logler 1.0.2__cp311-cp311-manylinux_2_38_x86_64.whl → 1.0.7__cp311-cp311-manylinux_2_38_x86_64.whl

logler/__init__.py

@@ -2,7 +2,7 @@
 Logler - Beautiful local log viewer with thread tracking and real-time updates.
 """
 
-__version__ = "1.0.0"
+__version__ = "1.0.7"
 __author__ = "Logler Contributors"
 
 from .parser import LogParser, LogEntry

logler/investigate.py

@@ -30,10 +30,13 @@ Example Usage:
 
 import json
 import re
+import warnings
 from typing import List, Optional, Dict, Any, Tuple
 from datetime import datetime
 from collections import defaultdict
 
+from .safe_regex import try_compile
+
 try:
     import logler_rs
 
@@ -48,10 +51,10 @@ except ImportError:
             RUST_AVAILABLE = True
         else:
             RUST_AVAILABLE = False
-            print("Warning: Rust backend not available. Using Python fallback.")
-    except Exception:
+            warnings.warn("Rust backend not available. Using Python fallback.", stacklevel=2)
+    except (ImportError, AttributeError, OSError):
         RUST_AVAILABLE = False
-        print("Warning: Rust backend not available. Using Python fallback.")
+        warnings.warn("Rust backend not available. Using Python fallback.", stacklevel=2)
 
 
 def _normalize_entry(entry: Dict[str, Any]) -> None:
@@ -97,9 +100,8 @@ def _apply_custom_regex_to_results(result: Dict[str, Any], pattern: Optional[str
     """Apply a user-provided regex to fill missing fields like timestamp/level."""
     if not pattern:
         return
-    try:
-        regex = re.compile(pattern)
-    except re.error:
+    regex = try_compile(pattern)
+    if regex is None:
         return
 
     for item in result.get("results", []) or []:
@@ -2198,7 +2200,7 @@ def cross_service_timeline(
                 e for e in all_entries if e["timestamp"] and start_dt <= e["timestamp"] <= end_dt
             ]
         except Exception as e:
-            print(f"Warning: Could not parse time window: {e}")
+            warnings.warn(f"Could not parse time window: {e}", stacklevel=2)
 
     # Sort by timestamp
     all_entries.sort(key=lambda e: e["timestamp"] if e["timestamp"] else datetime.min)

logler/llm_cli.py

@@ -18,6 +18,8 @@ from typing import Optional, List, Dict, Any
 from datetime import datetime, timedelta
 from collections import defaultdict
 
+from .safe_regex import safe_compile, RegexTimeoutError, RegexPatternTooLongError
+
 # Exit codes
 EXIT_SUCCESS = 0  # Success with results
 EXIT_NO_RESULTS = 1  # Success but no results found
@@ -808,8 +810,8 @@ def verify_pattern(
             _error_json(f"No files found matching: {files}")
 
         try:
-            regex = re.compile(pattern)
-        except re.error as e:
+            regex = safe_compile(pattern)
+        except (re.error, RegexTimeoutError, RegexPatternTooLongError) as e:
             _error_json(f"Invalid regex pattern: {e}")
 
         parser = LogParser()
@@ -950,8 +952,8 @@ def emit(
         query_regex = None
         if query:
             try:
-                query_regex = re.compile(query, re.IGNORECASE)
-            except re.error as e:
+                query_regex = safe_compile(query, re.IGNORECASE)
+            except (re.error, RegexTimeoutError, RegexPatternTooLongError) as e:
                 _error_json(f"Invalid regex pattern: {e}")
 
         for file_path in file_list:

