lucidscan 0.5.12__py3-none-any.whl

lucidscan/cli/config_bridge.py

@@ -0,0 +1,152 @@
+"""Bridge between CLI arguments and configuration models."""
+
+from __future__ import annotations
+
+import argparse
+from typing import Any, Dict, List
+
+from lucidscan.config.models import LucidScanConfig
+from lucidscan.core.logging import get_logger
+from lucidscan.core.models import ScanDomain
+
+LOGGER = get_logger(__name__)
+
+
+class ConfigBridge:
+    """Translates CLI arguments to configuration objects."""
+
+    @staticmethod
+    def args_to_overrides(args: argparse.Namespace) -> Dict[str, Any]:
+        """Convert CLI arguments to config override dict.
+
+        CLI arguments take precedence over config file values.
+
+        Args:
+            args: Parsed CLI arguments.
+
+        Returns:
+            Dictionary of config overrides.
+        """
+        overrides: Dict[str, Any] = {}
+
+        # Domain toggles - only set if explicitly provided on CLI
+        # Use getattr with defaults for subcommand compatibility
+        scanners: Dict[str, Dict[str, Any]] = {}
+        linters: Dict[str, Dict[str, Any]] = {}
+
+        all_domains = getattr(args, "all", False)
+        sca = getattr(args, "sca", False)
+        sast = getattr(args, "sast", False)
+        iac = getattr(args, "iac", False)
+        container = getattr(args, "container", False)
+        linting = getattr(args, "linting", False)
+        fix = getattr(args, "fix", False)
+        images = getattr(args, "images", None)
+
+        if all_domains:
+            # Enable all domains including linting
+            for domain in ["sca", "sast", "iac", "container"]:
+                scanners[domain] = {"enabled": True}
+            linters["ruff"] = {"enabled": True}
+        else:
+            if sca:
+                scanners["sca"] = {"enabled": True}
+            if sast:
+                scanners["sast"] = {"enabled": True}
+            if iac:
+                scanners["iac"] = {"enabled": True}
+            if container:
+                scanners["container"] = {"enabled": True}
+            if linting:
+                linters["ruff"] = {"enabled": True}
+
+        # Container images go into container scanner options
+        if images:
+            if "container" not in scanners:
+                scanners["container"] = {}
+            scanners["container"]["enabled"] = True
+            scanners["container"]["images"] = images
+
+        if scanners:
+            overrides["scanners"] = scanners
+
+        if linters:
+            overrides["linters"] = linters
+
+        # Fix mode for linting
+        if fix:
+            overrides["fix"] = True
+
+        # Fail-on threshold
+        fail_on = getattr(args, "fail_on", None)
+        if fail_on:
+            overrides["fail_on"] = fail_on
+
+        return overrides
+
+    @staticmethod
+    def get_enabled_domains(
+        config: LucidScanConfig,
+        args: argparse.Namespace,
+    ) -> List[ScanDomain]:
+        """Determine which scan domains are enabled.
+
+        If specific CLI flags (--sca, --sast, etc.) are provided, use those.
+        If --all is provided, use domains from config file.
+        If other domain flags (--test, --coverage, --lint, --type-check) are set,
+        return empty list (user wants only those specific domains, not security).
+        Otherwise, use domains enabled in config file.
+
+        Args:
+            config: Loaded configuration.
+            args: Parsed CLI arguments.
+
+        Returns:
+            List of enabled ScanDomain values.
+        """
+        # Use getattr for subcommand compatibility
+        sca = getattr(args, "sca", False)
+        sast = getattr(args, "sast", False)
+        iac = getattr(args, "iac", False)
+        container = getattr(args, "container", False)
+        all_domains = getattr(args, "all", False)
+
+        # Check if specific security domain flags were set
+        security_domains_set = any([sca, sast, iac, container])
+
+        if security_domains_set:
+            # Specific CLI flags take precedence
+            domains: List[ScanDomain] = []
+            if sca:
+                domains.append(ScanDomain.SCA)
+            if sast:
+                domains.append(ScanDomain.SAST)
+            if iac:
+                domains.append(ScanDomain.IAC)
+            if container:
+                domains.append(ScanDomain.CONTAINER)
+            return domains
+
+        # Check if user specified non-security domain flags (testing, coverage, etc.)
+        # If so, they don't want security scanning unless explicitly requested
+        linting = getattr(args, "linting", False)
+        type_checking = getattr(args, "type_checking", False)
+        testing = getattr(args, "testing", False)
+        coverage = getattr(args, "coverage", False)
+        non_security_domains_set = any([linting, type_checking, testing, coverage])
+
+        if non_security_domains_set and not all_domains:
+            # User explicitly requested non-security domains only
+            # Don't run security scanners unless explicitly requested
+            return []
+
+        # --all or no flags: use config file settings
+        # This respects what's actually configured in lucidscan.yml
+        enabled_domains: List[ScanDomain] = []
+        for domain_name in config.get_enabled_domains():
+            try:
+                enabled_domains.append(ScanDomain(domain_name))
+            except ValueError:
+                LOGGER.warning(f"Unknown domain in config: {domain_name}")
+
+        return enabled_domains

