crackerjack 0.31.10__py3-none-any.whl → 0.31.12__py3-none-any.whl

crackerjack/services/unified_config.py

@@ -1,11 +1,9 @@
-import json
 import os
 import typing as t
 from contextlib import suppress
 from pathlib import Path
 from typing import Any
 
-import yaml
 from pydantic import BaseModel, Field, field_validator
 from rich.console import Console
 
@@ -27,7 +25,7 @@ class CrackerjackConfig(BaseModel):
 
     test_timeout: int = 300
     test_workers: int = Field(default_factory=lambda: os.cpu_count() or 1)
-    min_coverage: float = 10.11  # Baseline from coverage ratchet system
+    min_coverage: float = 10.0
 
     log_level: str = "INFO"
     log_json: bool = False
@@ -38,11 +36,7 @@ class CrackerjackConfig(BaseModel):
     skip_hooks: bool = False
     experimental_hooks: bool = False
 
-    performance_tracking: bool = True
-    benchmark_mode: bool = False
-
-    publish_enabled: bool = False
-    keyring_provider: str = "subprocess"
+    # Removed unused configuration fields: performance_tracking, benchmark_mode, publish_enabled, keyring_provider
 
     batch_file_operations: bool = True
     file_operation_batch_size: int = 10
@@ -95,7 +89,7 @@ class ConfigSource:
         self.priority = priority
         self.logger = get_logger("crackerjack.config.source")
 
-    def load(self) -> dict[str, Any]:
+    def load(self) -> dict[str, t.Any]:
         raise NotImplementedError
 
     def is_available(self) -> bool:
@@ -108,8 +102,8 @@ class EnvironmentConfigSource(ConfigSource):
     def __init__(self, priority: int = 100) -> None:
         super().__init__(priority)
 
-    def load(self) -> dict[str, Any]:
-        config: dict[str, Any] = {}
+    def load(self) -> dict[str, t.Any]:
+        config: dict[str, t.Any] = {}
 
         for key, value in os.environ.items():
             if key.startswith(self.ENV_PREFIX):
@@ -117,71 +111,58 @@ class EnvironmentConfigSource(ConfigSource):
 
                 config[config_key] = self._convert_value(value)
 
-        self.logger.debug("Loaded environment config", keys=list(config.keys()))
         return config
 
-    def _convert_value(self, value: str) -> Any:
+    def _convert_value(self, value: str) -> t.Any:
         if value.lower() in ("true", "1", "yes", "on"):
             return True
         if value.lower() in ("false", "0", "no", "off"):
             return False
 
+        # Handle negative numbers with spaces (e.g., "- 10")
+        cleaned_value = value.replace(" ", "")
+
         with suppress(ValueError):
-            return int(value)
+            return int(cleaned_value)
 
         with suppress(ValueError):
-            return float(value)
+            return float(cleaned_value)
 
         return value
 
 
 class FileConfigSource(ConfigSource):
-    def __init__(self, file_path: Path, priority: int = 50) -> None:
+    def __init__(self, config_path: Path, priority: int = 50) -> None:
         super().__init__(priority)
-        self.file_path = file_path
+        self.config_path = config_path
 
     def is_available(self) -> bool:
-        return self.file_path.exists() and self.file_path.is_file()
+        return self.config_path.exists() and self.config_path.is_file()
 
-    def load(self) -> dict[str, Any]:
+    def load(self) -> dict[str, t.Any]:
         if not self.is_available():
             return {}
 
         try:
-            content = self.file_path.read_text()
-
-            if self.file_path.suffix.lower() in (".yml", ".yaml"):
-                yaml_result: t.Any = yaml.safe_load(content)
-                config = (
-                    t.cast("dict[str, Any]", yaml_result)
-                    if yaml_result is not None
-                    else {}
-                )
-            elif self.file_path.suffix.lower() == ".json":
-                json_result = json.loads(content)
-                config = (
-                    t.cast("dict[str, Any]", json_result)
-                    if json_result is not None
-                    else {}
-                )
-            else:
-                self.logger.warning(
-                    "Unknown config file format",
-                    path=str(self.file_path),
-                )
-                return {}
-
-            self.logger.debug(
-                "Loaded file config",
-                path=str(self.file_path),
-                keys=list(config.keys()),
-            )
-            return config
-
+            with self.config_path.open("r") as f:
+                if self.config_path.suffix in (".yaml", ".yml"):
+                    import yaml
+
+                    result = yaml.safe_load(f)
+                    return result if isinstance(result, dict) else {}
+                elif self.config_path.suffix == ".json":
+                    import json
+
+                    result = json.load(f)
+                    return result if isinstance(result, dict) else {}
+                else:
+                    self.logger.warning(
+                        f"Unsupported config file format: {self.config_path.suffix}"
+                    )
+                    return {}
         except Exception as e:
             self.logger.exception(
-                "Failed to load config file",
-                path=str(self.file_path),
+                f"Failed to load config from file: {self.config_path}",
                 error=str(e),
             )
             return {}
@@ -195,7 +176,7 @@ class PyprojectConfigSource(ConfigSource):
     def is_available(self) -> bool:
         return self.pyproject_path.exists() and self.pyproject_path.is_file()
 
