From d90098a6eb344c901a86754c5f7efedc41dccce9 Mon Sep 17 00:00:00 2001 From: jurgenwigg Date: Sun, 12 Apr 2026 18:38:11 +0200 Subject: [PATCH] initial commit --- src/codeaudit/api_helpers.py | 4 +-- src/codeaudit/api_interfaces.py | 6 ++-- src/codeaudit/filehelpfunctions.py | 2 +- src/codeaudit/privacy_lint.py | 3 +- src/codeaudit/pypi_package_scan.py | 3 +- src/codeaudit/reporting.py | 43 ++++++++++++++--------------- src/dashboard/dashboardapp.py | 2 -- tests/count_lines_file1.py | 1 - tests/test_apicalls.py | 6 +--- tests/test_basicpatterns.py | 1 - tests/test_chmod.py | 1 - tests/test_constructspart2.py | 3 -- tests/test_correctexceptionuse.py | 1 - tests/test_count_commentlines.py | 2 -- tests/test_directorycreation.py | 1 - tests/test_directorycreation2.py | 1 - tests/test_edgecases.py | 1 - tests/test_hashstrenght.py | 1 - tests/test_modulecheck.py | 3 +- tests/test_obfuscatingbuiltins.py | 3 -- tests/test_oschecks.py | 1 - tests/test_pylintreport.py | 4 +-- tests/test_pypiscan.py | 4 +-- tests/test_random.py | 3 -- tests/test_secretfinding.py | 3 +- tests/test_standardlibconstructs.py | 1 - tests/test_subprocess.py | 1 - tests/test_suppression.py | 1 - tests/test_suppressionlogic.py | 4 ++- tests/test_totalscheck.py | 4 +-- tests/test_zstd.py | 3 -- 31 files changed, 37 insertions(+), 80 deletions(-) diff --git a/src/codeaudit/api_helpers.py b/src/codeaudit/api_helpers.py index 8825290..ea7ce54 100644 --- a/src/codeaudit/api_helpers.py +++ b/src/codeaudit/api_helpers.py @@ -12,9 +12,7 @@ Function to create nice APIs. So API helper functions. """ -import pandas as pd - -from codeaudit.api_interfaces import get_modules, get_overview, _build_weakness_details +from codeaudit.api_interfaces import _build_weakness_details, get_modules, get_overview from codeaudit.checkmodules import get_all_modules from codeaudit.filehelpfunctions import ( collect_python_source_files, diff --git a/src/codeaudit/api_interfaces.py b/src/codeaudit/api_interfaces.py index 43d015f..e420272 100644 --- a/src/codeaudit/api_interfaces.py +++ b/src/codeaudit/api_interfaces.py @@ -14,17 +14,15 @@ """ import datetime -import json import html +import json import platform from collections import Counter -from pathlib import Path from importlib.metadata import version +from pathlib import Path -import altair as alt import pandas as pd - from codeaudit.checkmodules import ( check_module_vulnerability, get_all_modules, diff --git a/src/codeaudit/filehelpfunctions.py b/src/codeaudit/filehelpfunctions.py index 3dc459f..291d352 100644 --- a/src/codeaudit/filehelpfunctions.py +++ b/src/codeaudit/filehelpfunctions.py @@ -113,7 +113,7 @@ def is_ast_parsable(file_path): warnings.simplefilter("ignore", category=SyntaxWarning) ast.parse(source, filename=file_path) return True - except (SyntaxError, UnicodeDecodeError, ValueError) as e: + except (SyntaxError, UnicodeDecodeError, ValueError): return False diff --git a/src/codeaudit/privacy_lint.py b/src/codeaudit/privacy_lint.py index db633eb..fc400e8 100644 --- a/src/codeaudit/privacy_lint.py +++ b/src/codeaudit/privacy_lint.py @@ -15,11 +15,10 @@ import ast import datetime import re -from importlib.resources import files from importlib.metadata import version +from importlib.resources import files from pathlib import Path - from codeaudit.filehelpfunctions import ( collect_python_source_files, get_filename_from_path, diff --git a/src/codeaudit/pypi_package_scan.py b/src/codeaudit/pypi_package_scan.py index 7bcc596..48acbe7 100644 --- a/src/codeaudit/pypi_package_scan.py +++ b/src/codeaudit/pypi_package_scan.py @@ -18,11 +18,10 @@ import tarfile import tempfile import zlib +from importlib.metadata import version from urllib.error import HTTPError, URLError from urllib.request import Request, urlopen -from importlib.metadata import