crackerjack 0.31.10__py3-none-any.whl → 0.31.13__py3-none-any.whl

crackerjack/tools/validate_input_validator_patterns.py

@@ -0,0 +1,262 @@
+#!/usr/bin/env python3
+"""
+Test script to validate that all new input validator SAFE_PATTERNS work correctly.
+
+This script validates the security-critical input validation patterns and ensures
+they provide proper protection against injection attacks and malicious input.
+"""
+
+import sys
+from pathlib import Path
+
+# Add the crackerjack package to the path
+sys.path.insert(0, str(Path(__file__).parent.parent))
+
+from crackerjack.services.input_validator import SecureInputValidator
+from crackerjack.services.regex_patterns import SAFE_PATTERNS
+
+
+def test_sql_injection_patterns():
+    """Test SQL injection detection patterns."""
+    print("Testing SQL injection patterns...")
+
+    test_cases = [
+        # Should be detected as malicious
+        ("SELECT * FROM users", True, "Basic SELECT"),
+        ("UNION SELECT password FROM admin", True, "UNION injection"),
+        ("'; DROP TABLE users; --", True, "SQL comment injection"),
+        ("' OR 1=1--", True, "Boolean injection"),
+        ("xp_cmdshell('dir')", True, "SQL Server specific"),
+        ("sp_executesql @sql", True, "SQL Server procedure"),
+        # Should be allowed (legitimate text)
+        ("user selected item", False, "Legitimate text with 'select'"),
+        ("button execution", False, "Legitimate text with 'execution'"),
+        ("team membership", False, "Legitimate text without SQL keywords"),
+        ("normal text", False, "Normal text"),
+    ]
+
+    patterns = [
+        "validate_sql_injection_patterns",
+        "validate_sql_comment_patterns",
+        "validate_sql_boolean_injection",
+        "validate_sql_server_specific",
+    ]
+
+    for text, should_detect, description in test_cases:
+        detected = False
+        for pattern_name in patterns:
+            if SAFE_PATTERNS[pattern_name].test(text):
+                detected = True
+                break
+
+        status = "✅" if detected == should_detect else "❌"
+        print(
+            f"  {status} {description}: '{text}' -> {'BLOCKED' if detected else 'ALLOWED'}"
+        )
+
+        if detected != should_detect:
+            print(f"    Expected: {'BLOCKED' if should_detect else 'ALLOWED'}")
+            return False
+
+    print("✅ All SQL injection pattern tests passed!")
+    return True
+
+
+def test_code_injection_patterns():
+    """Test code injection detection patterns."""
+    print("\nTesting code injection patterns...")
+
+    test_cases = [
+        # Should be detected as malicious
+        ("eval(user_input)", True, "eval() execution"),
+        ("exec(malicious_code)", True, "exec() execution"),
+        ("__import__('os')", True, "Dynamic import"),
+        ("getattr(obj, 'dangerous')", True, "Dynamic attribute access"),
+        ("subprocess.run(cmd)", True, "System command"),
+        ("os.system('rm -rf')", True, "OS system call"),
+        ("compile(code, 'string', 'exec')", True, "Code compilation"),
+        # Should be allowed (legitimate text)
+        ("evaluate the results", False, "Legitimate text with 'eval'"),
+        ("execute the plan", False, "Legitimate text with 'execute'"),
+        ("import statement", False, "Normal import discussion"),
+        ("compiled successfully", False, "Normal compilation discussion"),
+    ]
+
+    patterns = [
+        "validate_code_eval_injection",
+        "validate_code_dynamic_access",
+        "validate_code_system_commands",
+        "validate_code_compilation",
+    ]
+
+    for text, should_detect, description in test_cases:
+        detected = False
+        for pattern_name in patterns:
+            if SAFE_PATTERNS[pattern_name].test(text):
+                detected = True
+                break
+
+        status = "✅" if detected == should_detect else "❌"
+        print(
+            f"  {status} {description}: '{text}' -> {'BLOCKED' if detected else 'ALLOWED'}"
+        )
+
+        if detected != should_detect:
+            print(f"    Expected: {'BLOCKED' if should_detect else 'ALLOWED'}")
+            return False
+
+    print("✅ All code injection pattern tests passed!")