-    def load(self) -> dict[str, Any]:
+    def load(self) -> dict[str, t.Any]:
         if not self.is_available():
             return {}
 
@@ -234,8 +215,8 @@ class OptionsConfigSource(ConfigSource):
         super().__init__(priority)
         self.options = options
 
-    def load(self) -> dict[str, Any]:
-        config: dict[str, Any] = {}
+    def load(self) -> dict[str, t.Any]:
+        config: dict[str, t.Any] = {}
 
         option_mappings = {
             "testing": "test_mode",
@@ -280,9 +261,6 @@ class UnifiedConfigurationService:
             ),
         )
 
-        # .crackerjack.* config files are no longer supported
-        # Configuration should be done through pyproject.toml
-
         self.sources.append(EnvironmentConfigSource())
 
         if options:
@@ -294,7 +272,7 @@ class UnifiedConfigurationService:
         pkg_path = self.pkg_path
 
         class DefaultConfigSource(ConfigSource):
-            def load(self) -> dict[str, Any]:
+            def load(self) -> dict[str, t.Any]:
                 return {
                     "package_path": pkg_path,
                     "cache_enabled": True,

crackerjack/services/validation_rate_limiter.py

@@ -0,0 +1,269 @@
+"""
+Rate limiting for input validation to prevent abuse and DoS attacks.
+
+This module provides rate limiting functionality to:
+- Prevent excessive validation failures
+- Protect against DoS attacks via malformed input
+- Track validation patterns for security monitoring
+"""
+
+import time
+import typing as t
+from collections import defaultdict, deque
+from threading import Lock
+
+from .security_logger import SecurityEventLevel, get_security_logger
+
+
+class ValidationRateLimit:
+    """Rate limiting configuration for different validation types."""
+
+    def __init__(
+        self,
+        max_failures: int = 10,
+        window_seconds: int = 60,
+        block_duration: int = 300,  # 5 minutes
+    ):
+        self.max_failures = max_failures
+        self.window_seconds = window_seconds
+        self.block_duration = block_duration
+
+
+class ValidationRateLimiter:
+    """
+    Rate limiter for validation failures to prevent abuse.
+
+    Tracks validation failures by client/source and blocks excessive failures.
+    Uses sliding window approach for accurate rate limiting.
+    """
+
+    def __init__(self):
+        self._failure_windows: dict[str, deque[float]] = defaultdict(deque)
+        self._blocked_until: dict[str, float] = {}
+        self._lock = Lock()
+        self._logger = get_security_logger()
+
+        # Default rate limits by validation type
+        self._limits = {
+            "default": ValidationRateLimit(),
+            "command_injection": ValidationRateLimit(
+                max_failures=3, block_duration=600
+            ),
+            "path_traversal": ValidationRateLimit(max_failures=3, block_duration=600),
+            "sql_injection": ValidationRateLimit(max_failures=2, block_duration=900),
+            "code_injection": ValidationRateLimit(max_failures=2, block_duration=900),
+            "json_payload": ValidationRateLimit(max_failures=20),
+            "job_id": ValidationRateLimit(max_failures=15),
+            "project_name": ValidationRateLimit(max_failures=15),
+        }
+
+    def is_blocked(self, client_id: str) -> bool:
+        """Check if a client is currently blocked."""
+        with self._lock:
+            if client_id in self._blocked_until:
+                if time.time() < self._blocked_until[client_id]:
+                    return True
+                else:
+                    # Block expired, remove it
+                    del self._blocked_until[client_id]
+            return False
+
+    def record_failure(
+        self,
+        client_id: str,
+        validation_type: str,
+        severity: SecurityEventLevel = SecurityEventLevel.MEDIUM,
+    ) -> bool:
+        """
+        Record a validation failure and check if client should be blocked.
+
+        Returns True if the client should be blocked, False otherwise.
+        """
+        with self._lock:
+            current_time = time.time()
+
+            # Get rate limit for this validation type
+            limit = self._limits.get(validation_type, self._limits["default"])
+
+            # Initialize failure window if needed
+            if client_id not in self._failure_windows:
+                self._failure_windows[client_id] = deque()
+
+            # Clean old failures outside the window
+            window = self._failure_windows[client_id]
+            while window and current_time - window[0] > limit.window_seconds:
+                window.popleft()
+
+            # Record this failure
+            window.append(current_time)
+
+            # Check if limit exceeded
+            if len(window) >= limit.max_failures:
+                # Block this client
+                self._blocked_until[client_id] = current_time + limit.block_duration
+
+                # Log the rate limit exceeded event
+                self._logger.log_rate_limit_exceeded(
+                    limit_type=validation_type,
+                    current_count=len(window),
+                    max_allowed=limit.max_failures,
+                    client_id=client_id,
+                    block_duration=limit.block_duration,
+                )
+
+                # Clear the failure window since client is now blocked
+                self._failure_windows[client_id].clear()
+
+                return True
+
+            return False
+
+    def get_remaining_attempts(self, client_id: str, validation_type: str) -> int:
+        """Get remaining validation attempts before rate limit."""
