{"title":"PyVideo.org - static analysis","link":[{"@attributes":{"href":"https:\/\/pyvideo.org\/","rel":"alternate"}},{"@attributes":{"href":"https:\/\/pyvideo.org\/feeds\/tag_static-analysis.atom.xml","rel":"self"}}],"id":"https:\/\/pyvideo.org\/","updated":"2022-06-03T00:00:00+00:00","subtitle":{},"entry":[{"title":"Static analysis of Python","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/europython-2013\/static-analysis-of-python.html","rel":"alternate"}},"published":"2013-07-02T00:00:00+00:00","updated":"2013-07-02T00:00:00+00:00","author":{"name":"Andrey Vlasovskikh"},"id":"tag:pyvideo.org,2013-07-02:\/europython-2013\/static-analysis-of-python.html","content":{"@attributes":{"type":"html"}},"category":[{"@attributes":{"term":"EuroPython 2013"}},{"@attributes":{"term":"text-editors"}},{"@attributes":{"term":"static-analysis"}},{"@attributes":{"term":"productivity"}}]},{"title":"From Python script to Open Source Project","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/europython-2019\/from-python-script-to-open-source-project.html","rel":"alternate"}},"published":"2019-07-11T00:00:00+00:00","updated":"2019-07-11T00:00:00+00:00","author":{"name":"Micha\u0142 Karzy\u0144ski"},"id":"tag:pyvideo.org,2019-07-11:\/europython-2019\/from-python-script-to-open-source-project.html","summary":"<h3>Description<\/h3><p>Did you write a cool and useful Python script? Would you like to share\nit with the community, but you're not sure how to go about that? If so,\nthen this talks is for you. We'll go over a list of simple steps which\ncan turn your script into \u2026<\/p>","content":"<h3>Description<\/h3><p>Did you write a cool and useful Python script? Would you like to share\nit with the community, but you're not sure how to go about that? If so,\nthen this talks is for you. We'll go over a list of simple steps which\ncan turn your script into a fully fledged open-source project.<\/p>\n<p>The Python community has a rich set of tools which can help verify the\nquality of your code through automated code-review and linting. You can\nbenefit by taking advantage of this ecosystem. Complete the steps in\nthis checklist, and your project will be easier to maintain, you'll be\nready to take contributions from the community and those contributions\nwill be up to high standards. Your project will also keep up with other\nprojects on PyPI and you will be alerted if any new release causes an\nincompatibility with your code.<\/p>\n<p>The same checklist can be used for non open-source projects as well.<\/p>\n<p>The project maturity checklist includes:<\/p>\n<ul class=\"simple\">\n<li>Properly structure your code<\/li>\n<li>Use a setup.py file<\/li>\n<li>Add entry_points for your script command<\/li>\n<li>Create a requirements.txt file<\/li>\n<li>Use Black to format your code<\/li>\n<li>Create a tox.ini config and include code linters<\/li>\n<li>Set up a Git repo<\/li>\n<li>Refactor your code to be unit-testable and add tests<\/li>\n<li>Add missing docstrings<\/li>\n<li>Add type annotations and a MyPy verification step<\/li>\n<li>Upload to GitHub<\/li>\n<li>Add a continuous integration service (e.g. Travis)<\/li>\n<li>Add a requirements updater (e.g. pyup.bot)<\/li>\n<li>Add test coverage checker (e.g. coveralls)<\/li>\n<li>Add a Readme file and documentation<\/li>\n<li>Publish your project on PyPI<\/li>\n<li>Advertise your project<\/li>\n<\/ul>\n","category":[{"@attributes":{"term":"EuroPython 2019"}},{"@attributes":{"term":"Best Practice"}},{"@attributes":{"term":"Clean Code"}},{"@attributes":{"term":"Code Analysis"}},{"@attributes":{"term":"Static Analysis"}},{"@attributes":{"term":"Tooling"}}]},{"title":"Do we have a diversity problem in Python community?","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/europython-2019\/do-we-have-a-diversity-problem-in-python-community.html","rel":"alternate"}},"published":"2019-07-10T00:00:00+00:00","updated":"2019-07-10T00:00:00+00:00","author":{"name":"Cheuk