crackerjack 0.34.0__py3-none-any.whl → 0.34.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of crackerjack might be problematic. Click here for more details.

Files changed (7) hide show
  1. crackerjack/services/secure_subprocess.py +42 -3
  2. crackerjack/services/security_logger.py +10 -4
  3. {crackerjack-0.34.0.dist-info → crackerjack-0.34.2.dist-info}/METADATA +1 -1
  4. {crackerjack-0.34.0.dist-info → crackerjack-0.34.2.dist-info}/RECORD +7 -7
  5. {crackerjack-0.34.0.dist-info → crackerjack-0.34.2.dist-info}/WHEEL +0 -0
  6. {crackerjack-0.34.0.dist-info → crackerjack-0.34.2.dist-info}/entry_points.txt +0 -0
  7. {crackerjack-0.34.0.dist-info → crackerjack-0.34.2.dist-info}/licenses/LICENSE +0 -0
crackerjack/services/secure_subprocess.py CHANGED
@@ -318,20 +318,47 @@ class SecureSubprocessExecutor:
318
318
  )
319
319
  continue
320
320
 
321
- if self._has_dangerous_patterns(arg, i, issues):
321
+ if self._has_dangerous_patterns(arg, i, issues, command):
322
322
  continue
323
323
 
324
324
  validated_command.append(arg)
325
325
 
326
326
  return validated_command, issues
327
327
 
328
- def _has_dangerous_patterns(self, arg: str, index: int, issues: list[str]) -> bool:
328
+ def _has_dangerous_patterns(
329
+ self, arg: str, index: int, issues: list[str], command: list[str]
330
+ ) -> bool:
329
331
  # First check if this is an allowed git pattern
330
332
  for git_pattern in self.allowed_git_patterns:
331
333
  if re.match(git_pattern, arg):
332
334
  return False # It's an allowed git pattern, don't flag as dangerous
333
335
 
334
- # Check for dangerous patterns
336
+ # Special handling for git commit messages
337
+ if self._is_git_commit_message(index, command):
338
+ # For git commit messages, only check for truly dangerous patterns
339
+ # Parentheses are common in commit messages and should be allowed
340
+ safe_commit_patterns = [
341
+ r"[;&|`$]", # Still dangerous in commit messages
342
+ r"\.\./", # Path traversal
343
+ r"\$\{.*\}", # Variable expansion
344
+ r"`.*`", # Command substitution
345
+ r"\$\(.*\)", # Command substitution (but allow simple parentheses)
346
+ r">\s*/", # Redirection to paths
347
+ r"<\s*/", # Redirection from paths
348
+ ]
349
+
350
+ for pattern in safe_commit_patterns:
351
+ if re.search(pattern, arg):
352
+ # Allow simple parentheses that don't look like command substitution
353
+ if pattern == r"\$\(.*\)" and not re.search(r"\$\(", arg):
354
+ continue
355
+ issues.append(
356
+ f"Dangerous pattern '{pattern}' in argument {index}: {arg[:50]}"
357
+ )
358
+ return True
359
+ return False
360
+
361
+ # Check for dangerous patterns in other contexts
335
362
  for pattern in self.dangerous_patterns:
336
363
  if re.search(pattern, arg):
337
364
  issues.append(
@@ -340,6 +367,18 @@ class SecureSubprocessExecutor:
340
367
  return True
341
368
  return False
342
369
 
370
+ def _is_git_commit_message(self, index: int, command: list[str]) -> bool:
371
+ """Check if the current argument is likely a git commit message."""
372
+ # Check if we have a git commit command structure: git commit -m <message>
373
+ if (
374
+ len(command) >= 3
375
+ and command[0] == "git"
376
+ and command[1] == "commit"
377
+ and command[2] == "-m"
378
+ ):
379
+ return index == 3
380
+ return False
381
+
343
382
  def _validate_executable_permissions(
344
383
  self, validated_command: list[str], issues: list[str]
345
384
  ) -> None:
crackerjack/services/security_logger.py CHANGED
@@ -122,20 +122,26 @@ class SecurityLogger:
122
122
  self._setup_security_logger()
123
123
 
124
124
  def _setup_security_logger(self) -> None:
125
- self.logger.setLevel(logging.DEBUG)
125
+ debug_enabled = os.environ.get("CRACKERJACK_DEBUG", "0") == "1"
126
+
127
+ # Set appropriate logger level based on debug mode
128
+ if debug_enabled:
129
+ self.logger.setLevel(logging.DEBUG)
130
+ else:
131
+ # Suppress all security logs during normal operation
132
+ self.logger.setLevel(logging.CRITICAL + 10)
126
133
 
127
134
  if not self.logger.handlers:
128
135
  console_handler = logging.StreamHandler()
129
136
 
130
- debug_enabled = os.environ.get("CRACKERJACK_DEBUG", "0") == "1"
131
137
  if debug_enabled:
132
- console_handler.setLevel(logging.WARNING)
138
+ console_handler.setLevel(logging.DEBUG)
133
139
  else:
134
140
  # Suppress all security logs during normal operation
135
141
  console_handler.setLevel(logging.CRITICAL + 10)
136
142
 
