version 1.6.3 - see change log for changes and updates

Author: nocomplexity

CHANGELOG.md

@@ -1,8 +1,30 @@
 # Change Log
 
+
+## Version 1.6.3:
+
+🚀 Added
+- WASM Test Drive: Updated documentation to highlight the WebAssembly (WASM) version, allowing users to test-drive the tool directly in the browser without local installation.
+
+- Enhanced FileScan API: The filescan API now returns detailed results on found weaknesses, matching the comprehensive output of the CLI version.
+
+🛠️ Changed
+- API Refactoring: Extensive refactoring of API functions for better modularity and performance.
+
+- Version Retrieval: Improved the logic for retrieving version information. Special thanks to @jurgenwigg (#PR16).
+
+🐞 Fixed
+- Dashboard Reporting: Squashed bugs and improved the reliability of the dashboard reporting APIs.
+
+- Project Metadata: Implemented fixes and improvements for pyproject.toml configuration.
+
+📝 Documentation
+- Updated [README.md](https://github.com/nocomplexity/codeaudit/blob/main/README.md) with link to the WASM-based demonstration.
+
+
 ## Version 1.6.2:
 
-## Changelog
+
 
 **Added**
 * **Automated Python Testing:** Implemented automation for testing across various Python versions to ensure cross-version compatibility.