Ho"},"id":"tag:pyvideo.org,2019-07-10:\/europython-2019\/do-we-have-a-diversity-problem-in-python-community.html","summary":"<h3>Description<\/h3><p>The diversity statement quoted as follows: \u201cThe Python Software\nFoundation and the global Python community welcome and encourage\nparticipation by everyone. Our community is based on mutual respect,\ntolerance, and encouragement, and we are working to help each other live\nup to these principles. We want our community to \u2026<\/p>","content":"<h3>Description<\/h3><p>The diversity statement quoted as follows: \u201cThe Python Software\nFoundation and the global Python community welcome and encourage\nparticipation by everyone. Our community is based on mutual respect,\ntolerance, and encouragement, and we are working to help each other live\nup to these principles. We want our community to be more diverse:\nwhoever you are, and whatever your background, we welcome you.\u201d<\/p>\n<p>Diversity, big deal! As an active members and event organisers (and also\non the minority side of the gender) in the Python community, we have\nalway been concern by the question of: Do we truly have a problem in\ndiversity? Especially, gender diversity. We would like to find out the\ntruth, by data science, and see if we can find a clue why and how we can\nfix it.<\/p>\n<p>First, we will show the research others did regarding the representation\nof women in the R and Python communities [1]. Then, we will show the\nresearch that we did based on our experience and statistic. Including\nstatic analysis of the speakers diversity (regarding gender) at major\nPyCon and PyData conferences. Finally, as we all care about diversity\nand want improvements, we would like to find out the reason and what we\ncan do about it. We would propose what we, the minorities and allies,\ncould do against this seemingly unbalance situation and make the\ncommunity better.<\/p>\n<p>This talk is for all that who cares about diversity in our community.<\/p>\n<p>[1]\n<a class=\"reference external\" href=\"https:\/\/reshamas.github.io\/why-women-are-flourishing-in-r-community-but\">https:\/\/reshamas.github.io\/why-women-are-flourishing-in-r-community-but<\/a>-\nlagging-in-python\/<\/p>\n<p>Update: slides at\n<a class=\"reference external\" href=\"https:\/\/slides.com\/cheukting_ho\/do-we-have-a-diversity\">https:\/\/slides.com\/cheukting_ho\/do-we-have-a-diversity<\/a>-\nproblem-in-python-community<\/p>\n","category":[{"@attributes":{"term":"EuroPython 2019"}},{"@attributes":{"term":"Community"}},{"@attributes":{"term":"Conferences and Meet-Ups"}},{"@attributes":{"term":"Data Science"}},{"@attributes":{"term":"Static Analysis"}}]},{"title":"Static typing: beyond the basics of def foo(x: int) -> str:","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/europython-2019\/static-typing-beyond-the-basics-of-def-foox-int-str.html","rel":"alternate"}},"published":"2019-07-10T00:00:00+00:00","updated":"2019-07-10T00:00:00+00:00","author":{"name":"Vita Smid"},"id":"tag:pyvideo.org,2019-07-10:\/europython-2019\/static-typing-beyond-the-basics-of-def-foox-int-str.html","summary":"<h3>Description<\/h3><p>The Python community has been warming up to static typing for a few\nyears now. You may have seen talks that did a great job of introducing\nthe basic concepts, mypy, and high-level strategies to cover existing\ncode bases.<\/p>\n<p>We need to go deeper.<\/p>\n<p>Let\u2019s talk about the \u2026<\/p>","content":"<h3>Description<\/h3><p>The Python community has been warming up to static typing for a few\nyears now. You may have seen talks that did a great job of introducing\nthe basic concepts, mypy, and high-level strategies to cover existing\ncode bases.<\/p>\n<p>We need to go deeper.<\/p>\n<p>Let\u2019s talk about the challenges you inevitably encounter when you try to\ntype- check a large code base. One full of many moving parts, complex\narchitectures, metaprogramming tricks, and interfaces with a dozen other\npackages.