ostruct-cli 0.3.0__py3-none-any.whl → 0.5.0__py3-none-any.whl

ostruct/cli/file_utils.py

@@ -46,19 +46,20 @@ import codecs
 import glob
 import logging
 import os
-from typing import Any, Dict, List, Optional, Type, Union
+from pathlib import Path
+from typing import Any, Dict, List, Optional, Tuple, Type, Union
 
 import chardet
 
 from .errors import (
     DirectoryNotFoundError,
-    FileNotFoundError,
+    OstructFileNotFoundError,
     PathSecurityError,
 )
 from .file_info import FileInfo
 from .file_list import FileInfoList
 from .security import SecurityManager
-from .security_types import SecurityManagerProtocol
+from .security.types import SecurityManagerProtocol
 
 __all__ = [
     "FileInfo",  # Re-exported from file_info
@@ -113,10 +114,10 @@ def collect_files_from_pattern(
     pattern: str,
     security_manager: SecurityManager,
 ) -> List[FileInfo]:
-    """Collect files matching a glob pattern.
+    """Collect files matching a glob pattern or exact file path.
 
     Args:
-        pattern: Glob pattern to match files
+        pattern: Glob pattern or file path to match
         security_manager: Security manager for path validation
 
     Returns:
@@ -125,7 +126,18 @@ def collect_files_from_pattern(
     Raises:
         PathSecurityError: If any matched file is outside base directory
     """
-    # Expand pattern
+    # First check if it's an exact file path
+    if os.path.isfile(pattern):
+        try:
+            file_info = FileInfo.from_path(pattern, security_manager)
+            return [file_info]
+        except PathSecurityError:
+            raise
+        except Exception as e:
+            logger.warning("Could not process file %s: %s", pattern, str(e))
+            return []
+
+    # If not an exact file, try glob pattern
     matched_paths = glob.glob(pattern, recursive=True)
     if not matched_paths:
         logger.debug("No files matched pattern: %s", pattern)
@@ -140,8 +152,8 @@ def collect_files_from_pattern(
         except PathSecurityError:
             # Let security errors propagate
             raise
-        except Exception:
-            logger.warning("Could not process file %s", path)
+        except Exception as e:
+            logger.warning("Could not process file %s: %s", path, str(e))
 
     return files
 
@@ -153,21 +165,21 @@ def collect_files_from_directory(
     allowed_extensions: Optional[List[str]] = None,
     **kwargs: Any,
 ) -> List[FileInfo]:
-    """Collect files from directory.
+    """Collect files from a directory.
 
     Args:
         directory: Directory to collect files from
         security_manager: Security manager for path validation
-        recursive: Whether to collect files recursively
-        allowed_extensions: List of allowed file extensions without dots
+        recursive: Whether to process subdirectories
+        allowed_extensions: List of allowed file extensions (without dot)
         **kwargs: Additional arguments passed to FileInfo.from_path
 
     Returns:
-        List of FileInfo instances
+        List of FileInfo objects
 
     Raises:
         DirectoryNotFoundError: If directory does not exist
-        PathSecurityError: If directory is not allowed
+        PathSecurityError: If directory or any file path is not allowed
     """
     logger.debug(
         "Collecting files from directory: %s (recursive=%s, extensions=%s)",
@@ -176,125 +188,148 @@ def collect_files_from_directory(
         allowed_extensions,
     )
 
-    # Validate directory exists and is allowed
+    # First validate and resolve the directory path
     try:
         abs_dir = str(security_manager.resolve_path(directory))
-        logger.debug("Resolved absolute directory path: %s", abs_dir)
-        logger.debug(
-            "Security manager base_dir: %s", security_manager.base_dir
-        )
-        logger.debug(
-            "Security manager allowed_dirs: %s", security_manager.allowed_dirs
-        )
+        logger.debug("Resolved directory path: %s", abs_dir)
     except PathSecurityError as e:
-        logger.debug("PathSecurityError while resolving directory: %s", str(e))
-        # Let the original error propagate
+        logger.error(
+            "Security violation in directory path: %s (%s)", directory, str(e)
+        )
         raise
 
-    if not os.path.exists(abs_dir):
-        logger.debug("Directory not found: %s (abs: %s)", directory, abs_dir)
-        raise DirectoryNotFoundError(f"Directory not found: {directory}")
     if not os.path.isdir(abs_dir):
-        logger.debug(
-            "Path is not a directory: %s (abs: %s)", directory, abs_dir
-        )
+        logger.error("Path is not a directory: %s", abs_dir)
         raise DirectoryNotFoundError(f"Path is not a directory: {directory}")
 