version - CA_VERSION = version("codeaudit") NOCX_HEADERS = { diff --git a/src/codeaudit/reporting.py b/src/codeaudit/reporting.py index 40e6b50..fbda3ed 100644 --- a/src/codeaudit/reporting.py +++ b/src/codeaudit/reporting.py @@ -13,46 +13,43 @@ Reporting functions for codeaudit """ -import re +import datetime +import html import os -from pathlib import Path +import re import sys - from importlib.metadata import version +from importlib.resources import files +from pathlib import Path import pandas as pd -import html -import datetime -from codeaudit.security_checks import perform_validations, ast_security_checks +from codeaudit.altairplots import multi_bar_chart +from codeaudit.api_interfaces import _collect_issue_lines +from codeaudit.checkmodules import ( + check_module_vulnerability, + get_all_modules, + get_imported_modules, + get_imported_modules_by_file, +) from codeaudit.filehelpfunctions import ( - get_filename_from_path, collect_python_source_files, - read_in_source_file, + get_filename_from_path, has_python_files, is_ast_parsable, + read_in_source_file, ) -from codeaudit.altairplots import multi_bar_chart +from codeaudit.htmlhelpfunctions import dict_list_to_html_table, json_to_html +from codeaudit.privacy_lint import data_egress_scan, has_privacy_findings +from codeaudit.pypi_package_scan import get_package_source, get_pypi_download_info +from codeaudit.security_checks import ast_security_checks, perform_validations +from codeaudit.suppression import filter_sast_results from codeaudit.totals import ( get_statistics, overview_count, overview_per_file, total_modules, ) -from codeaudit.checkmodules import ( - get_imported_modules, - check_module_vulnerability, - get_all_modules, - get_imported_modules_by_file, -) -from codeaudit.htmlhelpfunctions import json_to_html, dict_list_to_html_table - -from codeaudit.pypi_package_scan import get_pypi_download_info, get_package_source -from codeaudit.privacy_lint import data_egress_scan, has_privacy_findings -from codeaudit.suppression import filter_sast_results -from codeaudit.api_interfaces import _collect_issue_lines - -from importlib.resources import files CA_VERSION = version("codeaudit") diff --git a/src/dashboard/dashboardapp.py b/src/dashboard/dashboardapp.py index a8b6f67..bda11a0 100644 --- a/src/dashboard/dashboardapp.py +++ b/src/dashboard/dashboardapp.py @@ -35,9 +35,7 @@ weaknesses_radial_overview, ) from codeaudit.api_helpers import _codeaudit_directory_scan_wasm - from codeaudit.api_interfaces import get_package_source, version_info - from codeaudit.dashboard_reports import ( create_statistics_overview, get_disclaimer_text, diff --git a/tests/count_lines_file1.py b/tests/count_lines_file1.py index ef8f0e3..c5cc687 100644 --- a/tests/count_lines_file1.py +++ b/tests/count_lines_file1.py @@ -7,5 +7,4 @@ def example(): x = {"a": 1, "b": 2} maikel = you # comment - mystring = "See how this is detected!" return x diff --git a/tests/test_apicalls.py b/tests/test_apicalls.py index 4ac6842..39511f2 100644 --- a/tests/test_apicalls.py +++ b/tests/test_apicalls.py @@ -2,13 +2,9 @@ # # SPDX-License-Identifier: GPL-3.0-or-later -import pytest from pathlib import Path -from codeaudit.api_interfaces import version_info, get_overview - -from codeaudit.filehelpfunctions import read_in_source_file -from codeaudit.checkmodules import get_imported_modules +from codeaudit.api_interfaces import get_overview, version_info def test_api_version(): diff --git a/tests/test_basicpatterns.py b/tests/test_basicpatterns.py index 51d1a14..fffe5a8 100644 --- a/tests/test_basicpatterns.py +++ b/tests/test_basicpatterns.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.filehelpfunctions import read_in_source_file diff --git a/tests/test_chmod.py b/tests/test_chmod.py index ea36599..de98552 100644 --- a/tests/test_chmod.py +++ b/tests/test_chmod.