jarvis-ai-assistant 0.3.30__py3-none-any.whl → 0.7.0__py3-none-any.whl

jarvis/jarvis_sec/workflow.py

@@ -0,0 +1,219 @@
+# -*- coding: utf-8 -*-
+"""
+Jarvis 安全分析套件 —— Workflow（含可复现直扫基线）
+
+目标：
+- 识别指定模块的安全问题（内存管理、缓冲区操作、错误处理等），检出率≥60% 为目标。
+- 在不依赖外部服务的前提下，提供一个“可复现、可离线”的直扫基线（direct scan）。
+- 当前采用“先直扫拆分子任务，再由单Agent逐条分析”的模式；保留接口便于后续切换。
+
+本模块提供：
+- direct_scan(entry_path, languages=None, exclude_dirs=None) -> Dict：纯Python+正则/命令行辅助扫描，生成结构化结果
+- format_markdown_report(result_json: Dict) -> str：将结构化结果转为可读的 Markdown
+
+- run_with_agent(entry_path, languages=None) -> str：使用单Agent逐条子任务分析模式（复用 jarvis.jarvis_sec.__init__ 的实现）
+"""
+
+from dataclasses import asdict
+from pathlib import Path
+from typing import Any, Dict, Iterable, List, Optional, cast
+
+import typer
+
+from jarvis.jarvis_sec.checkers import analyze_c_files, analyze_rust_files
+from jarvis.jarvis_sec.types import Issue
+
+
+# ---------------------------
+# 数据结构
+# ---------------------------
+
+# Issue dataclass is provided by jarvis.jarvis_sec.types to avoid circular imports
+
+
+# ---------------------------
+# 工具函数
+# ---------------------------
+
+
+def _iter_source_files(
+    entry_path: str,
+    languages: Optional[List[str]] = None,
+    exclude_dirs: Optional[List[str]] = None,
+) -> Iterable[Path]:
+    """
+    递归枚举源文件，支持按扩展名过滤与目录排除。
+    默认语言扩展：c, cpp, h, hpp, rs
+    """
+    entry = Path(entry_path)
+    if not entry.exists():
+        return
+
+    exts = set((languages or ["c", "cpp", "h", "hpp", "rs"]))
+    excludes = set(exclude_dirs or [".git", "build", "out", "target", "dist", "bin", "obj", "third_party", "vendor", "deps", "dependencies", "libs", "libraries", "external", "node_modules", "test", "tests", "__tests__", "spec", "testsuite", "testdata", "benchmark", "benchmarks", "perf", "performance", "bench", "benches", "profiling", "profiler", "example", "examples", "tmp", "temp", "cache", ".cache", "docs", "doc", "documentation", "generated", "gen", "mocks", "fixtures", "samples", "sample", "playground", "sandbox"])
+
+    for p in entry.rglob("*"):
+        if not p.is_file():
+            continue
+        # 目录排除（任意祖先包含即排除）
+        skip = False
+        for parent in p.parents:
+            if parent.name in excludes:
+                skip = True
+                break
+        if skip:
+            continue
+
+        suf = p.suffix.lstrip(".").lower()
+        if suf in exts:
+            yield p.relative_to(entry)
+
+
+
+# ---------------------------
+# 汇总与报告
+# ---------------------------
+
+def direct_scan(
+    entry_path: str,
+    languages: Optional[List[str]] = None,
+    exclude_dirs: Optional[List[str]] = None,
+) -> Dict:
+    """
+    直扫基线：对 C/C++/Rust 进行启发式扫描，输出结构化 JSON。
+    - 改进：委派至模块化检查器（oh_sec.checkers），统一规则与置信度模型。
+    """
+    base = Path(entry_path).resolve()
+    # 计算实际使用的排除目录列表