lucidscan/cli/exit_codes.py

@@ -0,0 +1,17 @@
+"""Exit codes for lucidscan CLI.
+
+Exit codes follow Section 14 of the specification:
+- 0: Success (no issues found or below threshold)
+- 1: Issues found at or above severity threshold
+- 2: Scanner error
+- 3: Invalid usage (bad arguments, missing config)
+- 4: Bootstrap failure (binary download failed)
+"""
+
+from __future__ import annotations
+
+EXIT_SUCCESS = 0
+EXIT_ISSUES_FOUND = 1
+EXIT_SCANNER_ERROR = 2
+EXIT_INVALID_USAGE = 3
+EXIT_BOOTSTRAP_FAILURE = 4

lucidscan/cli/runner.py

@@ -0,0 +1,284 @@
+"""CLI runner orchestration.
+
+This module handles command dispatch and execution for the lucidscan CLI.
+"""
+
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Iterable, Optional
+
+from importlib.metadata import version, PackageNotFoundError
+
+from lucidscan.cli.arguments import build_parser
+from lucidscan.cli.config_bridge import ConfigBridge
+from lucidscan.cli.exit_codes import (
+    EXIT_INVALID_USAGE,
+    EXIT_SCANNER_ERROR,
+    EXIT_SUCCESS,
+)
+from lucidscan.cli.commands.status import StatusCommand
+from lucidscan.cli.commands.scan import ScanCommand
+from lucidscan.cli.commands.help import HelpCommand
+from lucidscan.config import load_config
+from lucidscan.config.loader import ConfigError
+from lucidscan.core.logging import configure_logging, get_logger
+
+LOGGER = get_logger(__name__)
+
+
+def get_version() -> str:
+    """Get lucidscan version.
+
+    Returns:
+        Version string from package metadata or fallback.
+    """
+    try:
+        return version("lucidscan")
+    except PackageNotFoundError:
+        # Fallback for editable installs that have not yet built metadata.
+        from lucidscan import __version__
+        return __version__
+
+
+class CLIRunner:
+    """Orchestrates CLI execution with subcommand dispatch."""
+
+    def __init__(self) -> None:
+        """Initialize CLIRunner with parser and commands."""
+        self.parser = build_parser()
+        self._version = get_version()
+        self.status_cmd = StatusCommand(version=self._version)
+        self.scan_cmd = ScanCommand(version=self._version)
+        self.help_cmd = HelpCommand(version=self._version)
+        # InitCommand and AutoconfigureCommand will be imported lazily when needed
+        self._init_cmd = None
+        self._autoconfigure_cmd = None
+
+    @property
+    def init_cmd(self):
+        """Lazy-load InitCommand to avoid import errors during development."""
+        if self._init_cmd is None:
+            try:
+                from lucidscan.cli.commands.init import InitCommand
+                self._init_cmd = InitCommand(version=self._version)
+            except ImportError:
+                self._init_cmd = None
+        return self._init_cmd
+
+    @property
+    def autoconfigure_cmd(self):
+        """Lazy-load AutoconfigureCommand to avoid import errors during development."""
+        if self._autoconfigure_cmd is None:
+            try:
+                from lucidscan.cli.commands.autoconfigure import AutoconfigureCommand
+                self._autoconfigure_cmd = AutoconfigureCommand()
+            except ImportError:
+                self._autoconfigure_cmd = None
+        return self._autoconfigure_cmd
+
+    def run(self, argv: Optional[Iterable[str]] = None) -> int:
+        """Run the CLI.
+
+        Args:
+            argv: Command-line arguments (defaults to sys.argv).
+
+        Returns:
+            Exit code.
+        """
+        # Handle --help specially to return 0
+        if argv is not None:
+            argv_list = list(argv)
+            if "--help" in argv_list or "-h" in argv_list:
+                self.parser.print_help()
+                return EXIT_SUCCESS
+        else:
+            argv_list = None
+
+        args = self.parser.parse_args(argv_list)
+
+        # Configure logging as early as possible
+        configure_logging(
+            debug=args.debug,
+            verbose=args.verbose,
+            quiet=args.quiet,
+        )
+
+        # Handle --version
+        if args.version:
+            print(self._version)
+            return EXIT_SUCCESS
+
+        # Dispatch to appropriate command handler
+        command = getattr(args, "command", None)
+
+        if command == "init":
+            return self._handle_init(args)
+        elif command == "autoconfigure":
+            return self._handle_autoconfigure(args)
+        elif command == "scan":
+            return self._handle_scan(args)
+        elif command == "status":
+            return self._handle_status(args)
+        elif command == "serve":
+            return self._handle_serve(args)
+        elif command == "help":
+            return self._handle_help(args)
+        elif command == "validate":
+            return self._handle_validate(args)
+        else:
+            # No command specified - show help
