statick_tool package

Module Contents

Making code quality easier.

Subpackages

Submodules

statick_tool.args module

Custom argument handling.

Enable usage of user-paths argument before parsing other arguments.

class statick_tool.args.Args(name: str)[source]

Bases: object

Custom argument handling.

Enable usage of user-paths argument before parsing other arguments.

get_args(args: Optional[List[str]] = None) → argparse.Namespace[source]

Get parsed command-line arguments.

get_user_paths(args: Any = None) → List[str][source]

Get a list of user paths containing config or plugins.

statick_tool.config module

Manages which plugins are run for each statick scan level.

Sets what flags are used for each plugin at those levels.

class statick_tool.config.Config(base_file: Optional[str], user_file: Optional[str] = '', default_level: Optional[str] = 'default')[source]

Bases: object

Manages which plugins are run for each statick scan level.

Sets what flags are used for each plugin at those levels.

static get_config_from_file(filename: str) → Any[source]

Get level configuration from a file.

get_discovery_config(plugin: str, level: str, key: str, default: Optional[str] = None) → Optional[str][source]

Get discovery flags to use for a plugin at a certain level.

get_enabled_discovery_plugins(level: str) → List[str][source]

Get what discovery plugins are enabled for a certain level.

get_enabled_plugins(level: str, plugin_type: str) → List[str][source]

Get what plugins are enabled for a certain level.

get_enabled_reporting_plugins(level: str) → List[str][source]

Get what reporting plugins are enabled for a certain level.

get_enabled_tool_plugins(level: str) → List[str][source]

Get what tool plugins are enabled for a certain level.

get_plugin_config(plugin_type: str, plugin: str, level: str, key: str, default: Optional[str] = None) → Union[str, Any, None][source]

Get flags to use for a plugin at a certain level.

get_reporting_config(plugin: str, level: str, key: str, default: Optional[str] = None) → Optional[str][source]

Get reporting flags to use for a plugin at a certain level.

get_tool_config(plugin: str, level: str, key: str, default: Optional[str] = None) → Optional[str][source]

Get tool flags to use for a plugin at a certain level.

get_user_levels(user_file: str) → None[source]

Get configuration levels from user file.

Any levels in user file will be included in available levels. User levels can inherit from the base levels. If user levels and base levels have the same name the user level will override the base level.

has_level(level: Optional[str]) → bool[source]

Check if given level exists in config.

classmethod str_to_bool(val: Optional[str]) → bool[source]

Convert a string to a bool.

statick_tool.discovery_plugin module

Discovery plugin.

class statick_tool.discovery_plugin.DiscoveryPlugin[source]

Bases: yapsy.IPlugin.IPlugin

Default implementation of discovery plugin.

static file_command_exists() → bool[source]

Return whether the ‘file’ command is available on $PATH.

find_files(package: statick_tool.package.Package) → None[source]

Walk the package path exactly once to discover files for analysis.

gather_args(args: Any) → None[source]

Gather arguments for plugin.

classmethod get_discovery_dependencies() → List[str][source]

Get a list of discovery plugins that must run before this one.

get_file_cmd_output(full_path: str) → str[source]

Run the file command (if it exists) on the supplied path.

The output from the file command is converted to lowercase. There are two recommended ways to check it: 1. When searching for a single string just use the python “in” operator:

if “search string” in file_dict[“file_cmd_out”]:

  1. When searching for multiple different strings, use the any() function:

    expected_output = (“output_1”, “output_2”) if any(item in file_dict[“file_cmd_out”] for item in expected_output):

get_name() → Optional[str][source]

Get name of plugin.

plugin_context = None
scan(package: statick_tool.package.Package, level: str, exceptions: Optional[statick_tool.exceptions.Exceptions] = None) → None[source]

Scan package to discover files for analysis.

If exceptions is passed, then the plugin should (if practical) use it to filter which files the plugin detects.

set_plugin_context(plugin_context: Union[None, statick_tool.plugin_context.PluginContext]) → None[source]

Set the plugin context.

statick_tool.exceptions module

Exceptions interface.

Exceptions allow for ignoring detected issues. This is commonly done to suppress false positives or to ignore issues that a group has no intention of addressing.

The two types of exceptions are a list of filenames or regular expressions. If using filename matching for the exception it is required that the reported issue contain the absolute path to the file containing the issue to be ignored. The path for the issue is set in the tool plugin that generates the issues.

class statick_tool.exceptions.Exceptions(filename: Optional[str])[source]

Bases: object

Interface for applying exceptions.

filter_file_exceptions(package: statick_tool.package.Package, exceptions: List[Any], issues: Dict[str, List[statick_tool.issue.Issue]]) → Dict[str, List[statick_tool.issue.Issue]][source]

Filter issues based on file pattern exceptions list.

filter_file_exceptions_early(package: statick_tool.package.Package, file_list: List[str]) → List[str][source]

Filter files based on file pattern exceptions list.

Only filters files which have tools=all, intended for use after the discovery plugins have been run (so that Statick doesn’t run the tool plugins against files which will be ignored anyway).

filter_issues(package: statick_tool.package.Package, issues: Dict[str, List[statick_tool.issue.Issue]]) → Dict[str, List[statick_tool.issue.Issue]][source]

Filter issues based on exceptions list.

filter_nolint(issues: Dict[str, List[statick_tool.issue.Issue]]) → Dict[str, List[statick_tool.issue.Issue]][source]

Filter out lines that have an explicit NOLINT on them.

