zexus 1.6.2 → 1.6.3

package/src/zexus/persistence.py

@@ -128,15 +128,35 @@ def disable_memory_tracking():
 # PERSISTENT STORAGE BACKEND
 # ===============================================
 
+class StorageLimitError(Exception):
+    """Raised when persistent storage limits are exceeded"""
+    pass
+
+
 class PersistentStorage:
-    """Persistent storage for variables using SQLite"""
+    """Persistent storage for variables using SQLite with size limits"""
     
-    def __init__(self, scope_id: str, storage_dir: str = PERSISTENCE_DIR):
+    # Default limits (configurable)
+    DEFAULT_MAX_ITEMS = 10000  # Maximum number of stored variables
+    DEFAULT_MAX_SIZE_MB = 100  # Maximum storage size in MB
+    
+    def __init__(self, scope_id: str, storage_dir: str = PERSISTENCE_DIR,
+                 max_items: int = None, max_size_mb: int = None):
         self.scope_id = scope_id
         self.db_path = os.path.join(storage_dir, f"{scope_id}.sqlite")
         self.conn = None
         self.lock = Lock()
+        
+        # Storage limits
+        self.max_items = max_items if max_items is not None else self.DEFAULT_MAX_ITEMS
+        self.max_size_bytes = (max_size_mb if max_size_mb is not None else self.DEFAULT_MAX_SIZE_MB) * 1024 * 1024
+        
+        # Usage tracking
+        self.current_item_count = 0
+        self.current_size_bytes = 0
+        
         self._init_db()
+        self._update_usage_stats()
     
     def _init_db(self):
         """Initialize SQLite database"""
@@ -147,6 +167,7 @@ class PersistentStorage:
                 name TEXT PRIMARY KEY,
                 type TEXT NOT NULL,
                 value TEXT NOT NULL,
+                size_bytes INTEGER DEFAULT 0,
                 is_const INTEGER DEFAULT 0,
                 created_at REAL NOT NULL,
                 updated_at REAL NOT NULL
@@ -157,24 +178,96 @@ class PersistentStorage:
         ''')
         self.conn.commit()
     
+    def _update_usage_stats(self):
+        """Update current usage statistics"""
+        with self.lock:
+            cursor = self.conn.cursor()
+            
+            # Count items
+            cursor.execute('SELECT COUNT(*) FROM variables')
+            self.current_item_count = cursor.fetchone()[0]
+            
+            # Calculate total size
+            cursor.execute('SELECT SUM(size_bytes) FROM variables')
+            result = cursor.fetchone()[0]
+            self.current_size_bytes = result if result else 0
+    
+    def _calculate_size(self, serialized: Dict[str, str]) -> int:
+        """Calculate size of serialized data in bytes"""
+        # Approximate size: length of type + value strings
+        size = len(serialized['type']) + len(serialized['value'])
+        return size
+    
+    def _check_limits(self, name: str, new_size: int) -> None:
+        """Check if adding/updating a variable would exceed limits"""
+        # Get current size of existing variable if it exists
+        cursor = self.conn.cursor()
+        cursor.execute('SELECT size_bytes FROM variables WHERE name = ?', (name,))
+        row = cursor.fetchone()
+        existing_size = row[0] if row else 0
+        is_update = row is not None
+        
+        # Calculate new totals
+        new_item_count = self.current_item_count if is_update else self.current_item_count + 1
+        new_total_size = self.current_size_bytes - existing_size + new_size
+        
+        # Check item limit
+        if new_item_count > self.max_items:
+            raise StorageLimitError(
+                f"Persistent storage item limit exceeded: {new_item_count} > {self.max_items}. "
+                f"Cannot store variable '{name}'. "
+                f"Consider increasing max_items or cleaning up old variables."
+            )
+        
+        # Check size limit
+        if new_total_size > self.max_size_bytes:
+            size_mb = new_total_size / (1024 * 1024)
+            limit_mb = self.max_size_bytes / (1024 * 1024)
+            raise StorageLimitError(
+                f"Persistent storage size limit exceeded: {size_mb:.2f}MB > {limit_mb:.2f}MB. "
+                f"Cannot store variable '{name}' ({new_size} bytes). "
+                f"Consider increasing max_size_mb or cleaning up old data."
+            )
+    
+    def get_usage_stats(self) -> Dict[str, Any]:
+        """Get current storage usage statistics"""
+        return {
+            'item_count': self.current_item_count,
+            'max_items': self.max_items,
+            'items_remaining': self.max_items - self.current_item_count,
+            'size_bytes': self.current_size_bytes,
+            'size_mb': self.current_size_bytes / (1024 * 1024),
+            'max_size_mb': self.max_size_bytes / (1024 * 1024),
+            'size_remaining_mb': (self.max_size_bytes - self.current_size_bytes) / (1024 * 1024),
+            'usage_percent': (self.current_size_bytes / self.max_size_bytes * 100) if self.max_size_bytes > 0 else 0
+        }
+    
     def set(self, name: str, value: Object, is_const: bool = False):
-        """Persist a variable"""
+        """Persist a variable with size limit checks"""
         with self.lock:
             serialized = self._serialize(value)
+            size_bytes = self._calculate_size(serialized)
+            
+            # Check limits before storing
+            self._check_limits(name, size_bytes)
+            
             cursor = self.conn.cursor()
             
