pandoraspec 0.1.1__py3-none-any.whl → 0.2.7__py3-none-any.whl

pandoraspec/reporting/generator.py

@@ -0,0 +1,111 @@
+import os
+from datetime import datetime
+from weasyprint import HTML
+from .templates import get_report_template
+
+REPORTS_DIR = "reports"
+
+if not os.path.exists(REPORTS_DIR):
+    os.makedirs(REPORTS_DIR)
+
+def generate_report(vendor_name: str, audit_results: dict, output_path: str = None) -> str:
+    """
+    Module D: The Compliance Report (The Deliverable)
+    Generates a branded PDF report.
+    """
+    # ... (omitted for brevity, assume logic matches but filename handling changes)
+    
+    # Calculate scores...
+    drift_issues = [r for r in audit_results["drift_check"] if r.get("status") != "PASS"]
+    resilience_issues = [r for r in audit_results["resilience"] if r.get("status") != "PASS"]
+    security_issues = [r for r in audit_results["security"] if r.get("status") != "PASS"]
+
+    drift_score = max(0, 100 - len(drift_issues) * 10)
+    resilience_score = max(0, 100 - len(resilience_issues) * 15)
+    security_score = max(0, 100 - len(security_issues) * 20)
+    
+    total_score = (drift_score + resilience_score + security_score) / 3
+    is_compliant = total_score >= 80
+
+    context = {
+        "vendor_name": vendor_name,
+        "date": datetime.now().strftime("%Y-%m-%d"),
+        "score": round(total_score),
+        "is_compliant": is_compliant,
+        "results": audit_results
+    }
+    
+    # ... (render_findings_table helper omitted) ...
+    def render_findings_table(module_name, findings):
+        if not findings:
+            return f"<p class='no-issues'>✅ No issues found in {module_name}.</p>"
+        
+        rows = ""
+        for f in findings:
+            endpoint = f.get('endpoint', 'Global')
+            status = f.get('status', 'FAIL')
+            
+            if status == "PASS":
+                severity_class = "pass"
+                severity_text = "PASS"
+            else:
+                severity_class = f.get('severity', 'LOW').lower()
+                severity_text = f.get('severity')
+
+            rows += f"<tr><td><span class='badge badge-{severity_class}'>{severity_text}</span></td><td><code>{endpoint}</code></td><td><strong>{f.get('issue')}</strong></td><td>{f.get('details')}</td></tr>"
+        
+        return f"<table><thead><tr><th style='width: 10%'>Status</th><th style='width: 25%'>Endpoint</th><th style='width: 25%'>Issue</th><th>Technical Details</th></tr></thead><tbody>{rows}</tbody></table>"
+
+    html_content = get_report_template(
+        vendor_name=vendor_name,
+        total_score=total_score,
+        is_compliant=is_compliant,
+        audit_results=audit_results,
+        render_findings_table_func=render_findings_table
+    )
+
+    if output_path:
+        filepath = output_path
+    else:
+        filename = f"{vendor_name.replace(' ', '_')}_{datetime.now().strftime('%Y%m%d%H%M%S')}.pdf"
+        filepath = os.path.join(REPORTS_DIR, filename)
+    
+    HTML(string=html_content).write_pdf(filepath)
+    return filepath
+
+def generate_json_report(vendor_name: str, audit_results: dict, output_path: str = None) -> str:
+    """
+    Generates a machine-readable JSON report for CI/CD pipelines.
+    """
+    import json
+    
+    # Filter out PASS results for scoring
+    drift_issues = [r for r in audit_results["drift_check"] if r.get("status") != "PASS"]
+    resilience_issues = [r for r in audit_results["resilience"] if r.get("status") != "PASS"]
+    security_issues = [r for r in audit_results["security"] if r.get("status") != "PASS"]
+
+    drift_score = max(0, 100 - len(drift_issues) * 10)
+    resilience_score = max(0, 100 - len(resilience_issues) * 15)
+    security_score = max(0, 100 - len(security_issues) * 20)
+    
+    total_score = (drift_score + resilience_score + security_score) / 3
+    is_compliant = total_score >= 80
+
+    report_data = {
+        "vendor_name": vendor_name,
+        "date": datetime.now().isoformat(),
+        "score": round(total_score, 2),
+        "is_compliant": is_compliant,
+        "results": audit_results
+    }
+
+    if output_path:
+        filepath = output_path
+    else:
+        filename = f"{vendor_name.replace(' ', '_')}_{datetime.now().strftime('%Y%m%d%H%M%S')}.json"
+        filepath = os.path.join(REPORTS_DIR, filename)
+
+    with open(filepath, "w") as f:
+        json.dump(report_data, f, indent=2)
+        
+    return filepath

pandoraspec/{reporting.py → reporting/templates.py}

@@ -1,85 +1,10 @@
-import os
 from datetime import datetime
-from jinja2 import Environment, FileSystemLoader
-from weasyprint import HTML
 