-    # Collect files
     files: List[FileInfo] = []
-    for root, dirs, filenames in os.walk(abs_dir):
-        logger.debug("Walking directory: %s", root)
-        logger.debug("Found subdirectories: %s", dirs)
-        logger.debug("Found files: %s", filenames)
 
-        if not recursive and root != abs_dir:
-            logger.debug(
-                "Skipping subdirectory (non-recursive mode): %s", root
-            )
-            continue
+    try:
+        for root, dirs, filenames in os.walk(abs_dir):
+            logger.debug("Walking directory: %s", root)
+            logger.debug("Found subdirectories: %s", dirs)
+            logger.debug("Found files: %s", filenames)
 
-        logger.debug("Scanning directory: %s", root)
-        logger.debug("Current files collected: %d", len(files))
-        for filename in filenames:
-            # Get relative path from base directory
-            abs_path = os.path.join(root, filename)
+            # Validate current directory
             try:
-                rel_path = os.path.relpath(abs_path, security_manager.base_dir)
-                logger.debug("Processing file: %s -> %s", abs_path, rel_path)
-            except ValueError as e:
-                # Skip files that can't be made relative
+                security_manager.validate_path(root)
+            except PathSecurityError as e:
+                logger.error(
+                    "Security violation in subdirectory: %s (%s)", root, str(e)
+                )
+                raise
+
+            if not recursive and root != abs_dir:
                 logger.debug(
-                    "Skipping file that can't be made relative: %s (error: %s)",
-                    abs_path,
-                    str(e),
+                    "Skipping subdirectory (non-recursive mode): %s", root
                 )
                 continue
 
-            # Check extension if filter is specified
-            if allowed_extensions is not None:
-                ext = os.path.splitext(filename)[1].lstrip(".")
-                if ext not in allowed_extensions:
+            logger.debug("Scanning directory: %s", root)
+            logger.debug("Current files collected: %d", len(files))
+
+            for filename in filenames:
+                # Get relative path from base directory
+                abs_path = os.path.join(root, filename)
+                try:
+                    rel_path = os.path.relpath(
+                        abs_path, security_manager.base_dir
+                    )
                     logger.debug(
-                        "Skipping file with non-matching extension: %s (ext=%s, allowed=%s)",
-                        filename,
-                        ext,
-                        allowed_extensions,
+                        "Processing file: %s -> %s", abs_path, rel_path
+                    )
+                except ValueError as e:
+                    logger.warning(
+                        "Skipping file that can't be made relative: %s (error: %s)",
+                        abs_path,
+                        str(e),
                     )
                     continue
 
-            try:
-                file_info = FileInfo.from_path(
-                    rel_path, security_manager=security_manager, **kwargs
-                )
-                files.append(file_info)
-                logger.debug("Added file to list: %s", rel_path)
-            except (FileNotFoundError, PathSecurityError) as e:
-                # Skip files that can't be accessed
-                logger.debug(
-                    "Skipping inaccessible file: %s (error: %s)",
-                    rel_path,
-                    str(e),
-                )
-                continue
+                # Check extension if filter is specified
+                if allowed_extensions is not None:
+                    ext = os.path.splitext(filename)[1].lstrip(".")
+                    if ext not in allowed_extensions:
+                        logger.debug(
+                            "Skipping file with disallowed extension: %s",
+                            filename,
+                        )
+                        continue
+
+                # Validate file path before creating FileInfo
+                try:
+                    security_manager.validate_path(abs_path)
+                except PathSecurityError as e:
+                    logger.error(
+                        "Security violation for file: %s (%s)",
+                        abs_path,
+                        str(e),
+                    )
+                    raise
+
+                try:
+                    # Use absolute path when creating FileInfo
+                    file_info = FileInfo.from_path(
+                        abs_path, security_manager=security_manager, **kwargs
+                    )
+                    files.append(file_info)
+                    logger.debug("Added file to list: %s", abs_path)
+                except PathSecurityError as e:
+                    # Log and re-raise security errors immediately
+                    logger.error(
+                        "Security violation processing file: %s (%s)",
+                        abs_path,
+                        str(e),
+                    )
+                    raise
+                except (OstructFileNotFoundError, PermissionError) as e:
+                    # Skip legitimate file access errors
+                    logger.warning(
+                        "Skipping inaccessible file: %s (error: %s)",
+                        rel_path,
+                        str(e),
+                    )
+
+    except PathSecurityError:
+        # Re-raise security errors without wrapping
+        raise
+    except Exception as e:
+        logger.error("Error collecting files: %s", str(e))
+        raise
 
     logger.debug("Collected %d files from directory %s", len(files), directory)
     return files
 
 
 def _validate_and_split_mapping(
-    mapping: str, mapping_type: str
+    mapping: tuple[str, Union[str, Path]], mapping_type: str
 ) -> tuple[str, str]:
-    """Validate and split a name=value mapping.
+    """Validate a name/path tuple mapping.
 
