zexus 1.7.2 → 1.8.1

package/src/zexus/evaluator/expressions.py

@@ -1,5 +1,6 @@
 # src/zexus/evaluator/expressions.py
 import os
+import traceback as _tb
 
 from ..zexus_ast import (
     IntegerLiteral, FloatLiteral, StringLiteral, ListLiteral, MapLiteral,
@@ -139,7 +140,6 @@ class ExpressionEvaluatorMixin:
             if hasattr(env, 'store'):
                 env_keys = list(env.store.keys())
             # Use direct print to ensure visibility during debugging
-            import traceback as _tb
             stack_snip = ''.join(_tb.format_stack(limit=5)[-3:])
             # print(f"[DEBUG] Identifier not found: {node.value}; env_keys={env_keys}\nStack snippet:\n{stack_snip}")
         except Exception:
@@ -367,13 +367,27 @@ class ExpressionEvaluatorMixin:
             return self.eval_string_infix(operator, left, right)
         
         # String repetition: "x" * 100 or 100 * "x"
+        # SECURITY (H3): Cap repetition to prevent memory exhaustion
         elif operator == "*":
+            _MAX_STRING_REPEAT = 1_000_000  # 1 MB max
             if isinstance(left, String) and isinstance(right, Integer):
-                # "x" * 100
-                return String(left.value * right.value)
+                n = right.value
+                if n < 0:
+                    n = 0
+                if n > _MAX_STRING_REPEAT:
+                    return EvaluationError(
+                        f"String repetition count {n} exceeds maximum ({_MAX_STRING_REPEAT})"
+                    )
+                return String(left.value * n)
             elif isinstance(left, Integer) and isinstance(right, String):
-                # 100 * "x"
-                return String(right.value * left.value)
+                n = left.value
+                if n < 0:
+                    n = 0
+                if n > _MAX_STRING_REPEAT:
+                    return EvaluationError(
+                        f"String repetition count {n} exceeds maximum ({_MAX_STRING_REPEAT})"
+                    )
+                return String(right.value * n)
         
         # Array Concatenation
         elif operator == "+" and isinstance(left, List) and isinstance(right, List):
@@ -844,23 +858,14 @@ class ExpressionEvaluatorMixin:
                             error_msg += f"\n  Promise created at: {awaitable.stack_trace}"
                         return EvaluationError(error_msg)
                 else:
-                    # Promise is still pending - this shouldn't happen with current implementation
-                    # but we can spin-wait briefly
-                    import time
-                    max_wait = 1.0  # 1 second timeout
-                    waited = 0.0
-                    while not awaitable.is_resolved() and waited < max_wait:
-                        time.sleep(0.001)  # 1ms
-                        waited += 0.001
-                    
-                    if awaitable.is_resolved():
-                        try:
-                            result = awaitable.get_value()
-                            return result if result is not None else NULL
-                        except Exception as e:
-                            return EvaluationError(f"Promise rejected: {e}")
-                    else:
-                        return EvaluationError("Await timeout: promise did not resolve")
+                    # LI6: Avoid busy-waiting (sleep(0.001)) which burns CPU and
+                    # makes await non-deterministic. In the current interpreter,
+                    # unresolved promises are not awaited synchronously.
+                    return EvaluationError(
+                        "Awaited promise is still pending. "
+                        "This runtime does not support blocking awaits; "
+                        "ensure the promise resolves before awaiting it."
+                    )
             
             # Await a Coroutine
             elif obj_type == "COROUTINE":

package/src/zexus/evaluator/functions.py

@@ -565,6 +565,8 @@ class FunctionEvaluatorMixin:
                 found = any(elem.value == target.value for elem in obj.elements 
                           if hasattr(elem, 'value') and hasattr(target, 'value'))
                 return TRUE if found else FALSE
+            elif method_name == "is_empty":
+                return TRUE if len(obj.elements) == 0 else FALSE
         
