PyPI - diffsense - Versions diffs - 2.2.12__py3-none-any.whl - Mend

diffsense 2.2.12__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

adapters/__init__.py +0 -0
adapters/base.py +27 -0
adapters/github_adapter.py +164 -0
adapters/gitlab_adapter.py +207 -0
adapters/local_adapter.py +136 -0
banner.py +71 -0
cli.py +606 -0
config/__init__.py +1 -0
config/rules.yaml +371 -0
core/__init__.py +235 -0
core/ast_detector.py +853 -0
core/change.py +46 -0
core/composer.py +93 -0
core/evaluator.py +15 -0
core/ignore_manager.py +71 -0
core/knowledge.py +77 -0
core/parser.py +181 -0
core/parser_manager.py +104 -0
core/quality_manager.py +117 -0
core/renderer.py +197 -0
core/rule_base.py +98 -0
core/rule_runtime.py +103 -0
core/rules.py +718 -0
core/run_config.py +85 -0
core/semantic_diff.py +359 -0
core/signal_model.py +21 -0
core/signals_registry.py +62 -0
diffsense-2.2.12.dist-info/METADATA +18 -0
diffsense-2.2.12.dist-info/RECORD +58 -0
diffsense-2.2.12.dist-info/WHEEL +5 -0
diffsense-2.2.12.dist-info/entry_points.txt +3 -0
diffsense-2.2.12.dist-info/licenses/LICENSE +176 -0
diffsense-2.2.12.dist-info/top_level.txt +11 -0
diffsense_mcp/__init__.py +1 -0
diffsense_mcp/launcher.py +28 -0
diffsense_mcp/server.py +687 -0
governance/lifecycle.py +54 -0
main.py +318 -0
rules/__init__.py +246 -0
rules/api_compatibility.py +372 -0
rules/collection_handling.py +349 -0
rules/concurrency.py +194 -0
rules/concurrency_adapter.py +250 -0
rules/cross_language_adapter.py +444 -0
rules/exception_handling.py +320 -0
rules/go_rules.py +401 -0
rules/null_safety.py +301 -0
rules/resource_management.py +222 -0
rules/yaml_adapter.py +195 -0
run_audit.py +478 -0
sdk/cpp_adapter.py +238 -0
sdk/go_adapter.py +199 -0
sdk/java_adapter.py +199 -0
sdk/javascript_adapter.py +229 -0
sdk/language_adapter.py +313 -0
sdk/python_adapter.py +195 -0
sdk/rule.py +63 -0
sdk/signal.py +14 -0

