ostruct-cli 0.2.0__py3-none-any.whl → 0.4.0__py3-none-any.whl

ostruct/cli/file_utils.py

@@ -58,7 +58,7 @@ from .errors import (
 from .file_info import FileInfo
 from .file_list import FileInfoList
 from .security import SecurityManager
-from .security_types import SecurityManagerProtocol
+from .security.types import SecurityManagerProtocol
 
 __all__ = [
     "FileInfo",  # Re-exported from file_info
@@ -153,21 +153,21 @@ def collect_files_from_directory(
     allowed_extensions: Optional[List[str]] = None,
     **kwargs: Any,
 ) -> List[FileInfo]:
-    """Collect files from directory.
+    """Collect files from a directory.
 
     Args:
         directory: Directory to collect files from
         security_manager: Security manager for path validation
-        recursive: Whether to collect files recursively
-        allowed_extensions: List of allowed file extensions without dots
+        recursive: Whether to process subdirectories
+        allowed_extensions: List of allowed file extensions (without dot)
         **kwargs: Additional arguments passed to FileInfo.from_path
 
     Returns:
-        List of FileInfo instances
+        List of FileInfo objects
 
     Raises:
         DirectoryNotFoundError: If directory does not exist
-        PathSecurityError: If directory is not allowed
+        PathSecurityError: If directory or any file path is not allowed
     """
     logger.debug(
         "Collecting files from directory: %s (recursive=%s, extensions=%s)",
@@ -176,86 +176,113 @@ def collect_files_from_directory(
         allowed_extensions,
     )
 
-    # Validate directory exists and is allowed
+    # First validate and resolve the directory path
     try:
         abs_dir = str(security_manager.resolve_path(directory))
-        logger.debug("Resolved absolute directory path: %s", abs_dir)
-        logger.debug(
-            "Security manager base_dir: %s", security_manager.base_dir
-        )
-        logger.debug(
-            "Security manager allowed_dirs: %s", security_manager.allowed_dirs
-        )
+        logger.debug("Resolved directory path: %s", abs_dir)
     except PathSecurityError as e:
-        logger.debug("PathSecurityError while resolving directory: %s", str(e))
-        # Let the original error propagate
+        logger.error(
+            "Security violation in directory path: %s (%s)", directory, str(e)
+        )
         raise
 
-    if not os.path.exists(abs_dir):
-        logger.debug("Directory not found: %s (abs: %s)", directory, abs_dir)
-        raise DirectoryNotFoundError(f"Directory not found: {directory}")
     if not os.path.isdir(abs_dir):
-        logger.debug(
-            "Path is not a directory: %s (abs: %s)", directory, abs_dir
-        )
+        logger.error("Path is not a directory: %s", abs_dir)
         raise DirectoryNotFoundError(f"Path is not a directory: {directory}")
 
-    # Collect files
     files: List[FileInfo] = []
-    for root, dirs, filenames in os.walk(abs_dir):
-        logger.debug("Walking directory: %s", root)
-        logger.debug("Found subdirectories: %s", dirs)
-        logger.debug("Found files: %s", filenames)
 
-        if not recursive and root != abs_dir:
-            logger.debug(
-                "Skipping subdirectory (non-recursive mode): %s", root
-            )
-            continue
+    try:
+        for root, dirs, filenames in os.walk(abs_dir):
+            logger.debug("Walking directory: %s", root)
+            logger.debug("Found subdirectories: %s", dirs)
+            logger.debug("Found files: %s", filenames)
 
-        logger.debug("Scanning directory: %s", root)
-        logger.debug("Current files collected: %d", len(files))
-        for filename in filenames:
-            # Get relative path from base directory
-            abs_path = os.path.join(root, filename)
+            # Validate current directory
             try:
-                rel_path = os.path.relpath(abs_path, security_manager.base_dir)
-                logger.debug("Processing file: %s -> %s", abs_path, rel_path)
-            except ValueError as e:
-                # Skip files that can't be made relative
+                security_manager.validate_path(root)
+            except PathSecurityError as e:
+                logger.error(
+                    "Security violation in subdirectory: %s (%s)", root, str(e)
+                )
+                raise
+
+            if not recursive and root != abs_dir:
                 logger.debug(
-                    "Skipping file that can't be made relative: %s (error: %s)",
-                    abs_path,
-                    str(e),
+                    "Skipping subdirectory (non-recursive mode): %s", root
                 )
                 continue
 
