statick_tool package

Module Contents

Making code quality easier.

Subpackages

Submodules

statick_tool.args module

Custom argument handling.

Enable usage of user-paths argument before parsing other arguments.

class statick_tool.args.Args(name: str)[source]

Bases: object

Custom argument handling.

Enable usage of user-paths argument before parsing other arguments.

get_args(args: list[str] | None = None) Namespace[source]

Get parsed command-line arguments.

Parameters:

args – Arguments to parse.

Returns:

Parsed command-line arguments.

get_user_paths(args: Any = None) list[str][source]

Get a list of user paths containing config or plugins.

Parameters:

args – Arguments to parse.

Returns:

List of user paths.

statick_tool.config module

Manages which plugins are run for each statick scan level.

Sets what flags are used for each plugin at those levels.

class statick_tool.config.Config(base_file: str | None, user_file: str | None = '', default_level: str | None = 'default')[source]

Bases: object

Manages which plugins are run for each statick scan level.

Sets what flags are used for each plugin at those levels.

static get_config_from_file(filename: str) Any[source]

Get level configuration from a file.

Parameters:

filename – The file to get configuration from.

get_discovery_config(plugin: str, level: str, key: str, default: str | None = None) str | None[source]

Get discovery flags to use for a plugin at a certain level.

Parameters:

  • plugin – The plugin to get flags for.

  • level – The level to get flags for.

  • key – The key to get.

  • default – The default value to return if the key is not found.

Returns:

The flags to use for a plugin at a certain level.

get_enabled_discovery_plugins(level: str) list[str][source]

Get what discovery plugins are enabled for a certain level.

Parameters:

level – The level to get discovery plugins for.

Returns:

A list of discovery plugins enabled for the given level..

get_enabled_plugins(level: str, plugin_type: str) list[str][source]

Get what plugins are enabled for a certain level.

Parameters:

  • level – The level to get plugins for.

  • plugin_type – The type of plugin to get.

Returns:

A list of plugins enabled for the given level.

get_enabled_reporting_plugins(level: str) list[str][source]

Get what reporting plugins are enabled for a certain level.

Parameters:

level – The level to get reporting plugins for.

Returns:

A list of reporting plugins enabled for the given level.

get_enabled_tool_plugins(level: str) list[str][source]

Get what tool plugins are enabled for a certain level.

Parameters:

level – The level to get tool plugins for.

Returns:

A list of tool plugins enabled for the given level.

get_plugin_config(plugin_type: str, plugin: str, level: str, key: str, default: str | None = None) str | Any | None[source]

Get flags to use for a plugin at a certain level.

Parameters:

  • plugin_type – The type of plugin to get.

  • plugin – The plugin to get flags for.

  • level – The level to get flags for.

  • key – The key to get.

  • default – The default value to return if the key is not found.

Returns:

The flags to use for a plugin at a certain level.

get_reporting_config(plugin: str, level: str, key: str, default: str | None = None) str | None[source]

Get reporting flags to use for a plugin at a certain level.

Parameters:

  • plugin – The plugin to get flags for.

  • level – The level to get flags for.

  • key – The key to get.

  • default – The default value to return if the key is not found.

Returns:

The flags to use for a plugin at a certain level.

get_tool_config(plugin: str, level: str, key: str, default: str | None = None) str | None[source]

Get tool flags to use for a plugin at a certain level.

Parameters:

  • plugin – The plugin to get flags for.

  • level – The level to get flags for.

  • key – The key to get.

  • default – The default value to return if the key is not found.

Returns:

The flags to use for a plugin at a certain level.

get_user_levels(user_file: str) None[source]

Get configuration levels from user file.

Any levels in user file will be included in available levels. User levels can inherit from the base levels. If user levels and base levels have the same name the user level will override the base level.

Parameters:

user_file – The user configuration file to use.

has_level(level: str | None) bool[source]

Check if given level exists in config.

Parameters:

level – The level to check for.

Returns:

True if level exists in config, False otherwise.

classmethod str_to_bool(val: str | None) bool[source]

Convert a string to a bool.

Parameters:

val – The string to convert.

Returns:

True if the string is a truthy value, False otherwise.

statick_tool.discovery_plugin module

Discovery plugin.

class statick_tool.discovery_plugin.DiscoveryPlugin[source]

Bases: object

Default implementation of discovery plugin.

static file_command_exists() bool[source]

Return whether the ‘file’ command is available on $PATH.

Returns:

True if the ‘file’ command is available on $PATH, False otherwise.

find_files(package: Package) None[source]

Walk the package path exactly once to discover files for analysis.

Parameters:

package – Package to scan.

gather_args(args: Any) None[source]

Gather arguments for plugin.

Parameters:

args – Flags for plugins will be added to existing arguments.

classmethod get_discovery_dependencies() list[str][source]

Get a list of discovery plugins that must run before this one.