+    default_excludes = [".git", "build", "out", "target", "dist", "bin", "obj", "third_party", "vendor", "deps", "dependencies", "libs", "libraries", "external", "node_modules", "test", "tests", "__tests__", "spec", "testsuite", "testdata", "benchmark", "benchmarks", "perf", "performance", "bench", "benches", "profiling", "profiler", "example", "examples", "tmp", "temp", "cache", ".cache", "docs", "doc", "documentation", "generated", "gen", "mocks", "fixtures", "samples", "sample", "playground", "sandbox"]
+    actual_excludes = exclude_dirs if exclude_dirs is not None else default_excludes
+    
+    # 检查代码库中实际存在的排除目录
+    excludes_set = set(actual_excludes)
+    actual_excluded_dirs = []
+    for item in base.rglob("*"):
+        if item.is_dir() and item.name in excludes_set:
+            rel_path = item.relative_to(base)
+            if str(rel_path) not in actual_excluded_dirs:
+                actual_excluded_dirs.append(str(rel_path))
+    
+    if actual_excluded_dirs:
+        typer.secho("[jarvis-sec] 实际排除的目录:", fg=typer.colors.BLUE)
+        for dir_path in sorted(actual_excluded_dirs):
+            typer.secho(f"  - {dir_path}", fg=typer.colors.BLUE)
+    else:
+        typer.secho(f"[jarvis-sec] 未发现需要排除的目录（配置的排除目录: {', '.join(sorted(actual_excludes))}）", fg=typer.colors.BLUE)
+    
+    files = list(_iter_source_files(entry_path, languages, exclude_dirs))
+
+    # 按语言分组
+    c_like_exts = {".c", ".cpp", ".h", ".hpp"}
+    rust_exts = {".rs"}
+    c_files: List[Path] = [p for p in files if p.suffix.lower() in c_like_exts]
+    r_files: List[Path] = [p for p in files if p.suffix.lower() in rust_exts]
+
+    # 调用检查器（保持相对路径，基于 base_path 解析）
+    issues_c = analyze_c_files(str(base), [str(p) for p in c_files]) if c_files else []
+    issues_r = analyze_rust_files(str(base), [str(p) for p in r_files]) if r_files else []
+    issues: List[Issue] = issues_c + issues_r
+
+
+    summary: Dict[str, Any] = {
+        "total": len(issues),
+        "by_language": {"c/cpp": 0, "rust": 0},
+        "by_category": {},
+        "top_risk_files": [],
+        "scanned_files": len(files),
+        "scanned_root": str(base),
+    }
+    file_score: Dict[str, int] = {}
+    # Safely update language/category counts with explicit typing
+    lang_counts = cast(Dict[str, int], summary["by_language"])
+    cat_counts = cast(Dict[str, int], summary["by_category"])
+    for it in issues:
+        lang_counts[it.language] = lang_counts.get(it.language, 0) + 1
+        cat_counts[it.category] = cat_counts.get(it.category, 0) + 1
+        file_score[it.file] = file_score.get(it.file, 0) + 1
+    # Top 风险文件
+    summary["top_risk_files"] = [f for f, _ in sorted(file_score.items(), key=lambda x: x[1], reverse=True)[:10]]
+
+    result = {
+        "summary": summary,
+        "issues": [asdict(i) for i in issues],
+    }
+    return result
+
+
