fast-clean-architecture 1.0.0__py3-none-any.whl → 1.1.2__py3-none-any.whl

fast_clean_architecture/utils.py

@@ -2,14 +2,19 @@
 
 import keyword
 import re
-import urllib.parse
-import unicodedata
 import threading
-import fcntl
-import os
+import unicodedata
+import urllib.parse
 from datetime import datetime, timezone
 from pathlib import Path
-from typing import Any, Dict, List, Optional, Union
+from typing import Any, Callable, Dict, List, Optional, Union
+
+from .exceptions import (
+    SecurityError,
+    ValidationError,
+    create_secure_error,
+    create_validation_error,
+)
 
 
 def generate_timestamp() -> str:
@@ -42,7 +47,12 @@ def get_file_lock(file_path: Union[str, Path]) -> threading.Lock:
         return _file_locks[file_path_str]
 
 
-def secure_file_operation(file_path: Union[str, Path], operation_func, *args, **kwargs):
+def secure_file_operation(
+    file_path: Union[str, Path],
+    operation_func: Callable[..., Any],
+    *args: Any,
+    **kwargs: Any,
+) -> Any:
     """Execute file operation with proper locking."""
     lock = get_file_lock(file_path)
     with lock:
@@ -61,7 +71,7 @@ def sanitize_error_message(
         r"/Users/[^/\s]+",  # User home directories
         r"/home/[^/\s]+",  # Linux home directories
         r"C:\\Users\\[^\\\s]+",  # Windows user directories
-        r"/tmp/[^/\s]+",  # Temporary directories
+        r"/tmp/[^/\s]+",  # Temporary directories  # nosec B108
         r"/var/[^/\s]+",  # System directories
         r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b",  # IP addresses
     ]
@@ -76,18 +86,20 @@ def sanitize_error_message(
     return sanitized_msg
 
 
-def create_secure_error(error_type: str, operation: str, details: Optional[str] = None):
+def create_secure_error_message(
+    error_type: str, operation: str, details: Optional[str] = None
+) -> str:
     """Create a secure error message without exposing sensitive information."""
-    from fast_clean_architecture.exceptions import ValidationError
+    import os
 
     base_msg = f"Failed to {operation}"
-
     if details:
-        # Sanitize details before including
-        safe_details = sanitize_error_message(details)
-        return ValidationError(f"{base_msg}: {safe_details}")
-
-    return ValidationError(base_msg)
+        # Sanitize details to prevent information leakage
+        safe_details = details.replace(os.path.expanduser("~"), "<HOME>")
+        safe_details = re.sub(r"/Users/[^/]+", "/Users/<USER>", safe_details)
+        safe_details = re.sub(r"\\Users\\[^\\]+", "\\Users\\<USER>", safe_details)
+        return f"{base_msg}: {safe_details}"
+    return base_msg
 
 
 def to_snake_case(name: str) -> str:
@@ -220,18 +232,20 @@ def validate_name(name: str) -> None:
         decoded_name = urllib.parse.unquote(name)
         # Apply Unicode normalization to handle Unicode attacks
         normalized_name = unicodedata.normalize("NFKC", decoded_name)
-    except Exception:
+    except (ValueError, UnicodeDecodeError, UnicodeError):
         # If decoding fails, treat as suspicious
-        raise ValidationError(
-            f"Invalid component name: suspicious encoding detected in '{name}'"
+        raise create_secure_error(
+            "encoding_attack",
+            "name validation",
+            f"Suspicious encoding detected in component name: {name[:50]}",
         )
 
     # Check for path traversal in original, decoded, and normalized forms
     names_to_check = [name, decoded_name, normalized_name]
     for check_name in names_to_check:
         if ".." in check_name or "/" in check_name or "\\" in check_name:
-            raise ValidationError(
-                f"Invalid component name: path traversal detected in '{name}'"
+            raise create_secure_error(
+                "path_traversal", "name validation", "Path traversal pattern detected"
             )
 