+    return True
+
+
+def test_job_id_validation():
+    """Test job ID format validation."""
+    print("\nTesting job ID validation...")
+
+    test_cases = [
+        # Should be valid
+        ("valid_job-123", True, "Standard job ID"),
+        ("another-valid_job", True, "Hyphen and underscore"),
+        ("JOB123", True, "Uppercase"),
+        ("job_456", True, "Underscore only"),
+        ("job-789", True, "Hyphen only"),
+        ("complex_job-id_123", True, "Complex valid ID"),
+        # Should be invalid
+        ("job with spaces", False, "Contains spaces"),
+        ("job@invalid", False, "Contains @ symbol"),
+        ("job.invalid", False, "Contains dot"),
+        ("job/invalid", False, "Contains slash"),
+        ("job=invalid", False, "Contains equals"),
+        ("job$invalid", False, "Contains dollar"),
+        ("", False, "Empty string"),
+    ]
+
+    pattern = SAFE_PATTERNS["validate_job_id_format"]
+
+    for job_id, should_be_valid, description in test_cases:
+        is_valid = pattern.test(job_id)
+        status = "✅" if is_valid == should_be_valid else "❌"
+        print(
+            f"  {status} {description}: '{job_id}' -> {'VALID' if is_valid else 'INVALID'}"
+        )
+
+        if is_valid != should_be_valid:
+            print(f"    Expected: {'VALID' if should_be_valid else 'INVALID'}")
+            return False
+
+    print("✅ All job ID validation tests passed!")
+    return True
+
+
+def test_env_var_validation():
+    """Test environment variable name validation."""
+    print("\nTesting environment variable name validation...")
+
+    test_cases = [
+        # Should be valid
+        ("VALID_VAR", True, "Standard env var"),
+        ("_PRIVATE_VAR", True, "Starting with underscore"),
+        ("API_KEY_123", True, "With numbers"),
+        ("DATABASE_URL", True, "Typical env var"),
+        ("MAX_RETRIES", True, "Another typical var"),
+        # Should be invalid
+        ("lowercase_var", False, "Contains lowercase"),
+        ("123_INVALID", False, "Starts with number"),
+        ("INVALID-VAR", False, "Contains hyphen"),
+        ("INVALID.VAR", False, "Contains dot"),
+        ("INVALID VAR", False, "Contains space"),
+        ("INVALID@VAR", False, "Contains @ symbol"),
+        ("", False, "Empty string"),
+    ]
+
+    pattern = SAFE_PATTERNS["validate_env_var_name_format"]
+
+    for env_var, should_be_valid, description in test_cases:
+        is_valid = pattern.test(env_var)
+        status = "✅" if is_valid == should_be_valid else "❌"
+        print(
+            f"  {status} {description}: '{env_var}' -> {'VALID' if is_valid else 'INVALID'}"
+        )
+
+        if is_valid != should_be_valid:
+            print(f"    Expected: {'VALID' if should_be_valid else 'INVALID'}")
+            return False
+
+    print("✅ All environment variable validation tests passed!")
+    return True
+
+
+def test_integration_with_validator():
+    """Test integration with SecureInputValidator."""
+    print("\nTesting integration with SecureInputValidator...")
+
+    validator = SecureInputValidator()
+
+    # Test SQL injection detection
+    result = validator.sanitizer.sanitize_string("'; DROP TABLE users; --")
+    if result.valid:
+        print("❌ SQL injection should have been detected")
+        return False
+    print("✅ SQL injection properly detected and blocked")
+
+    # Test job ID validation
+    result = validator.validate_job_id("valid_job-123")
+    if not result.valid:
+        print("❌ Valid job ID should have been accepted")
+        return False
+    print("✅ Valid job ID properly accepted")
+
+    result = validator.validate_job_id("invalid job with spaces")
+    if result.valid:
+        print("❌ Invalid job ID should have been rejected")
+        return False
+    print("✅ Invalid job ID properly rejected")
+
+    # Test environment variable validation
+    result = validator.validate_environment_var("VALID_VAR", "some_value")
+    if not result.valid:
+        print("❌ Valid env var should have been accepted")
+        return False
+    print("✅ Valid environment variable properly accepted")
+
+    result = validator.validate_environment_var("invalid_var", "some_value")
+    if result.valid:
+        print("❌ Invalid env var should have been rejected")
+        return False
+    print("✅ Invalid environment variable properly rejected")
+
+    print("✅ All integration tests passed!")
