mcp-souschef 2.0.1__py3-none-any.whl → 2.1.2__py3-none-any.whl

souschef/converters/resource.py

@@ -0,0 +1,228 @@
+"""Chef resource to Ansible task converter."""
+
+import ast
+import json
+from typing import Any
+
+from souschef.core.constants import ACTION_TO_STATE, RESOURCE_MAPPINGS
+
+
+def _parse_properties(properties_str: str) -> dict[str, Any]:
+    """
+    Parse properties string into a dictionary.
+
+    Args:
+        properties_str: String representation of properties dict.
+
+    Returns:
+        Dictionary of properties.
+
+    """
+    if not properties_str:
+        return {}
+    try:
+        # Try ast.literal_eval first for safety
+        result = ast.literal_eval(properties_str)
+        if isinstance(result, dict):
+            return result
+        return {}
+    except (ValueError, SyntaxError):
+        # Fallback to eval if needed, but this is less safe
+        try:
+            result = eval(properties_str)  # noqa: S307
+            if isinstance(result, dict):
+                return result
+            return {}
+        except Exception:
+            return {}
+
+
+def convert_resource_to_task(
+    resource_type: str, resource_name: str, action: str = "create", properties: str = ""
+) -> str:
+    """
+    Convert a Chef resource to an Ansible task.
+
+    Args:
+        resource_type: The Chef resource type (e.g., 'package', 'service').
+        resource_name: The name of the resource.
+        action: The Chef action (e.g., 'install', 'start', 'create').
+            Defaults to 'create'.
+        properties: Additional resource properties as a string representation.
+
+    Returns:
+        YAML representation of the equivalent Ansible task.
+
+    """
+    try:
+        task = _convert_chef_resource_to_ansible(
+            resource_type, resource_name, action, properties
+        )
+        return _format_ansible_task(task)
+    except Exception as e:
+        return f"An error occurred during conversion: {e}"
+
+
+def _get_service_params(resource_name: str, action: str) -> dict[str, Any]:
+    """
+    Get Ansible service module parameters.
+
+    Args:
+        resource_name: Service name.
+        action: Chef action.
+
+    Returns:
+        Dictionary of Ansible service parameters.
+
+    """
+    params: dict[str, Any] = {"name": resource_name}
+    if action in ["enable", "start"]:
+        params["enabled"] = True
+        params["state"] = "started"
+    elif action in ["disable", "stop"]:
+        params["enabled"] = False
+        params["state"] = "stopped"
+    else:
+        params["state"] = ACTION_TO_STATE.get(action, action)
+    return params
+
+
+def _get_file_params(
+    resource_name: str, action: str, resource_type: str
+) -> dict[str, Any]:
+    """
+    Get Ansible file module parameters.
+
+    Args:
+        resource_name: File/directory path.
+        action: Chef action.
+        resource_type: Type of file resource (file/directory/template).
+
+    Returns:
+        Dictionary of Ansible file parameters.
+
+    """
+    params: dict[str, Any] = {}
+
+    if resource_type == "template":
+        params["src"] = resource_name
+        params["dest"] = resource_name.replace(".erb", "")
+        if action == "create":
+            params["mode"] = "0644"
+    elif resource_type == "file":
+        params["path"] = resource_name
+        if action == "create":
+            params["state"] = "file"
+            params["mode"] = "0644"
+        else:
+            params["state"] = ACTION_TO_STATE.get(action, action)
+    elif resource_type == "directory":
+        params["path"] = resource_name
+        params["state"] = "directory"
+        if action == "create":
+            params["mode"] = "0755"
+
+    return params
+
+
+def _convert_chef_resource_to_ansible(
+    resource_type: str, resource_name: str, action: str, properties: str
+) -> dict[str, Any]:
+    """
+    Convert Chef resource to Ansible task dictionary.
+
+    Args:
+        resource_type: The Chef resource type.
+        resource_name: The name of the resource.
+        action: The Chef action.
+        properties: Additional properties string.
+
+    Returns:
+        Dictionary representing an Ansible task.
+
+    """
+    # Get Ansible module name
+    ansible_module = RESOURCE_MAPPINGS.get(resource_type, f"# Unknown: {resource_type}")
+
+    # Start building the task
+    task: dict[str, Any] = {
+        "name": f"{action.capitalize()} {resource_type} {resource_name}",
+    }
+
+    # Build module parameters based on resource type
+    module_params: dict[str, Any] = {}
+
+    # Parse properties if provided
+    props = _parse_properties(properties)
+
+    if resource_type == "package":
+        module_params["name"] = resource_name
+        module_params["state"] = ACTION_TO_STATE.get(action, action)
+    elif resource_type in ["service", "systemd_unit"]:
+        module_params = _get_service_params(resource_name, action)
+    elif resource_type in ["template", "file", "directory"]:
+        module_params = _get_file_params(resource_name, action, resource_type)
+    elif resource_type in ["execute", "bash"]:
+        module_params["cmd"] = resource_name
+        task["changed_when"] = "false"
+    elif resource_type in ["user", "group"]:
+        module_params["name"] = resource_name
+        module_params["state"] = ACTION_TO_STATE.get(action, "present")
+    elif resource_type == "remote_file":
+        module_params["dest"] = resource_name
+        if "source" in props:
+            module_params["url"] = props["source"]
+        if "mode" in props:
+            module_params["mode"] = props["mode"]
+        if "owner" in props:
+            module_params["owner"] = props["owner"]
+        if "group" in props:
+            module_params["group"] = props["group"]
+        if "checksum" in props:
+            module_params["checksum"] = props["checksum"]
+    else:
+        module_params["name"] = resource_name
+        if action in ACTION_TO_STATE:
+            module_params["state"] = ACTION_TO_STATE[action]
+
+    task[ansible_module] = module_params
+    return task
+
+
+def _format_yaml_value(value: Any) -> str:
+    """Format a value for YAML output."""
+    if isinstance(value, str):
+        return f'"{value}"'
+    return json.dumps(value)
+
+
+def _format_dict_value(key: str, value: dict[str, Any]) -> list[str]:
+    """Format a dictionary value for YAML output."""
+    lines = [f"  {key}:"]
+    for param_key, param_value in value.items():
+        lines.append(f"    {param_key}: {_format_yaml_value(param_value)}")
+    return lines
+
+
+def _format_ansible_task(task: dict[str, Any]) -> str:
+    """
+    Format an Ansible task dictionary as YAML.
+
+    Args:
+        task: Dictionary representing an Ansible task.
+
+    Returns:
+        YAML-formatted string.
+
+    """
+    result = ["- name: " + task["name"]]
+
+    for key, value in task.items():
+        if key == "name":
+            continue
+        if isinstance(value, dict):
+            result.extend(_format_dict_value(key, value))
+        else:
+            result.append(f"  {key}: {_format_yaml_value(value)}")
+
+    return "\n".join(result)