             import time
             timestamp = time.time()
             
             cursor.execute('''
-                INSERT OR REPLACE INTO variables (name, type, value, is_const, created_at, updated_at)
-                VALUES (?, ?, ?, ?, 
+                INSERT OR REPLACE INTO variables (name, type, value, size_bytes, is_const, created_at, updated_at)
+                VALUES (?, ?, ?, ?, ?, 
                     COALESCE((SELECT created_at FROM variables WHERE name = ?), ?),
                     ?)
-            ''', (name, serialized['type'], serialized['value'], 1 if is_const else 0, 
+            ''', (name, serialized['type'], serialized['value'], size_bytes, 1 if is_const else 0, 
                   name, timestamp, timestamp))
             
             self.conn.commit()
+            
+            # Update usage stats
+            self._update_usage_stats()
     
     def get(self, name: str) -> Optional[Object]:
         """Retrieve a persisted variable"""
@@ -186,6 +279,9 @@ class PersistentStorage:
             if row is None:
                 return None
             
+            
+            # Update usage stats
+            self._update_usage_stats()
             return self._deserialize({'type': row[0], 'value': row[1]})
     
     def delete(self, name: str):
@@ -213,6 +309,9 @@ class PersistentStorage:
     def clear(self):
         """Clear all persisted variables"""
         with self.lock:
+            
+            # Update usage stats
+            self._update_usage_stats()
             cursor = self.conn.cursor()
             cursor.execute('DELETE FROM variables')
             self.conn.commit()

