https://github.com/nccgroup/call_map

Current development for Call Map takes place at https://github.com/ajylee/call_map. Call Map is a tool for navigating Python call graphs.
https://github.com/nccgroup/call_map

code-review gui tool

Last synced: about 2 months ago
JSON representation

Current development for Call Map takes place at https://github.com/ajylee/call_map. Call Map is a tool for navigating Python call graphs.

• Host: GitHub
• URL: https://github.com/nccgroup/call_map
• Owner: nccgroup
• License: other
• Created: 2017-03-06T17:34:52.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2021-07-31T18:07:00.000Z (over 3 years ago)
• Last Synced: 2024-07-30T17:46:53.680Z (5 months ago)
• Topics: code-review, gui, tool
• Language: Python
• Homepage:
• Size: 376 KB
• Stars: 28
• Watchers: 10
• Forks: 6
• Open Issues: 1
• Metadata Files:
  • Readme: README.rst
  • Changelog: CHANGELOG
  • Contributing: CONTRIBUTING.rst
  • License: LICENSE.txt

Awesome Lists containing this project

README

        
==========

 Call Map

==========

.. default-role:: code

About

======

Call Map is a tool for navigating call graphs in Python, with plans to support

other languages. Below is a screen shot after running `call_map -m toolz`, then

clicking on some functions.

.. figure:: docs/UI-clicked-on-function.png

While Call Map is intended to help in gaining a general

understanding of a codebase, it is also a natural fit for tracing code paths,

which constitutes an important security concern. Many security issues are

revealed by finding a code path that connects user input to dangerous coding

patterns.

See the `blog post`__ for more.

__ https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/july/call-map-a-tool-for-navigating-call-graphs-in-python/

Installation

=============

Call Map is distributed as a python package for `Python 3.5`. To install with

`pip3`, run::

  # From top level directory of call_map

  pip3 install -e .

Note that some Python 3 distributions call the package manager `pip`, and some

call it `pip3`, so you may need substitute `pip3` with `pip`.

The above commands should install the executable `call_map` to the same path

that the Python interpreter is in.

For details and alternative methods see `INSTALL.rst`.

Quick Start

============

Open files to start exploring::

  call_map -f example.py

  # you can also open multiple files

  call_map -f *.py

You can also add to the module search path (`sys.path`)::

  call_map -f *.py -p .

Call Map will try to resolve the files as modules whenever they can be found in

the module search path. For more documentation on command line

arguments, `call_map -h`.

Configuration

=============

To configure Call Map, set the environment variable CALL_MAP_RC_DIRECTORY.

The path to the Call Map configuration file will be::

  $CALL_MAP_RC_DIRECTORY/call_map_rc.py

At this time the configuration options are:

- `open_in_editor(path: pathlib.Path, line: int)`: if you define this function

  it will be called whenever you open a file. For example, the following can be

  used to open files in an Emacs server if have you called `server-mode` in a

  running Emacs session::

    def open_in_editor(path, line):

        import subprocess as sbp

        sbp.call(['emacsclient', '+{}'.format(line), str(path)])

  The following can be used to open files in the GVim server if you started a GVim

  server with `gvim --servername my_vim_server`::

    def open_in_editor(path, line):

        import subprocess as sbp

        sbp.call(['gvim', '--servername', 'my_vim_server', '--remote', '+{}'.format(line), str(path)])

- `MULTITHREADING`: Whether to use a separate thread for the GUI and searching

  the call graph. Defaults to `True`. Turning it off is for debug purposes.

Quirks

=======

There are a couple of quirks in the UI design, due to the fact that I haven't

arrived at a better solution or the tradeoff of additional complexity is

unfavorable.

- Usages can appear to show up more than once, but actually they are different

  usages in the same scope.

- You may notice some bulitins such as `help`, `id`, and `filter` are ignored.

  See `call_map/config.py` in the source code for the full list of ignored

  functions.

- If the position to be highlighted is at the start of a file, it won't be

  highlighted. This is because typically only modules and scripts are positioned

  at the start of their respective files.

Quirks Inherited from Jedi 

---------------------------

Some quirks are inherited from the `jedi` Python analysis backend.

- The search scope for usages is the set of modules that have been loaded by the

  `jedi` backend. That means that the scope will change as you explore new

  modules. If you want to explicitly include a module in the search scope, add

  it to the initial list of modules to be inspected.

- `jedi` always searches the interpreter's `sys.path`, even when it is not

  explicitly included. However, it will prioritize the user-defined `sys_path`.

Caveats

========

Any caveats that exist for static analysis backends also apply to Call Map. (At

this time only the `jedi` backend is integrated into Call Map.)

Jedi

-----

The `jedi` backend for Python analysis does not always find all usages. The

dynamic nature of Python makes it impossible to always determine the definition

of a function with static analysis. Sometimes `jedi` resolves a call to multiple

possible functions. For example `os.path.abspath` depends on the platform. In

this case `call_map` lists both possibilities as `abspath` and `abspath (2)`.

`jedi` also does not resolve all calls and usages. Jedi's own documentation also

has a `list of caveats`__.

Sometimes when Jedi throws an error when analyzing one item, the error affects

other items. For example, when finding usages, if Jedi raises an error on one

usage, the other usages it has found may be unrecoverable (as of Jedi v0.10.0).

__ https://jedi.readthedocs.io/en/latest/docs/features.html#caveats