docs/codeauditcommands.md

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Commands Overview
-Python Code Audit commands for: version: 1.6.2
+Python Code Audit commands for: version: 1.6.3.dev39+ga990bb23a.d20260411
 ```
 ----------------------------------------------------
  _                    __             _             

docs/examples/codeauditchecks.html

@@ -738,4 +738,4 @@
       <td>Vulnerable to path traversal attacks if used with untrusted archives.</td>
     </tr>
   </tbody>
-</table><br><p>Number of implemented security validations:<b>83</b></p><p>Version of codeaudit: <b>1.6.2</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-04-10 16:14</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.2</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>
+</table><br><p>Number of implemented security validations:<b>83</b></p><p>Version of codeaudit: <b>1.6.3.dev39+ga990bb23a.d20260411</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-04-20 17:38</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.3.dev39+ga990bb23a.d20260411</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>

docs/examples/demoscan.json

@@ -1,7 +1,7 @@
 {
   "name": "Python_Code_Audit",
-  "version": "1.6.2",
-  "generated_on": "2026-04-10 16:13",
+  "version": "1.6.3.dev39+ga990bb23a.d20260411",
+  "generated_on": "2026-04-20 17:37",
   "file_security_info": {
     "0": {
       "FileName": "demofile.py",

src/codeaudit/dashboard_reports.py

@@ -12,7 +12,7 @@
 API functions: Used for dashboard reporting (Panel / WASM) and notebooks, or to build custom reports.
 """
 
-# import panel as pn
+from codeaudit.api_interfaces import version_info
 
 SAST_REPORT_CSS = """
 <style>
@@ -184,11 +184,11 @@ def report_sast_results(scanresult):
 
     # --- Input validation ---
     if not scanresult or not isinstance(scanresult, dict):
-        return '<br><h2">⚠️ No scan result provided</h2>'
+        return '<br><h2>⚠️ No scan result provided</h2>'
 
     file_security_info = scanresult.get("file_security_info")
     if not isinstance(file_security_info, dict) or len(file_security_info) == 0:
-        return '<br><h2">⚠️ No file security info found</h2>'
+        return '<br><h2>⚠️ No file security info found</h2>'
 
     # Collect files that have SAST results
     files_with_findings = []
@@ -201,7 +201,7 @@ def report_sast_results(scanresult):
             files_with_findings.append(file_info)
 
     if not files_with_findings:
-        return '<br><h2">✅ No security weaknesses found</h2>'
+        return '<br><h2>✅ No security weaknesses found</h2>'
 
     # --- Safe statistics handling ---
     stats = scanresult.get("statistics_overview")
@@ -311,7 +311,7 @@ def report_used_modules(scanresult):
     # --- Input validation ---
     card1 = ""
     if not scanresult or not isinstance(scanresult, dict):
-        return '<br><h2">⚠️ No scan result provided</h2>'
+        return '<br><h2>⚠️ No scan result provided</h2>'
     modules_discovered = scanresult["module_overview"]
     core_modules = modules_discovered["core_modules"]
     external_modules = modules_discovered["imported_modules"]
@@ -424,17 +424,23 @@ def get_info_text():
     )
     return infotext
 
-
 def get_disclaimer_text():
     """defines the sidebar disclaimer text"""
     pn = _require_panel()  # Panel module is needed for this function
+    
+    # Get the version string from version_info
+    v_info = version_info()
+    version_id = v_info['version']
+        
     disclaimer = (
-        "<br><b>Disclaimer:</b>This scan only evaluates Python files. "
-        "Security weaknesses can also exist in other files used by a Python package.<br><br>"
-        'This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank">'
-        "Python Code Audit</a> provides a powerful, automatic security analysis for Python source code. "
-        "However, it's not a substitute for human review in combination with business knowledge. "
-        "Undetected vulnerabilities may still exist."
+        f"<br><b>Disclaimer:</b> This scan only evaluates Python files. "
+        f"Security weaknesses can also exist in other files used by a Python package.<br><br>"
+        f'This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank">'
+        f"Python Code Audit</a> provides a powerful, automatic security analysis for Python source code. "
+        f"However, it's not a substitute for human review in combination with business knowledge. "
+        f"Undetected vulnerabilities may still exist."
+        f'<p><strong><a href="https://nocomplexity.com/documents/codeaudit/intro.html">Python Code Audit</a></strong> '
+        f'Dashboard - version {version_id}</p>'                
     )
 
     disclaimer_text = pn.pane.HTML(disclaimer)

src/dashboard/dashboardapp.py

@@ -36,7 +36,9 @@
 )
 from codeaudit.api_helpers import _codeaudit_directory_scan_wasm
 
-from codeaudit.api_interfaces import get_package_source, version_info
+from codeaudit.api_interfaces import get_package_source , version_info
+
+
 
 from codeaudit.dashboard_reports import (
     create_statistics_overview,
@@ -117,7 +119,7 @@ async def get_package_source_wasm(url):
             f.write(content)
 
         with tarfile.open(tar_path, "r:gz") as tar:
-            tar.extractall(path=temp_dir, filter="data")
+            tar.extractall(path=temp_dir, filter="data") # nosec Possible risks are mitigated and this happends in the WASM context.
 
         return temp_dir, tmpdir_obj
 

tests/test_wasmsafe_funtions.py

@@ -23,8 +23,36 @@ def test_basic_working_scanning():
     expected_data = "eval.py"  # Assert that the actual data matches the expected data
     assert actual_data == expected_data
 
+def test_scan_wasm1():
+    current_file_directory = Path(__file__).parent
+
+    # validation file path
+    validation_file_path = current_file_directory / "validationfiles" / "zstd.py"
+
+    result = _codeaudit_scan_wasm(str(validation_file_path), False)
+    #Check lines, so the keys:
+    lines = result['sast_result']
+    line_numbers = set(lines.keys())
+    expected_set = {3, 10}
+
+    assert line_numbers == expected_set
+
+
+def test_scan_wasm1_validationscheck():
+    current_file_directory = Path(__file__).parent
+
+    # validation file path
+    validation_file_path = current_file_directory / "validationfiles" / "zstd.py"
+
+    result = _codeaudit_scan_wasm(str(validation_file_path), False)
+    #Check lines, so the keys:
+    lines = result['sast_result']
+    validations = [v["validation"] for v in lines.values()]
+    expected_set = ['compression.zstd.decompress', 'compression.zstd.open']
+
+    assert validations == expected_set
 
-def test_scan_wasm():
+def test_scan_wasm2():
     current_file_directory = Path(__file__).parent
 
     # validation file path