-            # Check extension if filter is specified
-            if allowed_extensions is not None:
-                ext = os.path.splitext(filename)[1].lstrip(".")
-                if ext not in allowed_extensions:
+            logger.debug("Scanning directory: %s", root)
+            logger.debug("Current files collected: %d", len(files))
+
+            for filename in filenames:
+                # Get relative path from base directory
+                abs_path = os.path.join(root, filename)
+                try:
+                    rel_path = os.path.relpath(
+                        abs_path, security_manager.base_dir
+                    )
                     logger.debug(
-                        "Skipping file with non-matching extension: %s (ext=%s, allowed=%s)",
-                        filename,
-                        ext,
-                        allowed_extensions,
+                        "Processing file: %s -> %s", abs_path, rel_path
+                    )
+                except ValueError as e:
+                    logger.warning(
+                        "Skipping file that can't be made relative: %s (error: %s)",
+                        abs_path,
+                        str(e),
                     )
                     continue
 
-            try:
-                file_info = FileInfo.from_path(
-                    rel_path, security_manager=security_manager, **kwargs
-                )
-                files.append(file_info)
-                logger.debug("Added file to list: %s", rel_path)
-            except (FileNotFoundError, PathSecurityError) as e:
-                # Skip files that can't be accessed
-                logger.debug(
-                    "Skipping inaccessible file: %s (error: %s)",
-                    rel_path,
-                    str(e),
-                )
-                continue
+                # Check extension if filter is specified
+                if allowed_extensions is not None:
+                    ext = os.path.splitext(filename)[1].lstrip(".")
+                    if ext not in allowed_extensions:
+                        logger.debug(
+                            "Skipping file with disallowed extension: %s",
+                            filename,
+                        )
+                        continue
+
+                # Validate file path before creating FileInfo
+                try:
+                    security_manager.validate_path(abs_path)
+                except PathSecurityError as e:
+                    logger.error(
+                        "Security violation for file: %s (%s)",
+                        abs_path,
+                        str(e),
+                    )
+                    raise
+
+                try:
+                    file_info = FileInfo.from_path(
+                        rel_path, security_manager=security_manager, **kwargs
+                    )
+                    files.append(file_info)
+                    logger.debug("Added file to list: %s", rel_path)
+                except PathSecurityError as e:
+                    # Log and re-raise security errors immediately
+                    logger.error(
+                        "Security violation processing file: %s (%s)",
+                        rel_path,
+                        str(e),
+                    )
+                    raise
+                except (FileNotFoundError, PermissionError) as e:
+                    # Skip legitimate file access errors
+                    logger.warning(
+                        "Skipping inaccessible file: %s (error: %s)",
+                        rel_path,
+                        str(e),
+                    )
+
+    except PathSecurityError:
+        # Re-raise security errors without wrapping
+        raise
+    except Exception as e:
+        logger.error("Error collecting files: %s", str(e))
+        raise
 
     logger.debug("Collected %d files from directory %s", len(files), directory)
     return files
@@ -415,7 +442,8 @@ def collect_files(
                 logger.debug("Security error in directory mapping: %s", str(e))
                 raise PathSecurityError(
                     "Directory mapping error: Access denied: "
-                    f"{directory} is outside base directory and not in allowed directories"
+                    f"{directory} is outside base directory and not in allowed directories",
+                    path=directory,
                 ) from e
             except DirectoryNotFoundError as e:
                 logger.debug("Directory not found: %s", str(e))

ostruct/cli/path_utils.py

@@ -1,17 +1,16 @@
 """Path validation utilities for the CLI."""
 
-import os
 from pathlib import Path
 from typing import Optional, Tuple
 
-from .errors import (
+from ostruct.cli.errors import (
     DirectoryNotFoundError,
     FileNotFoundError,
-    PathSecurityError,
     VariableNameError,
     VariableValueError,
 )
-from .security import SecurityManager
+from ostruct.cli.security.errors import PathSecurityError, SecurityErrorReasons
+from ostruct.cli.security.security_manager import SecurityManager
 