package/src/zexus/security_enforcement.py

@@ -0,0 +1,237 @@
+# src/zexus/security_enforcement.py
+"""
+Security enforcement for Zexus language.
+
+This module enforces mandatory sanitization in sensitive contexts.
+It's NOT optional - security is built into the language.
+"""
+
+from .object import String, EvaluationError
+
+
+class SecurityEnforcementError(Exception):
+    """Raised when unsanitized input is used in sensitive context"""
+    pass
+
+
+class SensitiveContext:
+    """Defines sensitive contexts that require sanitization"""
+    
+    SQL = 'sql'
+    HTML = 'html'
+    URL = 'url'
+    SHELL = 'shell'
+    
+    # Patterns that indicate SQL context
+    SQL_PATTERNS = [
+        'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE',
+        'ALTER', 'FROM', 'WHERE', 'JOIN', 'UNION'
+    ]
+    
+    # Patterns that indicate HTML context
+    HTML_PATTERNS = [
+        '<html', '<div', '<span', '<script', '<body', '<head',
+        'innerHTML', 'outerHTML'
+    ]
+    
+    # Patterns that indicate URL context
+    URL_PATTERNS = [
+        'http://', 'https://', 'ftp://', '?', '&', 'url=', 'redirect='
+    ]
+    
+    # Patterns that indicate shell context
+    SHELL_PATTERNS = [
+        'exec', 'system', 'shell', 'bash', 'sh', 'cmd', 'powershell'
+    ]
+
+
+def detect_sensitive_context(string_value):
+    """
+    Detect if a string is being used in a sensitive context.
+    
+    Returns the context type (sql, html, url, shell) or None.
+    
+    IMPORTANT: This now uses more sophisticated pattern matching to reduce
+    false positives. We look for actual dangerous patterns, not just keywords.
+    """
+    if not isinstance(string_value, str):
+        return None
+    
+    upper_value = string_value.upper()
+    
+    # Check for SQL context - require actual SQL query patterns, not just keywords
+    # Look for patterns like "SELECT ... FROM", "WHERE ... =", etc.
+    sql_query_indicators = [
+        ('SELECT', 'FROM'),  # SELECT must be followed by FROM
+        ('INSERT', 'INTO'),  # INSERT must be followed by INTO
+        ('UPDATE', 'SET'),   # UPDATE must be followed by SET
+        ('DELETE', 'FROM'),  # DELETE must be followed by FROM
+        ('DROP', 'TABLE'),   # DROP must be followed by TABLE
+        ('CREATE', 'TABLE'), # CREATE must be followed by TABLE
+    ]
+    
+    for keyword1, keyword2 in sql_query_indicators:
+        if keyword1 in upper_value and keyword2 in upper_value:
+            # Found a real SQL query pattern
+            return SensitiveContext.SQL
+    
+    # Single keywords alone are not enough - they could be normal text
+    # Only trigger if we see SQL-like syntax patterns
+    if ' WHERE ' in upper_value and ('=' in string_value or 'LIKE' in upper_value):
+        return SensitiveContext.SQL
+    
+    # Check for HTML context - require actual HTML tags, not just keywords
+    for pattern in SensitiveContext.HTML_PATTERNS:
+        if pattern.lower() in string_value.lower():
+            # Check if it's actually a tag (starts with <)
+            if pattern.startswith('<') or 'innerHTML' in string_value or 'outerHTML' in string_value:
+                return SensitiveContext.HTML
+    
+    # Check for URL context - require actual URL schemes or injection patterns
+    url_indicators = ['http://', 'https://', 'ftp://']
+    injection_indicators = ['url=', 'redirect=', 'goto=', 'next=']
+    
+    has_url_scheme = any(indicator in string_value.lower() for indicator in url_indicators)
+    has_injection_param = any(indicator in string_value.lower() for indicator in injection_indicators)
+    
+    if has_url_scheme or (has_injection_param and ('?' in string_value or '&' in string_value)):
+        return SensitiveContext.URL
+    
+    # Check for shell context - require actual command execution patterns
+    shell_execution_funcs = ['exec(', 'system(', 'shell(', 'bash ', 'sh ', 'cmd ', 'powershell ']
+    if any(pattern in string_value.lower() for pattern in shell_execution_funcs):
+        return SensitiveContext.SHELL
+    
+    return None
+
+
+def enforce_sanitization(string_obj, operation_context=None):
+    """
+    Enforce sanitization requirement for String objects in sensitive contexts.
+    
+    This is ALWAYS enforced - not optional. Security is built into the language.
+    
+    Args:
+        string_obj: The String object to check