+        with self._lock:
+            if self.is_blocked(client_id):
+                return 0
+
+            limit = self._limits.get(validation_type, self._limits["default"])
+            current_failures = len(self._failure_windows.get(client_id, []))
+            return max(0, limit.max_failures - current_failures)
+
+    def get_block_time_remaining(self, client_id: str) -> int:
+        """Get seconds remaining until client is unblocked."""
+        with self._lock:
+            if client_id in self._blocked_until:
+                remaining = max(0, int(self._blocked_until[client_id] - time.time()))
+                return remaining
+            return 0
+
+    def get_client_stats(self, client_id: str) -> dict[str, t.Any]:
+        """Get rate limiting statistics for a client."""
+        with self._lock:
+            current_time = time.time()
+
+            stats = {
+                "client_id": client_id,
+                "is_blocked": self.is_blocked(client_id),
+                "block_time_remaining": self.get_block_time_remaining(client_id),
+                "recent_failures": 0,
+                "total_failures": 0,
+            }
+
+            if client_id in self._failure_windows:
+                window = self._failure_windows[client_id]
+                stats["total_failures"] = len(window)
+
+                # Count recent failures (last 5 minutes)
+                recent_count = sum(
+                    1 for failure_time in window if current_time - failure_time <= 300
+                )
+                stats["recent_failures"] = recent_count
+
+            return stats
+
+    def cleanup_expired_data(self) -> int:
+        """Clean up expired data and return number of items removed."""
+        with self._lock:
+            current_time = time.time()
+            removed_count = 0
+
+            # Clean expired blocks
+            expired_blocks = [
+                client_id
+                for client_id, block_until in self._blocked_until.items()
+                if current_time >= block_until
+            ]
+
+            for client_id in expired_blocks:
+                del self._blocked_until[client_id]
+                removed_count += 1
+
+            # Clean old failure windows (keep only last 24 hours)
+            for client_id, window in list(self._failure_windows.items()):
+                # Remove failures older than 24 hours
+                while window and current_time - window[0] > 86400:  # 24 hours
+                    window.popleft()
+                    removed_count += 1
+
+                # Remove empty windows
+                if not window:
+                    del self._failure_windows[client_id]
+
+            return removed_count
+
+    def update_rate_limits(
+        self,
+        validation_type: str,
+        max_failures: int,
+        window_seconds: int,
+        block_duration: int,
+    ) -> None:
+        """Update rate limits for a specific validation type."""
+        with self._lock:
+            self._limits[validation_type] = ValidationRateLimit(
+                max_failures=max_failures,
+                window_seconds=window_seconds,
+                block_duration=block_duration,
+            )
+
+    def get_all_stats(self) -> dict[str, t.Any]:
+        """Get comprehensive rate limiting statistics."""
+        with self._lock:
+            current_time = time.time()
+
+            stats: dict[str, t.Any] = {
+                "total_clients_tracked": len(self._failure_windows),
+                "currently_blocked": len(self._blocked_until),
+                "rate_limits": {
+                    vtype: {
+                        "max_failures": limit.max_failures,
+                        "window_seconds": limit.window_seconds,
+                        "block_duration": limit.block_duration,
+                    }
+                    for vtype, limit in self._limits.items()
+                },
+                "blocked_clients": [],
+                "active_clients": [],
+            }
+
+            # Get blocked client info
+            for client_id, block_until in self._blocked_until.items():
+                remaining = max(0, int(block_until - current_time))
+                stats["blocked_clients"].append(
+                    {
+                        "client_id": client_id,
+                        "blocked_until": block_until,
+                        "time_remaining": remaining,
+                    }
+                )
+
+            # Get active client info (with recent failures)
+            for client_id, window in self._failure_windows.items():
+                if client_id not in self._blocked_until and window:
+                    recent_failures = sum(
+                        1
+                        for failure_time in window
+                        if current_time - failure_time <= 300  # Last 5 minutes
+                    )
+                    if recent_failures > 0:
+                        stats["active_clients"].append(
+                            {
+                                "client_id": client_id,
+                                "recent_failures": recent_failures,
+                                "total_failures": len(window),
+                            }
+                        )
+
+            return stats
+
+
+# Global rate limiter instance
+_rate_limiter: ValidationRateLimiter | None = None
+
+
+def get_validation_rate_limiter() -> ValidationRateLimiter:
+    """Get the global validation rate limiter instance."""
+    global _rate_limiter
+    if _rate_limiter is None:
+        _rate_limiter = ValidationRateLimiter()
+    return _rate_limiter