     Args:
-        mapping: The mapping string to validate (e.g. "name=value")
+        mapping: The mapping tuple (name, path)
         mapping_type: Type of mapping for error messages ("file", "pattern", or "directory")
 
     Returns:
-        Tuple of (name, value)
+        The same tuple of (name, path)
 
     Raises:
         ValueError: If mapping format is invalid
     """
-    try:
-        name, value = mapping.split("=", 1)
-    except ValueError:
-        raise ValueError(
-            f"Invalid {mapping_type} mapping format: {mapping!r} (missing '=' separator)"
-        )
+    name, value = mapping
 
     if not name:
-        raise ValueError(f"Empty name in {mapping_type} mapping: {mapping!r}")
+        raise ValueError(f"Empty name in {mapping_type} mapping")
     if not value:
-        raise ValueError(f"Empty value in {mapping_type} mapping: {mapping!r}")
+        raise ValueError(f"Empty value in {mapping_type} mapping")
 
-    return name, value
+    return name, str(value)  # Convert Path to str if needed
 
 
 def collect_files(
-    file_mappings: Optional[List[str]] = None,
-    pattern_mappings: Optional[List[str]] = None,
-    dir_mappings: Optional[List[str]] = None,
+    file_mappings: Optional[List[Tuple[str, Union[str, Path]]]] = None,
+    pattern_mappings: Optional[List[Tuple[str, Union[str, Path]]]] = None,
+    dir_mappings: Optional[List[Tuple[str, Union[str, Path]]]] = None,
     dir_recursive: bool = False,
     dir_extensions: Optional[List[str]] = None,
     security_manager: Optional[SecurityManager] = None,
@@ -303,9 +338,9 @@ def collect_files(
     """Collect files from multiple sources.
 
     Args:
-        file_mappings: List of file mappings in the format "name=path"
-        pattern_mappings: List of pattern mappings in the format "name=pattern"
-        dir_mappings: List of directory mappings in the format "name=directory"
+        file_mappings: List of file mappings as (name, path) tuples
+        pattern_mappings: List of pattern mappings as (name, pattern) tuples
+        dir_mappings: List of directory mappings as (name, directory) tuples
         dir_recursive: Whether to process directories recursively
         dir_extensions: List of file extensions to include in directory processing
         security_manager: Security manager instance
@@ -356,7 +391,7 @@ def collect_files(
                 raise ValueError(f"Duplicate file mapping: {name}")
 
             file_info = FileInfo.from_path(
-                path, security_manager=security_manager, **kwargs
+                str(path), security_manager=security_manager, **kwargs
             )
             files[name] = FileInfoList([file_info], from_dir=False)
             logger.debug("Added single file mapping: %s -> %s", name, path)
@@ -371,7 +406,7 @@ def collect_files(
 
             try:
                 matched_files = collect_files_from_pattern(
-                    pattern, security_manager=security_manager, **kwargs
+                    str(pattern), security_manager=security_manager, **kwargs
                 )
             except PathSecurityError as e:
                 logger.debug("Security error in pattern mapping: %s", str(e))
@@ -438,7 +473,7 @@ def collect_files(
 
     if not files:
         logger.debug("No files found in any mappings")
-        raise ValueError("No files found")
+        return files
 
     logger.debug("Collected files total mappings: %d", len(files))
     return files
@@ -582,14 +617,14 @@ def read_allowed_dirs_from_file(filepath: str) -> List[str]:
         A list of allowed directories as absolute paths.
 
     Raises:
-        FileNotFoundError: If the file does not exist.
+        OstructFileNotFoundError: If the file does not exist.
         ValueError: If the file contains invalid data.
     """
     try:
         with open(filepath, "r") as f:
             lines = f.readlines()
     except OSError as e:
-        raise FileNotFoundError(
+        raise OstructFileNotFoundError(
             f"Error reading allowed directories from file: {filepath}: {e}"
         )
 

ostruct/cli/path_utils.py

@@ -1,17 +1,20 @@
 """Path validation utilities for the CLI."""
 