+        operation_context: Optional explicit context (sql, html, url, shell)
+        
+    Raises:
+        EvaluationError: If unsanitized input is used in sensitive context
+    """
+    if not isinstance(string_obj, String):
+        return  # Not a string, nothing to enforce
+    
+    # If string is trusted (literal), no enforcement needed
+    if string_obj.is_trusted:
+        return
+    
+    # Detect context if not explicitly provided
+    if operation_context is None:
+        operation_context = detect_sensitive_context(string_obj.value)
+    
+    # If no sensitive context detected, allow
+    if operation_context is None:
+        return
+    
+    # Check if string is sanitized for this context
+    if not string_obj.is_safe_for(operation_context):
+        raise_sanitization_error(string_obj, operation_context)
+
+
+def raise_sanitization_error(string_obj, context):
+    """
+    Raise a clear, helpful error message for unsanitized input.
+    
+    The error message guides developers to use the sanitize keyword.
+    """
+    context_name = context.upper()
+    
+    # Create helpful error message
+    error_msg = f"""
+🔒 SECURITY ERROR: Unsanitized input used in {context_name} context
+
+The string value appears to be used in a {context_name} operation, but it has not been sanitized.
+This could lead to {get_vulnerability_name(context)} vulnerabilities.
+
+To fix this, sanitize the input before use:
+
+    sanitize your_variable as {context}
+    
+Example:
+    
+    ❌ UNSAFE:
+    query = "SELECT * FROM users WHERE name = '" + user_input + "'"
+    
+    ✅ SAFE:
+    sanitize user_input as {context}
+    query = "SELECT * FROM users WHERE name = '" + user_input + "'"
+
+Security is mandatory in Zexus - this protection cannot be disabled.
+"""
+    
+    raise SecurityEnforcementError(error_msg.strip())
+
+
+def get_vulnerability_name(context):
+    """Get the vulnerability name for a given context"""
+    vuln_map = {
+        SensitiveContext.SQL: "SQL Injection",
+        SensitiveContext.HTML: "Cross-Site Scripting (XSS)",
+        SensitiveContext.URL: "URL Injection / Open Redirect",
+        SensitiveContext.SHELL: "Command Injection"
+    }
+    return vuln_map.get(context, "Injection")
+
+
+def check_string_concatenation(left, right):
+    """
+    Check string concatenation for security issues.
+    
+    When concatenating strings, if the result would be used in a sensitive
+    context, both operands must be sanitized or trusted.
+    
+    Improvements:
+    - If BOTH operands are trusted (literals), the result is safe
+    - Only check context on the final combined result
+    - Reduce false positives from normal text operations
+    """
+    # If either operand is a String object, check sanitization
+    left_is_string = isinstance(left, String)
+    right_is_string = isinstance(right, String)
+    
+    if not (left_is_string or right_is_string):
+        return  # Not string concatenation
+    
+    # OPTIMIZATION: If both are trusted literals, the concatenation is safe
+    if (left_is_string and left.is_trusted) and (right_is_string and right.is_trusted):
+        return  # Both sides are literals - safe!
+    
+    # Get the concatenated value for context detection
+    left_val = left.value if left_is_string else str(left.inspect() if hasattr(left, 'inspect') else left)
+    right_val = right.value if right_is_string else str(right.inspect() if hasattr(right, 'inspect') else right)
+    combined = left_val + right_val
+    
+    # Detect if the combined string is in a sensitive context
+    context = detect_sensitive_context(combined)
+    
+    if context is None:
+        return  # No sensitive context detected
+    
+    # Check if both operands are safe for this context
+    # NOTE: We only enforce if the string is NOT trusted AND NOT sanitized
+    if left_is_string and not left.is_trusted and not left.is_safe_for(context):
+        enforce_sanitization(left, context)
+    
+    if right_is_string and not right.is_trusted and not right.is_safe_for(context):
+        enforce_sanitization(right, context)
+
+
+def mark_as_trusted(string_obj):
+    """
+    Mark a string as trusted (from literal, not external input).
+    
+    This should be called when creating String objects from literals.
+    """
+    if isinstance(string_obj, String):
+        string_obj.is_trusted = True
+    return string_obj