crackerjack/services/version_checker.py

@@ -1,9 +1,3 @@
-"""Core version checking and comparison functionality.
-
-This module handles tool version detection, comparison, and update notifications.
-Split from tool_version_service.py to follow single responsibility principle.
-"""
-
 import subprocess
 import typing as t
 from dataclasses import dataclass
@@ -14,8 +8,6 @@ from rich.console import Console
 
 @dataclass
 class VersionInfo:
-    """Information about a tool's version and update status."""
-
     tool_name: str
     current_version: str
     latest_version: str | None = None
@@ -24,8 +16,6 @@ class VersionInfo:
 
 
 class VersionChecker:
-    """Service for checking tool versions and updates."""
-
     def __init__(self, console: Console) -> None:
         self.console = console
         self.tools_to_check = {
@@ -36,7 +26,6 @@ class VersionChecker:
         }
 
     async def check_tool_updates(self) -> dict[str, VersionInfo]:
-        """Check updates for all registered tools."""
         results = {}
         for tool_name, version_getter in self.tools_to_check.items():
             results[tool_name] = await self._check_single_tool(
@@ -47,7 +36,6 @@ class VersionChecker:
     async def _check_single_tool(
         self, tool_name: str, version_getter: t.Callable[[], str | None]
     ) -> VersionInfo:
-        """Check updates for a single tool."""
         try:
             current_version = version_getter()
             if current_version:
@@ -63,7 +51,6 @@ class VersionChecker:
     def _create_installed_version_info(
         self, tool_name: str, current_version: str, latest_version: str | None
     ) -> VersionInfo:
-        """Create version info for installed tool."""
         update_available = (
             latest_version is not None
             and self._version_compare(current_version, latest_version) < 0
@@ -72,7 +59,7 @@ class VersionChecker:
         if update_available:
             self.console.print(
                 f"[yellow]🔄 {tool_name} update available: "
-                f"{current_version} → {latest_version}[/yellow]"
+                f"{current_version} → {latest_version}[/ yellow]"
             )
 
         return VersionInfo(
@@ -83,8 +70,7 @@ class VersionChecker:
         )
 
     def _create_missing_tool_info(self, tool_name: str) -> VersionInfo:
-        """Create version info for missing tool."""
-        self.console.print(f"[red]⚠️ {tool_name} not installed[/red]")
+        self.console.print(f"[red]⚠️ {tool_name} not installed[/ red]")
         return VersionInfo(
             tool_name=tool_name,
             current_version="not installed",
@@ -94,8 +80,7 @@ class VersionChecker:
     def _create_error_version_info(
         self, tool_name: str, error: Exception
     ) -> VersionInfo:
-        """Create version info for tool with error."""
-        self.console.print(f"[red]❌ Error checking {tool_name}: {error}[/red]")
+        self.console.print(f"[red]❌ Error checking {tool_name}: {error}[/ red]")
         return VersionInfo(
             tool_name=tool_name,
             current_version="unknown",
@@ -103,23 +88,18 @@ class VersionChecker:
         )
 
     def _get_ruff_version(self) -> str | None:
-        """Get currently installed Ruff version."""
         return self._get_tool_version("ruff")
 
