zexus 1.7.2 → 1.8.1

package/src/zexus/evaluator/statements.py

@@ -2092,8 +2092,10 @@ class StatementEvaluatorMixin:
             sandbox_fs = builder.build()
             sandbox_env.set('__sandbox_vfs__', sandbox_fs)
             sandbox_env.set('__sandbox_id__', sandbox_id)
-        except Exception:
-            pass
+        except Exception as exc:
+            # MEDIUM (M10): If sandbox isolation can't be established, do not
+            # execute the sandbox body under a weaker (or non-existent) policy.
+            return EvaluationError(f"Sandbox initialization failed: {exc}")
 
         # Ensure default sandbox policy exists
         try:
@@ -2228,9 +2230,11 @@ class StatementEvaluatorMixin:
             
             # Set up TX context
             from ..object import Map, String, Integer
+            # SECURITY (H5): Use module-level import instead of __import__
+            import time as _time_mod
             tx_context = Map({
                 String("caller"): String("system"),  # Default caller
-                String("timestamp"): Integer(int(__import__('time').time())),
+                String("timestamp"): Integer(int(_time_mod.time())),
             })
             contract_env.set("TX", tx_context)
             
@@ -3318,7 +3322,17 @@ class StatementEvaluatorMixin:
     # === PERFORMANCE OPTIMIZATION STATEMENTS ===
     
     def eval_native_statement(self, node, env, stack_trace):
-        """Evaluate native statement - call C/C++ code directly."""
+        """Evaluate native statement - call C/C++ code directly.
+        
+        SECURITY (C3): Requires ZEXUS_ALLOW_NATIVE=1 environment variable.
+        Disabled by default to prevent arbitrary native code loading via ctypes.
+        """
+        import os as _os
+        if _os.environ.get('ZEXUS_ALLOW_NATIVE') != '1':
+            return EvaluationError(
+                "Native statements are disabled for security. "
+                "Set ZEXUS_ALLOW_NATIVE=1 environment variable to enable ctypes FFI."
+            )
         try:
             import ctypes
             
@@ -4190,107 +4204,6 @@ class StatementEvaluatorMixin:
                 except Exception as e:
                     debug_log("eval_using_statement", f"Error cleaning up resource: {e}")
 
