holmesgpt 0.13.0__py3-none-any.whl → 0.13.1__py3-none-any.whl

holmes/plugins/toolsets/bash/kubectl/kubectl_top.py

@@ -1,81 +1,42 @@
-from typing import Any
+import argparse
+from typing import Any, Optional
 
+from holmes.plugins.toolsets.bash.common.bash_command import BashCommand
+from holmes.plugins.toolsets.bash.common.config import BashExecutorConfig
 from holmes.plugins.toolsets.bash.common.stringify import escape_shell_args
-from holmes.plugins.toolsets.bash.common.validators import regex_validator
-from holmes.plugins.toolsets.bash.kubectl.constants import (
-    SAFE_NAME_PATTERN,
-    SAFE_NAMESPACE_PATTERN,
-    SAFE_SELECTOR_PATTERN,
-)
 
 
-def create_kubectl_top_parser(kubectl_parser: Any):
-    parser = kubectl_parser.add_parser(
-        "top",
-        help="Display resource (CPU/memory) usage",
-        exit_on_error=False,
-    )
-    parser.add_argument(
-        "resource_type",
-        choices=["nodes", "node", "pods", "pod"],
-        help="Resource type to get usage for",
-    )
-    parser.add_argument(
-        "resource_name",
-        nargs="?",
-        default=None,
-        type=regex_validator("resource name", SAFE_NAME_PATTERN),
-    )
-    parser.add_argument(
-        "-n", "--namespace", type=regex_validator("namespace", SAFE_NAMESPACE_PATTERN)
-    )
-    parser.add_argument("-A", "--all-namespaces", action="store_true")
-    parser.add_argument(
-        "-l", "--selector", type=regex_validator("selector", SAFE_SELECTOR_PATTERN)
-    )
-    parser.add_argument(
-        "--containers",
-        action="store_true",
-        help="Display containers along with pods (for pods resource type)",
-    )
-    parser.add_argument(
-        "--use-protocol-buffers",
-        action="store_true",
-        help="Use protocol buffers for fetching metrics",
-    )
-    parser.add_argument(
-        "--sort-by",
-        type=regex_validator("sort field", SAFE_NAME_PATTERN),
-        help="Sort by cpu or memory",
-    )
-    parser.add_argument("--no-headers", action="store_true")
-
-
-def stringify_top_command(cmd: Any) -> str:
-    parts = ["kubectl", "top", cmd.resource_type]
-
-    # Add resource name if specified
-    if cmd.resource_name:
-        parts.append(cmd.resource_name)
-
-    if cmd.all_namespaces:
-        parts.append("--all-namespaces")
-    elif cmd.namespace:
-        parts.extend(["--namespace", cmd.namespace])
-
-    if cmd.selector:
-        parts.extend(["--selector", cmd.selector])
-
-    if cmd.containers:
-        parts.append("--containers")
-
-    if cmd.use_protocol_buffers:
-        parts.append("--use-protocol-buffers")
-
-    if cmd.sort_by:
-        parts.extend(["--sort-by", cmd.sort_by])
-
-    if cmd.no_headers:
-        parts.append("--no-headers")
-
-    return " ".join(escape_shell_args(parts))
+class KubectlTopCommand(BashCommand):
+    def __init__(self):
+        super().__init__("top")
+
+    def add_parser(self, parent_parser: Any):
+        parser = parent_parser.add_parser(
+            "top",
+            help="Display resource (CPU/memory) usage",
+            exit_on_error=False,
+        )
+        parser.add_argument(
+            "resource_type",
+            choices=["nodes", "node", "pods", "pod"],
+            help="Resource type to get usage for",
+        )
+        parser.add_argument(
+            "options",
+            nargs=argparse.REMAINDER,  # Captures all remaining arguments
+            default=[],  # Default to an empty list
+        )
+
+    def validate_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> None:
+        pass
+
+    def stringify_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> str:
+        parts = ["kubectl", "top", command.resource_type]
+
+        parts += command.options
+
+        return " ".join(escape_shell_args(parts))

holmes/plugins/toolsets/bash/parse_command.py

@@ -1,39 +1,111 @@
 import argparse
+import logging
 import shlex
 from typing import Any, Optional
 