         # === Coroutine Methods ===
         from ..object import Coroutine
@@ -593,11 +595,23 @@ class FunctionEvaluatorMixin:
             
             if method_name == "has":
                 key = args[0].value if hasattr(args[0], 'value') else str(args[0])
-                return TRUE if key in obj.pairs else FALSE
+                # Try plain key first, then try String-wrapped key for normalization
+                if key in obj.pairs:
+                    return TRUE
+                str_key = String(key) if isinstance(key, str) else key
+                if str_key in obj.pairs:
+                    return TRUE
+                return FALSE
             elif method_name == "get":
                 key = args[0].value if hasattr(args[0], 'value') else str(args[0])
                 default = args[1] if len(args) > 1 else NULL
-                return obj.pairs.get(key, default)
+                # Try plain key first, then String-wrapped key for normalization
+                if key in obj.pairs:
+                    return obj.pairs[key]
+                str_key = String(key) if isinstance(key, str) else key
+                if str_key in obj.pairs:
+                    return obj.pairs[str_key]
+                return default
             elif method_name == "keys":
                 # Return array of all keys
                 return List([String(k) if isinstance(k, str) else k for k in obj.pairs.keys()])
@@ -2634,103 +2648,26 @@ class FunctionEvaluatorMixin:
                     return EvaluationError(f"eval_file() zexus execution error: {str(e)}")
             
             elif language == "py" or language == "python":
-                # Execute Python code
-                try:
-                    exec_globals = {}
-                    exec(content, exec_globals)
-                    # Return the result if there's a 'result' variable
-                    if 'result' in exec_globals:
-                        result_val = exec_globals['result']
-                        # Convert Python types to Zexus types
-                        if isinstance(result_val, str):
-                            return String(result_val)
-                        elif isinstance(result_val, int):
-                            return Integer(result_val)
-                        elif isinstance(result_val, float):
-                            return Float(result_val)
-                        elif isinstance(result_val, bool):
-                            return Boolean(result_val)
-                        elif isinstance(result_val, list):
-                            return List([Integer(x) if isinstance(x, int) else String(str(x)) for x in result_val])
-                    return NULL
-                except Exception as e:
-                    return EvaluationError(f"eval_file() python execution error: {str(e)}")
+                # SECURITY (C1): exec() disabled — arbitrary Python execution is unsafe
+                return EvaluationError(
+                    "eval_file() for Python is disabled for security reasons. "
+                    "Use Zexus native code or the FFI bridge instead."
+                )
             
             elif language in ["cpp", "c++", "c", "rs", "rust", "go"]:
                 # For compiled languages, try to compile and run
                 return EvaluationError(f"eval_file() for {language} requires compilation - not yet implemented")
             
             elif language == "js" or language == "javascript":
-                # Execute JavaScript (if Node.js is available)
-                try:
-                    result = subprocess.run(['node', '-e', content], 
-                                          capture_output=True, 
-                                          text=True, 
-                                          timeout=5)
-                    if result.returncode != 0:
-                        return EvaluationError(f"JavaScript error: {result.stderr}")
-                    return String(result.stdout.strip())
-                except FileNotFoundError:
-                    return EvaluationError("Node.js not found - cannot execute JavaScript")
-                except Exception as e:
-                    return EvaluationError(f"eval_file() js execution error: {str(e)}")
+                # SECURITY (C2): subprocess.run(['node',...]) disabled — arbitrary JS execution is unsafe
+                return EvaluationError(
+                    "eval_file() for JavaScript is disabled for security reasons. "
+                    "Use Zexus native code instead."
+                )
             
             else:
                 return EvaluationError(f"Unsupported language: {language}")
         