-    # === CONCURRENCY & PERFORMANCE STATEMENT EVALUATORS ===
-
-    def eval_channel_statement(self, node, env, stack_trace):
-        """Evaluate channel statement - declare a message passing channel."""
-        from ..concurrency_system import get_concurrency_manager
-        
-        manager = get_concurrency_manager()
-        
-        # Get channel name
-        channel_name = node.name.value if hasattr(node.name, 'value') else str(node.name)
-        
-        # Get element type if specified
-        element_type = None
-        if hasattr(node, 'element_type') and node.element_type:
-            element_type = str(node.element_type)
-        
-        # Get capacity if specified
-        capacity = 0
-        if hasattr(node, 'capacity') and node.capacity:
-            capacity = self.eval_node(node.capacity, env, stack_trace)
-            if isinstance(capacity, Integer):
-                capacity = capacity.value
-            else:
-                capacity = 0
-        
-        # Create channel
-        channel = manager.create_channel(channel_name, element_type, capacity)
-        debug_log("eval_channel_statement", f"Created channel: {channel_name}")
-        
-        # Store in environment
-        env.set(channel_name, channel)
-        return String(f"Channel '{channel_name}' created")
-
-    def eval_send_statement(self, node, env, stack_trace):
-        """Evaluate send statement - send value to a channel."""
-        
-        # Evaluate channel expression
-        channel = self.eval_node(node.channel_expr, env, stack_trace)
-        
-        # Evaluate value to send
-        value = self.eval_node(node.value_expr, env, stack_trace)
-        
-        # Send to channel
-        if hasattr(channel, 'send'):
-            try:
-                channel.send(value, timeout=5.0)
-                debug_log("eval_send_statement", f"Sent to channel: {value}")
-                return String(f"Value sent to channel")
-            except Exception as e:
-                return String(f"Error sending to channel: {e}")
-        else:
-            return String(f"Error: not a valid channel")
-
-    def eval_receive_statement(self, node, env, stack_trace):
-        """Evaluate receive statement - receive value from a channel."""
-        
-        # Evaluate channel expression
-        channel = self.eval_node(node.channel_expr, env, stack_trace)
-        
-        # Receive from channel
-        if hasattr(channel, 'receive'):
-            try:
-                value = channel.receive(timeout=5.0)
-                debug_log("eval_receive_statement", f"Received from channel: {value}")
-                
-                # Bind to target if specified
-                if hasattr(node, 'target') and node.target:
-                    target_name = node.target.value if hasattr(node.target, 'value') else str(node.target)
-                    env.set(target_name, value)
-                
-                return value if value is not None else NULL
-            except Exception as e:
-                return String(f"Error receiving from channel: {e}")
-        else:
-            return String(f"Error: not a valid channel")
-
-    def eval_atomic_statement(self, node, env, stack_trace):
-        """Evaluate atomic statement - execute indivisible operation."""
-        from ..concurrency_system import get_concurrency_manager
-        
-        manager = get_concurrency_manager()
-        
-        # Create/get atomic region
-        atomic_id = f"atomic_{id(node)}"
-        atomic = manager.create_atomic(atomic_id)
-        
-        # Execute atomically
-        def execute_block():
-            if hasattr(node, 'body') and node.body:
-                # Atomic block
-                return self.eval_node(node.body, env, stack_trace)
-            elif hasattr(node, 'expr') and node.expr:
-                # Atomic expression
-                return self.eval_node(node.expr, env, stack_trace)
-            return NULL
-        
-        result = atomic.execute(execute_block)
-        debug_log("eval_atomic_statement", "Atomic operation completed")
-        
-        return result if result is not NULL else NULL
-
     # === BLOCKCHAIN STATEMENT EVALUATION ===
     
     def eval_ledger_statement(self, node, env, stack_trace):
@@ -4796,11 +4709,16 @@ class StatementEvaluatorMixin:
         # Store method signatures
         methods = {}
         for method in node.methods:
-            method_name = method.name.value if hasattr(method.name, 'value') else str(method.name)
-            methods[method_name] = {
-                'params': method.parameters if hasattr(method, 'parameters') else [],
-                'return_type': method.return_type if hasattr(method, 'return_type') else None
-            }
+            # methods may be strings (from context parser) or ActionStatement objects
+            if isinstance(method, str):
+                method_name = method
+                methods[method_name] = {'params': [], 'return_type': None}
+            else:
+                method_name = method.name.value if hasattr(method.name, 'value') else str(method.name) if hasattr(method, 'name') else str(method)
+                methods[method_name] = {
+                    'params': method.parameters if hasattr(method, 'parameters') else [],
+                    'return_type': method.return_type if hasattr(method, 'return_type') else None
+                }
         
         # Create protocol object
         protocol_def = {
@@ -4825,6 +4743,22 @@ class StatementEvaluatorMixin:
         # Get variable name
         var_name = node.name.value if hasattr(node.name, 'value') else str(node.name)
         
+        # Ensure persistence backend is initialised on this environment
+        if hasattr(env, '_persistent_storage') and env._persistent_storage is None:
+            try:
+                from ..persistence import PersistentStorage, MemoryTracker
+                # Derive scope from the contract name if available, else use a default
+                scope = env.get("__contract_name__") or "global"
+                if hasattr(scope, 'value'):
+                    scope = scope.value
+                scope = str(scope)
+                env._persistent_storage = PersistentStorage(scope)
+                if env._memory_tracker is None:
+                    env._memory_tracker = MemoryTracker()
+                    env._memory_tracker.start_tracking()
+            except (ImportError, Exception):
+                pass  # Persistence module not available — fall through to regular storage
+        
         # Evaluate initial value if provided
         value = NULL
         if node.initial_value:
@@ -4835,8 +4769,17 @@ class StatementEvaluatorMixin:
         # Mark as persistent in environment (special marker)
         env.set(f"__persistent_{var_name}__", True)
         
