Skip to content

Add --debug flag, quiet default output, honor exclude config in pre-pass#54

Open
satoridev01 wants to merge 1 commit into
ParzivalHack:mainfrom
satoridev01:feat/debug-flag-and-default-excludes
Open

Add --debug flag, quiet default output, honor exclude config in pre-pass#54
satoridev01 wants to merge 1 commit into
ParzivalHack:mainfrom
satoridev01:feat/debug-flag-and-default-excludes

Conversation

@satoridev01
Copy link
Copy Markdown
Contributor

@satoridev01 satoridev01 commented May 21, 2026
edited
Loading

Summary

This PR adds an explicit --debug flag and makes the default output focused on findings, warnings and errors.

[--debug]: identical to the old default output

Changes

  • pyspector scan --debug: new flag. Default output keeps the banner (name, version, credits, joke), findings, warnings and errors. --debug re-enables the previous verbose output, including println! lines from the Rust core (silenced by redirecting fd 1 to /dev/null around run_scan / scan_supply_chain).
  • Dynamic version in the banner: the displayed version is now read via importlib.metadata.version("pyspector") instead of being hardcoded in cli.py, so it stays in sync with setup.cfg on every bump.
  • Honor exclude in the Python pre-pass: get_python_file_asts now filters path.glob("**/*.py") against the config's exclude list. Previously only the Rust core respected it, so the walker still entered .venv/ / node_modules/ and emitted a Info: Skipped per file inside them. New _is_path_excluded helper matches patterns against relative path, absolute path and individual path components.
  • Default excludes: added node_modules, bower_components, vendor to DEFAULT_CONFIG.exclude in config.py alongside the existing .venv / __pycache__ / build / dist / *.egg-info / venv entries.

Before / After

Scanning a project containing a .venv/:

Before (truncated — actually printed ~150 Info: Skipped lines from setuptools/pbr tests inside .venv):

Info: Skipped .venv/lib/python3.13/site-packages/pbr/tests/test_version.py (test file or fixture)
Info: Skipped .venv/lib/python3.13/site-packages/pbr/tests/test_packaging.py (test file or fixture)
...
[*] Starting PySpector scan on '.'
[*] Successfully parsed 73 Python files in 0.41s
[*] Disabled 2 rules via [defaults].disabled_rule_ids
[*] Starting analysis with 125 rules
[*] Pattern/config scan: 0.00s → 3 issues
[*] AST analysis: 0.00s → 1 issues
[*] Building call graph from 73/73 files ...
... (~25 more lines)
[+] Rule ID: SHELL602
    ...

After (default):

  o__ __o   ... (banner)
Version: 0.1.9
Made with <3 by github.com/ParzivalHack

💡 I'd tell you a joke about NAT but I would have to translate.


============================================================
  HIGH (4 issues)
============================================================

[+] Rule ID: SHELL602
    ...

Add --debug flag, gate verbose output, honor exclude config in pre-pass
534d50c 
The scan command was unconditionally printing the banner, a JokeAPI HTTP
call, dozens of [*]-prefixed progress lines from both Python and the Rust
core, and per-file "Info: Skipped" notices. CI/automation consumers had no
way to suppress this, which buried the actual findings.

This change:

- Adds a `--debug` flag to `pyspector scan`. Without it, progress chatter
  is suppressed and only the banner (name, version, credits, joke),
  findings, warnings and errors are shown. With it, the previous verbose
  output is restored, including println! output from the Rust core (which
  is silenced by redirecting fd 1 to /dev/null around the run_scan and
  scan_supply_chain calls).

- Reads the displayed version from package metadata via
  importlib.metadata.version("pyspector") so it stays in sync with
  setup.cfg automatically instead of being hardcoded in cli.py.

- Honors the `exclude` config list in the Python AST pre-pass. Previously
  only the Rust core respected it, so `path.glob("**/*.py")` walked into
  .venv/, node_modules/, etc. anyway and emitted "Info: Skipped ..." for
  every test file inside them. A new `_is_path_excluded` helper matches
  patterns against relative path, absolute path and individual components.

- Adds node_modules, bower_components and vendor to the default exclude
  list in config.py alongside the existing .venv / __pycache__ / build /
  dist entries.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@satoridev01