Static code analysis in Python? - python

Which helpful static code analysis can you recommend for Python. I believe they are useful for refactoring code.
I know
snakefood for module dependencies
pycallgraph for dynamic call graphs
pylint for bugs
Are there static call analyzers? If I wanted to program a custom one, which would be the easiest way?
What other type of static code checks can you think of? Or maybe even some Python magic like ABCs?
EDIT: I've found that either using http://docs.python.org/3.3/library/ast.html or maybe even http://www.astroid.org/ can be used to program some custom parser. Then one can use graphviz to visualize or even PlantUML for UML graphs.

check out pychecker and pyflakes. There was a famous question to discuss the pylint-pychecker-or-pyflakes

this is a very powerful python type inferencer
https://github.com/yinwang0/pysonar2
it has strong bug check ability but it's not exposed through its interface, but I assume you could do many awesome checks based on it.

Not exactly "static code analyzer" but even a bit more:
http://code.google.com/p/shedskin/

Pysonar2 is a very nice implementation of abstract interpretation to type inference Python projects. My answer to another similar question is here.

Related

Reducing redundancy in Python doc-strings while using pylint docparams

I'm writing some Python code that's being checked with pylint with the docparams extension. This requires documenting function parameters in their docstrings. I have a tendency to try to decompose functions as much as possible and end up with lots of functions that call other functions - often sharing many of the same parameters. This can lead to lots of redundant (copy-pasted) documentation in the docstrings. Is there a recommended way of dealing with this type of situation?
I'm going to run into this same problem later while working on a Pyramid app, so I googled and found docrep. I think it'll satisfy both of our needs.

Python modding - prevent dangerous scripts to be imported?

I want to allow users to make their own Python "mods" for my game, by placing their scripts in a special folder which the game "scans" for Python modules and imports.
What would be the simplest way to prevent "dangerous" scripts from being imported? I don't want people complaining to me that they used someone's mod and it erased their hard drive.
Things I would like to limit is accessing/modifying/creating any files outside of their folder and connecting to the internet/downloading/sending data. If you can thik of anything else, let me know.
So how can this be done?
Restricted Python seems to able to restrict functionality for code in a clean way and is compatible with python up to 2.7.
http://pypi.python.org/pypi/RestrictedPython/
e.g.
By supplying a different __builtins__ dictionary, we can rule out unsafe operations, such as opening files [...]
The obvious way to do it is to load the module as a string and exec it. This has just as many security risks, but might be easier to block by using custom globals and locals. Have a look at this question - it gives some really good guidance on this. As pointed out in Delnan's comments, this isn't completely secure though.
You could also try this. I haven't used it, but it seems to provide a safe environment for unsafe scripts.
There are some serious shortcomings for sandboxed python execution. aquavitae's answer links to some good discussion on the matter, especially this blog post. Read that first.
There is a kernel of secure execution within cPython. The fundamental idea is to replace the __builtins__ global (Note: not the __builtin__ module), which informs python to turn on some security features; making a handful of attributes on certain objects inaccessible, and removing most of the implementation objects from the interpreter when evaulating that bit of code.
You'll then need to write an actual implementation; in such a way that the protected modules are not the leaked into the sandbox. A fairly tested "file" replacement is provided in the linked blog. Getting a look on that might give you an idea of how involved and complex this problem is.
So now that you have understood that this is a challenge in python; you should take a look at languages with sandbox execution as a core feature, such as Lua, which is very popular in games.
Giving them python execution and trying to limit what they do is asking for trouble. See this SO question for discussion and a pointer to a good article. (You would presumably disable "eval", but it wouldn't make much difference in practice.
My suggestion: Turn the question around. Your goal is to provide them with scripting facilities so they can enhance the game. Find or define an interpreter for a suitable scripting language that has the features you need, and use it to execute their scripts. For example, you could support data persistence in a simple keystore model, without giving them file creation access. Or give them a command to create files but ensure it only accepts a path-less filename. The essential thing is to ensure that there is NO way for them to execute python commands directly.

How to parse *.py file with python?