Returns:

List of discovery plugin names.

get_file_cmd_output(full_path: str) str[source]

Run the file command (if it exists) on the supplied path.

The output from the file command is converted to lowercase. There are two recommended ways to check it: 1. When searching for a single string just use the python “in” operator:

if “search string” in file_dict[“file_cmd_out”]:

  1. When searching for multiple different strings, use the any() function:

    expected_output = (“output_1”, “output_2”) if any(item in file_dict[“file_cmd_out”] for item in expected_output):

Parameters:

full_path – Full path to file.

Returns:

Output of file command.

get_name() str | None[source]

Get name of plugin.

Returns:

Name of plugin.

plugin_context = None
scan(package: Package, level: str, exceptions: Exceptions | None = None) None[source]

Scan package to discover files for analysis.

If exceptions is passed, then the plugin should (if practical) use it to filter which files the plugin detects.

Parameters:

  • package – Package to scan.

  • level – Level at which to scan.

  • exceptions – Exceptions to apply to discovery.

set_plugin_context(plugin_context: None | PluginContext) None[source]

Set the plugin context.

Parameters:

plugin_context – The plugin context.

statick_tool.exceptions module

Exceptions interface.

Exceptions allow for ignoring detected issues. This is commonly done to suppress false positives or to ignore issues that a group has no intention of addressing.

The two types of exceptions are a list of filenames or regular expressions. If using filename matching for the exception it is required that the reported issue contain the absolute path to the file containing the issue to be ignored. The path for the issue is set in the tool plugin that generates the issues.

class statick_tool.exceptions.Exceptions(filename: str | None)[source]

Bases: object

Interface for applying exceptions.

filter_file_exceptions(package: Package, exceptions: list[Any], issues: dict[str, list[Issue]]) dict[str, list[Issue]][source]

Filter issues based on file pattern exceptions list.

Parameters:

  • package – Package to filter files for.

  • exceptions – List of exceptions to apply.

  • issues – Issues to filter.

Returns:

Filtered issues.

filter_file_exceptions_early(package: Package, file_list: list[str]) list[str][source]

Filter files based on file pattern exceptions list.

Only filters files which have tools=all, intended for use after the discovery plugins have been run (so that Statick doesn’t run the tool plugins against files which will be ignored anyway).

Parameters:

  • package – Package to filter files for.

  • file_list – List of files to filter.

Returns:

List of files with exceptions removed.

filter_issues(package: Package, issues: dict[str, list[Issue]]) dict[str, list[Issue]][source]

Filter issues based on exceptions list.

Parameters:

  • package – Package to filter files for.

  • issues – Issues to filter.

Returns:

Filtered issues.

filter_nolint(issues: dict[str, list[Issue]]) dict[str, list[Issue]][source]

Filter out lines that have an explicit NOLINT on them.

Sometimes the tools themselves don’t properly filter these out if there is a complex macro or something.

Parameters:

issues – Issues to filter.

Returns:

Filtered issues.

classmethod filter_regex_exceptions(exceptions: list[Any], issues: dict[str, list[Issue]]) dict[str, list[Issue]][source]

Filter issues based on message regex exceptions list.

Parameters:

  • exceptions – List of exceptions to apply.

  • issues – Issues to filter.

Returns:

Filtered issues.

get_exceptions(package: Package) dict[Any, Any][source]

Get specific exceptions for given package.

Parameters:

package – Package to get exceptions for.

Returns:

Exceptions for the given package.

get_ignore_packages() list[str][source]

Get list of packages to skip when scanning a workspace.

Returns:

List of packages to skip.

classmethod print_exception_warning(tool: str) None[source]

Print warning about exception not being applied for an issue.

Warning will only be printed once per tool.

Parameters:

tool – Tool for which the exception is not being applied.

statick_tool.issue module

Issue interface.

class statick_tool.issue.Issue(filename, line_number, tool, issue_type, severity, message, cert_reference)

Bases: NamedTuple

cert_reference: str | None

Alias for field number 6

filename: str

Alias for field number 0

issue_type: str

Alias for field number 3

line_number: int

Alias for field number 1

message: str

Alias for field number 5

severity: int

Alias for field number 4

tool: str

Alias for field number 2

statick_tool.package module

Package interface.

class statick_tool.package.Package(name: str, path: str)[source]

Bases: dict

Default implementation of package interface.

statick_tool.plugin_context module

Plugin context interface.

class statick_tool.plugin_context.PluginContext(args, resources, config)

Bases: NamedTuple

args: Namespace

Alias for field number 0

config: Config

Alias for field number 2

resources: Resources

Alias for field number 1

statick_tool.profile module

Manages which scan levels are run for packages.

class statick_tool.profile.Profile(filename: str)[source]

Bases: object

Manages which scan levels are run for packages.

get_package_level(package: Package) str | Any[source]

Get which scan level to use for a given package.

