fleet-python 0.2.65__tar.gz → 0.2.66b2__tar.gz

{fleet_python-0.2.65/fleet_python.egg-info → fleet_python-0.2.66b2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fleet-python
-Version: 0.2.65
+Version: 0.2.66b2
 Summary: Python SDK for Fleet environments
 Author-email: Fleet AI <nic@fleet.so>
 License: Apache-2.0

{fleet_python-0.2.65 → fleet_python-0.2.66b2}/fleet/_async/tasks.py

@@ -279,17 +279,14 @@ def verifier_from_string(
     """
     try:
         import inspect
-        import re
         from .verifiers.verifier import AsyncVerifierFunction
         from fleet.verifiers.code import TASK_SUCCESSFUL_SCORE, TASK_FAILED_SCORE
         from fleet.verifiers.db import IgnoreConfig
+        from fleet.verifiers.parsing import parse_and_validate_verifier
 
-        # Strip @verifier decorator if present to avoid double-wrapping
-        # Remove lines like: @verifier(key="...")
-        cleaned_code = re.sub(r'@verifier\([^)]*\)\s*\n', '', verifier_func)
-        # Also remove the verifier import if present
-        cleaned_code = re.sub(r'from fleet import.*verifier.*\n', '', cleaned_code)
-        cleaned_code = re.sub(r'import.*verifier.*\n', '', cleaned_code)
+        # Validate the code and extract function name
+        # This ensures no arbitrary code execution during import
+        func_name = parse_and_validate_verifier(verifier_func)
 
         # Create a local namespace for executing the code
         local_namespace = {
@@ -299,8 +296,9 @@ def verifier_from_string(
             "Environment": object,  # Add Environment type if needed
         }
 
-        # Execute the cleaned verifier code in the namespace
-        exec(cleaned_code, globals(), local_namespace)
+        # Execute the verifier code in the namespace
+        # This is now safe because we validated it contains only declarative code
+        exec(verifier_func, globals(), local_namespace)
 
         # Find the function that was defined (not imported)
         # Functions defined via exec have co_filename == '<string>'

{fleet_python-0.2.65 → fleet_python-0.2.66b2}/fleet/tasks.py

@@ -272,17 +272,14 @@ def verifier_from_string(
     """
     try:
         import inspect
-        import re
         from .verifiers import SyncVerifierFunction
         from .verifiers.code import TASK_SUCCESSFUL_SCORE, TASK_FAILED_SCORE
         from .verifiers.db import IgnoreConfig
+        from .verifiers.parsing import parse_and_validate_verifier
 
-        # Strip @verifier decorator if present to avoid double-wrapping
-        # Remove lines like: @verifier(key="...")
-        cleaned_code = re.sub(r'@verifier\([^)]*\)\s*\n', '', verifier_func)
-        # Also remove the verifier import if present
-        cleaned_code = re.sub(r'from fleet import.*verifier.*\n', '', cleaned_code)
-        cleaned_code = re.sub(r'import.*verifier.*\n', '', cleaned_code)
+        # Validate the code and extract function name
+        # This ensures no arbitrary code execution during import
+        func_name = parse_and_validate_verifier(verifier_func)
 
         # Create a globals namespace with all required imports
         exec_globals = globals().copy()
@@ -298,8 +295,9 @@ def verifier_from_string(
         # Create a local namespace for executing the code
         local_namespace = {}
 
-        # Execute the cleaned verifier code in the namespace
-        exec(cleaned_code, exec_globals, local_namespace)
+        # Execute the verifier code in the namespace
+        # This is now safe because we validated it contains only declarative code
+        exec(verifier_func, exec_globals, local_namespace)
 
         # Find the function that was defined (not imported)
         # Functions defined via exec have co_filename == '<string>'

{fleet_python-0.2.65 → fleet_python-0.2.66b2/fleet_python.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fleet-python
-Version: 0.2.65
+Version: 0.2.66b2
 Summary: Python SDK for Fleet environments
 Author-email: Fleet AI <nic@fleet.so>
 License: Apache-2.0