+            self.parser.print_help()
+            return EXIT_SUCCESS
+
+    def _handle_init(self, args) -> int:
+        """Handle the init command (configure AI tools).
+
+        Args:
+            args: Parsed command-line arguments.
+
+        Returns:
+            Exit code.
+        """
+        if self.init_cmd is None:
+            LOGGER.error("Init command not available. This feature is in development.")
+            return EXIT_INVALID_USAGE
+
+        return self.init_cmd.execute(args)
+
+    def _handle_autoconfigure(self, args) -> int:
+        """Handle the autoconfigure command (generate lucidscan.yml).
+
+        Args:
+            args: Parsed command-line arguments.
+
+        Returns:
+            Exit code.
+        """
+        if self.autoconfigure_cmd is None:
+            LOGGER.error("Autoconfigure command not available. This feature is in development.")
+            return EXIT_INVALID_USAGE
+
+        return self.autoconfigure_cmd.execute(args)
+
+    def _handle_scan(self, args) -> int:
+        """Handle the scan command.
+
+        Args:
+            args: Parsed command-line arguments.
+
+        Returns:
+            Exit code.
+        """
+        # Load configuration
+        project_root = Path(args.path).resolve()
+        cli_overrides = ConfigBridge.args_to_overrides(args)
+
+        try:
+            config = load_config(
+                project_root=project_root,
+                cli_config_path=getattr(args, "config", None),
+                cli_overrides=cli_overrides,
+            )
+        except ConfigError as e:
+            LOGGER.error(str(e))
+            return EXIT_INVALID_USAGE
+
+        # Check if any domains are enabled
+        cli_scan_requested = any([
+            getattr(args, "sca", False),
+            getattr(args, "container", False),
+            getattr(args, "iac", False),
+            getattr(args, "sast", False),
+            getattr(args, "linting", False),
+            getattr(args, "type_checking", False),
+            getattr(args, "testing", False),
+            getattr(args, "coverage", False),
+            getattr(args, "all", False),
+        ])
+
+        config_has_enabled_domains = bool(config.get_enabled_domains())
+
+        if cli_scan_requested or config_has_enabled_domains:
+            try:
+                return self.scan_cmd.execute(args, config)
+            except FileNotFoundError:
+                return EXIT_INVALID_USAGE
+            except Exception as e:
+                if args.debug:
+                    import traceback
+                    traceback.print_exc()
+                LOGGER.error(f"Scan failed: {e}")
+                return EXIT_SCANNER_ERROR
+
+        # No scanners selected - show scan help
+        print("No scan domains selected. Use --sca, --sast, --iac, --linting, --type-checking, or --all.")
+        print("\nRun 'lucidscan scan --help' for more options.")
+        return EXIT_SUCCESS
+
+    def _handle_status(self, args) -> int:
+        """Handle the status command.
+
+        Args:
+            args: Parsed command-line arguments.
+
+        Returns:
+            Exit code.
+        """
+        return self.status_cmd.execute(args)
+
+    def _handle_serve(self, args) -> int:
+        """Handle the serve command.
+
+        Args:
+            args: Parsed command-line arguments.
+
+        Returns:
+            Exit code.
+        """
+        # Load configuration
+        project_root = Path(args.path).resolve()
+        cli_overrides = ConfigBridge.args_to_overrides(args)
+
+        try:
+            config = load_config(
+                project_root=project_root,
+                cli_config_path=getattr(args, "config", None),
+                cli_overrides=cli_overrides,
+            )
+        except ConfigError as e:
+            LOGGER.error(str(e))
+            return EXIT_INVALID_USAGE
+
+        try:
+            from lucidscan.cli.commands.serve import ServeCommand
+            serve_cmd = ServeCommand(version=self._version)
+            return serve_cmd.execute(args, config)
+        except ImportError as e:
+            LOGGER.error(f"Serve command not available: {e}")
+            return EXIT_INVALID_USAGE
+
+    def _handle_help(self, args) -> int:
+        """Handle the help command.
+
+        Args:
+            args: Parsed command-line arguments.
+
+        Returns:
+            Exit code.
+        """
+        return self.help_cmd.execute(args)
+
+    def _handle_validate(self, args) -> int:
+        """Handle the validate command.
+
+        Args:
+            args: Parsed command-line arguments.
+
+        Returns:
+            Exit code.
+        """
+        from lucidscan.cli.commands.validate import ValidateCommand
+
+        validate_cmd = ValidateCommand()
+        return validate_cmd.execute(args)