137
143
  formatter = logging.Formatter(
138
- "%(asctime)s - SECURITY - %(levelname)s-%(message)s"
144
+ "%(asctime)s - SECURITY - %(levelname)s - %(message)s"
139
145
  )
140
146
  console_handler.setFormatter(formatter)
141
147
  self.logger.addHandler(console_handler)
{crackerjack-0.34.0.dist-info → crackerjack-0.34.2.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: crackerjack
3
- Version: 0.34.0
3
+ Version: 0.34.2
4
4
  Summary: Crackerjack Python project management tool
5
5
  Project-URL: documentation, https://github.com/lesleslie/crackerjack
6
6
  Project-URL: homepage, https://github.com/lesleslie/crackerjack
{crackerjack-0.34.0.dist-info → crackerjack-0.34.2.dist-info}/RECORD RENAMED
@@ -199,9 +199,9 @@ crackerjack/services/regex_patterns.py,sha256=iis9gSzXZtnX14lODGfSUsf7bcCRTw7rdS
199
199
  crackerjack/services/regex_utils.py,sha256=e7AD59_L-T5-oOxzqsGgrLd94uxRE9aKnwasZkohwI8,14966
200
200
  crackerjack/services/secure_path_utils.py,sha256=aHsLwxDch42DidPYtTL_ko40g2rhbXDLnRhcx2LlGk8,16688
201
201
  crackerjack/services/secure_status_formatter.py,sha256=yhwNtzvvQVcuHsNOTNZMzlqIMQT9zx-lzAtq9LuSDuk,14121
202
- crackerjack/services/secure_subprocess.py,sha256=iGXdIUjYZ_ocxwo8OJSmOFJvdmOFXSvluNNgJvU3hFQ,18114
202
+ crackerjack/services/secure_subprocess.py,sha256=upuiBL0sYIElC8DWQ622-A6572zBaSBoMPVnNM8AeaQ,19838
203
203
  crackerjack/services/security.py,sha256=plgIz-B8oYN_mpF4NYrqHnT7TRcsp4jr0-YlV9WgD5o,7298
204
- crackerjack/services/security_logger.py,sha256=_hQUQZekiafpIKyULgVxrQHrwPpTKv89jNf-XWqaAhg,16780
204
+ crackerjack/services/security_logger.py,sha256=AAjd9VKVmCo158UifyEKd79VgtWKeuaIVyXYL8qvqT8,17001
205
205
  crackerjack/services/server_manager.py,sha256=IQ0oUFEEMZTxI8csecIJzkCSMESE5KIkYqPxa56tvUw,11399
206
206
  crackerjack/services/smart_scheduling.py,sha256=VSaL7DpKR6aa0sC_TUrYP9ZgC9CB7tE3TTNzEqB-GpE,4352
207
207
  crackerjack/services/status_authentication.py,sha256=2OJ1MoWlBuvUUXOX02N_zdWKzQfXz4jhEZpsmIJfQ00,16453
@@ -222,8 +222,8 @@ crackerjack/slash_commands/status.md,sha256=U3qqppVLtIIm2lEiMYaKagaHYLI9UplL7OH1
222
222
  crackerjack/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
223
223
  crackerjack/tools/validate_input_validator_patterns.py,sha256=NN7smYlXWrHLQXTb-81gRam2vjW-cJav92f1klPA0qA,8234
224
224
  crackerjack/tools/validate_regex_patterns.py,sha256=9ejFb7Tw1js_oydzuEeeeXvrU5ipHUEX9ATBfkLCCE8,5811
225
- crackerjack-0.34.0.dist-info/METADATA,sha256=8y1wbYXB1T7_irlTiOilQbI_XQWPKc2aj8Aq7QVhRN4,37942
226
- crackerjack-0.34.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
227
- crackerjack-0.34.0.dist-info/entry_points.txt,sha256=AJKNft0WXm9xoGUJ3Trl-iXHOWxRAYbagQiza3AILr4,57
228
- crackerjack-0.34.0.dist-info/licenses/LICENSE,sha256=fDt371P6_6sCu7RyqiZH_AhT1LdN3sN1zjBtqEhDYCk,1531
229
- crackerjack-0.34.0.dist-info/RECORD,,
225
+ crackerjack-0.34.2.dist-info/METADATA,sha256=lHdu1Cejg0Jvt5xvQfc1oyFpQ7zX2fpNZnFjmGOoLro,37942
226
+ crackerjack-0.34.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
227
+ crackerjack-0.34.2.dist-info/entry_points.txt,sha256=AJKNft0WXm9xoGUJ3Trl-iXHOWxRAYbagQiza3AILr4,57
228
+ crackerjack-0.34.2.dist-info/licenses/LICENSE,sha256=fDt371P6_6sCu7RyqiZH_AhT1LdN3sN1zjBtqEhDYCk,1531
229
+ crackerjack-0.34.2.dist-info/RECORD,,