# Example:API functions usage

Using the Python Code Audit APIs is simple and straightforward!

If you have any questions, feel free to [get in touch!](../CONTRIBUTE)

To use the Python Code Audit functions, simply import the desired function into your notebook or Python script.


To use the **Python Code Audit** functions import the function you want to use in a notebook or in a Python file.

## Platform information

The `platform_info()` function provides detailed information about the runtime environment.

This information is essential for both security purposes and handling edge cases that may affect the behavior of the APIs.


In [10]:
from codeaudit.api_interfaces import platform_info

In [11]:
platform_info()

{'python_version': '3.13.11', 'python_implementation': 'CPython'}

## Python Code Audit version information

Good security validation starts with knowing which tools — and which versions — you have used.

When you build your own APIs using this framework, all critical scanning API calls automatically include a version identifier.

However, if you need to **retrieve the version information**  using a script (for example, when creating CI/CD scripts), you can easily do so using the following command:


In [12]:
from codeaudit.api_interfaces import version

In [13]:
version()

{'name': 'Python_Code_Audit', 'version': '1.4.1'}

## Overview of vulnerability of a module

This API retrieves security vulnerability data for external modules via the [OSV (Open Source Vulnerability) Database](https://nocomplexity.com/documents/securityarchitecture/references/vulnerabilitydatabases.html#vulnerability-databases).

**How it Works**
- Input: Provide the name of the module you wish to query.

- External Call: This function triggers an external request. Please note that the OSV Database is not designed for high-frequency, continuous polling. Use this API judiciously to avoid rate-limiting or performance issues.

- Output: The API returns a Python dictionary containing comprehensive vulnerability details. This structured data allows you to build custom reporting and monitoring tools tailored to your needs.

**Best Practices** 
Validating external modules for known vulnerabilities should be a standard security requirement, not an optional step. Because security risk depends on how a module is implemented, you must evaluate the returned data to determine if a module meets the security standards for your specific use case.


:::{attention} 
Checking against known vulnerabilities is not as strong as doing a SAST scan on code. 

**So always use Python Code Audit and check on (new)weaknesses!!**
:::


Too many tools only check Python programs and their dependencies (or used modules) against known vulnerabilities.

Many security tools focus exclusively on auditing Python programs and their direct dependencies against lists of known vulnerabilities. These vulnerabilities are typically tracked and published in global repositories:

- NVD & CVE: Security flaws are officially identified and catalogued using the Common Vulnerabilities and Exposures (CVE) system. These are central to the U.S. National Vulnerability Database (NVD).

- [OSV Database](https://nocomplexity.com/documents/securityarchitecture/references/vulnerabilitydatabases.html#vulnerability-databases): In addition to the NVD, many Open Source Software (OSS) vulnerabilities are aggregated in the Google-managed OSV (Open Source Vulnerability) database, which provides a more distributed and developer-friendly format for many ecosystems.


### How to use this API call

In [14]:
from codeaudit.api_interfaces import get_module_vulnerability_info

In [15]:
vulnerability_info = get_module_vulnerability_info("pandas")  #now the vulnerabilty information , if available, is retrieved 

In [16]:
vulnerability_info  #shows retrieved vulnerability information for external modules.

{'name': 'Python_Code_Audit',
 'version': '1.4.1',
 'generated_on': '2026-01-06 18:54',
 'pandas_vulnerability_info': [{'id': 'PYSEC-2020-73',
   'summary': '',
   'details': "** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.",
   'aliases': ['CVE-2020-13091'],
   'severity': []}]}

### Known vulnerabilities of the Python module: `requests`

An example for the output of known vulnerabilities of a well known Python module: `requests`

If you see this output ask the question if you really should use this module!

In [19]:
vulnerability_info = get_module_vulnerability_info("requests")  #now the vulnerabilty information , if available, is retrieved 

In [20]:
vulnerability_info

{'name': 'Python_Code_Audit',
 'version': '1.4.1',
 'generated_on': '2026-01-06 19:10',
 'requests_vulnerability_info': [{'id': 'GHSA-652x-xj99-gmcc',
   'summary': 'Exposure of Sensitive Information to an Unauthorized Actor in Requests',
   'details': 'Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.',
   'aliases': ['CVE-2014-1830', 'PYSEC-2014-14'],
   'severity': [{'type': 'CVSS_V4',
     'score': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}]},
  {'id': 'GHSA-9hjg-9r4m-mvj7',
   'summary': 'Requests vulnerable to .netrc credentials leak via malicious URLs',
   'details': '### Impact\n\nDue to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.\n\n### Workarounds\nFor older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on yo

## Overview of implemented security checks

In [17]:
from codeaudit.api_interfaces import get_default_validations

In [18]:
get_default_validations()

{'name': 'Python_Code_Audit',
 'version': '1.4.1',
 'generated_on': '2026-01-06 18:54',
 'validations': [{'name': 'Assertions',
   'construct': 'assert',
   'severity': 'Low',
   'info': 'Assertions are for debugging and development. Assertions can be disabled during runtime. Use in production can introduce vulnerabilities.'},
  {'name': 'Insecure Network Binding',
   'construct': 's.bind',
   'severity': 'Medium',
   'info': 'Binding to all interfaces can expose the service to a wider network attack surface.'},
  {'name': 'OS File Permissions',
   'construct': 'os.chmod',
   'severity': 'High',
   'info': 'Changing permissions carelessly can expose sensitive files.'},
  {'name': 'Directory Creation',
   'construct': 'os.makedirs',
   'severity': 'Low',
   'info': 'Direct file system calls require careful input validation to prevent vulnerabilities.'},
  {'name': 'Directory Creation',
   'construct': 'os.mkdir',
   'severity': 'Low',
   'info': 'Direct file system calls require careful