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.security_checks import perform_validations diff --git a/tests/test_constructspart2.py b/tests/test_constructspart2.py index face64c..feb6628 100644 --- a/tests/test_constructspart2.py +++ b/tests/test_constructspart2.py @@ -1,8 +1,5 @@ -import pytest from pathlib import Path -from codeaudit.filehelpfunctions import read_in_source_file -from codeaudit.issuevalidations import find_constructs from codeaudit.security_checks import perform_validations # constructs are tested in this test file based on SAST checks defined , not running constructs directly for testing as in other test files. diff --git a/tests/test_correctexceptionuse.py b/tests/test_correctexceptionuse.py index 18ec537..5534f5c 100644 --- a/tests/test_correctexceptionuse.py +++ b/tests/test_correctexceptionuse.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.filehelpfunctions import read_in_source_file diff --git a/tests/test_count_commentlines.py b/tests/test_count_commentlines.py index 2058344..8399f7b 100644 --- a/tests/test_count_commentlines.py +++ b/tests/test_count_commentlines.py @@ -1,5 +1,3 @@ -import pytest - from codeaudit.totals import count_comment_lines diff --git a/tests/test_directorycreation.py b/tests/test_directorycreation.py index 80c576a..04ffe65 100644 --- a/tests/test_directorycreation.py +++ b/tests/test_directorycreation.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.filehelpfunctions import read_in_source_file diff --git a/tests/test_directorycreation2.py b/tests/test_directorycreation2.py index 6e35f7a..671e214 100644 --- a/tests/test_directorycreation2.py +++ b/tests/test_directorycreation2.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.filehelpfunctions import read_in_source_file diff --git a/tests/test_edgecases.py b/tests/test_edgecases.py index b027888..7d17896 100644 --- a/tests/test_edgecases.py +++ b/tests/test_edgecases.py @@ -11,7 +11,6 @@ Validation file to see if SAST suppression works correct. """ -import pytest from pathlib import Path from codeaudit.security_checks import perform_validations diff --git a/tests/test_hashstrenght.py b/tests/test_hashstrenght.py index 8f71cdb..c93437d 100644 --- a/tests/test_hashstrenght.py +++ b/tests/test_hashstrenght.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.filehelpfunctions import read_in_source_file diff --git a/tests/test_modulecheck.py b/tests/test_modulecheck.py index 36a27d5..df82257 100644 --- a/tests/test_modulecheck.py +++ b/tests/test_modulecheck.py @@ -1,8 +1,7 @@ -import pytest from pathlib import Path +from codeaudit.checkmodules import check_module_vulnerability, get_imported_modules from codeaudit.filehelpfunctions import read_in_source_file -from codeaudit.checkmodules import get_imported_modules, check_module_vulnerability def test_module_check(): diff --git a/tests/test_obfuscatingbuiltins.py b/tests/test_obfuscatingbuiltins.py index 15c1e37..976987a 100644 --- a/tests/test_obfuscatingbuiltins.py +++ b/tests/test_obfuscatingbuiltins.py @@ -1,8 +1,5 @@ -import pytest from pathlib import Path -from codeaudit.filehelpfunctions import read_in_source_file -from codeaudit.issuevalidations import find_constructs from codeaudit.security_checks import perform_validations # constructs are tested in this test file based on SAST checks defined , not running constructs directly for testing as in other test files. diff --git a/tests/test_oschecks.py b/tests/test_oschecks.py index 2ac7dc9..31ebeff 100644 --- a/tests/test_oschecks.py +++ b/tests/test_oschecks.py @@ -1,7 +1,6 @@ # SPDX-FileCopyrightText: 2025-present Maikel Mardjan(https://nocomplexity.com/) and all contributors! # # SPDX-License-Identifier: GPL-3.0-or-later -import pytest from pathlib import Path from