+def format_markdown_report(result_json: Dict) -> str:
+    """
+    将结构化 JSON 转为 Markdown 可读报告。
+    """
+    s = result_json.get("summary", {})
+    issues: List[Dict] = result_json.get("issues", [])
+    md: List[str] = []
+    md.append("# Jarvis 安全问题分析报告（直扫基线）")
+    md.append("")
+    md.append(f"- 扫描根目录: {s.get('scanned_root', '')}")
+    md.append(f"- 扫描文件数: {s.get('scanned_files', 0)}")
+    md.append(f"- 检出问题总数: {s.get('total', 0)}")
+    md.append("")
+    md.append("## 统计概览")
+    by_lang = s.get("by_language", {})
+    md.append(f"- 按语言: c/cpp={by_lang.get('c/cpp', 0)}, rust={by_lang.get('rust', 0)}")
+    md.append("- 按类别:")
+    for k, v in s.get("by_category", {}).items():
+        md.append(f"  - {k}: {v}")
+    if s.get("top_risk_files"):
+        md.append("- Top 风险文件:")
+        for f in s["top_risk_files"]:
+            md.append(f"  - {f}")
+    md.append("")
+    md.append("## 详细问题")
+    for i, it in enumerate(issues, start=1):
+        md.append(f"### [{i}] {it.get('file')}:{it.get('line')} ({it.get('language')}, {it.get('category')})")
+        md.append(f"- 模式: {it.get('pattern')}")
+        md.append(f"- 证据: `{it.get('evidence')}`")
+        md.append(f"- 描述: {it.get('description')}")
+        md.append(f"- 建议: {it.get('suggestion')}")
+        md.append(f"- 置信度: {it.get('confidence')}, 严重性: {it.get('severity')}")
+        md.append("")
+    return "\n".join(md)
+
+
+def run_with_agent(
+    entry_path: str,
+    languages: Optional[List[str]] = None,
+    llm_group: Optional[str] = None,
+    report_file: Optional[str] = None,
+    cluster_limit: int = 50,
+    exclude_dirs: Optional[List[str]] = None,
+) -> str:
+    """
+    使用单Agent逐条子任务分析模式运行（与 jarvis.jarvis_sec.__init__ 中保持一致）。
+    - 先执行本地直扫，生成候选问题
+    - 为每条候选创建一次普通Agent任务进行分析与验证
+    - 聚合为最终报告（JSON + Markdown）返回
+
+    其他：
+    - llm_group: 本次分析使用的模型组（仅透传给 Agent，不修改全局配置）
+    - report_file: JSONL 报告文件路径（可选，透传）
+    - cluster_limit: 聚类时每批次最多处理的告警数（默认 50），当单个文件告警过多时按批次进行聚类
+    - exclude_dirs: 要排除的目录列表（可选），默认已包含构建产物（build, out, target, dist, bin, obj）、依赖目录（third_party, vendor, deps, dependencies, libs, libraries, external, node_modules）、测试目录（test, tests, __tests__, spec, testsuite, testdata）、性能测试目录（benchmark, benchmarks, perf, performance, bench, benches, profiling, profiler）、示例目录（example, examples）、临时/缓存（tmp, temp, cache, .cache）、文档（docs, doc, documentation）、生成代码（generated, gen）和其他（mocks, fixtures, samples, sample, playground, sandbox）
+    """
+    from jarvis.jarvis_sec import run_security_analysis  # 延迟导入，避免循环
+    return run_security_analysis(
+        entry_path,
+        languages=languages,
+        llm_group=llm_group,
+        report_file=report_file,
+        cluster_limit=cluster_limit,
+        exclude_dirs=exclude_dirs,
+    )
+
+
+__all__ = [
+    "Issue",
+    "direct_scan",
+    "format_markdown_report",
+    "run_with_agent",
+]