+from holmes.plugins.toolsets.bash.common.bash_command import BashCommand
 from holmes.plugins.toolsets.bash.common.config import BashExecutorConfig
-from holmes.plugins.toolsets.bash.grep import create_grep_parser, stringify_grep_command
-from holmes.plugins.toolsets.bash.kubectl import (
-    create_kubectl_parser,
-    stringify_kubectl_command,
-)
+from holmes.plugins.toolsets.bash.kubectl import KubectlCommand
+from holmes.plugins.toolsets.bash.aws import AWSCommand
+from holmes.plugins.toolsets.bash.azure import AzureCommand
+from holmes.plugins.toolsets.bash.argocd import ArgocdCommand
+from holmes.plugins.toolsets.bash.docker import DockerCommand
+from holmes.plugins.toolsets.bash.helm import HelmCommand
+
+# Utilities imports - all now use Command classes
+from holmes.plugins.toolsets.bash.utilities.wc import WCCommand
+from holmes.plugins.toolsets.bash.utilities.cut import CutCommand
+from holmes.plugins.toolsets.bash.utilities.sort import SortCommand
+from holmes.plugins.toolsets.bash.utilities.uniq import UniqCommand
+from holmes.plugins.toolsets.bash.utilities.head import HeadCommand
+from holmes.plugins.toolsets.bash.utilities.tail import TailCommand
+from holmes.plugins.toolsets.bash.utilities.tr import TrCommand
+from holmes.plugins.toolsets.bash.utilities.base64_util import Base64Command
+from holmes.plugins.toolsets.bash.utilities.jq import JqCommand
+from holmes.plugins.toolsets.bash.utilities.sed import SedCommand
+from holmes.plugins.toolsets.bash.utilities.grep import GrepCommand
+
+
+# All commands now use BashCommand classes
+AVAILABLE_COMMANDS: list[BashCommand] = [
+    WCCommand(),
+    KubectlCommand(),
+    AWSCommand(),
+    AzureCommand(),
+    ArgocdCommand(),
+    DockerCommand(),
+    HelmCommand(),
+    GrepCommand(),
+    CutCommand(),
+    SortCommand(),
+    UniqCommand(),
+    HeadCommand(),
+    TailCommand(),
+    TrCommand(),
+    Base64Command(),
+    JqCommand(),
+    SedCommand(),
+]
+
+command_name_to_command_map: dict[str, BashCommand] = {
+    cmd.name: cmd for cmd in AVAILABLE_COMMANDS
+}
+
+
+class QuietArgumentParser(argparse.ArgumentParser):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+    def _print_message(self, message, file=None):
+        if message:
+            logging.debug(message.strip())
+
+    def error(self, message):
+        logging.debug(f"Error: {message}")
+        self.exit(2)
 
 
 def create_parser() -> argparse.ArgumentParser:
-    parser = argparse.ArgumentParser(
-        description="Parser for commands", exit_on_error=False
+    parser = QuietArgumentParser(
+        prog="command_parser",  # Set explicit program name
+        description="Parser for commands",
+        exit_on_error=False,
+        add_help=False,  # Disable help to avoid conflicts with -h in subcommands
     )
     commands_parser = parser.add_subparsers(
         dest="cmd", required=True, help="The tool to command (e.g., kubectl)"
     )
 
-    create_kubectl_parser(commands_parser)
-    create_grep_parser(commands_parser)
+    # Add all BashCommand classes
+    for command in AVAILABLE_COMMANDS:
+        command.add_parser(commands_parser)
+
     return parser
 
 
+def validate_command(
+    command: Any, original_command: str, config: Optional[BashExecutorConfig]
+):
+    bash_command_instance = command_name_to_command_map.get(command.cmd)
+
+    if bash_command_instance:
+        bash_command_instance.validate_command(command, original_command, config)
+
+
 def stringify_command(
     command: Any, original_command: str, config: Optional[BashExecutorConfig]
 ) -> str:
-    if command.cmd == "kubectl":
-        return stringify_kubectl_command(command, config)
-    elif command.cmd == "grep":
-        return stringify_grep_command(command)
+    bash_command_instance = command_name_to_command_map.get(command.cmd)
+
+    if bash_command_instance:
+        return bash_command_instance.stringify_command(
+            command, original_command, config
+        )
     else:
         # This code path should not happen b/c the parsing of the command should catch an unsupported command
+        supported_commands = [cmd.name for cmd in AVAILABLE_COMMANDS]
         raise ValueError(
-            f"Unsupported command '{command.cmd}' in {original_command}. Supported commands are: kubectl, grep"
+            f"Unsupported command '{command.cmd}' in {original_command}. Supported commands are: {', '.join(supported_commands)}"
         )
 
 
@@ -81,23 +153,25 @@ def split_into_separate_commands(command_str: str) -> list[list[str]]:
 def make_command_safe(command_str: str, config: Optional[BashExecutorConfig]) -> str:
     commands = split_into_separate_commands(command_str)
 