 
 def validate_path_mapping(
@@ -45,79 +44,61 @@ def validate_path_mapping(
         >>> validate_path_mapping("data=config/", is_dir=True)  # Validates directory
         ('data', 'config/')
     """
+    # Split into name and path parts
     try:
-        if not mapping or "=" not in mapping:
-            raise ValueError("Invalid mapping format")
-
-        name, path = mapping.split("=", 1)
-        if not name:
-            raise VariableNameError(
-                f"Empty name in {'directory' if is_dir else 'file'} mapping"
-            )
-
-        if not path:
-            raise VariableValueError("Path cannot be empty")
-
-        # Expand user home directory and environment variables
-        path = os.path.expanduser(os.path.expandvars(path))
-
-        # Convert to Path object and resolve against base_dir if provided
-        path_obj = Path(path)
-        if base_dir:
-            path_obj = Path(base_dir) / path_obj
-
-        # Resolve the path to catch directory traversal attempts
-        try:
-            resolved_path = path_obj.resolve()
-        except OSError as e:
-            raise OSError(f"Failed to resolve path: {e}")
-
-        # Check if path exists
-        if not resolved_path.exists():
-            if is_dir:
-                raise DirectoryNotFoundError(f"Directory not found: {path!r}")
-            else:
-                raise FileNotFoundError(f"File not found: {path!r}")
-
-        # Check if path is correct type
-        if is_dir and not resolved_path.is_dir():
-            raise DirectoryNotFoundError(f"Path is not a directory: {path!r}")
-        elif not is_dir and not resolved_path.is_file():
-            raise FileNotFoundError(f"Path is not a file: {path!r}")
-
-        # Check if path is accessible
+        name, path_str = mapping.split("=", 1)
+    except ValueError:
+        raise ValueError(f"Invalid mapping format (missing '='): {mapping}")
+
+    # Validate name
+    name = name.strip()
+    if not name:
+        raise VariableNameError("Variable name cannot be empty")
+    if not name.isidentifier():
+        raise VariableNameError(f"Invalid variable name: {name}")
+
+    # Normalize path
+    path_str = path_str.strip()
+    if not path_str:
+        raise VariableValueError("Path cannot be empty")
+
+    # Create a Path object
+    path = Path(path_str)
+    if not path.is_absolute() and base_dir:
+        path = Path(base_dir) / path
+
+    # Validate path with security manager if provided
+    if security_manager:
         try:
-            if is_dir:
-                os.listdir(str(resolved_path))
-            else:
-                with open(str(resolved_path), "r", encoding="utf-8") as f:
-                    f.read(1)
-        except OSError as e:
-            if e.errno == 13:  # Permission denied
+            path = security_manager.validate_path(path)
+        except PathSecurityError as e:
+            if (
+                e.context.get("reason")
+                == SecurityErrorReasons.PATH_OUTSIDE_ALLOWED
+            ):
                 raise PathSecurityError(
-                    f"Permission denied accessing path: {path!r}"
-                )
-            raise
-
-        # Check security constraints
-        if security_manager:
-            if not security_manager.is_path_allowed(str(resolved_path)):
-                raise PathSecurityError.from_expanded_paths(
-                    original_path=str(path),
-                    expanded_path=str(resolved_path),
-                    base_dir=str(security_manager.base_dir),
-                    allowed_dirs=[
-                        str(d) for d in security_manager.allowed_dirs
-                    ],
-                )
-
-        # Return the original path to maintain relative paths in the output
-        return name, path
-
-    except ValueError as e:
-        if "not enough values to unpack" in str(e):
-            raise VariableValueError(
-                f"Invalid {'directory' if is_dir else 'file'} mapping "
-                f"(expected name=path format): {mapping!r}"
-            )
-        raise
+                    f"Path '{path}' is outside the base directory and not in allowed directories",
+                    path=str(path),
+                    context=e.context,
+                ) from e
+            raise PathSecurityError(
+                f"Path validation failed: {e}",
+                path=str(path),
+                context=e.context,
+            ) from e
+
+    # Check path existence and type
+    if not path.exists():
+        if is_dir:
+            raise DirectoryNotFoundError(f"Directory not found: {path}")
+        raise FileNotFoundError(f"File not found: {path}")
+
+    # Check path type
+    if is_dir and not path.is_dir():
+        raise DirectoryNotFoundError(
+            f"Path exists but is not a directory: {path}"
+        )
+    elif not is_dir and not path.is_file():
+        raise FileNotFoundError(f"Path exists but is not a file: {path}")
+
+    return name, str(path)

