exonware-xwlazy 0.1.0.10__py3-none-any.whl → 0.1.0.19__py3-none-any.whl

exonware/xwlazy/package/services/install_policy.py

@@ -0,0 +1,158 @@
+"""
+Install Policy
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+Version: 0.1.0.19
+Generation Date: 15-Nov-2025
+
+Security and policy configuration for lazy installation.
+"""
+
+import threading
+from typing import Dict, List, Optional, Set, Tuple
+
+# Lazy import to avoid circular dependency
+def _get_log_event():
+    """Get log_event function (lazy import to avoid circular dependency)."""
+    from ...common.logger import log_event
+    return log_event
+
+_log = None  # Will be initialized on first use
+
+
+class LazyInstallPolicy:
+    """
+    Security and policy configuration for lazy installation.
+    Per-package allow/deny lists, index URLs, and security settings.
+    """
+    __slots__ = ()
+    
+    _allow_lists: Dict[str, Set[str]] = {}
+    _deny_lists: Dict[str, Set[str]] = {}
+    _index_urls: Dict[str, str] = {}
+    _extra_index_urls: Dict[str, List[str]] = {}
+    _trusted_hosts: Dict[str, List[str]] = {}
+    _require_hashes: Dict[str, bool] = {}
+    _verify_ssl: Dict[str, bool] = {}
+    _lockfile_paths: Dict[str, str] = {}
+    _lock = threading.RLock()
+    
+    @classmethod
+    def _ensure_logging(cls):
+        """Ensure logging is initialized."""
+        global _log
+        if _log is None:
+            _log = _get_log_event()
+    
+    @classmethod
+    def set_allow_list(cls, package_name: str, allowed_packages: List[str]) -> None:
+        """Set allow list for a package (only these can be installed)."""
+        cls._ensure_logging()
+        with cls._lock:
+            cls._allow_lists[package_name] = set(allowed_packages)
+            _log("config", f"Set allow list for {package_name}: {len(allowed_packages)} packages")
+    
+    @classmethod
+    def set_deny_list(cls, package_name: str, denied_packages: List[str]) -> None:
+        """Set deny list for a package (these cannot be installed)."""
+        cls._ensure_logging()
+        with cls._lock:
+            cls._deny_lists[package_name] = set(denied_packages)
+            _log("config", f"Set deny list for {package_name}: {len(denied_packages)} packages")
+    
+    @classmethod
+    def add_to_allow_list(cls, package_name: str, allowed_package: str) -> None:
+        """Add single package to allow list."""
+        with cls._lock:
+            if package_name not in cls._allow_lists:
+                cls._allow_lists[package_name] = set()
+            cls._allow_lists[package_name].add(allowed_package)
+    
+    @classmethod
+    def add_to_deny_list(cls, package_name: str, denied_package: str) -> None:
+        """Add single package to deny list."""
+        with cls._lock:
+            if package_name not in cls._deny_lists:
+                cls._deny_lists[package_name] = set()
+            cls._deny_lists[package_name].add(denied_package)
+    
+    @classmethod
+    def is_package_allowed(cls, installer_package: str, target_package: str) -> Tuple[bool, str]:
+        """Check if target_package can be installed by installer_package."""
+        with cls._lock:
+            if installer_package in cls._deny_lists:
+                if target_package in cls._deny_lists[installer_package]:
+                    return False, f"Package '{target_package}' is in deny list"
+            
+            if installer_package in cls._allow_lists:
+                if target_package not in cls._allow_lists[installer_package]:
+                    return False, f"Package '{target_package}' not in allow list"
+            
+            return True, "OK"
+    
+    @classmethod
+    def set_index_url(cls, package_name: str, index_url: str) -> None:
+        """Set PyPI index URL for a package."""
+        cls._ensure_logging()
+        with cls._lock:
+            cls._index_urls[package_name] = index_url
+            _log("config", f"Set index URL for {package_name}: {index_url}")
+    
+    @classmethod
+    def set_extra_index_urls(cls, package_name: str, urls: List[str]) -> None:
+        """Set extra index URLs for a package."""
+        cls._ensure_logging()
+        with cls._lock:
+            cls._extra_index_urls[package_name] = urls
+            _log("config", f"Set {len(urls)} extra index URLs for {package_name}")
+    
+    @classmethod
+    def add_trusted_host(cls, package_name: str, host: str) -> None:
+        """Add trusted host for a package."""
+        with cls._lock:
+            if package_name not in cls._trusted_hosts:
+                cls._trusted_hosts[package_name] = []
+            cls._trusted_hosts[package_name].append(host)
+    
+    @classmethod
+    def get_pip_args(cls, package_name: str) -> List[str]:
+        """Get pip install arguments for a package based on policy."""
+        args = []
+        
+        with cls._lock:
+            if package_name in cls._index_urls:
+                args.extend(['--index-url', cls._index_urls[package_name]])
+            
+            if package_name in cls._extra_index_urls:
+                for url in cls._extra_index_urls[package_name]:
+                    args.extend(['--extra-index-url', url])
+            
+            if package_name in cls._trusted_hosts:
+                for host in cls._trusted_hosts[package_name]:
+                    args.extend(['--trusted-host', host])
+            
+            if cls._require_hashes.get(package_name, False):
+                args.append('--require-hashes')
+            
+            if not cls._verify_ssl.get(package_name, True):
+                args.append('--no-verify-ssl')
+        
+        return args
+    
+    @classmethod
+    def set_lockfile_path(cls, package_name: str, path: str) -> None:
+        """Set lockfile path for a package."""
+        with cls._lock:
+            cls._lockfile_paths[package_name] = path
+    
+    @classmethod
+    def get_lockfile_path(cls, package_name: str) -> Optional[str]:
+        """Get lockfile path for a package."""
+        with cls._lock:
+            return cls._lockfile_paths.get(package_name)
+
+
+__all__ = ['LazyInstallPolicy']
+