lucidscan/config/__init__.py

@@ -0,0 +1,29 @@
+"""Configuration module for lucidscan.
+
+Provides configuration file loading, parsing, and validation with support for:
+- Project-level config (.lucidscan.yml)
+- Global config (~/.lucidscan/config/config.yml)
+- Environment variable expansion
+- Plugin-specific configuration passthrough
+"""
+
+from lucidscan.config.models import (
+    LucidScanConfig,
+    OutputConfig,
+    ScannerDomainConfig,
+    DEFAULT_PLUGINS,
+)
+from lucidscan.config.loader import load_config, find_project_config, find_global_config
+from lucidscan.config.validation import validate_config, ConfigValidationWarning
+
+__all__ = [
+    "LucidScanConfig",
+    "OutputConfig",
+    "ScannerDomainConfig",
+    "DEFAULT_PLUGINS",
+    "load_config",
+    "find_project_config",
+    "find_global_config",
+    "validate_config",
+    "ConfigValidationWarning",
+]

lucidscan/config/ignore.py

@@ -0,0 +1,178 @@
+"""Gitignore-style pattern parsing and matching.
+
+Handles loading and matching of ignore patterns from:
+- .lucidscanignore file (gitignore syntax)
+- config.ignore list (gitignore syntax)
+
+Uses pathspec library for full gitignore compliance including:
+- ** recursive globbing
+- ! negation patterns
+- # comments
+"""
+
+from __future__ import annotations
+
+from pathlib import Path
+from typing import TYPE_CHECKING, List, Optional
+
+import pathspec
+
+from lucidscan.core.logging import get_logger
+
+if TYPE_CHECKING:
+    pass
+
+LOGGER = get_logger(__name__)
+
+LUCIDSCANIGNORE_NAMES = [".lucidscanignore"]
+
+
+class IgnorePatterns:
+    """Manages ignore patterns from multiple sources."""
+
+    def __init__(
+        self,
+        patterns: List[str],
+        source: str = "config",
+    ) -> None:
+        """Initialize with a list of gitignore-style patterns.
+
+        Args:
+            patterns: List of gitignore-style patterns.
+            source: Source description for logging.
+        """
+        self._source = source
+        self._raw_patterns = patterns
+
+        # Filter out empty lines and comments for the PathSpec
+        clean_patterns = [
+            p for p in patterns if p.strip() and not p.strip().startswith("#")
+        ]
+
+        self._spec = pathspec.PathSpec.from_lines(
+            pathspec.patterns.GitWildMatchPattern,
+            clean_patterns,
+        )
+
+        if clean_patterns:
+            LOGGER.debug(f"Loaded {len(clean_patterns)} ignore patterns from {source}")
+
+    def matches(self, path: Path, root: Path) -> bool:
+        """Check if a path matches any ignore pattern.
+
+        Args:
+            path: Path to check (absolute or relative).
+            root: Project root for relative path calculation.
+
+        Returns:
+            True if path should be ignored, False otherwise.
+        """
+        try:
+            rel_path = path.relative_to(root)
+        except ValueError:
+            rel_path = path
+
+        # pathspec expects forward-slash paths
+        rel_str = str(rel_path).replace("\\", "/")