<\/p>\n<p>Static type checking is very powerful \u2013 when you use it to maximum\nadvantage and explain your code to the typechecker accurately. We will\ncover a few tools at your disposal: generics, signature overloads,\nprotocols, custom mypy plug- ins, and more.<\/p>\n<p>There is more than just tools, though. Behind them all are universal\nconcepts valid in any language. I hope to convince you that thinking in\nterms of the type system helps you write better code\u2026<\/p>\n","category":[{"@attributes":{"term":"EuroPython 2019"}},{"@attributes":{"term":"Static Analysis"}},{"@attributes":{"term":"Type-Hinting"}}]},{"title":"So, You Want to Build an Anti-Virus Engine?","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/europython-2020\/so-you-want-to-build-an-anti-virus-engine.html","rel":"alternate"}},"published":"2020-07-23T00:00:00+00:00","updated":"2020-07-23T00:00:00+00:00","author":{"name":"JunWei Song"},"id":"tag:pyvideo.org,2020-07-23:\/europython-2020\/so-you-want-to-build-an-anti-virus-engine.html","summary":"<h3>Description<\/h3><p><a class=\"reference external\" href=\"https:\/\/github.com\/quark-engine\/quark-engine\">https:\/\/github.com\/quark-engine\/quark-engine<\/a><\/p>\n<p>Android malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With python and curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way.<\/p>\n<p>We have \u2026<\/p>","content":"<h3>Description<\/h3><p><a class=\"reference external\" href=\"https:\/\/github.com\/quark-engine\/quark-engine\">https:\/\/github.com\/quark-engine\/quark-engine<\/a><\/p>\n<p>Android malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With python and curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way.<\/p>\n<p>We have an order theory of criminal which explains stages of committing a crime. For example, crime of murder consists of five stages, they are determined, conspiracy, preparation, start and practice. The latter the stage the more we\u2019re sure that the crime is practiced.<\/p>\n<p>According to the above principle, we developed our order theory of android malware. We develop five stages to see if the malicious activity is being practiced. They are<\/p>\n<ol class=\"arabic simple\">\n<li>Permission requested.<\/li>\n<li>Native API call.<\/li>\n<li>Certain combination of native API.<\/li>\n<li>Calling sequence of native API.<\/li>\n<li>APIs that handle the same register.<\/li>\n<\/ol>\n<p>We not only define malicious activities and their stages but also develop weights and thresholds for calculating the threat level of a malware.<\/p>\n<p>Malware evolved with new techniques to gain difficulties for reverse engineering. Obfuscation is one of the most commonly used techniques. In this talk, we present a Dalvik bytecode loader with the order theory of android malware to neglect certain cases of obfuscation.<\/p>\n<p>Inspired by the design principles of the CPython interpreter, our Dalvik bytecode loader consists of functionalities such as 1. Finding cross-reference and calling sequence of the native API. 2. Tracing the bytecode register. The combination of these functionalities (yes, the order theory) not only can neglect obfuscation but also match perfectly to the design of our malware scoring system.<\/p>\n<p>Further, we will also show a case study of Android malware and demonstrate how the obfuscation technique is useless to our engine. Last but not least, we will be open-sourcing everything (Malware Scoring System, Dalvik Bytecode Loader) during our presentation.<\/p>\n<p>Audience\n1. Who is this talk for?\n- Anyone who's interested in cyber security or anyone that wants to know how to build an anti-virus engine with Python.<\/p>\n<p>2. What background knowledge or experience do you expect the audience to have?\n- A little of Android application development and malware analysis.