     # Check for encoded path traversal sequences
@@ -252,8 +266,10 @@ def validate_name(name: str) -> None:
     name_lower = name.lower()
     for pattern in encoded_patterns:
         if pattern in name_lower:
-            raise ValidationError(
-                f"Invalid component name: encoded path traversal detected in '{name}'"
+            raise create_secure_error(
+                "encoded_path_traversal",
+                "name validation",
+                "Encoded path traversal sequence detected",
             )
 
     # Check for Unicode path traversal variants
@@ -264,14 +280,18 @@ def validate_name(name: str) -> None:
     for dot in unicode_dots:
         for dot2 in unicode_dots:
             if dot + dot2 in name:
-                raise ValidationError(
-                    f"Invalid component name: Unicode path traversal detected in '{name}'"
+                raise create_secure_error(
+                    "unicode_path_traversal",
+                    "name validation",
+                    "Unicode path traversal pattern detected",
                 )
 
     for slash in unicode_slashes + unicode_backslashes:
         if slash in name:
-            raise ValidationError(
-                f"Invalid component name: Unicode path separator detected in '{name}'"
+            raise create_secure_error(
+                "unicode_path_separator",
+                "name validation",
+                "Unicode path separator detected",
             )
 
     # Check for shell injection attempts
@@ -347,8 +367,8 @@ def get_template_variables(
     module_name: str,
     component_name: str,
     component_type: str,
-    **kwargs,
-) -> dict:
+    **kwargs: Any,
+) -> Dict[str, Any]:
     """Generate template variables for rendering."""
     snake_name = to_snake_case(component_name)
     pascal_name = to_pascal_case(component_name)
@@ -489,7 +509,6 @@ def get_component_type_from_path(path: str) -> Optional[str]:
         "queries",  # application
         "models",
         "external",
-        "internal",  # infrastructure
         "api",
         "schemas",  # presentation
     ]
@@ -503,7 +522,7 @@ def get_component_type_from_path(path: str) -> Optional[str]:
     return None
 
 
-def parse_location_path(location: str) -> dict[str, str]:
+def parse_location_path(location: str) -> Dict[str, str]:
     """Parse location path to extract system, module, layer, and component type.
 
     Args:
@@ -535,7 +554,7 @@ def parse_location_path(location: str) -> dict[str, str]:
     layer_components = {
         "domain": ["entities", "repositories", "value_objects"],
         "application": ["services", "commands", "queries"],
-        "infrastructure": ["models", "repositories", "external", "internal"],
+        "infrastructure": ["models", "repositories", "external"],
         "presentation": ["api", "schemas"],
     }
 