codeaudit.filehelpfunctions import read_in_source_file diff --git a/tests/test_pylintreport.py b/tests/test_pylintreport.py index ecfb4ef..02c2363 100644 --- a/tests/test_pylintreport.py +++ b/tests/test_pylintreport.py @@ -2,10 +2,10 @@ # # SPDX-License-Identifier: GPL-3.0-or-later -import pytest -import pandas as pd import html +import pandas as pd + from codeaudit.reporting import pylint_reporting diff --git a/tests/test_pypiscan.py b/tests/test_pypiscan.py index ba775a5..1e4d8ea 100644 --- a/tests/test_pypiscan.py +++ b/tests/test_pypiscan.py @@ -1,11 +1,11 @@ +from unittest.mock import patch + import pytest from codeaudit.pypi_package_scan import get_pypi_download_info # Note This testfunction does NOT make real API calls to PyPI! So check if testdata is still correct in cause of errors. -from unittest.mock import patch - @pytest.fixture def mock_pypi_response(): diff --git a/tests/test_random.py b/tests/test_random.py index 6596d2c..24135fc 100644 --- a/tests/test_random.py +++ b/tests/test_random.py @@ -1,8 +1,5 @@ -import pytest from pathlib import Path -from codeaudit.filehelpfunctions import read_in_source_file -from codeaudit.issuevalidations import find_constructs from codeaudit.security_checks import perform_validations diff --git a/tests/test_secretfinding.py b/tests/test_secretfinding.py index 6a2f1c0..f4b83c8 100644 --- a/tests/test_secretfinding.py +++ b/tests/test_secretfinding.py @@ -1,7 +1,6 @@ -import pytest from pathlib import Path -from codeaudit.privacy_lint import data_egress_scan, count_privacy_check_results +from codeaudit.privacy_lint import count_privacy_check_results, data_egress_scan def test_secretfinding(): diff --git a/tests/test_standardlibconstructs.py b/tests/test_standardlibconstructs.py index 074a9a6..08b5729 100644 --- a/tests/test_standardlibconstructs.py +++ b/tests/test_standardlibconstructs.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.filehelpfunctions import read_in_source_file diff --git a/tests/test_subprocess.py b/tests/test_subprocess.py index 52f5ec1..c4de102 100644 --- a/tests/test_subprocess.py +++ b/tests/test_subprocess.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.security_checks import perform_validations diff --git a/tests/test_suppression.py b/tests/test_suppression.py index e294701..02fbc8e 100644 --- a/tests/test_suppression.py +++ b/tests/test_suppression.py @@ -1,4 +1,3 @@ -import pytest from pathlib import Path from codeaudit.security_checks import perform_validations diff --git a/tests/test_suppressionlogic.py b/tests/test_suppressionlogic.py index ad14f59..256bf64 100644 --- a/tests/test_suppressionlogic.py +++ b/tests/test_suppressionlogic.py @@ -1,7 +1,9 @@ import textwrap + import pytest -from codeaudit.suppression import get_all_comments_by_line , match_suppression_keyword +from codeaudit.suppression import get_all_comments_by_line, match_suppression_keyword + def test_get_all_comments_by_line(tmp_path): source = textwrap.dedent( diff --git a/tests/test_totalscheck.py b/tests/test_totalscheck.py index 6c33591..5611155 100644 --- a/tests/test_totalscheck.py +++ b/tests/test_totalscheck.py @@ -1,9 +1,7 @@ -import pytest from pathlib import Path from codeaudit.filehelpfunctions import read_in_source_file - -from codeaudit.totals import read_in_source_file, overview_per_file, count_ast_objects +from codeaudit.totals import count_ast_objects, overview_per_file, read_in_source_file def test_overview_per_file_check(): diff --git a/tests/test_zstd.py b/tests/test_zstd.py index 4c807ee..c39dcf7 100644 --- a/tests/test_zstd.py +++ b/tests/test_zstd.py @@ -1,8 +1,5 @@ -import pytest from pathlib import Path -from codeaudit.filehelpfunctions import read_in_source_file -from codeaudit.issuevalidations import find_constructs from codeaudit.security_checks import perform_validations