<\/p>\n<p>3. What do you expect the audience to learn or do after watching the talk?\n- The Dalvik bytecode loader is written as a python module, the audiences can use this module to boost up their malware analysis.\n- The malware scoring system can be applied not only to Android malware but also can be applied for PE files or ELF files in other OS. The audience can copy our ideas to extend their work.\n- Everything\u2019s open-sourced.<\/p>\n<p>Outline<\/p>\n<p>1. Introduction of Malware Scoring System.\nFirst, we will detail how we decode Criminal Law to simple principles. For example, principles to define crime, penalty and the order theory of criminal, etc. And then we will detail how do we develop the order theory of android malware and other developed theories that construct the malware scoring.<\/p>\n<p>2. Design Logic of the Dalvik Bytecode Loader.\nOnce the malware scoring system were built, this will discuss the design logic of our Dalvik bytecode loader which includes our obfuscation-neglect module and bytecode register tracing module. We will also detail why the order theory of android malware succeeds at neglecting the obfuscation.<\/p>\n<p>3. Quark Engine Practice - Case Study of Android Malware\nNext, we will practice our engine and case study through an android malware. Moreover, we will also demonstrate our obfuscation-neglect technique against obfuscation malware.<\/p>\n<p>4. Future works\nHere, we will discuss the limitations of our engine. For example, the challenge of our Dalvik bytecode loader. Also, we will share our plans of implementing more detection techniques conquering the escape detection of malware.<\/p>\n","category":[{"@attributes":{"term":"EuroPython 2020"}},{"@attributes":{"term":"europython"}},{"@attributes":{"term":"europython-2020"}},{"@attributes":{"term":"europython-online"}},{"@attributes":{"term":"Mobile"}},{"@attributes":{"term":"Open-Source"}},{"@attributes":{"term":"Security"}},{"@attributes":{"term":"Static Analysis"}}]},{"title":"Static Typing in Python","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/europython-2020\/static-typing-in-python.html","rel":"alternate"}},"published":"2020-07-23T00:00:00+00:00","updated":"2020-07-23T00:00:00+00:00","author":{"name":"Dustin Ingram"},"id":"tag:pyvideo.org,2020-07-23:\/europython-2020\/static-typing-in-python.html","summary":"<h3>Description<\/h3><p>Python is well-known as a programming language without static types. This means that you don\u2019t need to say what a given variable will hold, or whether your function will return a string or an integer (or sometimes one, and sometimes another!). This has historically made Python a very \u2026<\/p>","content":"<h3>Description<\/h3><p>Python is well-known as a programming language without static types. This means that you don\u2019t need to say what a given variable will hold, or whether your function will return a string or an integer (or sometimes one, and sometimes another!). This has historically made Python a very flexible and beginner-friendly language.<\/p>\n<p>In this talk, we\u2019ll discuss the advantages and disadvantages to a static type system, as well as recent efforts to introduce static typing to Python via optional \u201ctype hints\u201d and various tools to aid in adding types to Python code. We\u2019ll see what this means for Python, for Python programmers, and what the future has in store for Python\u2019s type system.