exonware/xwlazy/package/services/install_registry.py

@@ -0,0 +1,56 @@
+"""
+Installer Registry
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+Version: 0.1.0.19
+Generation Date: 15-Nov-2025
+
+Registry to manage separate lazy installer instances per package.
+"""
+
+import threading
+from typing import Dict, TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from .lazy_installer import LazyInstaller
+
+
+class LazyInstallerRegistry:
+    """Registry to manage separate lazy installer instances per package."""
+    _instances: Dict[str, 'LazyInstaller'] = {}
+    _lock = threading.RLock()
+    
+    @classmethod
+    def get_instance(cls, package_name: str = 'default') -> 'LazyInstaller':
+        """
+        Get or create a lazy installer instance for a package.
+        
+        Args:
+            package_name: Package name for isolation
+            
+        Returns:
+            LazyInstaller instance for the package
+        """
+        with cls._lock:
+            if package_name not in cls._instances:
+                # Lazy import to avoid circular dependency
+                from .lazy_installer import LazyInstaller
+                cls._instances[package_name] = LazyInstaller(package_name)
+            return cls._instances[package_name]
+    
+    @classmethod
+    def get_all_instances(cls) -> Dict[str, 'LazyInstaller']:
+        """
+        Get all lazy installer instances.
+        
+        Returns:
+            Dict mapping package_name -> LazyInstaller
+        """
+        with cls._lock:
+            return cls._instances.copy()
+
+
+__all__ = ['LazyInstallerRegistry']
+

exonware/xwlazy/package/services/install_result.py

@@ -0,0 +1,17 @@
+"""
+Install Result and Status
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+Version: 0.1.0.19
+Generation Date: 15-Nov-2025
+
+Re-export installation result types from defs.py for backward compatibility.
+"""
+
+# Re-export from defs.py
+from ...defs import InstallStatus, InstallResult
+
+__all__ = ['InstallStatus', 'InstallResult']
+