-    try:
-        safe_commands = [
-            command_parser.parse_args(command_parts) for command_parts in commands
-        ]
-        if safe_commands and safe_commands[0].cmd == "grep":
+    parsed_commands = []
+    for individual_command in commands:
+        try:
+            parsed_commands.append(command_parser.parse_args(individual_command))
+
+        except SystemExit:
+            # argparse throws a SystemExit error when it can't parse command or arguments
+            # This ideally should be captured differently by ensuring all possible args
+            # are accounted for in the implementation for each command.
+            # When falling back, we raise a generic error
             raise ValueError(
-                "The command grep can only be used after another command using the pipe `|` character to connect both commands"
-            )
-        safe_commands_str = [
-            stringify_command(cmd, original_command=command_str, config=config)
-            for cmd in safe_commands
-        ]
+                f"The following command failed to be parsed for safety: {command_str}"
+            ) from None
+    for command in parsed_commands:
+        validate_command(command=command, original_command=command_str, config=config)
+
+    safe_commands_str = [
+        stringify_command(command=command, original_command=command_str, config=config)
+        for command in parsed_commands
+    ]
 
-        return " | ".join(safe_commands_str)
-    except SystemExit:
-        # argparse throws a SystemExit error when it can't parse command or arguments
-        # This ideally should be captured differently by ensuring all possible args
-        # are accounted for in the implementation for each command.
-        # When falling back, we raise a generic error
-        raise ValueError("The command failed to be parsed for safety") from None
+    return " | ".join(safe_commands_str)

holmes/plugins/toolsets/bash/utilities/base64_util.py

@@ -0,0 +1,12 @@
+from holmes.plugins.toolsets.bash.common.bash_command import (
+    SimpleBashCommand,
+)
+
+
+class Base64Command(SimpleBashCommand):
+    def __init__(self):
+        super().__init__(
+            name="base64",
+            allowed_options=[],  # Allow all options except file operations
+            denied_options=[],
+        )

holmes/plugins/toolsets/bash/utilities/cut.py

@@ -0,0 +1,12 @@
+from holmes.plugins.toolsets.bash.common.bash_command import (
+    SimpleBashCommand,
+)
+
+
+class CutCommand(SimpleBashCommand):
+    def __init__(self):
+        super().__init__(
+            name="cut",
+            allowed_options=[],  # Allow all options except file operations
+            denied_options=[],
+        )

holmes/plugins/toolsets/bash/utilities/grep/__init__.py

@@ -0,0 +1,10 @@
+from holmes.plugins.toolsets.bash.common.bash_command import SimpleBashCommand
+
+
+class GrepCommand(SimpleBashCommand):
+    def __init__(self):
+        super().__init__(
+            name="grep",
+            allowed_options=[],
+            denied_options=[],
+        )

holmes/plugins/toolsets/bash/utilities/head.py

@@ -0,0 +1,12 @@
+from holmes.plugins.toolsets.bash.common.bash_command import (
+    SimpleBashCommand,
+)
+
+
+class HeadCommand(SimpleBashCommand):
+    def __init__(self):
+        super().__init__(
+            name="head",
+            allowed_options=[],
+            denied_options=[],
+        )

holmes/plugins/toolsets/bash/utilities/jq.py

@@ -0,0 +1,79 @@
+import argparse
+from typing import Any, Optional
+
+from holmes.plugins.toolsets.bash.common.bash_command import BashCommand
+from holmes.plugins.toolsets.bash.common.config import BashExecutorConfig
+from holmes.plugins.toolsets.bash.common.stringify import escape_shell_args
+
+
+class JqCommand(BashCommand):
+    def __init__(self):
+        super().__init__("jq")
+
+    def add_parser(self, parent_parser: Any):
+        jq_parser = parent_parser.add_parser(
+            "jq",
+            help="JSON processor",
+            exit_on_error=False,
+            add_help=False,  # Disable help to avoid conflicts
+            prefix_chars="\x00",  # Use null character as prefix to disable option parsing
+        )
+
+        # Capture all arguments for validation
+        jq_parser.add_argument(
+            "options",
+            nargs=argparse.REMAINDER,
+            default=[],
+            help="Jq filter and options",
+        )
+        return jq_parser
+
+    def validate_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> None:
+        if hasattr(command, "options") and command.options:
+            validate_jq_options(command.options)
+
+    def stringify_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> str:
+        parts = ["jq"]
+
+        # Add validated options
+        if hasattr(command, "options") and command.options:
+            validated_options = validate_jq_options(command.options)
+            parts.extend(validated_options)
+
+        return " ".join(escape_shell_args(parts))
+
+
+def validate_jq_options(options: list[str]) -> list[str]:
+    """Validate jq CLI options - block file operations."""
+    i = 0
+    while i < len(options):
+        option = options[i]
+
+        # Block file reading operations
+        if option in {"--slurpfile", "--rawfile"}:
+            raise ValueError(f"Option {option} is not allowed for security reasons")
+
+        # Skip over option-value pairs
+        if option in {"--arg", "--argjson"} and i + 2 < len(options):
+            i += 3  # Skip option, name, value
+            continue
+        elif (
+            option.startswith("--")
+            and i + 1 < len(options)
+            and not options[i + 1].startswith("-")
+        ):
+            i += 2  # Skip option and value
+            continue
+
+        # No file arguments allowed (except filter expressions)
+        if not option.startswith("-") and "=" not in option:
+            # This could be a filter expression, allow it
+            pass
+
+        i += 1
+
+    return options