{fleet_python-0.2.65 → fleet_python-0.2.66b2}/fleet_python.egg-info/SOURCES.txt

@@ -80,4 +80,5 @@ fleet_python.egg-info/top_level.txt
 scripts/fix_sync_imports.py
 scripts/unasync.py
 tests/__init__.py
-tests/test_verifier_from_string.py
+tests/test_verifier_from_string.py
+tests/test_verifier_security.py

{fleet_python-0.2.65 → fleet_python-0.2.66b2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "fleet-python"
-version = "0.2.65"
+version = "0.2.66b2"
 description = "Python SDK for Fleet environments"
 authors = [
     {name = "Fleet AI", email = "nic@fleet.so"},

fleet_python-0.2.66b2/tests/test_verifier_security.py

@@ -0,0 +1,427 @@
+"""Security tests for verifier_from_string function.
+
+Tests that the verifier parsing and validation properly blocks
+arbitrary code execution during import.
+"""
+
+import pytest
+from fleet.tasks import verifier_from_string as sync_verifier_from_string
+from fleet._async.tasks import verifier_from_string as async_verifier_from_string
+
+
+class TestSyncVerifierSecurity:
+    """Security tests for sync version of verifier_from_string."""
+
+    def test_blocks_module_level_subprocess_run(self):
+        """Test that module-level subprocess.run() is blocked."""
+        code = """
+import subprocess
+subprocess.run(['echo', 'malicious'])
+
+def my_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Expression statements that are not constants"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_blocks_module_level_open(self):
+        """Test that module-level open() is blocked."""
+        code = """
+open('/etc/passwd', 'r')
+
+def my_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Expression statements that are not constants"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_blocks_assignment_with_subprocess_call(self):
+        """Test that variable assignment with subprocess call is blocked."""
+        code = """
+import subprocess
+result = subprocess.run(['echo', 'malicious'])
+
+def my_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Variable assignments with function calls"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_blocks_assignment_with_open_call(self):
+        """Test that variable assignment with open() is blocked."""
+        code = """
+file_handle = open('/etc/passwd', 'r')
+
+def my_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Variable assignments with function calls"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_blocks_assignment_with_any_function_call(self):
+        """Test that variable assignment with any function call is blocked."""
+        code = """
+import os
+path = os.getcwd()
+
+def my_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Variable assignments with function calls"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_allows_constant_assignment(self):
+        """Test that constant variable assignments are allowed."""
+        code = """
+CONSTANT_VALUE = 42
+ANOTHER_CONSTANT = "test"
+PI = 3.14159
+
+def my_verifier(env):
+    return CONSTANT_VALUE
+"""
+        # Should not raise
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+    def test_allows_list_dict_constant_assignment(self):
+        """Test that list/dict constant assignments are allowed."""
+        code = """
+MY_LIST = [1, 2, 3]
+MY_DICT = {"key": "value"}
+MY_TUPLE = (1, 2, 3)
+
+def my_verifier(env):
+    return 1.0
+"""
+        # Should not raise
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+    def test_allows_valid_imports(self):
+        """Test that imports are allowed."""
+        code = """
+import json
+import os
+from typing import Dict
+
+def my_verifier(env):
+    return 1.0
+"""
+        # Should not raise
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+    def test_allows_class_definitions(self):
+        """Test that class definitions are allowed."""
+        code = """
+class MyHelper:
+    def __init__(self):
+        self.value = 42
+
+    def get_value(self):
+        return self.value
+
+def my_verifier(env):
+    helper = MyHelper()
+    return helper.get_value()
+"""
+        # Should not raise
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+    def test_allows_multiple_functions(self):
+        """Test that multiple function definitions are allowed."""
+        code = """
+def helper_function(x):
+    return x * 2
+
+def my_verifier(env):
+    return helper_function(0.5)
+"""
+        # Should not raise
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+    def test_extracts_first_function_name(self):
+        """Test that the first function name is correctly extracted."""
+        code = """
+def first_function(env):
+    return 1.0
+
+def second_function(env):
+    return 0.5
+"""
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        # The first function should be used
+        assert verifier.func.__name__ == "first_function"
+
+    def test_error_message_includes_line_number(self):
+        """Test that error messages include helpful line numbers."""