+    return True
+
+
+def main():
+    """Run all validation tests."""
+    print("🔒 Validating Input Validator Security Patterns")
+    print("=" * 50)
+
+    tests = [
+        test_sql_injection_patterns,
+        test_code_injection_patterns,
+        test_job_id_validation,
+        test_env_var_validation,
+        test_integration_with_validator,
+    ]
+
+    all_passed = True
+    for test_func in tests:
+        if not test_func():
+            all_passed = False
+
+    print("\n" + "=" * 50)
+    if all_passed:
+        print("✅ ALL SECURITY VALIDATION TESTS PASSED!")
+        print("🔒 Input validation is properly secured with SAFE_PATTERNS")
+        return 0
+    else:
+        print("❌ SOME TESTS FAILED!")
+        print("🚨 Security issues detected - review failed tests")
+        return 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())

crackerjack/tools/validate_regex_patterns.py

@@ -0,0 +1,198 @@
+#!/usr/bin/env python3
+"""
+Pre-commit hook to validate regex pattern usage.
+
+This script ensures all regex patterns use validated patterns from
+crackerjack.services.regex_patterns instead of raw re.sub() calls.
+
+CRITICAL: Prevents spacing issues by catching bad regex patterns before they
+enter the codebase.
+"""
+
+import ast
+import re
+import sys
+from pathlib import Path
+
+# Patterns that indicate regex usage
+REGEX_IMPORTS = {
+    "re",
+    "regex",
+}
+
+REGEX_FUNCTIONS = {
+    "re.sub",
+    "re.search",
+    "re.match",
+    "re.findall",
+    "re.split",
+    "re.compile",
+    "regex.sub",
+    "regex.search",
+    "regex.match",
+    "regex.findall",
+    "regex.split",
+    "regex.compile",
+}
+
+# Allowed regex usage patterns (whitelisted)
+ALLOWED_PATTERNS = {
+    # Simple string operations are OK
+    r"re\.escape\(",
+    r"re\.compile\(r?['\"]\\\\[wd]",  # Simple character classes
+    # Test files can use regex for testing
+    r"# REGEX OK:",  # Comment-based exemption
+    # Validation in regex_patterns.py itself
+    r"crackerjack/services/regex_patterns\.py$",
+}
+
+FORBIDDEN_REPLACEMENT_PATTERNS = [
+    r"\\g\s*<\s*\d+\s*>",  # \g < 1 > with spaces
+    r"\\g<\s+\d+>",  # \g< 1> with space after <
+    r"\\g<\d+\s+>",  # \g<1 > with space before >
+]
+
+
+class RegexVisitor(ast.NodeVisitor):
+    """AST visitor to find regex usage patterns."""
+
+    def __init__(self, file_path: Path):
+        self.file_path = file_path
+        self.issues: list[tuple[int, str]] = []
+        self.has_regex_import = False
+        self.allowed_file = any(
+            re.search(pattern, str(file_path)) for pattern in ALLOWED_PATTERNS
+        )
+
+    def visit_Import(self, node: ast.Import) -> None:
+        """Check for regex module imports."""
+        for alias in node.names:
+            if alias.name in REGEX_IMPORTS:
+                self.has_regex_import = True
+        self.generic_visit(node)
+
+    def visit_ImportFrom(self, node: ast.ImportFrom) -> None:
+        """Check for regex imports from modules."""
+        if node.module in REGEX_IMPORTS:
+            self.has_regex_import = True
+        self.generic_visit(node)
+
+    def visit_Call(self, node: ast.Call) -> None:
+        """Check for regex function calls."""
