Python - 1.6
Extension ID
com.castsoftware.python
What’s new?
See Python 1.6 - Release Notes.
Description
This extension provides support for Python. If your application contains Python source code (both .py and .jy extensions are supported) and you want to view these object types and their links with other objects, then you should install this extension.
Files analyzed
Icons | File | Extension | Note |
---|---|---|---|
Python | .py, | Python files - standard extension. | |
Jython | .jy | By convention, Python files to be run in a Java implementation of the Python interpreter. | |
- | YAML (YAML Ain’t Markup Language) | *.yml, *.yaml, | Files related to the YAML language, commonly used for configuration purposes. Necessary to interpret Amazon Web Services deployment code. |
Supported Python versions
The following table displays the supported versions matrix:
Version | Support |
---|---|
3.x | ✔️ |
2.x | ✔️ |
1.x | ❌ |
Framework support
Function Point, Quality and Sizing support
This extension provides the following support:
- Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
- Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points (transactions) | Quality and Sizing | Security |
---|---|---|
✔️ | ✔️ | ✔️ |
Compatibility
CAST Imaging Core release | Supported |
---|---|
8.3.x | ✔️ |
Dependencies with other extensions
Some CAST extensions require the presence of other CAST extensions in order to function correctly. The Python extension requires that the following other CAST extensions are also installed:
- com.castsoftware.wbslinker
- CAST AIP Internal extension (internal technical extension)
Download and installation instructions
The extension will be automatically downloaded and installed in CAST Imaging Console. You can manage the extension using the Application - Extensions interface.
Source code discovery
A discoverer is provided with the extension to automatically detect Python code: a Python project will be discovered for the package’s root folder when at least one .py or .jy (jython) file is detected in the root folder or any sub-folders. For every Python project located, one Universal Technology Analysis Unit will be created:
Analysis - Automatic skipping of unit-test code and external libraries
The analyzer skips files that are recognized as forming part of testing code, i.e., in principle, code not pertaining to production code. The reason to avoid inclusion of testing code is that many Quality Rule violations are overrepresented in test code, either because code tends to be of poorer quality (certainly not critical) or prevalence of particular testing patterns. Accounting for test code would negatively impact the total score of the project.
Similarly we skip folders that contain external python libraries. Currently we only skip the canonical folders site-packages and dist-packages (the latter being used in certain Linux distributions). Not only analyzing external libraries is discouraged, but it can interfere with correct interpretation of supported libraries and frameworks, and have a serious impact in memory consumption and overall analysis performance.
The heuristics used by the analyzer are based on detecting (unit-test) library imports, and file and path naming conventions as summarized in the table below:
Type | Value | HeaderLines | MinimumCount |
---|---|---|---|
FilePath | /test_*.py | ||
FilePath | /*_test.py | ||
FilePath | /test.py | ||
FilePath | /test/*.py | ||
FilePath | /tests/*.py | ||
FileContent | import unittest | 12 | |
FileContent | from unittest import | 12 | |
FileContent | from nose.tools import | 12 | |
FileContent | self.assert | 2 | |
FilePath | /site-packages/ | ||
FilePath | /dist-packages/ | ||
FilePath | /Python*/Lib/ | ||
FilePath | /Python*/Scripts/ | ||
FilePath | /Python*/Include/ | ||
FilePath | /Python*/Bin/ |
- The ** symbol represents any arbitrary path string, whereas * represents any string without directory slashes.
- The heuristics above should also similarly valid for .jy (jython) files.
- FilePath match is case-insensitive
What results can you expect?
Once the analysis/snapshot generation has completed, you can view the results in the normal manner:
Python Class and method example
iOS Front-end connected to a Python Flask Back-end.