exonware/xwlazy/package/services/install_sbom.py

@@ -0,0 +1,154 @@
+"""
+SBOM and Audit Mixin
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+Version: 0.1.0.19
+Generation Date: 15-Nov-2025
+
+Mixin for SBOM generation and vulnerability auditing.
+"""
+
+import json
+import sys
+import subprocess
+from datetime import datetime
+from pathlib import Path
+from typing import Dict
+
+from .install_policy import LazyInstallPolicy
+
+# Lazy imports
+def _get_logger():
+    """Get logger (lazy import to avoid circular dependency)."""
+    from ...common.logger import get_logger
+    return get_logger("xwlazy.lazy_installer")
+
+def _get_log_event():
+    """Get log_event function (lazy import to avoid circular dependency)."""
+    from ...common.logger import log_event
+    return log_event
+
+logger = None
+_log = None
+
+def _ensure_logging_initialized():
+    """Ensure logging utilities are initialized."""
+    global logger, _log
+    if logger is None:
+        logger = _get_logger()
+    if _log is None:
+        _log = _get_log_event()
+
+
+class SBOMAuditMixin:
+    """Mixin for SBOM generation and vulnerability auditing."""
+    
+    def _run_vulnerability_audit(self, package_name: str) -> None:
+        """Run vulnerability audit on installed package using pip-audit."""
+        _ensure_logging_initialized()
+        try:
+            result = subprocess.run(
+                [sys.executable, '-m', 'pip_audit', '-r', '-', '--format', 'json'],
+                input=package_name,
+                capture_output=True,
+                text=True,
+                timeout=30
+            )
+            
+            if result.returncode == 0:
+                _log("audit", f"Vulnerability audit passed for {package_name}")
+            else:
+                try:
+                    audit_data = json.loads(result.stdout)
+                    if audit_data.get('vulnerabilities'):
+                        logger.warning(f"[SECURITY] Vulnerabilities found in {package_name}: {audit_data}")
+                        print(f"[SECURITY WARNING] Package '{package_name}' has known vulnerabilities")
+                        print(f"Run 'pip-audit' for details")
+                except json.JSONDecodeError:
+                    logger.warning(f"Could not parse audit results for {package_name}")
+        except subprocess.TimeoutExpired:
+            logger.warning(f"Vulnerability audit timed out for {package_name}")
+        except Exception as e:
+            logger.debug(f"Vulnerability audit skipped for {package_name}: {e}")
+    
+    def _update_lockfile(self, package_name: str) -> None:
+        """Update lockfile with newly installed package."""
+        _ensure_logging_initialized()
+        lockfile_path = LazyInstallPolicy.get_lockfile_path(self._package_name)  # type: ignore[attr-defined]
+        if not lockfile_path:
+            return
+        
+        try:
+            version = self._get_installed_version(package_name)  # type: ignore[attr-defined]
+            if not version:
+                return
+            
+            lockfile_path = Path(lockfile_path)
+            if lockfile_path.exists():
+                with open(lockfile_path, 'r', encoding='utf-8') as f:
+                    lockdata = json.load(f)
+            else:
+                lockdata = {
+                    "metadata": {
+                        "generated_by": f"xwlazy-{self._package_name}",  # type: ignore[attr-defined]
+                        "version": "1.0"
+                    },
+                    "packages": {}
+                }
+            
+            lockdata["packages"][package_name] = {
+                "version": version,
+                "installed_at": datetime.now().isoformat(),
+                "installer": self._package_name  # type: ignore[attr-defined]
+            }
+            
+            lockfile_path.parent.mkdir(parents=True, exist_ok=True)
+            with open(lockfile_path, 'w', encoding='utf-8') as f:
+                json.dump(lockdata, f, indent=2)
+            
+            _log("sbom", f"Updated lockfile: {lockfile_path}")
+        except Exception as e:
+            logger.warning(f"Failed to update lockfile: {e}")
+    
+    def generate_sbom(self) -> Dict:
+        """Generate Software Bill of Materials (SBOM) for installed packages."""
+        sbom = {
+            "metadata": {
+                "format": "xwlazy-sbom",
+                "version": "1.0",
+                "generated_at": datetime.now().isoformat(),
+                "installer_package": self._package_name  # type: ignore[attr-defined]
+            },
+            "packages": []
+        }
+        
+        for pkg in self._installed_packages:  # type: ignore[attr-defined]
+            version = self._get_installed_version(pkg)  # type: ignore[attr-defined]
+            sbom["packages"].append({
+                "name": pkg,
+                "version": version or "unknown",
+                "installed_by": self._package_name,  # type: ignore[attr-defined]
+                "source": "pypi"
+            })
+        
+        return sbom
+    
+    def export_sbom(self, output_path: str) -> bool:
+        """Export SBOM to file."""
+        _ensure_logging_initialized()
+        try:
+            sbom = self.generate_sbom()
+            output_path = Path(output_path)
+            output_path.parent.mkdir(parents=True, exist_ok=True)
+            
+            with open(output_path, 'w', encoding='utf-8') as f:
+                json.dump(sbom, f, indent=2)
+            
+            _log("sbom", f"Exported SBOM to: {output_path}")
+            return True
+        except Exception as e:
+            logger.error(f"Failed to export SBOM: {e}")
+            return False
+

exonware/xwlazy/package/services/install_utils.py

@@ -0,0 +1,83 @@
+"""
+Installation Utilities
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+Version: 0.1.0.19
+Generation Date: 15-Nov-2025
+
+Utility functions for installation operations.
+"""
+
+import os
+import sys
+import inspect
+import subprocess
+from pathlib import Path
+from typing import Optional
+
+
+def get_trigger_file() -> Optional[str]:
+    """
+    Get the file that triggered the import (from call stack).
+    
+    Returns:
+        Filename that triggered the import, or None
+    """
+    try:
+        # Walk up the call stack to find the first non-xwlazy file
+        # Look for files in xwsystem, xwnode, xwdata, or user code
+        for frame_info in inspect.stack():
+            filename = frame_info.filename
+            # Skip xwlazy internal files and importlib
+            if ('xwlazy' not in filename and 
+                'importlib' not in filename and 
+                '<frozen' not in filename and
+                filename.endswith('.py')):
+                # Return just the filename, not full path
+                basename = os.path.basename(filename)
+                # If it's a serialization file, use that
+                if 'serialization' in filename or 'formats' in filename:
+                    # Extract the format name (e.g., bson.py -> BsonSerializer)
+                    if basename.endswith('.py'):
+                        basename = basename[:-3]  # Remove .py
+                    return f"{basename.capitalize()}Serializer" if basename else None
+                return basename
+    except Exception:
+        pass
+    return None
+
+
+def is_externally_managed() -> bool:
+    """
+    Check if Python environment is externally managed (PEP 668).
+    
+    Returns:
+        True if environment is externally managed
+    """
+    marker_file = Path(sys.prefix) / "EXTERNALLY-MANAGED"
+    return marker_file.exists()
+
+
+def check_pip_audit_available() -> bool:
+    """
+    Check if pip-audit is available for vulnerability scanning.
+    
+    Returns:
+        True if pip-audit is available
+    """
+    try:
+        result = subprocess.run(
+            [sys.executable, '-m', 'pip', 'list'],
+            capture_output=True,
+            text=True,
+            timeout=5
+        )
+        return 'pip-audit' in result.stdout
+    except Exception:
+        return False
+
+
+__all__ = ['get_trigger_file', 'is_externally_managed', 'check_pip_audit_available']
+