Statically analyze sources and extract information about called and exported library functions in Python applications

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v3 or later (GPLv3+) (GPLv3+)

Author: Fridolin Pokorny

Maintainer: Fridolin Pokorny

Tags ast, source, code, analysis, thoth, library

Maintainers

Avatar for fpokorny from gravatar.com fpokorny Avatar for fridex from gravatar.com fridex Avatar for goern from gravatar.com goern Avatar for sesheta from gravatar.com sesheta

Classifiers

Project description

A simple tool to gather symbols provided or library calls and attribute usage based on static analysis of sources of Python applications.

See [the linked article describing this tool](https://developers.redhat.com/articles/2022/01/05/extracting-information-python-source-code).

Installation

Invectio can be installed from PyPI using:

$ pip3 install invectio
$ invectio --help

Usage

You can use this library as a CLI tool or as a Python module:

invectio whatprovides project-dir/   # To scan all Python files recursively for symbols provided.
invectio whatprovides app.py         # To perform symbols gathering on app.py file.

invectio whatuses project-dir/       # To scan all Python files recursively for symbols used from libraries.
invectio whatuses app.py             # To perform gather symbols used from libraries on app.py file.
from invectio import gather_library_calls
from invectio import gather_symbols_provided

result: dict = gather_library_usage("project-dir")
result: dict = gather_library_usage("app.py")

result: dict = gather_symbols_provided("project-dir")
result: dict = gather_symbols_provided("app.py")

Limitations

As Python is a dynamic programming language, it’s not possible to obtain all library functions/attributes usage simply by performing static analysis of sources. One can still perfom “crazy” things like:

import tensorflow

getattr(tensorflow, "const" + "ant")("Hello, Invectio")

This library does its best to detect all function/attributes being used inside Python sources, but usage like shown above cannot be detected simply by static analysis of source code.

Development

To create a dev environment, clone the invectio repo and install all the dependencies:

git clone https://github.com/thoth-station/invectio && cd invectio
pipenv install --dev

To perform checks against unit tests present in the tests/ directory, issue the following command from the root of the git repo:

pipenv run python3 setup.py test

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v3 or later (GPLv3+) (GPLv3+)

Author: Fridolin Pokorny

Maintainer: Fridolin Pokorny

Tags ast, source, code, analysis, thoth, library

Maintainers

Avatar for fpokorny from gravatar.com fpokorny Avatar for fridex from gravatar.com fridex Avatar for goern from gravatar.com goern Avatar for sesheta from gravatar.com sesheta

Classifiers


Release history Release notifications | RSS feed

This version

0.2.2

0.2.1

0.2.0

0.1.0

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

invectio-0.2.2.tar.gz (20.8 kB view hashes)

Uploaded source

Built Distribution

invectio-0.2.2-py3-none-any.whl (21.3 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page