I'd like to parse Python source in order to try making a basic source code converter from Python to Go.
What module should I use?
Should I proceed or not?
If I should proceed, how?
Have a look at the language services packages, particularly the ast.
My guess is that if you don't already have a solid grasp of both parsing as well as code generation techniques, this is going to be a difficult project to undertake.
good luck!
As for the 'should I go ahead or better not' question: why do you want to do this in the first place?
If it's a purely learning exercise, then you don't don't need to ask us whether it's worthwhile. You want to learn, so go right ahead.
If it's meant to be a practical tool, then my suggestion is to not do it. An industrial-strength tool to perform such conversions might be useful but I would guess that you're not going to go that far. With that in mind it's probably more fruitful to rewrite the Python code in Go manually.
That assumes there is any real benefit to compiling to Go; current testing suggests that you get better performance and similar code structure from using Stackless Python.
The Boo Solution
Are you trying to make a python-like language, that can compiles into Go? This seems most sensible, as you will want to do Go-specific things (to take advantage of Go features).
Look at pyparsing. It includes an example of a complete python parser, but you probably don't want to do that.
You want to incrementally build your converter / translator, so you want to incrementally build the parser, otherwise you might choke on the AST. OK, you could parse everything and just ignore the stuff you don't understand, but that's not great behavior from a compiler.
You could start with parsing basic arithmetic.
The Pyrex Solution
This is similar to the Boo solution, but much harder. Get the Boo solution working first. Then learn to generate wrapper code, so your Go and python parts can work together.
The PyPy Solution
A complete Python-Go compiler? Good luck. You'll need it.
There's a good list of parsers rounded-up by Ned Batchelder which might help.

Python tool that suggests refactorings

When digging into legacy Python code and writing Python code myself, I often use pylint. I'm also using Clone Digger. I've recently started to use rope, which is a library for automated refactoring.
But I'm looking for something else than rope. I would prefer a tool that just makes suggestions about possible refactorings: names the refactoring, optionally provides a short description of it (great for learning purposes), highlights the code section and lets me do the refactoring myself. Is there such a tool?
Check out bicycle repair man http://bicyclerepair.sourceforge.net/
What is Bicycle Repair Man?
The Bicycle Repair Man project is an attempt to create refactoring browser functionality for python. It is packaged as a library that can be added to IDEs and editors to provide refactoring capabilities. Bindings for Emacs and Vi are included with the package.
Never used it myself, but have read about it. Sounds like what you are looking for.
You might like Pythoscope, an automatic Python unit test generator, which is supposed to help you bootstrap a unit test suite by dynamically executing code.
Also, have you checked out the rope.contrib.codeassist module? It is supposed to automatically propose and perform refactorings of your source code for you.
I don't if that type of tool exists in any specific language, although the concept was mentioned in Martin Fowler's refactoring book (web reference).
The best tool I know of that currently exists is cyclomatic complexity. This article implements a cyclomatic complexity counter for python.
The other easy metric to target is method/function length, number of attributes of objects/classes and number of parameters to functions, if I recall, pylint already counted those.
Oh Forget about your tool, instead use TDD and a good book like refactoring to design patterns by Kerievsky. The problem is that refactoring is a way to improve your code and design, but only You can know what you want to achieve, no refactoring tool can do it for you.
My point is that best way to learn refactoring is to study examples, not to follow some stupid/simple tools, because they wont teach you any sophisticated refactoring nor they will tell you if you have refactoring that compose well with you code.
PS Read Fowler "Refactoring" and Kerievsky "Refactoring to design Patterns" those books are must read when learning refactoring. And they mention simple way to checking if refactoring is needed (smells).
Also consider TDD as good way to ensure that your refs are safe and do not break your code.
Beck "Test-Driven Development by example" is a good book to start with.
And Python have PyUnit for TDD.
NetBeans has an early access version that supports Python, and it is rather nice. It has some basic refactoring tools that I found the be useful. As an added bonus it works on Windows, Linux, Mac OS X and Solaris.
Check it out at:
http://www.netbeans.org/features/python/

How do I use the wx.lib.docview package?

I'm currently working on a simple wxPython app that's essentially document based. So far I've been manually implementing the usual open/save/undo/redo etc etc stuff.
It occurred to me that wxPython must have something to help me out and after a bit of searching revealed the docview package.
At this point though I'm just not quite sure how to hook everything up and get things started. Anyone got any good links or hints about places to start?
The docs seems to be a little thin about this and Robin Dunn's wxPython book doesn't really cover this package at all.
You might take a look at the docviewdemo.py from the wxPython Docs and Demos:
on my machine they are located:
C:\Program Files\wxPython2.8 Docs and Demos\samples\pydocview\
C:\Program Files\wxPython2.8 Docs and Demos\samples\docview\
In addition to the ones mentioned, there is quite an extensive example docview/pydocview in the samples\ide. If you want it to run you will have to make a few code corrections (I have submitted a ticket that outlines the fixes at trac.wxwidgets.org #11237). It is pretty complex but I found it handy to figure out how to do some more complex things. For example, samples\ide\activegrid\tools\ProjectEditor.py is built from scratch and has undo support etc rather than just relying on a control that does everything for you already. That way you can see how things are supposed to be done at the detailed level. The documentation is rather useless in that regard.
If you have decided against using docview/pydocview I have a spreadsheet application built on wxPython that you may find useful as an example. While it does not implement a document view framework it does have some characteristics of it and I've implemented an undo/redo system. Check it out at http://www.missioncognition.net/pysheet/ I'm currently working on a pydocview based app so I expect that to be up on my site eventually.

Categories

Resources