fast_clean_architecture/validation.py

@@ -0,0 +1,302 @@
+"""Validation utilities for Fast Clean Architecture."""
+
+import re
+from pathlib import Path
+from typing import Any, Dict, List, Optional, Pattern, Set, Union
+
+from .exceptions import Result, SecurityError, ValidationError
+
+
+class ValidationRules:
+    """Centralized validation rules and patterns."""
+
+    # Component naming patterns
+    COMPONENT_NAME_PATTERN: Pattern[str] = re.compile(r"^[a-zA-Z][a-zA-Z0-9_]*$")
+    SYSTEM_NAME_PATTERN: Pattern[str] = re.compile(r"^[a-zA-Z][a-zA-Z0-9_-]*$")
+    MODULE_NAME_PATTERN: Pattern[str] = re.compile(r"^[a-zA-Z][a-zA-Z0-9_]*$")
+
+    # Security patterns
+    DANGEROUS_PATH_PATTERNS: List[Pattern[str]] = [
+        re.compile(r"\.\."),  # Path traversal
+        re.compile(r"^/etc/|^/root/|^/proc/|^/sys/"),  # Dangerous system paths only
+        re.compile(r"^~"),  # Home directory
+        re.compile(r"\$\{"),  # Variable expansion
+        re.compile(r"\$\("),  # Command substitution
+    ]
+
+    # Valid component types and layers
+    VALID_LAYERS: Set[str] = {"domain", "application", "infrastructure", "presentation"}
+
+    VALID_COMPONENT_TYPES: Set[str] = {
+        "entities",
+        "repositories",
+        "services",
+        "controllers",
+        "models",
+        "views",
+        "adapters",
+        "gateways",
+        "external",
+    }
+
+    # File extension validation
+    ALLOWED_EXTENSIONS: Set[str] = {
+        ".py",
+        ".yaml",
+        ".yml",
+        ".json",
+        ".md",
+        ".txt",
+        ".toml",
+    }
+
+
+class Validator:
+    """Main validation class with comprehensive checks."""
+
+    @staticmethod
+    def validate_component_name(name: str) -> Result[str, ValidationError]:
+        """Validate component name format."""
+        if not name:
+            return Result.failure(
+                ValidationError(
+                    "Component name cannot be empty", context={"name": name}
+                )
+            )
+
+        if not ValidationRules.COMPONENT_NAME_PATTERN.match(name):
+            return Result.failure(
+                ValidationError(
+                    f"Invalid component name format: {name}. Must start with letter and contain only letters, numbers, and underscores.",
+                    context={
+                        "name": name,
+                        "pattern": ValidationRules.COMPONENT_NAME_PATTERN.pattern,
+                    },
+                )
+            )
+
+        if len(name) > 50:
+            return Result.failure(
+                ValidationError(
+                    f"Component name too long: {len(name)} characters. Maximum 50 allowed.",
+                    context={"name": name, "length": len(name)},
+                )
+            )
+
+        return Result.success(name)
+
+    @staticmethod
+    def validate_system_name(name: str) -> Result[str, ValidationError]:
+        """Validate system name format."""
+        if not name:
+            return Result.failure(
+                ValidationError("System name cannot be empty", context={"name": name})
+            )
+
+        if not ValidationRules.SYSTEM_NAME_PATTERN.match(name):
+            return Result.failure(
+                ValidationError(
+                    f"Invalid system name format: {name}. Must start with letter and contain only letters, numbers, underscores, and hyphens.",
+                    context={
+                        "name": name,
+                        "pattern": ValidationRules.SYSTEM_NAME_PATTERN.pattern,
+                    },
+                )
+            )
+
+        return Result.success(name)
+
+    @staticmethod
+    def validate_module_name(name: str) -> Result[str, ValidationError]:
+        """Validate module name format."""
+        if not name:
+            return Result.failure(
+                ValidationError("Module name cannot be empty", context={"name": name})
+            )
+
+        if not ValidationRules.MODULE_NAME_PATTERN.match(name):
+            return Result.failure(
+                ValidationError(
+                    f"Invalid module name format: {name}. Must start with letter and contain only letters, numbers, and underscores.",
+                    context={
+                        "name": name,
+                        "pattern": ValidationRules.MODULE_NAME_PATTERN.pattern,
+                    },
+                )
+            )
+
+        return Result.success(name)
+
+    @staticmethod
+    def validate_layer(layer: str) -> Result[str, ValidationError]:
+        """Validate layer name."""
+        if layer not in ValidationRules.VALID_LAYERS:
+            return Result.failure(
+                ValidationError(
+                    f"Invalid layer: {layer}. Must be one of: {', '.join(sorted(ValidationRules.VALID_LAYERS))}",
+                    context={
+                        "layer": layer,
+                        "valid_layers": list(ValidationRules.VALID_LAYERS),
+                    },
+                )
+            )
+
+        return Result.success(layer)
+
+    @staticmethod
+    def validate_component_type(component_type: str) -> Result[str, ValidationError]:
+        """Validate component type."""
+        if component_type not in ValidationRules.VALID_COMPONENT_TYPES:
+            return Result.failure(
+                ValidationError(
+                    f"Invalid component type: {component_type}. Must be one of: {', '.join(sorted(ValidationRules.VALID_COMPONENT_TYPES))}",
+                    context={
+                        "component_type": component_type,