holmes/plugins/toolsets/bash/utilities/sed.py

@@ -0,0 +1,164 @@
+import argparse
+import re
+from typing import Any, Optional
+
+from holmes.plugins.toolsets.bash.common.bash_command import BashCommand
+from holmes.plugins.toolsets.bash.common.config import BashExecutorConfig
+from holmes.plugins.toolsets.bash.common.stringify import escape_shell_args
+
+# Blocked sed commands for security
+BLOCKED_SED_COMMANDS = {
+    "w",  # Write to file
+    "W",  # Write first line of pattern space to file
+    "r",  # Read file
+    "R",  # Read one line from file
+    "e",  # Execute command
+    "v",  # Version (in some contexts)
+    "z",  # Clear pattern space (can be misused)
+    "q",  # Quit (can be misused to skip processing)
+    "Q",  # Quit immediately
+}
+
+# Pattern to detect dangerous sed commands
+DANGEROUS_SED_PATTERN = re.compile(
+    r"(?:^|;|\n)\s*(?:[0-9,]*\s*)?[wWrRezvqQ](?:\s|$|/)", re.MULTILINE
+)
+
+
+class SedCommand(BashCommand):
+    def __init__(self):
+        super().__init__("sed")
+
+    def add_parser(self, parent_parser: Any):
+        sed_parser = parent_parser.add_parser(
+            "sed",
+            help="Stream editor for filtering and transforming text",
+            exit_on_error=False,
+            add_help=False,  # Disable help to avoid conflicts
+            prefix_chars="\x00",  # Use null character as prefix to disable option parsing
+        )
+
+        # Capture all arguments for validation
+        sed_parser.add_argument(
+            "options",
+            nargs=argparse.REMAINDER,
+            default=[],
+            help="Sed script and options",
+        )
+        return sed_parser
+
+    def validate_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> None:
+        if hasattr(command, "options") and command.options:
+            validate_sed_options(command.options)
+
+    def stringify_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> str:
+        parts = ["sed"]
+
+        # Add validated options
+        if hasattr(command, "options") and command.options:
+            validated_options = validate_sed_options(command.options)
+            parts.extend(validated_options)
+
+        return " ".join(escape_shell_args(parts))
+
+
+def validate_sed_script(script: str) -> None:
+    """Validate a sed script for safety."""
+    # Check for blocked commands - only check for actual command patterns
+    if DANGEROUS_SED_PATTERN.search(script):
+        raise ValueError("sed script contains blocked commands (w, r, e, q, etc.)")
+
+    # Check for execute command specifically (more targeted)
+    if re.search(r"(?:^|;|\n)\s*(?:[0-9,]*\s*)?e\b", script, re.MULTILINE):
+        raise ValueError("sed script contains execute commands")
+
+    # Check for file operations (simpler pattern to catch write/read commands)
+    if re.search(r"[wWrR]\s+\S", script):
+        raise ValueError("sed script contains file operations")
+
+
+def validate_sed_options(options: list[str]) -> list[str]:
+    """Validate sed CLI options - block file operations and in-place editing."""
+    i = 0
+    script_found = False
+
+    while i < len(options):
+        option = options[i]
+
+        # Check for attached/inlined forms of blocked options
+        if (option.startswith("-i") and len(option) > 2) or option.startswith(
+            "--in-place="
+        ):
+            raise ValueError(
+                f"Attached in-place option {option} is not allowed for security reasons"
+            )
+        elif (option.startswith("-f") and len(option) > 2) or option.startswith(
+            "--file="
+        ):
+            raise ValueError(
+                f"Attached file option {option} is not allowed for security reasons"
+            )
+
+        # Block file reading and in-place editing for security
+        elif option in {"-f", "--file", "-i", "--in-place"}:
+            raise ValueError(f"Option {option} is not allowed for security reasons")
+
+        # Handle -e and --expression with attached scripts
+        elif option.startswith("-e") and len(option) > 2:
+            # Handle -eSCRIPT form
+            script = option[2:]  # Extract script after "-e"
+            validate_sed_script(script)
+            script_found = True
+            i += 1
+            continue
+        elif option.startswith("--expression="):
+            # Handle --expression=SCRIPT form
+            script = option[13:]  # Extract script after "--expression="
+            validate_sed_script(script)
+            script_found = True
+            i += 1
+            continue
+
+        # Handle -e and --expression with separate arguments
+        elif option in {"-e", "--expression"}:
+            if i + 1 >= len(options) or options[i + 1].startswith("-"):
+                raise ValueError(f"Option {option} requires a script argument")
+            script = options[i + 1]
+            validate_sed_script(script)
+            script_found = True
+            i += 2
+            continue
+
+        # Handle long options with values (--opt=val)
+        elif "=" in option and option.startswith("--"):
+            # Long option with attached value, skip as single unit
+            i += 1
+            continue
+
+        # Handle other long options with separate values
+        elif (
+            option.startswith("--")
+            and i + 1 < len(options)
+            and not options[i + 1].startswith("-")
+        ):
+            i += 2  # Skip option and value
+            continue
+
+        # Handle sed script (non-flag argument)
+        elif not option.startswith("-"):
+            if not script_found:
+                validate_sed_script(option)
+                script_found = True
+            else:
+                # Multiple scripts not allowed
+                pass
+            i += 1
+            continue
+
+        i += 1
+
+    return options