+        return self._spec.match_file(rel_str)
+
+    def get_exclude_patterns(self) -> List[str]:
+        """Get patterns suitable for scanner --exclude flags.
+
+        Returns clean patterns without comments, suitable for
+        passing to scanner CLIs.
+        """
+        return [
+            p.strip()
+            for p in self._raw_patterns
+            if p.strip() and not p.strip().startswith("#")
+        ]
+
+    @classmethod
+    def from_file(cls, file_path: Path) -> Optional["IgnorePatterns"]:
+        """Load patterns from a file.
+
+        Args:
+            file_path: Path to ignore file.
+
+        Returns:
+            IgnorePatterns instance, or None if file doesn't exist.
+        """
+        if not file_path.exists():
+            return None
+
+        try:
+            content = file_path.read_text(encoding="utf-8")
+            patterns = content.splitlines()
+            return cls(patterns, source=str(file_path))
+        except Exception as e:
+            LOGGER.warning(f"Failed to load ignore file {file_path}: {e}")
+            return None
+
+    @classmethod
+    def merge(cls, *pattern_sets: Optional["IgnorePatterns"]) -> "IgnorePatterns":
+        """Merge multiple IgnorePatterns instances.
+
+        Args:
+            pattern_sets: IgnorePatterns instances to merge.
+
+        Returns:
+            New IgnorePatterns with combined patterns.
+        """
+        all_patterns: List[str] = []
+        sources: List[str] = []
+
+        for ps in pattern_sets:
+            if ps is not None:
+                all_patterns.extend(ps._raw_patterns)
+                sources.append(ps._source)
+
+        return cls(all_patterns, source="+".join(sources) if sources else "empty")
+
+
+def find_lucidscanignore(project_root: Path) -> Optional[Path]:
+    """Find .lucidscanignore file in project root.
+
+    Args:
+        project_root: Project root directory.
+
+    Returns:
+        Path to ignore file if found, None otherwise.
+    """
+    for name in LUCIDSCANIGNORE_NAMES:
+        ignore_path = project_root / name
+        if ignore_path.exists():
+            return ignore_path
+    return None
+
+
+def load_ignore_patterns(
+    project_root: Path,
+    config_patterns: List[str],
+) -> IgnorePatterns:
+    """Load and merge ignore patterns from all sources.
+
+    Loads patterns from:
+    1. .lucidscanignore file (if present)
+    2. config.ignore list from .lucidscan.yml
+
+    Args:
+        project_root: Project root directory.
+        config_patterns: Patterns from config.ignore.
+
+    Returns:
+        Merged IgnorePatterns instance.
+    """
+    # Load from .lucidscanignore
+    ignore_file = find_lucidscanignore(project_root)
+    file_patterns = IgnorePatterns.from_file(ignore_file) if ignore_file else None
+
+    # Load from config
+    config_ignore = (
+        IgnorePatterns(config_patterns, source="config.ignore")
+        if config_patterns
+        else None
+    )
+
+    # Merge (file patterns first, then config)
+    return IgnorePatterns.merge(file_patterns, config_ignore)