souschef/core/__init__.py

@@ -0,0 +1,58 @@
+"""Core utilities for SousChef."""
+
+from souschef.core.constants import (
+    ACTION_TO_STATE,
+    ANSIBLE_SERVICE_MODULE,
+    CHEF_RECIPE_PREFIX,
+    CHEF_ROLE_PREFIX,
+    ERB_PATTERNS,
+    ERROR_FILE_NOT_FOUND,
+    ERROR_IS_DIRECTORY,
+    ERROR_PERMISSION_DENIED,
+    ERROR_PREFIX,
+    INSPEC_END_INDENT,
+    INSPEC_SHOULD_EXIST,
+    JINJA2_ELIF,
+    JINJA2_ELSE,
+    JINJA2_ENDIF,
+    JINJA2_FOR,
+    JINJA2_IF_NOT,
+    JINJA2_IF_START,
+    JINJA2_NODE_ATTR_REPLACEMENT,
+    JINJA2_VAR_REPLACEMENT,
+    METADATA_FILENAME,
+    NODE_PREFIX,
+    REGEX_ERB_CONDITION,
+    REGEX_ERB_EACH,
+    REGEX_ERB_ELSE,
+    REGEX_ERB_ELSIF,
+    REGEX_ERB_END,
+    REGEX_ERB_IF_START,
+    REGEX_ERB_NODE_ATTR,
+    REGEX_ERB_OUTPUT,
+    REGEX_ERB_UNLESS,
+    REGEX_QUOTE_DO_END,
+    REGEX_RESOURCE_BRACKET,
+    REGEX_RUBY_INTERPOLATION,
+    REGEX_WHITESPACE_QUOTE,
+    REGEX_WORD_SYMBOLS,
+    RESOURCE_MAPPINGS,
+)
+from souschef.core.path_utils import _normalize_path, _safe_join
+from souschef.core.ruby_utils import _normalize_ruby_value
+from souschef.core.validation import (
+    ValidationCategory,
+    ValidationEngine,
+    ValidationLevel,
+    ValidationResult,
+)
+
+__all__ = [
+    "_normalize_path",
+    "_normalize_ruby_value",
+    "_safe_join",
+    "ValidationCategory",
+    "ValidationEngine",
+    "ValidationLevel",
+    "ValidationResult",
+]