Objects
Python
Icon | Description |
---|---|
Python Project Python External Library |
|
Python Module | |
Python Class | |
Python Static Initializer | |
Python Method | |
Python Script | |
Python GET (urllib, urllib2, httplib, httplib2, aiohttp) service Python GET service request Python (Flask, aiohttp)Web Service GET operation Python Web Service Get Operation |
|
Python POST (urllib, urllib2, httplib, httplib2, aiohttp) service Python POST service request Python (Flask, aiohttp) Web Service POST operation Python Web Service Post Operation |
|
Python PUT (urllib, urllib2, httplib, httplib2, aiohttp) service Python PUT service request Python (Flask, aiohttp) Web Service PUT operation Python Web Service Post Operation |
|
Python DELETE (urllib, urllib2, httplib, httplib2, aiohttp) service Python DELETE service request Python (Flask, aiohttp) Web Service DELETE operation Python Web Service Delete Operation |
|
Python Web Service Any Operation | |
Python Query Python ORM Mapping Python File Query |
|
RabbitMQ Python QueueCall ActiveMQ Python QueueCall IBM MQ Python QueueCall |
|
RabbitMQ Python QueueReceive ActiveMQ Python QueueReceive IBM MQ Python QueueReceive |
|
Python Call To Java Program | |
Python Call To Generic Program |
Amazon Web Services
Icon | Description |
---|---|
Python Call to AWS Lambda Function | |
Python Call to Unknown AWS Lambda Function | |
Python AWS Lambda GET Operation | |
Python AWS Lambda POST Operation | |
Python AWS Lambda PUT Operation | |
Python AWS Lambda DELETE Operation | |
Python AWS Lambda ANY Operation | |
Python AWS SQS Publisher Python AWS SNS Publisher |
|
Python AWS SQS Receiver Python AWS SNS Receiver |
|
Python AWS SQS Unknown Publisher Python AWS SNS Unknown Publisher |
|
Python AWS SQS Unknown Receiver Python AWS SNS Unknown Receiver |
|
Python S3 Bucket | |
Python Unknown S3 Bucket | |
Python DynamoDB Database | |
Python DynamoDB Table | |
Python Unknown DynamoDB Table | |
Python Email Python SMS |
Python callable artifact
Python Module, Python Method, and Python Static Initializer objects form part of Python (callable) artifacts.
Python static initializers
Available in ≥ 1.6.
The statements of a given class code block are represented by an *effective Python Static Initializer *object. In this object other class and method definitions are not included. Class docstrings are excluded from this object. This particular code is executed at class-definition time. To represent this in the call-graph, a link between the enclosing Python Module (or Python Method when the class is defined inside a method) and the Static Initializer object as shown in the example below:
# file1.py
from file2 import A
# file2.py
def f():
pass
def f2():
pass
class A:
f()
def m1(self):
pass
f2()
# this is code is also executed at import-time.
f2()
Links
The following links are created:
- call links between methods
- inherit link between hierarchically related classes
- refer link from methods to class (constructor call)
- use link between modules through import
- call links between Python callable artifacts and Python Call objects
- call links between Python Call objects and external programs or lambda functions
The following links are created between Python ORM Mapping objects and database table objects:
- useSelectLink in case of SELECT operation
- useDeleteLink in case of DELETE operation
- useInsertLink in case of INSERT operation
- useUpdateLink in case of UPDATE operation
- call links in case of generic operation on S3 buckets
Structural Rules
The following structural rules are provided:
You can also find a global list here: https://technologies.castsoftware.com/rules?sec=t_1021000&ref=||
Expected results for supported frameworks
Refer to Results for more information about the results that you can expect for each supported framework.
Known Limitations
-
Not fully supported Python Decorator function.
-
The “Avoid disabling certificate check when requesting secured urls” for ‘urllib3’ is only partially supported by detecting the call to ‘urllib3.disable_warnings’.
-
Limited Python resolution that leads to missing links:
- No support for __all__
- No support for variable of type class, function
-
Flask:
-
- Objects for other web service operations such as PATCH are not generated.
- The endpoint abstraction layer between functions and annotations is not considered. When using add_url_rule the endpoint argument is taken as the calling function name.
-
Cherrypy:
- Only support default request.dispatcher “cherrypy.dispatch.MethodDispatcher()”.
-
Java-Python interoperability via Jython is not supported. However the files with the specific extension .jy for Jython is analyzed as a regular Python file.
-
Message queues
- To generate queue message objects the queue name has to be initialized explicitly in the code (dynamic naming not supported).
-
SQLAlchemy:
- Only raw queries are fully supported.
- The ORM api for queries is not supported (no links are created towards tables).