logler/safe_regex.py

@@ -0,0 +1,124 @@
+"""
+Safe regex compilation with timeout protection against ReDoS attacks.
+
+This module provides a safe_compile function that wraps re.compile with:
+- Pattern length validation
+- Compilation timeout (Unix only, graceful fallback on Windows)
+- Clear error messages
+"""
+
+import re
+import threading
+from typing import Optional
+
+
+class RegexTimeoutError(Exception):
+    """Raised when regex compilation times out."""
+
+    pass
+
+
+class RegexPatternTooLongError(Exception):
+    """Raised when regex pattern exceeds maximum allowed length."""
+
+    pass
+
+
+# Maximum pattern length to prevent ReDoS via complexity
+MAX_PATTERN_LENGTH = 1000
+
+# Timeout for regex compilation in seconds
+COMPILE_TIMEOUT = 2.0
+
+
+def _compile_with_timeout(
+    pattern: str,
+    flags: int,
+    timeout: float,
+    result_container: dict,
+) -> None:
+    """Worker function for threaded compilation."""
+    try:
+        result_container["result"] = re.compile(pattern, flags)
+    except re.error as e:
+        result_container["error"] = e
+    except Exception as e:
+        result_container["error"] = e
+
+
+def safe_compile(
+    pattern: str,
+    flags: int = 0,
+    timeout: float = COMPILE_TIMEOUT,
+    max_length: int = MAX_PATTERN_LENGTH,
+) -> re.Pattern:
+    """
+    Safely compile a regex pattern with timeout protection.
+
+    Args:
+        pattern: The regex pattern to compile
+        flags: Optional regex flags (e.g., re.IGNORECASE)
+        timeout: Maximum time in seconds to allow for compilation
+        max_length: Maximum allowed pattern length
+
+    Returns:
+        Compiled regex pattern
+
+    Raises:
+        RegexPatternTooLongError: If pattern exceeds max_length
+        RegexTimeoutError: If compilation takes longer than timeout
+        re.error: If the pattern is invalid
+    """
+    # Validate pattern length
+    if len(pattern) > max_length:
+        raise RegexPatternTooLongError(
+            f"Regex pattern length {len(pattern)} exceeds maximum {max_length}"
+        )
+
+    # Use threading for cross-platform timeout support
+    result_container: dict = {}
+    thread = threading.Thread(
+        target=_compile_with_timeout,
+        args=(pattern, flags, timeout, result_container),
+    )
+    thread.start()
+    thread.join(timeout=timeout)
+
+    if thread.is_alive():
+        # Thread is still running - compilation timed out
+        # Note: We can't actually kill the thread, but we return an error
+        raise RegexTimeoutError(
+            f"Regex compilation timed out after {timeout}s (pattern may cause catastrophic backtracking)"
+        )
+
+    if "error" in result_container:
+        raise result_container["error"]
+
+    return result_container["result"]
+
+
+def try_compile(
+    pattern: str,
+    flags: int = 0,
+    timeout: float = COMPILE_TIMEOUT,
+    max_length: int = MAX_PATTERN_LENGTH,
+) -> Optional[re.Pattern]:
+    """
+    Try to compile a regex pattern safely, returning None on failure.
+
+    This is a convenience wrapper around safe_compile that catches all
+    exceptions and returns None instead.
+
+    Args:
+        pattern: The regex pattern to compile
+        flags: Optional regex flags
+        timeout: Maximum compilation time
+        max_length: Maximum pattern length
+
+    Returns:
+        Compiled pattern or None if compilation fails
+    """
+    try:
+        return safe_compile(pattern, flags, timeout, max_length)
+    except (RegexTimeoutError, RegexPatternTooLongError, re.error):
+        return None

logler/web/app.py

@@ -36,6 +36,22 @@ def _ensure_within_root(path: Path) -> Path:
     raise HTTPException(status_code=403, detail="Requested path is outside the configured log root")
 
 
+def _sanitize_glob_pattern(pattern: str) -> str:
+    """Remove path traversal sequences from glob patterns."""
+    import re as _re
+
+    # Remove any ../ or ..\ sequences that could escape the root
+    # Use a loop to handle multiple consecutive traversal attempts like ../../
+    while ".." in pattern:
+        old_pattern = pattern
+        pattern = _re.sub(r"\.\.[\\/]", "", pattern)
+        pattern = _re.sub(r"[\\/]\.\.", "", pattern)
+        pattern = _re.sub(r"^\.\.", "", pattern)  # Leading ..
+        if pattern == old_pattern:
+            break  # No more changes possible
+    return pattern
+
+
 def _glob_within_root(pattern: str) -> List[Path]:
     """
     Run a glob pattern scoped to LOG_ROOT, returning file paths only.
@@ -43,6 +59,9 @@ def _glob_within_root(pattern: str) -> List[Path]:
     if not pattern:
         return []
 