souschef/core/constants.py

@@ -0,0 +1,145 @@
+"""Constants used throughout SousChef."""
+
+__all__ = [
+    "ANSIBLE_SERVICE_MODULE",
+    "METADATA_FILENAME",
+    "ERROR_PREFIX",
+    "NODE_PREFIX",
+    "CHEF_RECIPE_PREFIX",
+    "CHEF_ROLE_PREFIX",
+    "REGEX_WHITESPACE_QUOTE",
+    "REGEX_QUOTE_DO_END",
+    "REGEX_RESOURCE_BRACKET",
+    "REGEX_ERB_OUTPUT",
+    "REGEX_ERB_CONDITION",
+    "REGEX_ERB_NODE_ATTR",
+    "REGEX_ERB_IF_START",
+    "REGEX_ERB_UNLESS",
+    "REGEX_ERB_ELSE",
+    "REGEX_ERB_ELSIF",
+    "REGEX_ERB_END",
+    "REGEX_ERB_EACH",
+    "REGEX_WORD_SYMBOLS",
+    "REGEX_RUBY_INTERPOLATION",
+    "JINJA2_VAR_REPLACEMENT",
+    "JINJA2_NODE_ATTR_REPLACEMENT",
+    "JINJA2_IF_START",
+    "JINJA2_IF_NOT",
+    "JINJA2_ELSE",
+    "JINJA2_ELIF",
+    "JINJA2_ENDIF",
+    "JINJA2_FOR",
+    "ERB_PATTERNS",
+    "INSPEC_END_INDENT",
+    "INSPEC_SHOULD_EXIST",
+    "ERROR_FILE_NOT_FOUND",
+    "ERROR_IS_DIRECTORY",
+    "ERROR_PERMISSION_DENIED",
+    "RESOURCE_MAPPINGS",
+    "ACTION_TO_STATE",
+]
+
+# Ansible module names
+ANSIBLE_SERVICE_MODULE = "ansible.builtin.service"
+
+# File names
+METADATA_FILENAME = "metadata.rb"
+
+# Common prefixes
+ERROR_PREFIX = "Error:"
+NODE_PREFIX = "node["
+CHEF_RECIPE_PREFIX = "recipe["
+CHEF_ROLE_PREFIX = "role["
+
+# Regular expression patterns for Ruby/ERB parsing
+REGEX_WHITESPACE_QUOTE = r"\s+['\"]?"
+REGEX_QUOTE_DO_END = r"['\"]?\s+do\s*([^\n]{0,15000})\nend"
+REGEX_RESOURCE_BRACKET = r"(\w+)\[([^\]]+)\]"
+REGEX_ERB_OUTPUT = r"<%=\s*([^%]{1,200}?)\s*%>"
+REGEX_ERB_CONDITION = r"[^%]{1,200}?"
+REGEX_ERB_NODE_ATTR = rf"<%=\s*node\[(['\"])({REGEX_ERB_CONDITION})\1\]\s*%>"
+REGEX_ERB_IF_START = rf"<%\s*if\s+({REGEX_ERB_CONDITION})\s*%>"
+REGEX_ERB_UNLESS = rf"<%\s*unless\s+({REGEX_ERB_CONDITION})\s*%>"
+REGEX_ERB_ELSE = r"<%\s*else\s*%>"
+REGEX_ERB_ELSIF = rf"<%\s*elsif\s+({REGEX_ERB_CONDITION})\s*%>"
+REGEX_ERB_END = r"<%\s*end\s*%>"
+REGEX_ERB_EACH = rf"<%\s*({REGEX_ERB_CONDITION})\.each\s+do\s+\|(\w+)\|\s*%>"
+REGEX_WORD_SYMBOLS = r"[\w.\[\]'\"]+"
+REGEX_RUBY_INTERPOLATION = r"#\{([^}]+)\}"
+
+# Jinja2 template replacements
+JINJA2_VAR_REPLACEMENT = r"{{ \1 }}"
+JINJA2_NODE_ATTR_REPLACEMENT = r"{{ \2 }}"
+JINJA2_IF_START = r"{% if \1 %}"
+JINJA2_IF_NOT = r"{% if not \1 %}"
+JINJA2_ELSE = r"{% else %}"
+JINJA2_ELIF = r"{% elif \1 %}"
+JINJA2_ENDIF = r"{% endif %}"
+JINJA2_FOR = r"{% for \2 in \1 %}"
+
+# ERB to Jinja2 pattern mappings