sdk/python_adapter.py ADDED Viewed

@@ -0,0 +1,195 @@
+"""
+Python Language Adapter for DiffSense
+Provides Python-specific patterns and constructs for rule development.
+"""
+import re
+from typing import List, Set, Pattern, Dict
+from .language_adapter import LanguageAdapter
+class PythonAdapter(LanguageAdapter):
+    """
+    Language adapter for Python.
+    Provides Python-specific patterns for concurrency, resource management,
+    error handling, and other language constructs.
+    """
+    def __init__(self):
+        super().__init__("python")
+        self._compile_patterns()
+    def _compile_patterns(self):
+        """Pre-compile commonly used patterns."""
+        # Thread Safety / Concurrency Patterns
+        self._lock_patterns = [
+            re.compile(r'threading\.Lock\(\)'),
+            re.compile(r'threading\.RLock\(\)'),
+            re.compile(r'with\s+self\._lock:'),
+            re.compile(r'with\s+self\.lock:'),
+            re.compile(r'with\s+lock:'),
+        ]
+        self._unlock_patterns = [
+            re.compile(r'\.release\(\)'),
+        ]
+        self._volatile_patterns = [
+            re.compile(r'from\s+threading\s+import\s+Event'),
+            re.compile(r'threading\.Event\(\)'),
+        ]
+        # Resource Management Patterns
+        self._resource_creation = [
+            re.compile(r'open\('),
+            re.compile(r'with\s+open\('),
+            re.compile(r'socket\.socket\('),
+            re.compile(r'urllib\.request\.urlopen\('),
+            re.compile(r'requests\.(?:get|post)\('),
+        ]
+        # Error Handling Patterns
+        self._error_check = [
+            re.compile(r'except\s*(?:Exception)?(?:\s+as\s+\w+)?:'),
+            re.compile(r'if\s+\w+\s+is\s+None'),
+            re.compile(r'if\s+\w+\s+is\s+not\s+None'),
+            re.compile(r'if\s+hasattr\('),
+            re.compile(r'if\s+hasattr\([^,]+,\s*[\'"]\w+[\'"]\)'),
+        ]
+        self._error_ignore = [
+            re.compile(r'except\s*:\s*$', re.MULTILINE),
+            re.compile(r'except\s+Exception:\s*$', re.MULTILINE),
+            re.compile(r'pass\s*$', re.MULTILINE),
+        ]
+        # Thread Creation Patterns
+        self._thread_creation = [
+            re.compile(r'threading\.Thread\('),
+            re.compile(r'with\s+ThreadPoolExecutor'),
+            re.compile(r'with\s+ProcessPoolExecutor'),
+            re.compile(r'concurrent\.futures\.(?:Thread|Process)PoolExecutor'),
+            re.compile(r'asyncio\.create_task\('),
+        ]
+        # Security Patterns
+        self._security = {
+            'command_injection': [
+                re.compile(r'os\.system\('),
+                re.compile(r'os\.popen\('),
+                re.compile(r'subprocess\.call\('),
+                re.compile(r'subprocess\.run\([^,]+shell\s*=\s*True'),
+                re.compile(r'subprocess\.Popen\('),
+            ],
+            'hardcoded_secret': [
+                re.compile(r'password\s*=\s*["\'][^"\']+["\']'),
+                re.compile(r'api[_-]?key\s*=\s*["\'][^"\']+["\']'),
+                re.compile(r'secret\s*=\s*["\'][^"\']+["\']'),
+                re.compile(r'token\s*=\s*["\'][^"\']+["\']'),
+                re.compile(r'aws[_-]?secret'),
+            ],
+            'sql_injection': [
+                re.compile(r'cursor\.execute\([^)]*%[^)]*\)'),
+                re.compile(r'cursor\.execute\([^)]*\+[^)]*\)'),
+                re.compile(r'f["\']SELECT.*\{'),
+                re.compile(r'["\']SELECT.*\%'),
+            ],
+            'deserialization': [
+                re.compile(r'pickle\.load\('),
+                re.compile(r'yaml\.load\('),
+                re.compile(r'yaml\.unsafe_load\('),
+                re.compile(r'marshal\.load\('),
+            ],
+            'EvalUsage': [
+                re.compile(r'\beval\('),
+                re.compile(r'\bexec\('),
+            ],
+        }
+    # ==================== Thread Safety ====================
+    def get_thread_safe_types(self) -> Set[str]:
+        return {
+            'threading.Lock', 'threading.RLock', 'threading.Semaphore',
+            'threading.Event', 'threading.Condition', 'threading.Barrier',
+            'queue.Queue', 'collections.Queue',
+            'concurrent.futures.ThreadPoolExecutor',
+            'asyncio.Lock', 'asyncio.Event', 'asyncio.Condition',
+            'multiprocessing.Lock', 'multiprocessing.Manager',
+        }
+    def get_unsafe_types(self) -> Set[str]:
+        return {
+            'list', 'dict', 'set', 'tuple',
+            'str', 'int', 'float', 'bool',
+        }
+    def get_lock_patterns(self) -> List[Pattern]:
+        return self._lock_patterns
+    def get_unlock_patterns(self) -> List[Pattern]:
+        return self._unlock_patterns
+    def get_volatile_patterns(self) -> List[Pattern]:
+        return self._volatile_patterns
+    # ==================== Resource Management ====================
+    def get_cleanup_keywords(self) -> Set[str]:
+        return {
+            'with', 'finally', '__exit__', '__aenter__', '__aexit__',
+            'close()', '.close()', 'contextmanager'
+        }
+    def get_resource_creation_patterns(self) -> List[Pattern]:
+        return self._resource_creation
+    # ==================== Error Handling ====================
+    def get_error_types(self) -> Set[str]:
+        return {
+            'Exception', 'BaseException', 'RuntimeError',
+            'ValueError', 'TypeError', 'KeyError', 'IndexError',
+            'IOError', 'OSError', 'AttributeError'
+        }
+    def get_error_check_patterns(self) -> List[Pattern]:
+        return self._error_check
+    def get_error_ignore_patterns(self) -> List[Pattern]:
+        return self._error_ignore
+    # ==================== Null Safety ====================
+    def get_null_checks(self) -> Set[str]:
+        return {
+            '== None', 'is None', 'is not None', '!= None',
+            'if x:', 'if not x:', 'if x is not None:',
+            'hasattr()', 'getattr()', 'try/except'
+        }
+    def get_null_pointer_types(self) -> Set[str]:
+        return {
+            'object', 'None', 'Any', 'Optional',
+        }
+    # ==================== Concurrency Primitives ====================
+    def get_concurrency_primitives(self) -> Set[str]:
+        return {
+            'threading', 'Thread', 'Lock', 'RLock', 'Semaphore',
+            'concurrent.futures', 'ThreadPoolExecutor', 'ProcessPoolExecutor',
+            'asyncio', 'async', 'await', 'create_task',
+            'multiprocessing', 'Process', 'Queue', 'Manager',
+            'queue', 'Queue'
+        }
+    def get_thread_creation_patterns(self) -> List[Pattern]:
+        return self._thread_creation
+    # ==================== Security ====================
+    def get_dangerous_patterns(self) -> Dict[str, List[Pattern]]:
+        return self._security

