# Static Code Analyser's

One of the major tool in producing error free code, is static code analyser. And python provides many of them such as 

- pylint
- pychecker
- pyflakes
- flake8
- black

Most of them can be integrated with your IDE/Editor such as PyCharm, Atom, VIM, Emacs etc using plugins. We have coverted a bit of that in Python Introduction.

In this section, we will learn how they can be used to help us and before we begin lets learn about what they are, what they can do and how they can be used.

##  What is static code analysis

As the name suggest, they analyse code without actually executing it and are usually 
- very fast, 
- extreamly easy to add to DevOps workflow,
- used to uncover common mistakes.

Before we go in details, lets look at few keywords which will be used in this section.

### Types of static analysis

- Code Complexity analysis
- Code styling analysis
- Error detection
- Unused code detection
- Duplicate code detection
- Comment styling analysis
- UML diagram creation
- Security linting

### Code Complexity

It is measure to find how complex is your code. As statied in previous chapter, the lower the complexity, better is the code.

Most of the time, `Cyclomatic complexity` which was defined by **Thomas J. McCabe, Sr**. in 1976 and is computed using the control-flow graph of the program: the nodes of the graph correspond to indivisible groups of commands of a program, and a directed edge connects two nodes if the second command might be executed immediately after the first command. Cyclomatic complexity may also be applied to individual functions, modules, methods or classes within a program.

The commonly used formula is:
```
M = E − N + 2P
```
where
```
E = the number of edges of the graph.
N = the number of nodes of the graph.
P = the number of connected components.
```

In Tom McCabe's presentation 'Software Quality Metrics to Identify Risk' for the Department of Homeland Security, he introduces the following categorisation to interpret cyclomatic complexity:

- `1 - 10` Simple procedure, little risk
- `11 - 20` More complex, moderate risk
- `21 - 50` Complex, high risk
- `> 50` Untestable code, very high risk

We can use https://pypi.org/project/radon/ program to obtain this value.
```bash
$:> radon cc example.py -a -nc
```

**Explanation:**

- cc is the radon command to compute Cyclomatic Complexity
- `-a` tells radon to calculate the average complexity at the end. Note that the average is computed among the shown blocks. If you want the total average, among all the blocks, regardless of what is being shown, you should use --total-average.
- `-nc` tells radon to print only results with a complexity rank of C or worse. Other examples: -na (from A to F), or -nd (from D to F).
- The letter in front of the line numbers represents the type of the block (F means function, M method and C class).

### Code styling analysis

Python provide style guide in form of `PEP-8`, which can be viewed at https://peps.python.org/pep-0008/. Following tools can be used to validate or fix style guides
- AutoPEP8 (https://pypi.org/project/autopep8/)
- pep8radius (https://pypi.org/project/pep8radius/)
- Black (https://pypi.org/project/black/)

The major difference between autopep8 and pep8radius is, autopep8 is applied on entire file where as pep8radius is applied on lines which were changed since last commit.

Black is maintained by and Blackened code looks the same regardless of the project you're reading. Formatting becomes transparent after a while and you can focus on the content instead.

### Security linting

One of the most commonly used tool for security linting is `Bandit` which can be installed using 

```bash
$:> pip install bandit
```
and can be executed using the following command 
```bash
$:> bandit -r path/to/your/code
```

and its documentation can be viewed at https://bandit.readthedocs.io/en/latest/. 

Bandit can also be used by `flake-8` using `Flake8-Bandit` plugin. It can be installed using following command 
```bash 
$:> pip install flake8-bandit
```

### Misc

| Task                    | Name                    | URL | 
|-------------------------|-------------------------|-------------------------------------|
| Naming Convension       | `pep8-naming`           | https://github.com/PyCQA/pep8-naming |
| Imports ordering        | `flake8-import-order`   | https://github.com/PyCQA/flake8-import-order | 
|  |  | |
|  |  | |


Naming convention can be validated using  and details can be found at 

Circular imports:


In [4]:
c = 10e12