+                        "valid_types": list(ValidationRules.VALID_COMPONENT_TYPES),
+                    },
+                )
+            )
+
+        return Result.success(component_type)
+
+    @staticmethod
+    def validate_file_path(file_path: Union[str, Path]) -> Result[Path, SecurityError]:
+        """Validate file path for security issues."""
+        path_str = str(file_path)
+
+        # Check for dangerous patterns
+        for pattern in ValidationRules.DANGEROUS_PATH_PATTERNS:
+            if pattern.search(path_str):
+                return Result.failure(
+                    SecurityError(
+                        f"Potentially dangerous path pattern detected: {path_str}",
+                        context={"path": path_str, "pattern": pattern.pattern},
+                    )
+                )
+
+        # Convert to Path object
+        try:
+            path_obj = Path(path_str)
+        except Exception as e:
+            return Result.failure(
+                SecurityError(
+                    f"Invalid path format: {path_str}",
+                    context={"path": path_str, "error": str(e)},
+                )
+            )
+
+        # Check file extension
+        if (
+            path_obj.suffix
+            and path_obj.suffix not in ValidationRules.ALLOWED_EXTENSIONS
+        ):
+            return Result.failure(
+                SecurityError(
+                    f"File extension not allowed: {path_obj.suffix}",
+                    context={
+                        "path": path_str,
+                        "extension": path_obj.suffix,
+                        "allowed": list(ValidationRules.ALLOWED_EXTENSIONS),
+                    },
+                )
+            )
+
+        return Result.success(path_obj)
+
+    @staticmethod
+    def validate_description(
+        description: str, max_length: int = 500
+    ) -> Result[str, Union[ValidationError, SecurityError]]:
+        """Validate description text."""
+        if len(description) > max_length:
+            return Result.failure(
+                ValidationError(
+                    f"Description too long: {len(description)} characters. Maximum {max_length} allowed.",
+                    context={
+                        "description": description[:100] + "...",
+                        "length": len(description),
+                        "max_length": max_length,
+                    },
+                )
+            )
+
+        # Check for potentially dangerous content
+        dangerous_patterns = ["<script", "${", "$(", "javascript:"]
+        for pattern in dangerous_patterns:
+            if pattern.lower() in description.lower():
+                return Result.failure(
+                    SecurityError(
+                        f"Potentially dangerous content in description: {pattern}",
+                        context={
+                            "description": description[:100] + "...",
+                            "pattern": pattern,
+                        },
+                    )
+                )
+
+        return Result.success(description)
+
+    @classmethod
+    def validate_component_creation(
+        cls,
+        system_name: str,
+        module_name: str,
+        layer: str,
+        component_type: str,
+        component_name: str,
+        file_path: Optional[Union[str, Path]] = None,
+        description: Optional[str] = None,
+    ) -> Result[Dict[str, Any], Union[ValidationError, SecurityError]]:
+        """Comprehensive validation for component creation."""
+
+        # Validate all required fields
+        system_validation = cls.validate_system_name(system_name)
+        if system_validation.is_failure:
+            return system_validation  # type: ignore
+
+        module_validation = cls.validate_module_name(module_name)
+        if module_validation.is_failure:
+            return module_validation  # type: ignore
+
+        layer_validation = cls.validate_layer(layer)
+        if layer_validation.is_failure:
+            return layer_validation  # type: ignore
+
+        component_type_validation = cls.validate_component_type(component_type)
+        if component_type_validation.is_failure:
+            return component_type_validation  # type: ignore
+
+        component_name_validation = cls.validate_component_name(component_name)
+        if component_name_validation.is_failure:
+            return component_name_validation  # type: ignore
+
+        # Validate optional fields
+        validated_file_path = None
+        if file_path is not None:
+            file_validation = cls.validate_file_path(file_path)
+            if file_validation.is_failure:
+                return file_validation  # type: ignore
+            else:
+                validated_file_path = file_validation.value
+
+        if description is not None:
+            description_validation = cls.validate_description(description)
+            if description_validation.is_failure:
+                return description_validation  # type: ignore
+
+        # Return validated data
+        validated_data = {
+            "system_name": system_name,
+            "module_name": module_name,
+            "layer": layer,
+            "component_type": component_type,
+            "component_name": component_name,
+        }
+
+        if validated_file_path is not None:
+            validated_data["file_path"] = str(validated_file_path)
+
+        if description is not None:
+            validated_data["description"] = description
+
+        return Result.success(validated_data)