(node.args.args) + len(node.args.kwonlyargs)
+        if args_count > 5:
+            self.smells.append({
+                'type': 'long_parameter_list',
+                'severity': 'warning',
+                'line': node.lineno,
+                'message': f'Function "{node.name}" has {args_count} parameters (limit: 5)',
+            })
+
+        nesting = self._node_depth(node)
+        if nesting > 4:
+            self.smells.append({
+                'type': 'deep_nesting',
+                'severity': 'warning',
+                'line': node.lineno,
+                'message': f'Function "{node.name}" has nesting depth {nesting} (limit: 4)',
+            })
+
+        self.generic_visit(node)
+
+    visit_AsyncFunctionDef = visit_FunctionDef
+
+
+def analyze_python_smells(content: str) -> list[dict]:
+    lines = content.splitlines()
+    try:
+        tree = ast.parse(content)
+        visitor = SmellVisitor(lines)
+        visitor.visit(tree)
+        return visitor.smells
+    except SyntaxError:
+        return []
+
+
+def analyze_generic_smells(content: str, language: str) -> list[dict]:
+    smells = []
+    lines = content.splitlines()
+    for i, line in enumerate(lines, 1):
+        stripped = line.expandtabs()
+        depth = (len(stripped) - len(stripped.lstrip())) // 4
+        if depth > 4:
+            smells.append({
+                'type': 'deep_nesting',
+                'severity': 'warning',
+                'line': i,
+                'message': f'Indentation depth {depth} exceeds limit (4)',
+            })
+    return smells
+
+
+def analyze_smells(file_info: dict) -> list[dict]:
+    lang = file_info['language']
+    content = file_info.get('content', '')
+    if lang == 'Python':
+        return analyze_python_smells(content)
+    return analyze_generic_smells(content, lang)