-        # Contract Assertions
-        def _require(*a):
-            """Assert a condition in smart contracts: require(condition, message)
-            
-            Throws an error if condition is false. Essential for contract validation.
-            
-            Example:
-                require(balance >= amount, "Insufficient balance")
-                require(sender == owner, "Not authorized")
-                require(value > 0, "Amount must be positive")
-            """
-            if len(a) < 1 or len(a) > 2:
-                return EvaluationError("require() takes 1-2 arguments: require(condition, [message])")
-            
-            condition = a[0]
-            message = a[1].value if len(a) > 1 and isinstance(a[1], String) else "Requirement failed"
-            
-            # Check if condition is truthy
-            from .utils import is_truthy
-            if not is_truthy(condition):
-                # Return error with contract-specific formatting
-                return EvaluationError(f"Contract requirement failed: {message}")
-            
-            # Condition passed, return NULL
-            return NULL
-        
-        # Contract Assertions
-        def _require(*a):
-            """Assert a condition in smart contracts: require(condition, message)
-            
-            Throws an error if condition is false. Essential for contract validation.
-            Note: This is a fallback for contexts where the require statement isn't available.
-            
-            Example:
-                require(balance >= amount, "Insufficient balance")
-                require(sender == owner, "Not authorized")
-                require(value > 0, "Amount must be positive")
-            """
-            if len(a) < 1 or len(a) > 2:
-                return EvaluationError("require() takes 1-2 arguments: require(condition, [message])")
-            
-            condition = a[0]
-            message = a[1].value if len(a) > 1 and isinstance(a[1], String) else "Requirement failed"
-            
-            # Check if condition is truthy
-            from .utils import is_truthy
-            if not is_truthy(condition):
-                # Return error with contract-specific formatting
-                return EvaluationError(f"Contract requirement failed: {message}")
-            
-            # Condition passed, return NULL
-            return NULL
-        
         # Map/Object helper functions
         def _keys(*a):
             """Get all keys from a map: keys(map) -> [key1, key2, ...]"""
@@ -2783,8 +2720,6 @@ class FunctionEvaluatorMixin:
             "to_hex": Builtin(_to_hex, "to_hex"),
             "from_hex": Builtin(_from_hex, "from_hex"),
             "sqrt": Builtin(_sqrt, "sqrt"),
-            "require": Builtin(_require, "require"),
-            "require": Builtin(_require, "require"),
             "input": Builtin(_input, "input"),
             "hash_password": Builtin(_hash_password, "hash_password"),
             "verify_password": Builtin(_verify_password, "verify_password"),
@@ -2832,10 +2767,8 @@ class FunctionEvaluatorMixin:
             "uppercase": Builtin(_uppercase, "uppercase"),
             "lowercase": Builtin(_lowercase, "lowercase"),
             "split": Builtin(_split, "split"),
-            "random": Builtin(_random, "random"),
             "persist_set": Builtin(_persist_set, "persist_set"),
             "persist_get": Builtin(_persist_get, "persist_get"),
-            "input": Builtin(_input, "input"),
             "len": Builtin(_len, "len"),
             "type": Builtin(_type, "type"),
             "first": Builtin(_first, "first"),
@@ -3204,7 +3137,6 @@ class FunctionEvaluatorMixin:
             "receive": Builtin(_receive, "receive"),
             "close_channel": Builtin(_close_channel, "close_channel"),
             "async": Builtin(_async, "async"),
-            "sleep": Builtin(_sleep, "sleep"),
             "spawn": Builtin(_spawn, "spawn"),
             "wait_group": Builtin(_wait_group, "wait_group"),
             "wg_add": Builtin(_wg_add, "wg_add"),
@@ -3622,8 +3554,10 @@ class FunctionEvaluatorMixin:
         
         def _memory_stats(*a):
             """Get memory tracking statistics: memory_stats()"""
-            import sys
             import gc
+            import os
+            import sys
+            import tracemalloc
             
             # Get process memory usage
             try:
@@ -3633,12 +3567,24 @@ class FunctionEvaluatorMixin:
                 current_bytes = mem_info.rss  # Resident Set Size
                 peak_bytes = getattr(mem_info, 'peak_wset', mem_info.rss)  # Windows has peak_wset
             except (ImportError, AttributeError):
-                # Fallback: use Python's internal memory tracking
-                current_bytes = sys.getsizeof(gc.get_objects())
-                peak_bytes = current_bytes
+                # LI8: Avoid gc.get_objects() (very slow). Prefer OS ru_maxrss or tracemalloc.
+                current_bytes = 0
+                peak_bytes = 0
+                try:
+                    import resource
+                    ru = resource.getrusage(resource.RUSAGE_SELF)
+                    # Linux: KB, macOS: bytes
+                    ru_maxrss = getattr(ru, 'ru_maxrss', 0) or 0
+                    if sys.platform == 'darwin':
+                        peak_bytes = int(ru_maxrss)
+                    else:
+                        peak_bytes = int(ru_maxrss) * 1024
+                    current_bytes = peak_bytes
+                except Exception:
+                    if tracemalloc.is_tracing():
+                        current_bytes, peak_bytes = tracemalloc.get_traced_memory()
             
-            # Get GC statistics
-            gc_count = len(gc.get_objects())
+            # Get GC statistics (fast)
             gc_collections = sum(gc.get_count())
             
             # Get environment-specific tracking if available
@@ -3652,7 +3598,7 @@ class FunctionEvaluatorMixin:
                 String("current"): Integer(current_bytes),
                 String("peak"): Integer(peak_bytes),
                 String("gc_count"): Integer(gc_collections),
-                String("objects"): Integer(gc_count),
+                String("objects"): Integer(-1),
                 String("tracked_objects"): Integer(tracked_objects)
             })
         