ostruct/cli/security/__init__.py

@@ -0,0 +1,32 @@
+"""Security package for file access management.
+
+This package provides a comprehensive set of security features for file access:
+- Path normalization and validation
+- Safe path joining
+- Directory traversal prevention
+- Symlink resolution with security checks
+- Case sensitivity handling
+- Temporary path management
+"""
+
+from .allowed_checker import is_path_in_allowed_dirs
+from .case_manager import CaseManager
+from .errors import (
+    DirectoryNotFoundError,
+    PathSecurityError,
+    SecurityErrorReasons,
+)
+from .normalization import normalize_path
+from .safe_joiner import safe_join
+from .security_manager import SecurityManager
+
+__all__ = [
+    "normalize_path",
+    "safe_join",
+    "is_path_in_allowed_dirs",
+    "CaseManager",
+    "PathSecurityError",
+    "DirectoryNotFoundError",
+    "SecurityErrorReasons",
+    "SecurityManager",
+]

ostruct/cli/security/allowed_checker.py

@@ -0,0 +1,47 @@
+"""Allowed directory checker module.
+
+This module provides functionality to verify that a given path is within
+one of a set of allowed directories.
+"""
+
+from pathlib import Path
+from typing import List, Union
+
+from .normalization import normalize_path
+
+
+def is_path_in_allowed_dirs(
+    path: Union[str, Path], allowed_dirs: List[Path]
+) -> bool:
+    """Check if a given path is inside any of the allowed directories.
+
+    This function normalizes both the input path and allowed directories
+    before comparison to ensure consistent results across platforms.
+
+    Args:
+        path: The path to check.
+        allowed_dirs: A list of allowed directory paths.
+
+    Returns:
+        True if path is within one of the allowed directories; False otherwise.
+
+    Example:
+        >>> allowed = [Path("/base"), Path("/tmp")]
+        >>> is_path_in_allowed_dirs("/base/file.txt", allowed)
+        True
+        >>> is_path_in_allowed_dirs("/etc/passwd", allowed)
+        False
+    """
+    norm_path = normalize_path(path)
+    norm_allowed = [normalize_path(d) for d in allowed_dirs]
+
+    for allowed in norm_allowed:
+        try:
+            # If path.relative_to(allowed) does not raise an error,
+            # then path is within allowed.
+            norm_path.relative_to(allowed)
+            return True
+        except ValueError:
+            continue
+
+    return False

ostruct/cli/security/case_manager.py

@@ -0,0 +1,75 @@
+"""Case management module.
+
+This module provides a class for tracking and preserving the original case
+of file paths on case-insensitive systems.
+"""
+
+from pathlib import Path
+from threading import Lock
+from typing import Dict
+
+
+class CaseManager:
+    """Manages original case preservation for paths.
+
+    This class provides a thread-safe way to track original case preservation
+    without modifying Path objects. This is particularly important on
+    case-insensitive systems (macOS, Windows) where we normalize paths
+    to lowercase but want to preserve the original case for display.
+
+    Example:
+        >>> CaseManager.set_original_case(Path("/tmp/file.txt"), "/TMP/File.txt")
+        >>> CaseManager.get_original_case(Path("/tmp/file.txt"))
+        '/TMP/File.txt'
+    """
+
+    _case_mapping: Dict[str, str] = {}
+    _lock = Lock()
+
+    @classmethod
+    def set_original_case(
+        cls, normalized_path: Path, original_case: str
+    ) -> None:
+        """Store the original case for a normalized path.
+
+        Args:
+            normalized_path: The normalized (potentially lowercased) Path.
+            original_case: The original path string with its original case.
+
+        Raises:
+            TypeError: If normalized_path or original_case is None.
+        """
+        if normalized_path is None:
+            raise TypeError("normalized_path cannot be None")
+        if original_case is None:
+            raise TypeError("original_case cannot be None")
+
+        with cls._lock:
+            cls._case_mapping[str(normalized_path)] = original_case
+
+    @classmethod
+    def get_original_case(cls, normalized_path: Path) -> str:
+        """Retrieve the original case for a normalized path.
+
+        Args:
+            normalized_path: The normalized Path.
+
+        Returns:
+            The original case string if stored; otherwise the normalized path string.
+
+        Raises:
+            TypeError: If normalized_path is None.
+        """
+        if normalized_path is None:
+            raise TypeError("normalized_path cannot be None")
+
+        with cls._lock:
+            return cls._case_mapping.get(
+                str(normalized_path), str(normalized_path)
+            )
+
+    @classmethod
+    def clear(cls) -> None:
+        """Clear all stored case mappings."""
+        with cls._lock:
+            cls._case_mapping.clear()