+    # Sanitize the pattern to prevent path traversal
+    pattern = _sanitize_glob_pattern(pattern)
+
     # Normalize relative patterns to LOG_ROOT
     raw_pattern = pattern
     if not Path(pattern).is_absolute():
@@ -168,14 +187,14 @@ def _rust_filter(
 ) -> Optional[List[Dict[str, Any]]]:
     try:
         import logler_rs  # type: ignore
-    except Exception:
+    except ImportError:
         return None
 
     try:
         from ..cache import get_cached_investigator
 
         inv = get_cached_investigator(files)
-    except Exception:
+    except (ImportError, AttributeError, TypeError):
         inv = logler_rs.PyInvestigator()
         inv.load_files(files)
 
@@ -226,7 +245,8 @@ def _rust_filter(
         if track:
             _track_entries(entries)
         return entries
-    except Exception:
+    except (json.JSONDecodeError, KeyError, ValueError, AttributeError, RuntimeError):
+        # Rust filter failed - fall back to Python implementation
         return None
 
 
@@ -646,7 +666,10 @@ async def websocket_endpoint(websocket: WebSocket):
                 await follow_file(websocket, file_path, current_filters, drop_count)
 
     except WebSocketDisconnect:
-        websocket_clients.remove(websocket)
+        pass  # Normal disconnect
+    finally:
+        if websocket in websocket_clients:
+            websocket_clients.remove(websocket)
 
 
 async def follow_file(
@@ -667,7 +690,8 @@ async def follow_file(
     with open(path, "r") as f:
         f.seek(0, 2)
         position = f.tell()
-        line_number = sum(1 for _ in open(path))
+    with open(path, "r") as f:
+        line_number = sum(1 for _ in f)
 
     # Follow file
     try:

{logler-1.0.2.dist-info → logler-1.0.7.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: logler
-Version: 1.0.2
+Version: 1.0.7
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: MIT License