<\/p>\n","category":[{"@attributes":{"term":"EuroPython 2020"}},{"@attributes":{"term":"europython"}},{"@attributes":{"term":"europython-2020"}},{"@attributes":{"term":"europython-online"}},{"@attributes":{"term":"Python 3"}},{"@attributes":{"term":"Static Analysis"}},{"@attributes":{"term":"Tooling"}},{"@attributes":{"term":"Type-Hinting"}},{"@attributes":{"term":"python"}}]},{"title":"Writing Good Python","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/europython-2020\/writing-good-python.html","rel":"alternate"}},"published":"2020-07-23T00:00:00+00:00","updated":"2020-07-23T00:00:00+00:00","author":{"name":"Prashant Chaubey"},"id":"tag:pyvideo.org,2020-07-23:\/europython-2020\/writing-good-python.html","summary":"<h3>Description<\/h3><p>Like other programming languages, it is easy to write cryptic, unmaintainable, and rigid Python code. Moreover, in teams, this problem escalates due to varied coding styles of developers. How to ensure code quality and consistency? My goal with this talk is to educate my audience about some tools and \u2026<\/p>","content":"<h3>Description<\/h3><p>Like other programming languages, it is easy to write cryptic, unmaintainable, and rigid Python code. Moreover, in teams, this problem escalates due to varied coding styles of developers. How to ensure code quality and consistency? My goal with this talk is to educate my audience about some tools and libraries that can help us in making our code more consistent.<\/p>\n","category":[{"@attributes":{"term":"EuroPython 2020"}},{"@attributes":{"term":"europython"}},{"@attributes":{"term":"europython-2020"}},{"@attributes":{"term":"europython-online"}},{"@attributes":{"term":"Best Practice"}},{"@attributes":{"term":"Code Analysis"}},{"@attributes":{"term":"Documentation"}},{"@attributes":{"term":"Static Analysis"}},{"@attributes":{"term":"Type-Hinting"}}]},{"title":"Don't rely on discipline","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/pycon-italia-2022\/dont-rely-on-discipline.html","rel":"alternate"}},"published":"2022-06-03T00:00:00+00:00","updated":"2022-06-03T00:00:00+00:00","author":{"name":"Nejc Zupan"},"id":"tag:pyvideo.org,2022-06-03:\/pycon-italia-2022\/dont-rely-on-discipline.html","summary":"<h3>Description<\/h3><p>Don\u2019t rely on discipline - PyCon Italia 2022<\/p>\n<p>In the programming field we often rely on discipline. We expect from\nourselves and from others that we will not introduce bugs and cause\nproblems. That we will use the libraries and APIs as they are intended.\nThat we will not \u2026<\/p>","content":"<h3>Description<\/h3><p>Don\u2019t rely on discipline - PyCon Italia 2022<\/p>\n<p>In the programming field we often rely on discipline. We expect from\nourselves and from others that we will not introduce bugs and cause\nproblems. That we will use the libraries and APIs as they are intended.\nThat we will not cut corners.<\/p>\n<p>Sadly, tales from the industry tell us otherwise. This talk explores why\nwe should not rely on discipline as a bouncer against bugs, and what to\nrely on instead.<\/p>\n<p>Slides:<\/p>\n<p>Speaker: Nejc Zupan<\/p>\n","category":[{"@attributes":{"term":"PyCon Italia 2022"}},{"@attributes":{"term":"clean code"}},{"@attributes":{"term":"static analysis"}},{"@attributes":{"term":"testing"}}]},{"title":"Python Robo-Advisor: Come uso Python per gestire i mie risparmi","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/pycon-italia-2022\/python-robo-advisor-come-uso-python-per-gestire-i-mie-risparmi.html","rel":"alternate"}},"published":"2022-06-03T00:00:00+00:00","updated":"2022-06-03T00:00:00+00:00","author":{"name":"Damiano Dotto"},"id":"tag:pyvideo.org,2022-06-03:\/pycon-italia-2022\/python-robo-advisor-come-uso-python-per-gestire-i-mie-risparmi.html","summary":"<h3>Description<\/h3><p>Python Robo-Advisor: Come uso Python per gestire i mie risparmi - PyCon\nItalia 2022<\/p>\n<p>Si parla tanto di libert\u00e0 finanzia e di non lasciare marcire i risparmi\nin banca e allora perch\u00e9 non usare le nostre competenze da developer e\nle librerie di Python per creare un portafoglio basato su \u2026<\/p>","content":"<h3>Description<\/h3><p>Python Robo-Advisor: Come uso Python per gestire i mie risparmi - PyCon\nItalia 2022<\/p>\n<p>Si parla tanto di libert\u00e0 finanzia e di non lasciare marcire i risparmi\nin banca e allora perch\u00e9 non usare le nostre competenze da developer e\nle librerie di Python per creare un portafoglio basato su algoritmi