-import os
+import logging
 from pathlib import Path
 from typing import Optional, Tuple
 
-from .errors import (
+from ostruct.cli.errors import (
     DirectoryNotFoundError,
-    FileNotFoundError,
+    OstructFileNotFoundError,
     PathSecurityError,
     VariableNameError,
     VariableValueError,
 )
-from .security import SecurityManager
+from ostruct.cli.security.errors import SecurityErrorReasons
+from ostruct.cli.security.security_manager import SecurityManager
+
+logger = logging.getLogger(__name__)
 
 
 def validate_path_mapping(
@@ -45,79 +48,85 @@ def validate_path_mapping(
         >>> validate_path_mapping("data=config/", is_dir=True)  # Validates directory
         ('data', 'config/')
     """
+    logger.debug(
+        "Validating path mapping: %s (is_dir=%s, base_dir=%s)",
+        mapping,
+        is_dir,
+        base_dir,
+    )
+
+    # Split into name and path parts
     try:
-        if not mapping or "=" not in mapping:
-            raise ValueError("Invalid mapping format")
-
-        name, path = mapping.split("=", 1)
-        if not name:
-            raise VariableNameError(
-                f"Empty name in {'directory' if is_dir else 'file'} mapping"
-            )
-
-        if not path:
-            raise VariableValueError("Path cannot be empty")
-
-        # Expand user home directory and environment variables
-        path = os.path.expanduser(os.path.expandvars(path))
-
-        # Convert to Path object and resolve against base_dir if provided
-        path_obj = Path(path)
-        if base_dir:
-            path_obj = Path(base_dir) / path_obj
-
-        # Resolve the path to catch directory traversal attempts
-        try:
-            resolved_path = path_obj.resolve()
-        except OSError as e:
-            raise OSError(f"Failed to resolve path: {e}")
-
-        # Check if path exists
-        if not resolved_path.exists():
-            if is_dir:
-                raise DirectoryNotFoundError(f"Directory not found: {path!r}")
-            else:
-                raise FileNotFoundError(f"File not found: {path!r}")
-
-        # Check if path is correct type
-        if is_dir and not resolved_path.is_dir():
-            raise DirectoryNotFoundError(f"Path is not a directory: {path!r}")
-        elif not is_dir and not resolved_path.is_file():
-            raise FileNotFoundError(f"Path is not a file: {path!r}")
-
-        # Check if path is accessible
+        name, path_str = mapping.split("=", 1)
+    except ValueError:
+        logger.error("Invalid mapping format (missing '='): %s", mapping)
+        raise ValueError(f"Invalid mapping format (missing '='): {mapping}")
+
+    # Validate name
+    name = name.strip()
+    if not name:
+        logger.error("Variable name cannot be empty: %s", mapping)
+        raise VariableNameError("Variable name cannot be empty")
+    if not name.isidentifier():
+        logger.error("Invalid variable name: %s", name)
+        raise VariableNameError(f"Invalid variable name: {name}")
+
+    # Normalize path
+    path_str = path_str.strip()
+    if not path_str:
+        logger.error("Path cannot be empty: %s", mapping)
+        raise VariableValueError("Path cannot be empty")
+
+    logger.debug("Creating Path object for: %s", path_str)
+    # Create a Path object
+    path = Path(path_str)
+    if not path.is_absolute() and base_dir:
+        logger.debug(
+            "Converting relative path to absolute using base_dir: %s", base_dir
+        )
+        path = Path(base_dir) / path
+
+    # Validate path with security manager if provided
+    if security_manager:
+        logger.debug("Validating path with security manager: %s", path)
         try:
-            if is_dir:
-                os.listdir(str(resolved_path))
-            else:
-                with open(str(resolved_path), "r", encoding="utf-8") as f:
-                    f.read(1)
-        except OSError as e:
-            if e.errno == 13:  # Permission denied
+            path = security_manager.validate_path(path)
+            logger.debug("Security validation passed: %s", path)
+        except PathSecurityError as e:
+            logger.error("Security validation failed: %s - %s", path, e)
+            if (
+                e.context.get("reason")
+                == SecurityErrorReasons.PATH_OUTSIDE_ALLOWED
+            ):
                 raise PathSecurityError(
-                    f"Permission denied accessing path: {path!r}"
-                )
-            raise
-
-        # Check security constraints
-        if security_manager:
-            if not security_manager.is_path_allowed(str(resolved_path)):
-                raise PathSecurityError.from_expanded_paths(
-                    original_path=str(path),
-                    expanded_path=str(resolved_path),
-                    base_dir=str(security_manager.base_dir),
-                    allowed_dirs=[
-                        str(d) for d in security_manager.allowed_dirs
-                    ],
-                )
-
-        # Return the original path to maintain relative paths in the output
-        return name, path
-
-    except ValueError as e:
-        if "not enough values to unpack" in str(e):
-            raise VariableValueError(
-                f"Invalid {'directory' if is_dir else 'file'} mapping "
-                f"(expected name=path format): {mapping!r}"
-            )
-        raise
+                    f"Path '{path}' is outside the base directory and not in allowed directories",
+                    path=str(path),
+                    context=e.context,
+                ) from e
+            raise PathSecurityError(
+                f"Path validation failed: {e}",
+                path=str(path),
+                context=e.context,
+            ) from e
+
+    # Check path existence and type
+    if not path.exists():
+        logger.error("Path does not exist: %s", path)
+        if is_dir:
+            raise DirectoryNotFoundError(f"Directory not found: {path}")
+        raise OstructFileNotFoundError(f"File not found: {path}")
+
+    # Check path type
+    if is_dir and not path.is_dir():
+        logger.error("Path exists but is not a directory: %s", path)
+        raise DirectoryNotFoundError(
+            f"Path exists but is not a directory: {path}"
+        )
+    elif not is_dir and not path.is_file():
+        logger.error("Path exists but is not a file: %s", path)
+        raise OstructFileNotFoundError(
+            f"Path exists but is not a file: {path}"
+        )
+
+    logger.debug("Path validation successful: %s -> %s", name, path)
+    return name, str(path)