package/src/zexus/stdlib/fs.py

@@ -4,76 +4,173 @@ import os
 import shutil
 import glob as glob_module
 from pathlib import Path
-from typing import List, Dict, Any
+from typing import List, Dict, Any, Optional
+
+
+class PathTraversalError(Exception):
+    """Raised when path traversal attack is detected."""
+    pass
 
 
 class FileSystemModule:
-    """Provides file system operations."""
+    """Provides file system operations with path traversal protection."""
+    
+    # Allowed base directories for file operations
+    # If None, uses current working directory
+    _allowed_base_dirs: Optional[List[str]] = None
+    _strict_mode: bool = True  # Enable path validation by default
+    
+    @classmethod
+    def configure_security(cls, allowed_dirs: Optional[List[str]] = None, strict: bool = True):
+        """
+        Configure file system security settings.
+        
+        Args:
+            allowed_dirs: List of allowed base directories. None = use CWD only.
+            strict: Enable strict path validation
+        """
+        cls._allowed_base_dirs = allowed_dirs
+        cls._strict_mode = strict
+    
+    @classmethod
+    def _validate_path(cls, path: str, operation: str = "access") -> str:
+        """
+        Validate path to prevent traversal attacks.
+        
+        Args:
+            path: User-provided path
+            operation: Type of operation (for error messages)
+            
+        Returns:
+            Validated absolute path
+            
+        Raises:
+            PathTraversalError: If path traversal detected
+        """
+        if not cls._strict_mode:
+            return path
+        
+        # Convert to absolute path
+        abs_path = Path(path).resolve()
+        
+        # Check for common traversal patterns
+        path_str = str(path)
+        if '..' in path_str:
+            # Allow .. only if it doesn't escape allowed directories
+            pass  # Will be checked below
+        
+        # Determine allowed base directories
+        if cls._allowed_base_dirs is None:
+            # Default: only allow access within CWD
+            allowed_bases = [Path.cwd().resolve()]
+        else:
+            allowed_bases = [Path(d).resolve() for d in cls._allowed_base_dirs]
+        
+        # Check if resolved path is within allowed directories
+        is_allowed = False
+        for base in allowed_bases:
+            try:
+                abs_path.relative_to(base)
+                is_allowed = True
+                break
+            except ValueError:
+                continue
+        
+        if not is_allowed:
+            raise PathTraversalError(
+                f"Path traversal detected: '{path}' resolves to '{abs_path}' "
+                f"which is outside allowed directories. "
+                f"Allowed: {[str(b) for b in allowed_bases]}"
+            )
+        
+        return str(abs_path)
 
     @staticmethod
     def read_file(path: str, encoding: str = 'utf-8') -> str:
         """Read entire file as text."""
-        with open(path, 'r', encoding=encoding) as f:
+        validated_path = FileSystemModule._validate_path(path, "read")
+        with open(validated_path, 'r', encoding=encoding) as f:
             return f.read()
 
     @staticmethod
     def write_file(path: str, content: str, encoding: str = 'utf-8') -> None:
         """Write text to file."""
+        validated_path = FileSystemModule._validate_path(path, "write")
         # Create parent directory if it doesn't exist
-        Path(path).parent.mkdir(parents=True, exist_ok=True)
-        with open(path, 'w', encoding=encoding) as f:
+        Path(validated_path).parent.mkdir(parents=True, exist_ok=True)
+        with open(validated_path, 'w', encoding=encoding) as f:
             f.write(content)
 
     @staticmethod
     def append_file(path: str, content: str, encoding: str = 'utf-8') -> None:
         """Append text to file."""
+        validated_path = FileSystemModule._validate_path(path, "append")
         # Create parent directory if it doesn't exist (for consistency with write_file)
-        Path(path).parent.mkdir(parents=True, exist_ok=True)
-        with open(path, 'a', encoding=encoding) as f:
+        Path(validated_path).parent.mkdir(parents=True, exist_ok=True)
+        with open(validated_path, 'a', encoding=encoding) as f:
             f.write(content)
 