Sometimes the tools themselves don’t properly filter these out if there is a complex macro or something.

classmethod filter_regex_exceptions(exceptions: List[Any], issues: Dict[str, List[statick_tool.issue.Issue]]) → Dict[str, List[statick_tool.issue.Issue]][source]

Filter issues based on message regex exceptions list.

get_exceptions(package: statick_tool.package.Package) → Dict[Any, Any][source]

Get specific exceptions for given package.

get_ignore_packages() → List[str][source]

Get list of packages to skip when scanning a workspace.

classmethod print_exception_warning(tool: str) → None[source]

Print warning about exception not being applied for an issue.

Warning will only be printed once per tool.

statick_tool.issue module

Issue interface.

class statick_tool.issue.Issue(filename, line_number, tool, issue_type, severity, message, cert_reference)

Bases: tuple

cert_reference

Alias for field number 6

filename

Alias for field number 0

issue_type

Alias for field number 3

line_number

Alias for field number 1

message

Alias for field number 5

severity

Alias for field number 4

tool

Alias for field number 2

statick_tool.package module

Package interface.

class statick_tool.package.Package(name: str, path: str)[source]

Bases: dict

Default implementation of package interface.

statick_tool.plugin_context module

Plugin context interface.

class statick_tool.plugin_context.PluginContext(args, resources, config)

Bases: tuple

args

Alias for field number 0

config

Alias for field number 2

resources

Alias for field number 1

statick_tool.profile module

Manages which scan levels are run for packages.

class statick_tool.profile.Profile(filename: str)[source]

Bases: object

Manages which scan levels are run for packages.

get_package_level(package: statick_tool.package.Package) → Union[str, Any][source]

Get which scan level to use for a given package.

statick_tool.resources module

Manages plugin and file lookup chaining.

Handles chaining user directories and the default statick resource directory.

class statick_tool.resources.Resources(paths: List[str])[source]

Bases: object

Manages plugin and file lookup chaining.

Handles chaining user directories and the default statick resource directory.

get_file(filename: str) → Optional[str][source]

Get full path to file for default and user-defined resource paths.

get_plugin_paths() → List[str][source]

Get paths where plugins are located.

statick_tool.statick module

Code analysis front-end.

class statick_tool.statick.Statick(user_paths: List[str])[source]

Bases: object

Code analysis front-end.

add_timing(package: str, name: str, plugin_type: str, duration: str) → None[source]

Add an entry to the timings list.

gather_args(args: argparse.ArgumentParser) → None[source]

Gather arguments.

get_config(args: argparse.Namespace) → None[source]

Get Statick configuration.

get_exceptions(args: argparse.Namespace) → None[source]

Get Statick exceptions.

get_ignore_packages() → List[str][source]

Get packages to ignore during scan process.

get_level(path: str, args: argparse.Namespace) → Optional[str][source]

Get level to scan package at.

get_timings() → List[statick_tool.timing.Timing][source]

Return list of timings for each component.

static print_exit_status(status: bool) → None[source]

Print Statick exit status.

static print_no_issues() → None[source]

Print that no information about issues was found.

run(path: str, args: argparse.Namespace, start_time: Optional[float] = None) → Tuple[Optional[Dict[str, List[statick_tool.issue.Issue]]], bool][source]

Run scan tools against targets on path.

run_workspace(parsed_args: argparse.Namespace, start_time: Optional[float] = None) → Tuple[Optional[Dict[str, List[statick_tool.issue.Issue]]], bool][source]

Run statick on a workspace.

scan_package(parsed_args: argparse.Namespace, count: int, package: statick_tool.package.Package, num_packages: int) → Tuple[Optional[Dict[str, List[statick_tool.issue.Issue]]], List[statick_tool.timing.Timing]][source]

Scan each package in a separate process while buffering output.

classmethod set_cpu_count(num_cpus: str) → int[source]

Set correct number of CPU cores to use.

static set_logging_level(args: argparse.Namespace) → None[source]

Set the logging level to use for output.

Valid levels are: DEBUG, INFO, WARNING, ERROR, CRITICAL. Specifying the level is case-insensitive (both upper-case and lower-case are allowed).

statick_tool.tool_plugin module

Tool plugin.

class statick_tool.tool_plugin.ToolPlugin[source]

Bases: yapsy.IPlugin.IPlugin

Default implementation of tool plugin.

static command_exists(command: str) → bool[source]

Return whether a particular command is available on $PATH.

gather_args(args: argparse.Namespace) → None[source]

Gather arguments.

get_file_types() → List[str][source]

Return a list of file types the plugin can scan.

get_name() → str[source]

Get name of tool.

classmethod get_tool_dependencies() → List[str][source]

Get a list of tools that must run before this one.

get_user_flags(level: str, name: Optional[str] = None) → List[str][source]

Get the user-defined extra flags for a specific tool/level combination.

static is_valid_executable(path: str) → bool[source]

Return whether a provided command exists and is executable.

If the provided path has an extension on it, don’t change it, otherwise try adding common extensions.

load_mapping() → Dict[str, str][source]

Load a mapping between warnings and identifiers.

parse_output(total_output: List[str], package: Optional[statick_tool.package.Package] = None) → List[statick_tool.issue.Issue][source]

Parse tool output and report issues.

plugin_context = None
process_files(package: statick_tool.package.Package, level: str, files: List[str], user_flags: List[str]) → Optional[List[str]][source]

Run tool and gather output.

scan(package: statick_tool.package.Package, level: str) → Optional[List[statick_tool.issue.Issue]][source]

Run tool and gather output.

set_plugin_context(plugin_context: Union[None, statick_tool.plugin_context.PluginContext]) → None[source]

Set the plugin context.