holmes/plugins/toolsets/bash/utilities/sort.py

@@ -0,0 +1,15 @@
+from holmes.plugins.toolsets.bash.common.bash_command import (
+    SimpleBashCommand,
+)
+
+
+class SortCommand(SimpleBashCommand):
+    def __init__(self):
+        super().__init__(
+            name="sort",
+            allowed_options=[],
+            denied_options=[
+                "-T",
+                "--temporary-directory",
+            ],
+        )

holmes/plugins/toolsets/bash/utilities/tail.py

@@ -0,0 +1,12 @@
+from holmes.plugins.toolsets.bash.common.bash_command import (
+    SimpleBashCommand,
+)
+
+
+class TailCommand(SimpleBashCommand):
+    def __init__(self):
+        super().__init__(
+            name="tail",
+            allowed_options=[],
+            denied_options=[],
+        )

holmes/plugins/toolsets/bash/utilities/tr.py

@@ -0,0 +1,57 @@
+import argparse
+from typing import Any, Optional
+
+from holmes.plugins.toolsets.bash.common.bash_command import BashCommand
+from holmes.plugins.toolsets.bash.common.config import BashExecutorConfig
+from holmes.plugins.toolsets.bash.common.stringify import escape_shell_args
+
+
+class TrCommand(BashCommand):
+    def __init__(self):
+        super().__init__("tr")
+
+    def add_parser(self, parent_parser: Any):
+        parser = parent_parser.add_parser(
+            "tr",
+            help="Translate or delete characters",
+            exit_on_error=False,
+            add_help=False,  # Disable help to avoid conflicts
+            prefix_chars="\x00",  # Use null character as prefix to disable option parsing
+        )
+
+        # Capture all arguments for validation
+        parser.add_argument(
+            "options",
+            nargs=argparse.REMAINDER,
+            default=[],
+            help="tr options and character sets",
+        )
+        return parser
+
+    def validate_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> None:
+        # tr is allowed to have character set arguments, but not file paths
+        # Block absolute paths, home-relative paths, relative paths, and common file extensions
+        blocked_extensions = (".txt", ".log", ".py", ".js", ".json")
+
+        for option in command.options:
+            if not option.startswith("-"):
+                # Allow character sets but block obvious file paths
+                if (
+                    option.startswith("/")
+                    or option.startswith("~")
+                    or option.startswith("./")
+                    or option.startswith("../")
+                    or option.endswith(blocked_extensions)
+                ):
+                    raise ValueError(
+                        "File arguments are not allowed - tr can only process piped input"
+                    )
+
+    def stringify_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> str:
+        parts = ["tr"]
+        parts.extend(command.options)
+        return " ".join(escape_shell_args(parts))