{logler-1.0.2.dist-info → logler-1.0.7.dist-info}/RECORD

@@ -1,27 +1,28 @@
-logler/__init__.py,sha256=MqBmjqDvmhdbyNw8RPc-yod-AteuPaRnEj7-cHyfFxk,513
+logler/__init__.py,sha256=0WHiHld8WxfO6VAlSVrrguLyPJy3dYsVWs4RIAB5rK8,513
 logler/bootstrap.py,sha256=mpc3VUHDPXbMYj1xlZuGmx4I6vSRjL880TuJpBkZj4k,1289
 logler/cache.py,sha256=HxJZ_s2yzhMgz77QpSKgdC8UZextS0PKgtmi0yHnfu8,2324
 logler/cli.py,sha256=87E4V9Ow8A26y4ymyZANLuHkL3bXXteQ3nRAl0y2wcA,22816
 logler/helpers.py,sha256=lhv_a6RQ97JcOp8SVhwVEdFhT-rfMSxf4fqe9a_Xsfk,9182
-logler/investigate.py,sha256=7ZqsF3LPyHdt9rk6293oo0oHjho9sqETlr0nh9NNWqQ,136351
-logler/llm_cli.py,sha256=4HN24xHeOH28zto7PiQEmajK3g_FO90OMSYAxkDmpg0,49087
+logler/investigate.py,sha256=0VCqkTB_U6oc2BfCdLZox94QZo1UliMHrg-2-4TBSQw,136461
+logler/llm_cli.py,sha256=JryWimoTHkvOv1F0IyJmRhoDR0rei48toXrUlLgvo8s,49268
 logler/log_reader.py,sha256=VCnvlj90peG-jFPJujyV7WzSk-fFdefLs_xAhON6lhA,8545
 logler/parser.py,sha256=GyOP0WnpkvaLP-ZZ3ufmyUb3XRM02SDkt6R5msR7vXc,6484
+logler/safe_regex.py,sha256=K7ryQSvUrTZG8bynJ2K1s7TdBup9hW3DJvQlG9yJ3vA,3431
 logler/terminal.py,sha256=46iQAxU7mX5OVC8GhWi_aSs1hRGCNS3Ub_XmguMPWS8,8103
 logler/tracker.py,sha256=zlVFr3H7ev1A7klziVwNwpZ9_PH9eShyJYU4AI7wXaw,4656
 logler/tree_formatter.py,sha256=ZIG12bt7MfbTk4vLwtvvE9MUGIKBjBl1wn57jpjbmhg,27576
 logler/watcher.py,sha256=p5HyCjVy7O14CA-RI8_HoZbZXdXHaNy04_gs60vqQt4,1526
 logler/web/__init__.py,sha256=5UhDXVGSD9f7hGVVgsU1cJha1lHeZvP5tAYr3oUf09Q,34
-logler/web/app.py,sha256=3fPVQf75O2x6lJGtYL7kF3TkkH87gdvOD66h-k30stI,24942
+logler/web/app.py,sha256=vY8HZPaul5PLuHR-cIZ7l6pYWv7K0ORDyN5-2FH3Ui4,25927
 logler/web/static/css/tailwind.css,sha256=mUKXSL_ROgO2A1hhOcPxQhvUmdRl72RNRZUGTQSKZkU,12743
 logler/web/static/css/tailwind.input.css,sha256=zBp60NAZ3bHTLQ7LWIugrCbOQdhiXdbDZjSLJfg6KOw,59
 logler/web/static/logler-logo.png,sha256=5S0tVP1HqU2VniFmfTWISJfUHkJSKlww_cilBwWm-uU,1430687
 logler/web/tailwind.config.cjs,sha256=aDOQf-5Fq4l73hN4BgkkjRMbR9EF2toT2rhW2Z5a_Mo,130
 logler/web/templates/index.html,sha256=ymQIQDQGctv3tuW6ig7mIoQRjtbed5Den0xxeF72RVI,77047
-logler-1.0.2.dist-info/METADATA,sha256=NyH7UUNQU7rRVMTZ9Uy1l1Zcj7t3km73ILcSkXFyzz4,20835
-logler-1.0.2.dist-info/WHEEL,sha256=yOXEotj6jig1MGTeOjL9PYNG7IpztVvHxNhmm3wo1LQ,109
-logler-1.0.2.dist-info/entry_points.txt,sha256=KAtycgnrhm85NgD_TCx2QslE9oClYHWKPM9NG598RNs,41
-logler-1.0.2.dist-info/licenses/LICENSE,sha256=SaPvdtwQLl1BA-6s4Exl0M3X7L_6gcnOGzBD86t7dIo,1061
+logler-1.0.7.dist-info/METADATA,sha256=07N_AgpYnPpC5eGFSjD9E4rKOinix6Xmj56pRkTaN0U,20835
+logler-1.0.7.dist-info/WHEEL,sha256=yOXEotj6jig1MGTeOjL9PYNG7IpztVvHxNhmm3wo1LQ,109
+logler-1.0.7.dist-info/entry_points.txt,sha256=KAtycgnrhm85NgD_TCx2QslE9oClYHWKPM9NG598RNs,41
+logler-1.0.7.dist-info/licenses/LICENSE,sha256=SaPvdtwQLl1BA-6s4Exl0M3X7L_6gcnOGzBD86t7dIo,1061
 logler_rs/__init__.py,sha256=y2ULUqMIhS92vwz6utTdkCn5l_T1Kso3YLGqCIZUxKY,119
-logler_rs/logler_rs.cpython-311-x86_64-linux-gnu.so,sha256=UU4fGAp-2OZxWMKWF7swL_2jX4B-ozFjHu51LVmTBrU,48988960
-logler-1.0.2.dist-info/RECORD,,
+logler_rs/logler_rs.cpython-311-x86_64-linux-gnu.so,sha256=PpoObvCVQNVWpNeWZxWkbCrOea0zkLbZGoB2doBwZHE,48948480
+logler-1.0.7.dist-info/RECORD,,