@@ -3829,6 +3775,94 @@ class FunctionEvaluatorMixin:
             "clear_mocks": Builtin(_clear_mocks, "clear_mocks"),
             "set_execution_mode": Builtin(_set_execution_mode, "set_execution_mode"),
         })
+
+        # ----- INT-005 through INT-009: missing directive builtins -----
+        self._register_missing_directive_builtins()
+
+    def _register_missing_directive_builtins(self):
+        """Register track_memory, cache, throttle, audit, verify builtins (INT-005..INT-009)."""
+
+        def _track_memory(*a):
+            """Enable memory tracking: track_memory() or track_memory(options_map)"""
+            env = getattr(self, '_current_env', None)
+            if env and hasattr(env, 'enable_memory_tracking'):
+                env.enable_memory_tracking()
+                return String("Memory tracking enabled")
+            return String("Memory tracking enabled (no-op — persistence module not loaded)")
+
+        def _cache(*a):
+            """Declare a named cache: cache(name, options_map)
+            Options: {ttl: seconds}
+            Returns the cache handle (currently a lightweight Map stub).
+            """
+            name = str(a[0].value) if a and hasattr(a[0], 'value') else "default"
+            ttl = 300  # default 5 min
+            if len(a) >= 2 and hasattr(a[1], 'pairs'):
+                for k, v in a[1].pairs.items():
+                    key_str = k.value if hasattr(k, 'value') else str(k)
+                    if key_str == "ttl" and hasattr(v, 'value'):
+                        ttl = int(v.value)
+            # Store cache metadata in environment
+            env = getattr(self, '_current_env', None)
+            if env:
+                env.set(f"__cache_{name}_ttl__", Integer(ttl))
+            return Map({String("name"): String(name), String("ttl"): Integer(ttl)})
+
+        def _throttle(*a):
+            """Set up rate-limiting: throttle(name, options_map)
+            Options: {requests_per_minute: N}
+            """
+            name = str(a[0].value) if a and hasattr(a[0], 'value') else "default"
+            rpm = 60
+            if len(a) >= 2 and hasattr(a[1], 'pairs'):
+                for k, v in a[1].pairs.items():
+                    key_str = k.value if hasattr(k, 'value') else str(k)
+                    if key_str == "requests_per_minute" and hasattr(v, 'value'):
+                        rpm = int(v.value)
+            env = getattr(self, '_current_env', None)
+            if env:
+                env.set(f"__throttle_{name}_rpm__", Integer(rpm))
+            return Map({String("name"): String(name), String("requests_per_minute"): Integer(rpm)})
+
+        def _audit(*a):
+            """Log an audit event: audit(event_name, data_map)"""
+            event_name = str(a[0].value) if a and hasattr(a[0], 'value') else "unknown"
+            data = a[1] if len(a) >= 2 else NULL
+            # Store in environment audit trail
+            env = getattr(self, '_current_env', None)
+            if env:
+                trail = env.get("__audit_trail__")
+                if trail is None or not isinstance(trail, List):
+                    trail = List([])
+                    env.set("__audit_trail__", trail)
+                trail.elements.append(Map({String("event"): String(event_name), String("data"): data}))
+            return String(f"Audit logged: {event_name}")
+
+        def _verify(*a):
+            """Alias for require(): verify(condition, message)
+            Throws if condition is falsy.
+            """
+            if len(a) < 1:
+                return EvaluationError("verify() requires at least 1 argument: condition")
+            condition = a[0]
+            msg = str(a[1].value) if len(a) >= 2 and hasattr(a[1], 'value') else "Verification failed"
+            # Truthy check
+            is_truthy = True
+            if hasattr(condition, 'value'):
+                is_truthy = bool(condition.value)
+            elif condition is NULL or condition is FALSE:
+                is_truthy = False
+            if not is_truthy:
+                return EvaluationError(msg)
+            return TRUE
+
+        self.builtins.update({
+            "track_memory": Builtin(_track_memory, "track_memory"),
+            "cache": Builtin(_cache, "cache"),
+            "throttle": Builtin(_throttle, "throttle"),
+            "audit": Builtin(_audit, "audit"),
+            "verify": Builtin(_verify, "verify"),
+        })
     
     def _register_main_entry_point_builtins(self):
         """Register builtins for main entry point pattern and continuous execution"""
@@ -4004,7 +4038,9 @@ class FunctionEvaluatorMixin:
                     print(f"⚠️  on_exit hook error: {str(e)}")
             
             print(f"👋 Exiting with code {exit_code}")
-            sys.exit(exit_code)
+            # SECURITY (H4): Raise SystemExit instead of calling sys.exit()
+            # so it can be caught by the interpreter's top-level handler
+            raise SystemExit(exit_code)
         
         def _on_start(*a):
             """
@@ -4167,23 +4203,19 @@ class FunctionEvaluatorMixin:
             """
             Run the current process as a background daemon.
             
