Statically analyze sources and extract information about called and exported library functions in Python applications
A simple tool to gather symbols provided or library calls and attribute usage based on static analysis of sources of Python applications.
See the linked article describing this tool.
Invectio can be installed from PyPI <https://pypi.org/project/invectio>_ using:
.. code-block:: console
$ pip3 install invectio $ invectio --help
You can use this library as a CLI tool or as a Python module:
.. code-block:: console
invectio whatprovides project-dir/ # To scan all Python files recursively for symbols provided. invectio whatprovides app.py # To perform symbols gathering on app.py file.
invectio whatuses project-dir/ # To scan all Python files recursively for symbols used from libraries. invectio whatuses app.py # To perform gather symbols used from libraries on app.py file.
.. code-block:: python
from invectio import gather_library_calls from invectio import gather_symbols_provided
result: dict = gather_library_usage("project-dir") result: dict = gather_library_usage("app.py")
result: dict = gather_symbols_provided("project-dir") result: dict = gather_symbols_provided("app.py")
Limitations ###########
As Python is a dynamic programming language, it's not possible to obtain all library functions/attributes usage simply by performing static analysis of sources. One can still perfom "crazy" things like:
.. code-block:: python
import tensorflow
getattr(tensorflow, "const" + "ant")("Hello, Invectio")
This library does its best to detect all function/attributes being used inside Python sources, but usage like shown above cannot be detected simply by static analysis of source code.
To create a dev environment, clone the invectio repo and install all the dependencies:
.. code-block:: console
git clone https://github.com/thoth-station/invectio && cd invectio pipenv install --dev
To perform checks against unit tests present in the tests/ directory,
issue the following command from the root of the git repo:
.. code-block:: console
pipenv run python3 setup.py test
FAQs
Statically analyze sources and extract information about called and exported library functions in Python applications
We found that invectio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
