- Notifications
You must be signed in to change notification settings - Fork15
Statically analyze sources and extract information about called or exported library functions in Python applications
License
thoth-station/invectio
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A simple tool to gather symbols provided or library calls and attribute usagebased on static analysis of sources of Python applications.
Invectio can be installed fromPyPI using:
$pip3 install invectio$invectio --help
You can use this library as a CLI tool or as a Python module:
invectio whatprovides project-dir/ # To scan all Python files recursively for symbols provided.invectio whatprovides app.py # To perform symbols gathering on app.py file.invectio whatuses project-dir/ # To scan all Python files recursively for symbols used from libraries.invectio whatuses app.py # To perform gather symbols used from libraries on app.py file.
frominvectioimportgather_library_usagefrominvectioimportgather_symbols_providedresult:dict=gather_library_usage("project-dir")result:dict=gather_library_usage("app.py")result:dict=gather_symbols_provided("project-dir")result:dict=gather_symbols_provided("app.py")
As Python is a dynamic programming language, it's not possible to obtain alllibrary functions/attributes usage simply by performing static analysis ofsources. One can still perfom "crazy" things like:
importtensorflowgetattr(tensorflow,"const"+"ant")("Hello, Invectio")
This library does its best to detect all function/attributes being used insidePython sources, but usage like shown above cannot be detected simply by staticanalysis of source code.
To create a dev environment, clone the invectio repo and install all the dependencies:
git clone https://github.com/thoth-station/invectio && cd invectiopipenv install --dev
To perform checks against unit tests present in the tests/ directory,issue the following command from the root of the git repo:
pipenv run python3 setup.py testAbout
Statically analyze sources and extract information about called or exported library functions in Python applications