     def _get_pyright_version(self) -> str | None:
-        """Get currently installed Pyright version."""
         return self._get_tool_version("pyright")
 
     def _get_precommit_version(self) -> str | None:
-        """Get currently installed pre-commit version."""
         return self._get_tool_version("pre-commit")
 
     def _get_uv_version(self) -> str | None:
-        """Get currently installed UV version."""
         return self._get_tool_version("uv")
 
     def _get_tool_version(self, tool_name: str) -> str | None:
-        """Generic method to get tool version via subprocess."""
         try:
             result = subprocess.run(
                 [tool_name, "--version"],
@@ -136,13 +116,12 @@ class VersionChecker:
         return None
 
     async def _fetch_latest_version(self, tool_name: str) -> str | None:
-        """Fetch latest version from PyPI."""
         try:
             pypi_urls = {
-                "ruff": "https://pypi.org/pypi/ruff/json",
-                "pyright": "https://pypi.org/pypi/pyright/json",
-                "pre-commit": "https://pypi.org/pypi/pre-commit/json",
-                "uv": "https://pypi.org/pypi/uv/json",
+                "ruff": "https: / / pypi.org / pypi / ruff / json",
+                "pyright": "https: / / pypi.org / pypi / pyright / json",
+                "pre-commit": "https: / / pypi.org / pypi / pre-commit / json",
+                "uv": "https: / / pypi.org / pypi / uv / json",
             }
 
             url = pypi_urls.get(tool_name)
@@ -160,24 +139,20 @@ class VersionChecker:
             return None
 
     def _version_compare(self, current: str, latest: str) -> int:
-        """Compare two version strings. Returns -1 if current < latest, 0 if equal, 1 if current > latest."""
         try:
             current_parts, current_len = self._parse_version_parts(current)
             latest_parts, latest_len = self._parse_version_parts(latest)
 
-            # Normalize lengths
             normalized_current, normalized_latest = self._normalize_version_parts(
                 current_parts, latest_parts
             )
 
-            # Compare numeric values
             numeric_result = self._compare_numeric_parts(
                 normalized_current, normalized_latest
             )
             if numeric_result != 0:
                 return numeric_result
 
-            # Handle length differences when numeric values are equal
             return self._handle_length_differences(
                 current_len, latest_len, normalized_current, normalized_latest
             )
@@ -186,14 +161,12 @@ class VersionChecker:
             return 0
 
     def _parse_version_parts(self, version: str) -> tuple[list[int], int]:
-        """Parse version string into integer parts and return original length."""
         parts = [int(x) for x in version.split(".")]
         return parts, len(parts)
 
     def _normalize_version_parts(
         self, current_parts: list[int], latest_parts: list[int]
     ) -> tuple[list[int], list[int]]:
-        """Extend version parts to same length with zeros."""
         max_len = max(len(current_parts), len(latest_parts))
         current_normalized = current_parts + [0] * (max_len - len(current_parts))
         latest_normalized = latest_parts + [0] * (max_len - len(latest_parts))
@@ -202,7 +175,6 @@ class VersionChecker:
     def _compare_numeric_parts(
         self, current_parts: list[int], latest_parts: list[int]
     ) -> int:
-        """Compare version parts numerically."""
         for current_part, latest_part in zip(current_parts, latest_parts):
             if current_part < latest_part:
                 return -1
@@ -217,7 +189,6 @@ class VersionChecker:
         current_parts: list[int],
         latest_parts: list[int],
     ) -> int:
-        """Handle version comparison when lengths differ but numeric values are equal."""
         if current_len == latest_len:
             return 0
 
@@ -230,19 +201,17 @@ class VersionChecker:
     def _compare_when_current_shorter(
         self, current_len: int, latest_len: int, latest_parts: list[int]
     ) -> int:
-        """Compare when current version has fewer parts than latest."""
         extra_parts = latest_parts[current_len:]
         if any(part != 0 for part in extra_parts):
             return -1
-        # "1.0" vs "1.0.0" should return -1, but "1" vs "1.0" should return 0
+
         return -1 if current_len > 1 else 0
 
     def _compare_when_latest_shorter(
         self, latest_len: int, current_len: int, current_parts: list[int]
     ) -> int:
-        """Compare when latest version has fewer parts than current."""
         extra_parts = current_parts[latest_len:]
         if any(part != 0 for part in extra_parts):
             return 1
-        # "1.0.0" vs "1.0" should return 1, but "1.0" vs "1" should return 0
+
         return 1 if latest_len > 1 else 0