jarvis/jarvis_stats/cli.py

@@ -190,7 +190,7 @@ def list():
                 try:
                     dt = datetime.fromisoformat(last_updated)
                     last_updated = dt.strftime("%Y-%m-%d %H:%M")
-                except:
+                except Exception:
                     pass
 
             # 获取数据点数和标签

jarvis/jarvis_stats/stats.py

@@ -480,7 +480,7 @@ class StatsManager:
                     try:
                         dt = datetime.fromisoformat(last_updated)
                         last_updated = dt.strftime("%Y-%m-%d %H:%M")
-                    except:
+                    except Exception:
                         pass
 
             total_value = sum(r.get("value", 0) for r in records)

jarvis/jarvis_stats/visualizer.py

@@ -41,7 +41,7 @@ class StatsVisualizer:
         try:
             columns = os.get_terminal_size().columns
             return columns
-        except:
+        except Exception:
             return 80
 
     def plot_line_chart(

jarvis/jarvis_tools/cli/main.py

@@ -11,6 +11,7 @@ from jarvis.jarvis_utils.utils import init_env
 app = typer.Typer(help="Jarvis 工具系统命令行界面")
 
 
+
 @app.command("list")
 def list_tools(
     as_json: bool = typer.Option(False, "--json", help="以JSON格式输出"),

jarvis/jarvis_tools/execute_script.py

@@ -19,6 +19,7 @@ class ScriptTool:
         + "注意：由于模型上下文长度限制，请避免在脚本中输出大量信息，应该使用rg过滤输出。"
         + "与virtual_tty不同，此工具会创建一个临时的脚本文件，并使用脚本命令执行脚本，不具备交互式操作的能力，"
         + "适用于需要执行脚本并获取结果的场景。不适合需要交互式操作的场景（如：ssh连接、sftp传输、gdb/dlv调试等）。"
+        + "在非交互模式（JARVIS_NON_INTERACTIVE=true）下：脚本执行时间限制为5分钟，超时将被终止并返回超时信息；用户无法与命令交互，请不要执行需要交互的命令。"
     )
     parameters = {
         "type": "object",
@@ -115,8 +116,37 @@ class ScriptTool:
                     f"script -q -c '{interpreter} {script_path}' {output_file}"
                 )
 
-                # Execute command and capture return code
-                os.system(tee_command)
+                # Execute command with optional timeout in non-interactive mode
+                from jarvis.jarvis_utils.config import get_script_execution_timeout, is_non_interactive
+                import subprocess
+
+                timed_out = False
+                if is_non_interactive():
+                    try:
+                        proc = subprocess.Popen(tee_command, shell=True)
+                        try:
+                            proc.wait(timeout=get_script_execution_timeout())
+                        except subprocess.TimeoutExpired:
+                            timed_out = True
+                            try:
+                                proc.kill()
+                            except Exception:
+                                pass
+                    except Exception as e:
+                        PrettyOutput.print(str(e), OutputType.ERROR)
+                        # Attempt to read any partial output if available
+                        try:
+                            output = self.get_display_output(output_file)
+                        except Exception as ee:
+                            output = f"读取输出文件失败: {str(ee)}"
+                        return {
+                            "success": False,
+                            "stdout": output,
+                            "stderr": f"执行脚本失败: {str(e)}",
+                        }
+                else:
+                    # Execute command and capture return code
+                    os.system(tee_command)
 
                 # Read and process output file
                 try:
@@ -125,12 +155,19 @@ class ScriptTool:
                 except Exception as e:
                     output = f"读取输出文件失败: {str(e)}"
 
-                # Return successful result
-                return {
-                    "success": True,
-                    "stdout": output,
-                    "stderr": "",
-                }
+                # Return result (handle timeout in non-interactive mode)
+                if is_non_interactive() and timed_out:
+                    return {
+                        "success": False,
+                        "stdout": output,
+                        "stderr": f"执行超时（超过{get_script_execution_timeout()}秒），进程已被终止（非交互模式）。",
+                    }
+                else:
+                    return {
+                        "success": True,
+                        "stdout": output,
+                        "stderr": "",
+                    }
 
             finally:
                 # Clean up temporary files
@@ -173,7 +210,7 @@ class ScriptTool:
 if __name__ == "__main__":
     script_tool = ScriptTool()
     PrettyOutput.print(
-        script_tool.get_display_output("/home/wangmaobin/code/Jarvis/a.txt"),
+        script_tool.get_display_output("/path/to/a.txt"),
         OutputType.CODE,
         lang="text",
     )

jarvis/jarvis_tools/generate_new_tool.py

@@ -173,7 +173,9 @@ class generate_new_tool:
                         __import__(pkg)
                     except ImportError:
 
-                        import subprocess, sys, os
+                        import subprocess
+                        import sys
+                        import os
                         from shutil import which as _which
                         # 优先使用 uv 安装（先查 venv 内 uv，再查 PATH 中 uv），否则回退到 python -m pip
                         if sys.platform == "win32":