+        code = """
+import subprocess
+
+subprocess.run(['echo', 'test'])
+
+def my_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match=r"Line \d+"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_blocks_nested_function_call_in_list(self):
+        """Test that function calls nested in list assignments are blocked."""
+        code = """
+import os
+MY_LIST = [1, 2, os.getcwd()]
+
+def my_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Variable assignments with function calls"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_blocks_nested_function_call_in_dict(self):
+        """Test that function calls nested in dict assignments are blocked."""
+        code = """
+import os
+MY_DICT = {"cwd": os.getcwd()}
+
+def my_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Variable assignments with function calls"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_allows_docstrings(self):
+        """Test that module-level docstrings are allowed."""
+        code = '''
+"""This is a module docstring."""
+
+def my_verifier(env):
+    """This is a function docstring."""
+    return 1.0
+'''
+        # Should not raise
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+    def test_function_with_decorator_extracts_correct_name(self):
+        """Test that decorators don't affect function name extraction."""
+        code = """
+def some_decorator(func):
+    return func
+
+@some_decorator
+def my_actual_function(env):
+    return 1.0
+"""
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        # Should extract 'some_decorator' (first function) or 'my_actual_function'
+        # depending on order, but NOT the decorator name itself
+        assert verifier.func.__name__ in ["some_decorator", "my_actual_function"]
+
+    def test_blocks_decorator_with_function_call(self):
+        """Test that decorators with function calls are blocked."""
+        code = """
+import subprocess
+
+@subprocess.run(['echo', 'bad'])
+def my_verifier(env):
+    return 1.0
+"""
+        # Decorators execute during import, so calls in decorators are dangerous
+        with pytest.raises(ValueError, match="Function decorators with function calls"):
+            sync_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_allows_simple_decorator_reference(self):
+        """Test that simple decorator references (no calls) are allowed."""
+        code = """
+def my_decorator(func):
+    return func
+
+@my_decorator
+def my_verifier(env):
+    return 1.0
+"""
+        # Simple decorator reference (no call) should be allowed
+        verifier = sync_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+
+class TestAsyncVerifierSecurity:
+    """Security tests for async version of verifier_from_string."""
+
+    def test_blocks_module_level_subprocess_run(self):
+        """Test that module-level subprocess.run() is blocked."""
+        code = """
+import subprocess
+subprocess.run(['echo', 'malicious'])
+
+async def my_async_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Expression statements that are not constants"):
+            async_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_blocks_assignment_with_function_call(self):
+        """Test that variable assignment with function call is blocked."""
+        code = """
+import subprocess
+result = subprocess.run(['echo', 'malicious'])
+
+async def my_async_verifier(env):
+    return 1.0
+"""
+        with pytest.raises(ValueError, match="Variable assignments with function calls"):
+            async_verifier_from_string(
+                verifier_func=code,
+                verifier_id="test-verifier",
+                verifier_key="test-key",
+                sha256="test-sha",
+            )
+
+    def test_allows_constant_assignment(self):
+        """Test that constant variable assignments are allowed."""
+        code = """
+CONSTANT_VALUE = 42
+
+async def my_async_verifier(env):
+    return CONSTANT_VALUE
+"""
+        # Should not raise
+        verifier = async_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+    def test_allows_async_function_definitions(self):
+        """Test that async function definitions are recognized."""
+        code = """
+async def my_async_verifier(env):
+    return 1.0
+"""
+        # Should not raise
+        verifier = async_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        assert verifier is not None
+
+    def test_extracts_first_async_function_name(self):
+        """Test that the first async function name is correctly extracted."""
+        code = """
+async def first_async_function(env):
+    return 1.0
+
+async def second_async_function(env):
+    return 0.5
+"""
+        verifier = async_verifier_from_string(
+            verifier_func=code,
+            verifier_id="test-verifier",
+            verifier_key="test-key",
+            sha256="test-sha",
+        )
+        # The first function should be used
+        assert verifier.func.__name__ == "first_async_function"