Parameters:

package – Package to get scan level for.

Returns:

Scan level for package.

statick_tool.resources module

Manages plugin and file lookup chaining.

Handles chaining user directories and the default statick resource directory.

class statick_tool.resources.Resources(paths: list[str])[source]

Bases: object

Manages plugin and file lookup chaining.

Handles chaining user directories and the default statick resource directory.

get_file(filename: str) str | None[source]

Get full path to file for default and user-defined resource paths.

Parameters:

filename – Name of file to find.

Returns:

Full path to file or None if not found.

get_plugin_paths() list[str][source]

Get paths where plugins are located.

Returns:

List of paths where plugins are located.

statick_tool.statick module

Executable script for running Statick against one or more packages.

statick_tool.statick.main() None[source]

Run Statick.

statick_tool.statick.run(statick: Statick, parsed_args: Namespace, start_time: float) bool[source]

Run Statick on a single package.

Parameters:

  • statick – Statick object.

  • parsed_args – Arguments from the command line.

  • start_time – Start time of the scan.

Returns:

True if the scan was successful, False otherwise.

statick_tool.tool_plugin module

Tool plugin.

class statick_tool.tool_plugin.ToolPlugin[source]

Bases: object

Default implementation of tool plugin.

TOOL_MISSING_STR = 'Not installed'
TOOL_UNKNOWN_STR = 'Unknown'
static command_exists(command: str) bool[source]

Return whether a particular command is available on $PATH.

Parameters:

command – Command to check for.

Returns:

True if the command is available on $PATH, False otherwise.

gather_args(args: Namespace) None[source]

Gather arguments.

Parameters:

args – Flags for plugins will be added to existing arguments.

get_binary(level: str | None = None, package: Package | None = None) str[source]

Get tool binary name.

Arguments are required because some tools may need to know the package or level to determine the binary name. The binary name can change, most often to add a version number as a suffix.

Parameters:

  • level – Level at which to run tool.

  • package – Package on which to run tool.

get_file_types() list[str][source]

Return a list of file types the plugin can scan.

Returns:

List of file types the plugin can scan.

get_name() str[source]

Get name of tool.

Returns:

Name of tool.

classmethod get_tool_dependencies() list[str][source]

Get a list of tools that must run before this one.

Returns:

List of tool dependencies for a tool.

get_user_flags(level: str, name: str | None = None) list[str][source]

Get the user-defined extra flags for a specific tool/level combination.

Parameters:

  • level – Level at which to scan.

  • name – Name of the tool.

Returns:

List of user-defined flags.

get_version() str[source]

Figure out and return the version of the tool that’s installed.

If no version is found the function returns “Unknown”.

Returns:

Version of the tool that’s installed.

get_version_from_apt() str[source]

Figure out and return the version of the tool that’s installed by apt.

Returns:

Version of the tool that’s installed.

get_version_from_docker() str[source]

Figure out and return the version of the tool that’s installed by Docker.

Returns:

Version of the tool that’s installed.

get_version_from_npm() str[source]

Figure out and return the version of the tool that’s installed by npm.

Returns:

Version of the tool that’s installed.

get_version_from_pkg(subproc_args: list[str], ver_re_str: str) str[source]

Figure out and return the version of the tool that’s installed.

If no version is found the function returns “Unknown”.

Parameters:

  • subproc_args – Arguments to pass to subprocess.

  • ver_re_str – Regular expression to use to parse the version from the output.

Returns:

Version of the tool that’s installed.

static is_valid_executable(path: str) bool[source]

Return whether a provided command exists and is executable.

If the provided path has an extension on it, don’t change it, otherwise try adding common extensions.

Parameters:

path – Path to tool binary.

Returns:

True if the path is a valid executable, False otherwise

load_mapping() dict[str, str][source]

Load a mapping between warnings and identifiers.

Returns:

Mapping between warnings and identifiers.

parse_output(total_output: list[str], package: Package | None = None) list[Issue][source]

Parse tool output and report issues.

Parameters:

  • total_output – Output from tool.

  • package – Package with issues.

Returns:

List of issues.

plugin_context = None
process_files(package: Package, level: str, files: list[str], user_flags: list[str]) list[str] | None[source]

Run tool and gather output.

Parameters:

  • package – Package to scan.

  • level – Level at which to scan.

  • files – List of files to scan.

  • user_flags – User-defined flags.

Returns:

List of output from tool.

scan(package: Package, level: str) list[Issue] | None[source]

Run tool and gather output.

Parameters:

  • package – Package to scan.

  • level – Level at which to scan.

Returns:

List of issues from tool.

set_plugin_context(plugin_context: None | PluginContext) None[source]

Set the plugin context.

Parameters:

plugin_context – Plugin context.