+ERB_PATTERNS = {
+    # Variable output: <%= var %> -> {{ var }}
+    "output": (REGEX_ERB_OUTPUT, JINJA2_VAR_REPLACEMENT),
+    # Variable with node prefix: <%= node['attr'] %> -> {{ attr }}
+    "node_attr": (REGEX_ERB_NODE_ATTR, JINJA2_NODE_ATTR_REPLACEMENT),
+    # If statements: <% if condition %> -> {% if condition %}
+    "if_start": (REGEX_ERB_IF_START, JINJA2_IF_START),
+    # Unless (negated if): <% unless condition %> -> {% if not condition %}
+    "unless": (REGEX_ERB_UNLESS, JINJA2_IF_NOT),
+    # Else: <% else %> -> {% else %}
+    "else": (REGEX_ERB_ELSE, JINJA2_ELSE),
+    # Elsif: <% elsif condition %> -> {% elif condition %}
+    "elsif": (REGEX_ERB_ELSIF, JINJA2_ELIF),
+    # End: <% end %> -> {% endif %}
+    "end": (REGEX_ERB_END, JINJA2_ENDIF),
+    # Each loop: <% array.each do |item| %> -> {% for item in array %}
+    # Use [^%]{1,200} to prevent matching across %> boundaries and ReDoS
+    "each": (REGEX_ERB_EACH, JINJA2_FOR),
+}
+
+# InSpec output formatting
+INSPEC_END_INDENT = "  end"
+INSPEC_SHOULD_EXIST = "    it { should exist }"
+
+# Error message templates
+ERROR_FILE_NOT_FOUND = "Error: File not found at {path}"
+ERROR_IS_DIRECTORY = "Error: {path} is a directory, not a file"
+ERROR_PERMISSION_DENIED = "Error: Permission denied for {path}"
+
+# Chef resource to Ansible module mappings
+RESOURCE_MAPPINGS = {
+    "package": "ansible.builtin.package",
+    "apt_package": "ansible.builtin.apt",
+    "yum_package": "ansible.builtin.yum",
+    "service": ANSIBLE_SERVICE_MODULE,
+    "systemd_unit": "ansible.builtin.systemd",
+    "template": "ansible.builtin.template",
+    "file": "ansible.builtin.file",
+    "directory": "ansible.builtin.file",
+    "execute": "ansible.builtin.command",
+    "bash": "ansible.builtin.shell",
+    "script": "ansible.builtin.script",
+    "user": "ansible.builtin.user",
+    "group": "ansible.builtin.group",
+    "cron": "ansible.builtin.cron",
+    "mount": "ansible.builtin.mount",
+    "git": "ansible.builtin.git",
+    "remote_file": "ansible.builtin.get_url",
+}
+
+# Chef action to Ansible state mappings
+ACTION_TO_STATE = {
+    "create": "present",
+    "delete": "absent",
+    "remove": "absent",
+    "install": "present",
+    "upgrade": "latest",
+    "purge": "absent",
+    "enable": "started",
+    "disable": "stopped",
+    "start": "started",
+    "stop": "stopped",
+    "restart": "restarted",
+    "reload": "reloaded",
+}

