dyngle 0.3.0__tar.gz → 0.4.0__tar.gz

{dyngle-0.3.0 → dyngle-0.4.0}/PACKAGE.md

@@ -58,6 +58,26 @@ dyngle:
       - pip install -r requirements.txt
 ```
 
+## Expressions
+
+Configs can also contain expressions.
+
+```yaml
+dyngle:
+  expressions:
+    say-hello: >-
+        'Hello ' + name + '!'
+  operations:
+    say-hello: echo {{say-hello}}
+```
+Expressions can use a controlled subset of the Python standard library, including:
+
+- Built-in data types such as `str()`
+- Essential built-in functions such as `len()`
+- The core modules from the `datetime` package (but some methods such as `strftime()` will fail)
+- A specialized function called `formatted()` to perform string formatting operations on a `datetime` object
+- A restricted version of `Path()` that only operates within the current working directory
+
 ## Security
 
 Commands are executed using Python's `subprocess.run()` with arguments split in a shell-like fashion. The shell is not used, which reduces the likelihood of shell injection attacks. However, note that Dyngle is not robust to malicious configuration. 

{dyngle-0.3.0 → dyngle-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: dyngle
-Version: 0.3.0
+Version: 0.4.0
 Summary: Run lightweight local workflows
 License: MIT
 Author: Steampunk Wizard
@@ -73,6 +73,26 @@ dyngle:
       - pip install -r requirements.txt
 ```
 
+## Expressions
+
+Configs can also contain expressions.
+
+```yaml
+dyngle:
+  expressions:
+    say-hello: >-
+        'Hello ' + name + '!'
+  operations:
+    say-hello: echo {{say-hello}}
+```
+Expressions can use a controlled subset of the Python standard library, including:
+
+- Built-in data types such as `str()`
+- Essential built-in functions such as `len()`
+- The core modules from the `datetime` package (but some methods such as `strftime()` will fail)
+- A specialized function called `formatted()` to perform string formatting operations on a `datetime` object
+- A restricted version of `Path()` that only operates within the current working directory
+
 ## Security
 
 Commands are executed using Python's `subprocess.run()` with arguments split in a shell-like fashion. The shell is not used, which reduces the likelihood of shell injection attacks. However, note that Dyngle is not robust to malicious configuration. 

{dyngle-0.3.0 → dyngle-0.4.0}/dyngle/__init__.py

@@ -1,13 +1,11 @@
+from functools import cached_property
 from wizlib.app import WizApp
 from wizlib.stream_handler import StreamHandler
 from wizlib.config_handler import ConfigHandler
 from wizlib.ui_handler import UIHandler
 
 from dyngle.command import DyngleCommand
-
-
-class DyngleError(Exception):
-    pass
+from dyngle.expression import expression
 
 
 class DyngleApp(WizApp):
@@ -15,3 +13,11 @@ class DyngleApp(WizApp):
     base = DyngleCommand
     name = 'dyngle'
     handlers = [StreamHandler, ConfigHandler, UIHandler]
+
+    @cached_property
+    def expressions(self):
+        expr_texts = self.config.get('dyngle-expressions')
+        if expr_texts:
+            return {k: expression(t) for k, t in expr_texts.items()}
+        else:
+            return {}

{dyngle-0.3.0 → dyngle-0.4.0}/dyngle/command/run_command.py

@@ -4,8 +4,9 @@ from wizlib.parser import WizParser
 from yaml import safe_load
 
 from dyngle.command import DyngleCommand
+from dyngle.expression import expression
 from dyngle.template import Template
-from dyngle import DyngleError
+from dyngle.error import DyngleError
 
 
 class RunCommand(DyngleCommand):
@@ -31,13 +32,14 @@ class RunCommand(DyngleCommand):
 
     @DyngleCommand.wrap
     def execute(self):
+        expressions = self.app.expressions
         operations = self.app.config.get('dyngle-operations')
         self._validate_operation_exists(operations)
         steps = operations[self.operation]
         data_string = self.app.stream.text
         data = safe_load(data_string)
         for step_template in steps:
-            step = Template(step_template).render(data)
+            step = Template(step_template).render(data, expressions)
             parts = shlex.split(step)
             result = subprocess.run(parts)
             if result.returncode != 0:

dyngle-0.4.0/dyngle/error.py

@@ -0,0 +1,2 @@
+class DyngleError(Exception):
+    pass

dyngle-0.4.0/dyngle/expression.py

@@ -0,0 +1,88 @@
+from typing import Callable
+
+from dyngle.error import DyngleError
+from dyngle.safe_path import SafePath
+
+from datetime import datetime as datetime, date, timedelta
+import math
+import json
+import re
+import yaml
+
+
+def formatted_datetime(dt: datetime, format_string=None) -> str:
+    """Safe datetime formatting using string operations"""
+    if format_string is None:
+        format_string = "{year:04d}{month:02d}{day:02d}"
+    components = {
+        'year': dt.year,
+        'month': dt.month,
+        'day': dt.day,
+        'hour': dt.hour,
+        'minute': dt.minute,
+        'second': dt.second,
+        'microsecond': dt.microsecond,
+        'weekday': dt.weekday(),  # Monday is 0
+    }
+    return format_string.format(**components)
+
+
+GLOBALS = {
+    "__builtins__": {
+        # Basic data types and conversions
+        "int": int,
+        "float": float,
+        "str": str,
+        "bool": bool,
+        "list": list,
+        "dict": dict,
+        "tuple": tuple,
+        "set": set,
+
+        # Essential functions
+        "len": len,
+        "min": min,
+        "max": max,
+        "sum": sum,
+        "abs": abs,
+        "round": round,
+        "sorted": sorted,
+        "reversed": reversed,
+        "enumerate": enumerate,
+        "zip": zip,
+        "range": range,
+    },
+
+    # Mathematical operations
+    "math": math,
+
+    # Date and time handling
+    "datetime": datetime,
+    "date": date,
+    "timedelta": timedelta,
+    "formatted": formatted_datetime,
+
+    # Data parsing and manipulation
+    "json": json,
+    "yaml": yaml,
+    "re": re,
+
+    # Safe Path-like operations (within cwd)
+    "Path": SafePath
+}
+
+
+def _evaluate(expression: str, data: dict) -> str:
+    try:
+        result = eval(expression, GLOBALS, data)
+    except KeyError:
+        raise DyngleError(f"The following expression contains " +
+                          f"at least one invalid name: {expression}")
+    result = result[-1] if isinstance(result, tuple) else result
+    return str(result)
+
+
+def expression(text: str) -> Callable[[dict], str]:
+    def evaluate(data: dict) -> str:
+        return _evaluate(text, data)
+    return evaluate