e\ndati quantitativi? Oggi giorno si sente sempre di pi\u00f9 parlare di libert\u00e0\nfinanziaria, concetto un po\u2019 utopico a mio avviso. Sono un programmatore\n\u201ccomune\u201d e tendo spesso ad essere pratico pi\u00f9 che teorico (so che anche\ntu non leggi la documentazione prima di scrivere codice ;) )! Ti\nmostrer\u00f2 in maniera concreta come \u00e8 possibile sfruttare le nostre\nconoscenze di programmazione per poter assumere un \u201cconsulente\nfinanziario fedele\u201d (cos\u00ec mi piace definirlo) che prenda decisioni\nobiettive per gestire al meglio i nostri risparmi sui mercati\nfinanziari. In 30 minuti, vedremo assieme come costruirci un robot\nautomatico che ci permetta di testare, validare, ottimizzare una\nstrategia di trading automatico con un esempio REALE, statistico e\nbasato sui dati.<\/p>\n<p>Speaker: Damiano Dotto<\/p>\n","category":[{"@attributes":{"term":"PyCon Italia 2022"}},{"@attributes":{"term":"data structures"}},{"@attributes":{"term":"education"}},{"@attributes":{"term":"static analysis"}}]},{"title":"Vulture eats some Python","link":{"@attributes":{"href":"https:\/\/pyvideo.org\/pycon-italia-2022\/vulture-eats-some-python.html","rel":"alternate"}},"published":"2022-06-03T00:00:00+00:00","updated":"2022-06-03T00:00:00+00:00","author":{"name":"Rahul Jha"},"id":"tag:pyvideo.org,2022-06-03:\/pycon-italia-2022\/vulture-eats-some-python.html","summary":"<h3>Description<\/h3><p>Vulture eats some Python - PyCon Italia 2022<\/p>\n<p>Maintaining a high level of code quality is important for any serious\nproject. One aspect of this is ensuring that all code is actually used.\nFinding and removing dead code allows to keep the code base clean and\nreduces bugs. This is \u2026<\/p>","content":"<h3>Description<\/h3><p>Vulture eats some Python - PyCon Italia 2022<\/p>\n<p>Maintaining a high level of code quality is important for any serious\nproject. One aspect of this is ensuring that all code is actually used.\nFinding and removing dead code allows to keep the code base clean and\nreduces bugs. This is a practical guide on using and configuring Vulture\nto do so. This talk is focused on how we can use Vulture to find dead\ncode. There are many reasons for dead code ending up in a project. The\nmost common is refactoring, but another is misspellings, which are only\ndetected at runtime for dynamic languages. Vulture helps you find unused\ncode in Python programs, and it is useful for cleaning up and finding\nerrors in large codebases. If you run Vulture on both your library and\ntest suite, you can find untested code.<\/p>\n<p>Due to Python\u2019s dynamic nature, static code analyzers like Vulture are\nlikely to miss some dead code. Also, code that is only called implicitly\n(e.g., using getattr) may be reported as unused. Nonetheless, Vulture\ncan be a very helpful tool for higher code quality.<\/p>\n<p>The second part of this talk investigates ways to improve Vulture\u2019s\nreporting such that the results are actionable and optimized for a low\nnumber of false positives. It also discusses how to automate testing for\ndead code with Vulture \u2013 there are quite a few options available: 1. Add\na step in your continuous integration testing. 2. As a pre-commit hook.\n3. Run a script using Vulture API for more fine-grained control.<\/p>\n<p>The third and last part of this talk discusses a brief overview of the\ninternal workings of the tool, along with the scope of future\nimprovements. After all, the motive of this talk is not only to\nencourage developers to prioritize code hygiene but also to inspire them\nto come up with ideas to <em>enable<\/em> it.<\/p>\n<p>Speaker: Rahul Jha<\/p>\n","category":[{"@attributes":{"term":"PyCon Italia 2022"}},{"@attributes":{"term":"best practice"}},{"@attributes":{"term":"clean code"}},{"@attributes":{"term":"code analysis"}},{"@attributes":{"term":"static analysis"}},{"@attributes":{"term":"tooling"}}]}]}