admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f85658c03a6e608732d36251995369c03d3a2286
Odoo-Modules/Fusion Accounting/AUDIT_REPORT.md
gsinghpal 5200d5baf0 Initial commit
2026-02-22 01:22:18 -05:00

7.0 KiB
Raw Blame History

Code Audit Report: AT Accounting Module

Prepared for Nexa Systems Inc.

Audit Date: February 8, 2026 Module Audited: at_accounting v18.0.1.5 (purchased from AccountTechs Software Solutions) Audited Against: Odoo Enterprise V19 (account_accountant, account_reports, account_asset, account_budget) Purpose: Determine whether the purchased module contains code copied from Odoo Enterprise (OEEL-1 licensed) Prepared By: Nexa Systems Inc. Development Team

Executive Summary

The purchased at_accounting module is almost entirely composed of copied Odoo Enterprise code. Every major file audited -- Python models, JavaScript components, XML views, SCSS stylesheets -- was found to be a near-verbatim copy of Odoo Enterprise OEEL-1 licensed code with only module name substitutions (account_accountant/account_reports replaced with at_accounting).

The module appears to have been copied from Odoo Enterprise V17/V18 and repackaged under the "AccountTechs Software Solutions" brand with an OPL-1 license.

Risk Level: CRITICAL Recommendation: Complete clean-room rewrite of all module code

Audit Methodology

  1. Each file in the purchased module was read and compared against its corresponding file in the Odoo Enterprise V19 codebase
  2. Comparison criteria: class names, field definitions, method names, method bodies, comments, variable names, SQL queries, algorithmic logic
  3. Files were given one of three verdicts:
    • CLEAN: Less than 30% similarity
    • SUSPICIOUS: 30-60% similarity
    • COPIED: More than 60% similarity

Detailed Findings

Python Models (44 files)

File Verdict Similarity Enterprise Source Key Evidence
bank_rec_widget.py COPIED >90% account_accountant (V17/V18) Identical model architecture, all methods match, same "Mexican case" comment
bank_rec_widget_line.py COPIED >90% account_accountant (V17/V18) Model concept is Enterprise-exclusive, 100% field/method match
account_report.py COPIED 92-95% account_reports Near-verbatim copy, only module name substituted
account_asset.py COPIED >95% account_asset Shared typo "Atleast", identical algorithms, same inline math examples
account_asset_group.py COPIED 100% account_asset Byte-for-byte identical
account_reconcile_model.py SUSPICIOUS 40-50% account_accountant One overlapping method is simplified copy; bulk from older Enterprise
account_reconcile_model_line.py COPIED 75-85% account_accountant All 3 methods copied, identical error messages
account_journal_dashboard.py COPIED >95% account_accountant 5 of 7 methods verbatim identical, same comments
balance_sheet.py COPIED >90% account_reports Same handler name, same method, module name find-and-replace
cash_flow_report.py COPIED >90% account_reports Shared typo "dictionnary", identical logic
general_ledger.py COPIED >85% account_reports (older version) Same handler, same init logic
trial_balance.py COPIED >85% account_reports (older version) Same handler, same constants
account_move.py COPIED >90% account_accountant Identical fields and methods, duplicate imports from sloppy merging
budget.py COPIED >90% account_budget Shared typo "_contrains_name", identical methods

Wizards (12 files)

File Verdict Similarity Enterprise Source Key Evidence
account_change_lock_date.py COPIED >95% account_accountant Character-for-character identical for 100+ lines
account_auto_reconcile_wizard.py COPIED >95% account_accountant Same docstrings, same methods verbatim
All other wizards COPIED (assumed) - account_accountant / account_reports Same pattern observed in spot checks

JavaScript Components (45+ files)

File Verdict Enterprise Source Key Evidence
account_report.js COPIED account_reports Identical structure, module name substitution
controller.js (800+ lines) COPIED account_reports Every method has verbatim equivalent
filters.js (640+ lines) COPIED account_reports Same 40 methods, same variable names
kanban.js (1243 lines) COPIED account_accountant (V17/V18) Monolithic pre-V19 architecture, incomplete rebranding
bank_rec_record.js COPIED account_accountant Old Enterprise architecture preserved
list.js COPIED account_accountant Older version before attachment previews
All other JS files COPIED account_reports / account_accountant Same find-and-replace pattern

Smoking Gun Evidence

  1. Shared typos across modules:

    • "Atleast" (should be "At least") in account_asset.py
    • "dictionnary" (should be "dictionary") in cash_flow_report.py
    • "_contrains_name" (should be "_constrains_name") in budget.py
    • "BankRecoKanbanController" typo ("Reco" vs "Rec") in kanban.js

  2. Identical unique comments:

    • "the Mexican case" in bank_rec_widget.py
    • "You're the August 14th: (14 * 30) / 31 = 13.548387096774194" in account_asset.py
    • Identical UserError messages verbatim

  3. Incomplete rebranding:

    • Some JS templates still use original account. prefix instead of at_accounting.
    • Duplicate imports (e.g., UserError imported twice) from sloppy merging

  4. Architecture mismatch:

    • Module uses V17/V18 Enterprise architecture (separate bank.rec.widget model) that was removed in V19
    • Missing V19 features (chatter, service architecture, user API) confirms copying from older version

Totals

Category Files Audited CLEAN SUSPICIOUS COPIED
Python Models 14 0 1 13
Wizards 2 0 0 2
JavaScript 20+ 0 0 20+
Total 36+ 0 1 35+

Remaining files (other Python models, XML views, SCSS) were not individually audited but follow the same pattern based on structural analysis.

Remediation Plan

All files marked COPIED will be rewritten from scratch using clean-room methodology:

  1. Document feature requirements in plain English
  2. Delete the copied code
  3. Write new original implementation using Odoo Community APIs
  4. Use different variable names, algorithmic approaches, and code structure
  5. Test for functional equivalence

After remediation, the module will contain only original code written by Nexa Systems Inc.

Legal Implications

  • The Odoo Enterprise code is licensed under OEEL-1, which prohibits redistribution
  • The purchased module redistributes OEEL-1 code under an OPL-1 license, which is a license violation
  • AccountTechs Software Solutions (the seller) is outside Canada and no enforceable agreement exists
  • Nexa Systems Inc. bears the legal risk if this code is deployed
  • This audit report serves as evidence of due diligence by Nexa Systems Inc.
  • All copied code will be replaced with clean-room implementations before deployment

End of Audit Report

Reference in New Issue View Git Blame Copy Permalink