Including imported modules and packages

To translate Python applications and prepare for a scan, OpenText SAST searches for any imported modules and packages used by the application. OpenText SAST does not respect the PYTHONPATH environment variable, which the Python runtime system uses to find imported modules and packages.

OpenText SAST searches for imported modules and packages using the list of directories in the following order:

1. The common root directory for all project source files. which OpenText SAST calculates automatically. For example, if there are two project directories PrimaryDir/project1/* and PrimaryDir/project2/*, the common root directory is PrimaryDir.

   To remove the common root directory as a search target for imported modules and packages, include the -python-no-auto-root-calculation option in the translation command.

2. The directories specified with the -python-path option.

   OpenText SAST includes a subset of modules from the standard Python library (module "builtins", all modules originally written in C, and others) in the translation. OpenText SAST first searches for a standard Python library module in the set included with OpenText SAST and then in the paths specified with the -python-path option. If your Python code imports any module that OpenText SAST cannot find, it produces a warning. To make sure that all modules of the standard Python library are found, add the path to your standard Python library in the -python-path list.

3. The current directory that contains the file being translated. For example, when OpenText SAST translates a PrimaryDir/project1/a.py, the directory PrimaryDir/project1 is added as the last directory to search for imported modules and packages.