ostruct/cli/security/__init__.py

@@ -0,0 +1,32 @@
+"""Security package for file access management.
+
+This package provides a comprehensive set of security features for file access:
+- Path normalization and validation
+- Safe path joining
+- Directory traversal prevention
+- Symlink resolution with security checks
+- Case sensitivity handling
+- Temporary path management
+"""
+
+from .allowed_checker import is_path_in_allowed_dirs
+from .case_manager import CaseManager
+from .errors import (
+    DirectoryNotFoundError,
+    PathSecurityError,
+    SecurityErrorReasons,
+)
+from .normalization import normalize_path
+from .safe_joiner import safe_join
+from .security_manager import SecurityManager
+
+__all__ = [
+    "normalize_path",
+    "safe_join",
+    "is_path_in_allowed_dirs",
+    "CaseManager",
+    "PathSecurityError",
+    "DirectoryNotFoundError",
+    "SecurityErrorReasons",
+    "SecurityManager",
+]

ostruct/cli/security/allowed_checker.py

@@ -0,0 +1,55 @@
+"""Allowed directory checker module.
+
+This module provides functionality to verify that a given path is within
+one of a set of allowed directories.
+"""
+
+from pathlib import Path
+from typing import List, Union
+
+from .normalization import normalize_path
+
+
+def is_path_in_allowed_dirs(
+    path: Union[str, Path], allowed_dirs: List[Path]
+) -> bool:
+    """Check if a given path is inside any of the allowed directories.
+
+    This function normalizes both the input path and allowed directories
+    before comparison to ensure consistent results across platforms.
+
+    Args:
+        path: The path to check.
+        allowed_dirs: A list of allowed directory paths.
+
+    Returns:
+        True if path is within one of the allowed directories; False otherwise.
+
+    Raises:
+        TypeError: If path is None or not a string/Path object.
+
+    Example:
+        >>> allowed = [Path("/base"), Path("/tmp")]
+        >>> is_path_in_allowed_dirs("/base/file.txt", allowed)
+        True
+        >>> is_path_in_allowed_dirs("/etc/passwd", allowed)
+        False
+    """
+    if path is None:
+        raise TypeError("path must be a string or Path object")
+    if not isinstance(path, (str, Path)):
+        raise TypeError("path must be a string or Path object")
+
+    norm_path = normalize_path(path)
+    norm_allowed = [normalize_path(d) for d in allowed_dirs]
+
+    for allowed in norm_allowed:
+        try:
+            # If path.relative_to(allowed) does not raise an error,
+            # then path is within allowed.
+            norm_path.relative_to(allowed)
+            return True
+        except ValueError:
+            continue
+
+    return False