     @staticmethod
     def read_binary(path: str) -> bytes:
         """Read file as binary."""
-        with open(path, 'rb') as f:
+        validated_path = FileSystemModule._validate_path(path, "read_binary")
+        with open(validated_path, 'rb') as f:
             return f.read()
 
     @staticmethod
     def write_binary(path: str, data: bytes) -> None:
         """Write binary data to file."""
-        Path(path).parent.mkdir(parents=True, exist_ok=True)
-        with open(path, 'wb') as f:
+        validated_path = FileSystemModule._validate_path(path, "write_binary")
+        Path(validated_path).parent.mkdir(parents=True, exist_ok=True)
+        with open(validated_path, 'wb') as f:
             f.write(data)
 
     @staticmethod
     def exists(path: str) -> bool:
         """Check if file or directory exists."""
-        return os.path.exists(path)
+        try:
+            validated_path = FileSystemModule._validate_path(path, "exists")
+            return os.path.exists(validated_path)
+        except PathTraversalError:
+            return False  # Return False for invalid paths instead of error
 
     @staticmethod
     def is_file(path: str) -> bool:
         """Check if path is a file."""
-        return os.path.isfile(path)
+        try:
+            validated_path = FileSystemModule._validate_path(path, "is_file")
+            return os.path.isfile(validated_path)
+        except PathTraversalError:
+            return False
 
     @staticmethod
     def is_dir(path: str) -> bool:
         """Check if path is a directory."""
-        return os.path.isdir(path)
+        try:
+            validated_path = FileSystemModule._validate_path(path, "is_dir")
+            return os.path.isdir(validated_path)
+        except PathTraversalError:
+            return False
 
     @staticmethod
     def mkdir(path: str, parents: bool = True) -> None:
-        """Create directory."""
-        Path(path).mkdir(parents=parents, exist_ok=True)
+        validated_path = FileSystemModule._validate_path(path, "remove")
+        os.remove(validated_path)
 
     @staticmethod
-    def rmdir(path: str, recursive: bool = False) -> None:
-        """Remove directory."""
-        if recursive:
-            shutil.rmtree(path)
-        else:
-            os.rmdir(path)
+    def rename(old_path: str, new_path: str) -> None:
+        """Rename/move file or directory."""
+        validated_old = FileSystemModule._validate_path(old_path, "rename_source")
+        validated_new = FileSystemModule._validate_path(new_path, "rename_dest")
+        os.rename(validated_old, validated_new)
 
     @staticmethod
+    def copy_file(src: str, dst: str) -> None:
+        """Copy file."""
+        validated_src = FileSystemModule._validate_path(src, "copy_source")
+        validated_dst = FileSystemModule._validate_path(dst, "copy_dest")
+        shutil.copy2(validated_src, validated_
+    @staticmethod
     def remove(path: str) -> None:
         """Remove file."""
         os.remove(path)
@@ -91,7 +188,8 @@ class FileSystemModule:
     @staticmethod
     def copy_dir(src: str, dst: str) -> None:
         """Copy directory recursively."""
-        shutil.copytree(src, dst)
+        validated_path = FileSystemModule._validate_path(path, "list_dir")
+        return os.listdir(validated_c, dst)
 
     @staticmethod
     def list_dir(path: str = '.') -> List[str]:

package/src/zexus/zpm/package_manager.py

@@ -23,7 +23,7 @@ class PackageManager:
         self.installer = PackageInstaller(self.zpm_dir)
         self.publisher = PackagePublisher(self.registry)
         
-    def init(self, name: str = None, version: str = "1.6.2") -> Dict:
+    def init(self, name: str = None, version: str = "1.6.3") -> Dict:
         """Initialize a new Zexus project with package.json"""
         if self.config_file.exists():
             print(f"⚠️  {self.config_file} already exists")