-        # Store the actual value
-        env.set(var_name, value)
+        # Store via the persistence layer if available, otherwise regular
+        if hasattr(env, 'set_persistent') and hasattr(env, '_persistent_storage') and env._persistent_storage is not None:
+            env.set_persistent(var_name, value)
+        else:
+            env.set(var_name, value)
+        
+        # On startup, restore the previously-persisted value (overrides default)
+        if hasattr(env, 'get_persistent') and hasattr(env, '_persistent_storage') and env._persistent_storage is not None:
+            persisted = env.get_persistent(var_name)
+            if persisted is not None:
+                env.store[var_name] = persisted
         
         return NULL
 

package/src/zexus/module_cache.py

@@ -103,6 +103,9 @@ def cache_contract_ast(source_hash: str, ast: Any) -> None:
 def get_module_candidates(file_path: str, importer_file: str = None) -> list[str]:
     """Get candidate paths for a module, checking zpm_modules etc.
     
+    SECURITY (H7): All resolved candidates are confined to the project root (cwd).
+    Absolute paths and traversals outside the project are rejected.
+    
     Args:
         file_path: The module path to import
         importer_file: The absolute path of the file doing the importing (for relative imports)
@@ -111,10 +114,16 @@ def get_module_candidates(file_path: str, importer_file: str = None) -> list[str
         List of candidate absolute paths to check
     """
     candidates = []
+    project_root = os.path.realpath(os.getcwd())
+    
+    def _is_within_sandbox(resolved: str) -> bool:
+        real = os.path.realpath(resolved)
+        return real == project_root or real.startswith(project_root + os.sep)
     
     if os.path.isabs(file_path):
-        # Absolute path - use as-is
-        candidates.append(file_path)
+        # SECURITY: Absolute paths are only accepted if within project_root
+        if _is_within_sandbox(file_path):
+            candidates.append(file_path)
     else:
         # Relative path - resolve based on importer's directory
         if importer_file and file_path.startswith('./'):
@@ -123,7 +132,7 @@ def get_module_candidates(file_path: str, importer_file: str = None) -> list[str
             resolved_path = os.path.join(importer_dir, file_path[2:])  # Remove './'
             candidates.append(resolved_path)
             # Also consider project-root relative paths like "./tests/..."
-            candidates.append(os.path.join(os.getcwd(), file_path[2:]))
+            candidates.append(os.path.join(project_root, file_path[2:]))
         elif importer_file and file_path.startswith('../'):
             # Parent directory relative to importing file
             importer_dir = os.path.dirname(importer_file)
@@ -135,18 +144,20 @@ def get_module_candidates(file_path: str, importer_file: str = None) -> list[str
                 importer_dir = os.path.dirname(importer_file)
                 candidates.append(os.path.join(importer_dir, file_path))
             # Then relative to current working directory
-            candidates.append(os.path.join(os.getcwd(), file_path))
+            candidates.append(os.path.join(project_root, file_path))
         
         # Also check zpm_modules directory
-        candidates.append(os.path.join(os.getcwd(), 'zpm_modules', file_path))
+        candidates.append(os.path.join(project_root, 'zpm_modules', file_path))
 
     # Try adding typical extensions (.zx, .zexus)
     extended_candidates = []
     for candidate in candidates:
-        extended_candidates.append(candidate)
-        if not candidate.endswith(('.zx', '.zexus')):
-            extended_candidates.append(candidate + '.zx')
-            extended_candidates.append(candidate + '.zexus')
+        # SECURITY: Only keep candidates that resolve within the project root
+        if _is_within_sandbox(candidate):
+            extended_candidates.append(candidate)
+            if not candidate.endswith(('.zx', '.zexus')):
+                extended_candidates.append(candidate + '.zx')
+                extended_candidates.append(candidate + '.zexus')
     
     return extended_candidates