sdk/rule.py ADDED Viewed

@@ -0,0 +1,63 @@
+from abc import ABC, abstractmethod
+from typing import Dict, Any, Optional, List
+from sdk.signal import Signal
+class BaseRule(ABC):
+    """
+    Abstract Base Class for all DiffSense Rules.
+    This defines the Plugin Interface (SDK).
+    """
+    @property
+    @abstractmethod
+    def id(self) -> str:
+        """Unique Rule ID (e.g., 'runtime.concurrency.lock_removed')"""
+        pass
+    @property
+    @abstractmethod
+    def severity(self) -> str:
+        """Severity level: critical, high, medium, low"""
+        pass
+    @property
+    @abstractmethod
+    def impact(self) -> str:
+        """Impact dimension: security, runtime, data, maintenance"""
+        pass
+    @property
+    @abstractmethod
+    def rationale(self) -> str:
+        """Explanation of why this rule exists and what risk it prevents"""
+        pass
+    @property
+    def rule_type(self) -> str:
+        """Rule type: regression (depends on diff history) or absolute (context-independent)"""
+        return "absolute"
+    @property
+    def is_blocking(self) -> bool:
+        """If True, any hit will force a 'critical' review level and suggested 'block_pr' action"""
+        return False
+    @property
+    def status(self) -> str:
+        """Lifecycle status: experimental, beta, stable, deprecated, disabled"""
+        return "stable"
+    @abstractmethod
+    def evaluate(self, diff_data: Dict[str, Any], signals: List[Signal]) -> Optional[Dict[str, Any]]:
+        """
+        Execute the rule logic against the diff and signals.
+        Args:
+            diff_data: The raw diff parsing result (Legacy support, prefer signals)
+            signals: List of Semantic Signals detected
+        Returns:
+            Dict with match details (must contain 'file' key) if matched,
+            None if not matched.
+        """
+        pass

sdk/signal.py ADDED Viewed

@@ -0,0 +1,14 @@
+from dataclasses import dataclass
+from typing import Dict, Any, Optional
+@dataclass
+class Signal:
+    """
+    Represents a semantic signal extracted from the diff.
+    Rules consume Signals, they do not parse code.
+    """
+    id: str                 # e.g., "runtime.concurrency.lock"
+    file: str               # File path where signal was found
+    line: Optional[int]     # Line number (if available)
+    action: str             # "added", "removed", "changed"
+    meta: Dict[str, Any]    # Additional context (e.g., variable name, type info)