+        if self.allowed_file:
+            self.generic_visit(node)
+            return
+
+        func_name = self._get_function_name(node.func)
+
+        if func_name in REGEX_FUNCTIONS:
+            # Check for bad replacement syntax in arguments
+            for arg in node.args:
+                if isinstance(arg, ast.Constant) and isinstance(arg.value, str):
+                    self._check_replacement_syntax(arg.value, node.lineno)
+
+            # Flag non-whitelisted regex usage
+            if not self._is_exempted_line(node.lineno):
+                self.issues.append(
+                    (
+                        node.lineno,
+                        f"Raw regex usage detected: {func_name}(). "
+                        f"Use validated patterns from crackerjack.services.regex_patterns instead.",
+                    )
+                )
+
+        self.generic_visit(node)
+
+    def _get_function_name(self, func_node: ast.AST) -> str:
+        """Extract function name from AST node."""
+        if isinstance(func_node, ast.Name):
+            return func_node.id
+        elif isinstance(func_node, ast.Attribute):
+            if isinstance(func_node.value, ast.Name):
+                return f"{func_node.value.id}.{func_node.attr}"
+            return func_node.attr
+        return ""
+
+    def _check_replacement_syntax(self, replacement: str, line_no: int) -> None:
+        """Check for forbidden replacement syntax patterns."""
+        for pattern in FORBIDDEN_REPLACEMENT_PATTERNS:
+            if re.search(pattern, replacement):
+                self.issues.append(
+                    (
+                        line_no,
+                        f"CRITICAL: Bad replacement syntax detected: '{replacement}'. "
+                        f"Use \\g<1> not \\g < 1 >",
+                    )
+                )
+
+    def _is_exempted_line(self, line_no: int) -> bool:
+        """Check if line has exemption comment."""
+        from contextlib import suppress
+
+        with suppress(OSError, UnicodeDecodeError):
+            with self.file_path.open(encoding="utf-8") as f:
+                lines = f.readlines()
+                if line_no <= len(lines):
+                    line = lines[line_no - 1]
+                    return "# REGEX OK:" in line or "# regex ok:" in line.lower()
+        return False
+
+
+def validate_file(file_path: Path) -> list[tuple[int, str]]:
+    """Validate a single Python file for regex pattern usage."""
+    try:
+        content = file_path.read_text(encoding="utf-8")
+    except (OSError, UnicodeDecodeError) as e:
+        return [(1, f"Error reading file: {e}")]
+
+    try:
+        tree = ast.parse(content, filename=str(file_path))
+    except SyntaxError as e:
+        return [(e.lineno or 1, f"Syntax error: {e}")]
+
+    visitor = RegexVisitor(file_path)
+    visitor.visit(tree)
+    return visitor.issues
+
+
+def main(file_paths: list[str]) -> int:
+    """Main validation function for pre-commit hook."""
+    exit_code = 0
+
+    for file_path_str in file_paths:
+        file_path = Path(file_path_str)
+
+        # Skip non-Python files
+        if file_path.suffix != ".py":
+            continue
+
+        # Skip files that don't exist
+        if not file_path.exists():
+            continue
+
+        issues = validate_file(file_path)
+
+        if issues:
+            exit_code = 1
+            print(f"\n❌ {file_path}:")
+            for line_no, message in issues:
+                print(f"  Line {line_no}: {message}")
+
+    if exit_code == 0:
+        print("✅ All regex patterns validated successfully!")
+    else:
+        print("\n" + "=" * 80)
+        print("REGEX VALIDATION FAILED")
+        print("=" * 80)
+        print("To fix these issues:")
+        print("1. Use patterns from crackerjack.services.regex_patterns")
+        print("2. Add new patterns to SAFE_PATTERNS with comprehensive tests")
+        print("3. Use '# REGEX OK: reason' comment for legitimate exceptions")
+        print("4. Fix \\g<1> replacement syntax (no spaces)")
+        print("=" * 80)
+
+    return exit_code
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))