dyngle-0.4.0/dyngle/safe_path.py

@@ -0,0 +1,117 @@
+from pathlib import Path
+import os
+from typing import Union
+
+CWD = Path.cwd()
+
+
+class SafePath:
+    """A Path-like class that restricts operations to cwd and its
+    descendants"""
+
+    def __init__(self, path_str: Union[str, 'SafePath'] = "."):
+
+        self._cwd = CWD.resolve()
+
+        if isinstance(path_str, SafePath):
+            self._path = path_str._path
+        else:
+            # Convert to Path and resolve to handle .. and . components
+            try:
+                resolved_path = (self._cwd / path_str).resolve()
+            except (OSError, ValueError):
+                raise ValueError(f"Invalid path: {path_str}")
+
+            # Validate it's within cwd - could probably shorten this
+            if not resolved_path.is_relative_to(self._cwd):
+                raise ValueError(f"Path outside allowed directory: {path_str}")
+
+            self._path = resolved_path
+
+    def __str__(self):
+        return str(self._path.relative_to(self._cwd))
+
+    def __repr__(self):
+        return f"SafePath('{self}')"
+
+    def __truediv__(self, other):
+        """Support path / 'subdir' syntax"""
+        new_path_str = str(self._path / str(other))
+        return SafePath(new_path_str)
+
+    # File content operations
+    def read_text(self, encoding='utf-8'):
+        if not self._path.is_file():
+            raise FileNotFoundError(f"File not found: {self}")
+        return self._path.read_text(encoding=encoding)
+
+    def write_text(self, content, encoding='utf-8'):
+        # Ensure parent directories exist
+        self._path.parent.mkdir(parents=True, exist_ok=True)
+        self._path.write_text(content, encoding=encoding)
+        return self
+
+    def read_bytes(self):
+        if not self._path.is_file():
+            raise FileNotFoundError(f"File not found: {self}")
+        return self._path.read_bytes()
+
+    def write_bytes(self, data):
+        self._path.parent.mkdir(parents=True, exist_ok=True)
+        self._path.write_bytes(data)
+        return self
+
+    # Path properties and checks
+    def exists(self):
+        return self._path.exists()
+
+    def is_file(self):
+        return self._path.is_file()
+
+    def is_dir(self):
+        return self._path.is_dir()
+
+    def is_absolute(self):
+        return self._path.is_absolute()
+
+    @property
+    def name(self):
+        return self._path.name
+
+    @property
+    def stem(self):
+        return self._path.stem
+
+    @property
+    def suffix(self):
+        return self._path.suffix
+
+    @property
+    def parent(self):
+        return SafePath(str(self._path.parent))
+
+    # Directory operations
+    def mkdir(self, parents=True, exist_ok=True):
+        self._path.mkdir(parents=parents, exist_ok=exist_ok)
+        return self
+
+    def iterdir(self):
+        if not self._path.is_dir():
+            raise NotADirectoryError(f"Not a directory: {self}")
+        return [SafePath(str(p)) for p in self._path.iterdir()]
+
+    def glob(self, pattern):
+        return [SafePath(str(p)) for p in self._path.glob(pattern)]
+
+    def rglob(self, pattern):
+        return [SafePath(str(p)) for p in self._path.rglob(pattern)]
+
+    # File metadata
+    def stat(self):
+        return self._path.stat()
+
+    @property
+    def size(self):
+        if not self._path.is_file():
+            raise FileNotFoundError(f"File not found: {self}")
+        return self._path.stat().st_size

{dyngle-0.3.0 → dyngle-0.4.0}/dyngle/template.py

@@ -11,19 +11,18 @@ class Template:
 
     template: str
 
-    def render(self, data):
+    def render(self, data: dict, expressions: dict = None) -> str:
         """Render the template with the provided data."""
-        resolver = partial(self._resolve, data=data)
+        resolver = partial(self._resolve, data=data, expressions=expressions)
         return PATTERN.sub(resolver, self.template)
 
-    def _resolve(self, match, *, data):
+    def _resolve(self, match, *, data: dict, expressions: dict):
         """Resolve a single name/path from the template."""
-        path = match.group(1).strip()
-        # Try an expression first, then data
-        if False:
-            pass
+        key = match.group(1).strip()
+        if expressions and (key in expressions):
+            return expressions[key](data)
         else:
-            parts = path.split('.')
+            parts = key.split('.')
             current = data
             for part in parts:
                 current = current[part]

{dyngle-0.3.0 → dyngle-0.4.0}/pyproject.toml

@@ -8,7 +8,7 @@ description = "Run lightweight local workflows"
 authors = ["Steampunk Wizard <dyngle@steamwiz.io>"]
 license = "MIT"
 readme = "PACKAGE.md"
-version = "0.3.0"
+version = "0.4.0"
 
 [tool.poetry.dependencies]
 python = "~3.11"