souschef/core/path_utils.py

@@ -0,0 +1,58 @@
+"""Path utility functions for safe filesystem operations."""
+
+from pathlib import Path
+
+
+def _normalize_path(path_str: str) -> Path:
+    """
+    Normalize a file path for safe filesystem operations.
+
+    This function resolves relative paths and symlinks to absolute paths,
+    preventing path traversal attacks (CWE-23). Note: This MCP server
+    intentionally allows full filesystem access as it runs in the user's
+    local environment with their permissions.
+
+    Args:
+        path_str: Path string to normalize.
+
+    Returns:
+        Resolved absolute Path object.
+
+    Raises:
+        ValueError: If the path contains null bytes or is invalid.
+
+    """
+    if "\x00" in path_str:
+        raise ValueError(f"Path contains null bytes: {path_str!r}")
+
+    try:
+        # Resolve to absolute path, removing .., ., and resolving symlinks
+        # This is the path normalization function itself that validates input
+        # lgtm[py/path-injection]
+        # codeql[py/path-injection]
+        return Path(path_str).resolve()
+    except (OSError, RuntimeError) as e:
+        raise ValueError(f"Invalid path {path_str}: {e}") from e
+
+
+def _safe_join(base_path: Path, *parts: str) -> Path:
+    """
+    Safely join path components ensuring result stays within base directory.
+
+    Args:
+        base_path: Normalized base path.
+        *parts: Path components to join.
+
+    Returns:
+        Joined path within base_path.
+
+    Raises:
+        ValueError: If result would escape base_path.
+
+    """
+    result = base_path.joinpath(*parts).resolve()
+    try:
+        result.relative_to(base_path)
+        return result
+    except ValueError as e:
+        raise ValueError(f"Path traversal attempt: {parts} escapes {base_path}") from e

souschef/core/ruby_utils.py

@@ -0,0 +1,39 @@
+"""
+Ruby value normalization utilities for Chef-to-Ansible conversion.
+
+This module provides utilities for normalizing Ruby values and syntax
+during the conversion process from Chef to Ansible.
+"""
+
+import re
+
+
+def _normalize_ruby_value(value: str) -> str:
+    """
+    Normalize Ruby value representation.
+
+    Converts Ruby-specific syntax to a normalized string representation
+    suitable for Ansible playbooks.
+
+    Args:
+        value: Raw Ruby value string.
+
+    Returns:
+        Normalized value string.
+
+    Examples:
+        >>> _normalize_ruby_value(":symbol")
+        '"symbol"'
+        >>> _normalize_ruby_value("[:a, :b]")
+        '["a", "b"]'
+
+    """
+    value = value.strip()
+    # Handle symbols: :symbol -> "symbol"
+    if value.startswith(":") and value[1:].replace("_", "").isalnum():
+        return f'"{value[1:]}"'
+    # Handle arrays: [:a, :b] -> ["a", "b"]
+    if value.startswith("[") and value.endswith("]"):
+        # Simple symbol array conversion
+        value = re.sub(r":(\w+)", r'"\1"', value)
+    return value