test for dynamic import added

nocomplexity · nocomplexity · commit 429c2b2a2b29 · 2026-06-02T16:37:57.000+02:00
diff --git a/docs/examples/codeauditchecks.html b/docs/examples/codeauditchecks.html
@@ -762,4 +762,4 @@
       <td>Vulnerable to path traversal attacks if used with untrusted archives.</td>
     </tr>
   </tbody>
-</table><br><p>Number of implemented security validations:<b>87</b></p><p>Version of codeaudit: <b>1.6.6</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-05-31 15:53</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.6</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>
+</table><br><p>Number of implemented security validations:<b>87</b></p><p>Version of codeaudit: <b>1.6.6</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-05-31 16:06</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.6</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>
diff --git a/docs/examples/demoscan.json b/docs/examples/demoscan.json
@@ -1,7 +1,7 @@
 {
   "name": "Python_Code_Audit",
   "version": "1.6.6",
-  "generated_on": "2026-05-31 15:53",
+  "generated_on": "2026-05-31 16:06",
   "file_security_info": {
     "0": {
       "FileName": "demofile.py",
diff --git a/tests/test_dynamic_import.py b/tests/test_dynamic_import.py
@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: 2025-present Maikel Mardjan(https://nocomplexity.com/) and all contributors!
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import pytest
+from pathlib import Path
+
+from codeaudit.security_checks import perform_validations
+
+
+def test_base64_use():
+    current_file_directory = Path(__file__).parent
+
+    # validation1.py is in a subfolder:
+    validation_file_path = (
+        current_file_directory / "validationfiles" / "danger_imports.py"
+    )
+
+    result = perform_validations(validation_file_path)
+
+    # actual_data = find_constructs(source, constructs)
+    actual_data = result["result"]
+
+    # This is the expected dictionary
+    expected_data = {"input": [5], "importlib.import_module": [7]}
+
+    # Assert that the actual data matches the expected data
+    assert actual_data == expected_data
diff --git a/tests/validationfiles/danger_imports.py b/tests/validationfiles/danger_imports.py
@@ -0,0 +1,9 @@
+import importlib
+
+#dynamic modules import SHOULD be validated! Never trust, always...
+
+user_input = input("Enter a module name to import: ")
+
+my_module = importlib.import_module(user_input) #This what you NEVER want, but in practice programs using importlib use dynamic imports. Always understand the code before executing!
+
+print(f"Successfully imported the {my_module.__name__} module.")

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "Python_Code_Audit",`
`3`	`3`	`"version": "1.6.6",`
`4`		`- "generated_on": "2026-05-31 15:53",`
	`4`	`+ "generated_on": "2026-05-31 16:06",`
`5`	`5`	`"file_security_info": {`
`6`	`6`	`"0": {`
`7`	`7`	`"FileName": "demofile.py",`