-            Detaches from terminal and runs in background. On Unix systems, this
-            performs a double fork to properly daemonize. On Windows, it's a no-op.
-            
-            Usage:
-                if is_main() {
-                    daemonize()
-                    # Now running as daemon
-                    run(my_server_task)
-                }
-            
-            Optional arguments:
-                daemonize()              # Use defaults
-                daemonize(working_dir)   # Set working directory
+            SECURITY (C8): Requires ZEXUS_ALLOW_DAEMON=1 environment variable.
+            Disabled by default to prevent untrusted scripts from forking.
             """
             import os
             import sys
             
+            # Security gate: must be explicitly opted-in
+            if os.environ.get('ZEXUS_ALLOW_DAEMON') != '1':
+                return EvaluationError(
+                    "daemonize() is disabled for security. "
+                    "Set ZEXUS_ALLOW_DAEMON=1 environment variable to enable."
+                )
+            
             # Check if we're on a Unix-like system
             if not hasattr(os, 'fork'):
                 return EvaluationError("daemonize() is only supported on Unix-like systems")
@@ -4826,7 +4858,13 @@ class FunctionEvaluatorMixin:
             return String(value)
         
         def _env_set(*a):
-            """Set environment variable: env_set("VAR_NAME", "value")"""
+            """Set environment variable: env_set("VAR_NAME", "value")
+            
+            SECURITY (C9): Blocks modification of security-sensitive env vars
+            (PATH, LD_PRELOAD, PYTHONPATH, etc.).
+            """
+            from ..object import BLOCKED_ENV_VARS
+            
             if len(a) != 2:
                 return EvaluationError("env_set() takes 2 arguments: var_name, value")
             
@@ -4836,6 +4874,12 @@ class FunctionEvaluatorMixin:
             var_name = var_name_obj.value if isinstance(var_name_obj, String) else str(var_name_obj)
             value = value_obj.value if isinstance(value_obj, String) else str(value_obj)
             
+            # Security: block sensitive environment variables
+            if var_name.upper() in BLOCKED_ENV_VARS:
+                return EvaluationError(
+                    f"env_set() denied: '{var_name}' is a protected environment variable"
+                )
+            
             os.environ[var_name] = value
             return TRUE
         
@@ -4885,22 +4929,23 @@ class FunctionEvaluatorMixin:
                 return String("strong")
         
         def _sanitize_input(*a):
-            """Sanitize user input by removing dangerous characters"""
+            """Sanitize user input without corrupting data.
+
+            LI9: This is *not* an SQL-injection defense and must not attempt to
+            strip SQL keywords (bypassable + corrupts user data). Prefer
+            parameterized queries for DB APIs.
+            """
             if len(a) != 1:
                 return EvaluationError("sanitize_input() takes 1 argument")
             
             val = a[0]
             input_str = val.value if isinstance(val, String) else str(val)
             
-            # Remove potentially dangerous characters
-            # Remove HTML tags
-            sanitized = re.sub(r'<[^>]+>', '', input_str)
-            # Remove script tags
-            sanitized = re.sub(r'<script[^>]*>.*?</script>', '', sanitized, flags=re.IGNORECASE)
-            # Remove SQL injection patterns
-            sanitized = re.sub(r'(;|--|\'|\"|\bOR\b|\bAND\b)', '', sanitized, flags=re.IGNORECASE)
-            
-            return String(sanitized)
+            sanitized = input_str.replace("\x00", "")
+            sanitized = sanitized.replace("\r\n", "\n").replace("\r", "\n")
+            # Preserve original trust level if we received a String.
+            is_trusted = val.is_trusted if isinstance(val, String) else False
+            return String(sanitized, sanitized_for="generic", is_trusted=is_trusted)
         
         def _validate_length(*a):
             """Validate string length: validate_length(value, min, max)"""