Coverage for src / codeaudit / security_checks.py: 83%

23 statements  

« prev     ^ index     » next       coverage.py v7.13.5, created at 2026-04-09 09:33 +0200

1""" 

2License GPLv3 or higher. 

3 

4(C) 2025 Created by Maikel Mardjan - https://nocomplexity.com/ 

5 

6This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. 

7 

8This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. 

9 

10You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. 

11 

12The checks for codeaudit 

13""" 

14 

15from importlib.resources import files 

16 

17import pandas as pd 

18 

19from codeaudit.filehelpfunctions import get_filename_from_path, read_in_source_file 

20from codeaudit.issuevalidations import find_constructs 

21 

22 

23def load_sast_checks(): 

24 csv_path = files("codeaudit.data").joinpath("sastchecks.csv") 

25 return pd.read_csv(csv_path) 

26 

27 

28def ast_security_checks(): 

29 """Loads the SAST checks and return a Dataframe with all security checks that are implemented on AST level""" 

30 df_sastchecks = load_sast_checks() # The checks are packaged with codeaudit 

31 if not df_sastchecks[ 

32 "construct" 

33 ].is_unique: # The construct column items MUST be unique! 

34 duplicates = df_sastchecks["construct"][df_sastchecks["construct"].duplicated()] 

35 print("Duplicate 'construct' values found:") 

36 print(duplicates) 

37 exit(1) # Something wrong with added new test! 

38 return df_sastchecks 

39 

40 

41def perform_validations(sourcefile): 

42 """For now a list defined here in this file""" 

43 checks = ast_security_checks() 

44 constructs = checks["construct"].to_list() 

45 

46 source = read_in_source_file(sourcefile) 

47 scan_result = find_constructs(source, constructs) 

48 

49 name_of_file = get_filename_from_path(sourcefile) 

50 

51 result = { 

52 "file_name": name_of_file, 

53 "file_location": sourcefile, 

54 "checks_done:": constructs, 

55 "result": scan_result, 

56 } 

57 

58 return result