-TEMPLATE_DIR = os.path.join(os.path.dirname(__file__), "templates")
-REPORTS_DIR = "reports"
-
-if not os.path.exists(REPORTS_DIR):
-    os.makedirs(REPORTS_DIR)
-
-def generate_report(vendor_name: str, audit_results: dict) -> str:
+def get_report_template(vendor_name: str, total_score: float, is_compliant: bool, audit_results: dict, render_findings_table_func) -> str:
     """
-    Module D: The Compliance Report (The Deliverable)
-    Generates a branded PDF report.
+    Returns the HTML content for the DORA Compliance Report.
     """
-    # Calculate score (simple MVP logic)
-    # Filter out PASS results for scoring
-    drift_issues = [r for r in audit_results["drift_check"] if r.get("status") != "PASS"]
-    resilience_issues = [r for r in audit_results["resilience"] if r.get("status") != "PASS"]
-    security_issues = [r for r in audit_results["security"] if r.get("status") != "PASS"]
-
-    drift_score = max(0, 100 - len(drift_issues) * 10)
-    resilience_score = max(0, 100 - len(resilience_issues) * 15)
-    security_score = max(0, 100 - len(security_issues) * 20)
-    
-    total_score = (drift_score + resilience_score + security_score) / 3
-    
-    # Pass/Fail based on score
-    is_compliant = total_score >= 80
-
-    context = {
-        "vendor_name": vendor_name,
-        "date": datetime.now().strftime("%Y-%m-%d"),
-        "score": round(total_score),
-        "is_compliant": is_compliant,
-        "results": audit_results
-    }
-
-    # Helper to render findings tables
-    def render_findings_table(module_name, findings):
-        if not findings:
-            return f"<p class='no-issues'>✅ No issues found in {module_name}.</p>"
-        
-        rows = ""
-        for f in findings:
-            endpoint = f.get('endpoint', 'Global')
-            status = f.get('status', 'FAIL')
-            
-            if status == "PASS":
-                severity_class = "pass"
-                severity_text = "PASS"
-            else:
-                severity_class = f.get('severity', 'LOW').lower()
-                severity_text = f.get('severity')
-
-            rows += f"""
-            <tr>
-                <td><span class="badge badge-{severity_class}">{severity_text}</span></td>
-                <td><code>{endpoint}</code></td>
-                <td><strong>{f.get('issue')}</strong></td>
-                <td>{f.get('details')}</td>
-            </tr>
-            """
-        
-        return f"""
-        <table>
-            <thead>
-                <tr>
-                    <th style="width: 10%">Status</th>
-                    <th style="width: 25%">Endpoint</th>
-                    <th style="width: 25%">Issue</th>
-                    <th>Technical Details</th>
-                </tr>
-            </thead>
-            <tbody>
-                {rows}
-            </tbody>
-        </table>
-        """
-
-    html_content = f"""
+    return f"""
     <html>
     <head>
         <style>
@@ -132,6 +57,10 @@ def generate_report(vendor_name: str, audit_results: dict) -> str:
                 font-weight: 700; 
                 color: white; 
                 text-transform: uppercase; 
+                font-size: 10px; 
+                font-weight: 700; 
+                color: white; 
+                text-transform: uppercase; 
             }}
             .badge-critical {{ background: #ef4444; }}
             .badge-high {{ background: #f97316; }}
@@ -173,7 +102,7 @@ def generate_report(vendor_name: str, audit_results: dict) -> str:
                 This check verifies if the actual API implementation adheres to the provided OpenAPI specification.
                 Discrepancies here indicate "Schema Drift," which violates DORA requirements for accurate ICT documentation.
             </p>
-            {render_findings_table("Module A", audit_results['drift_check'])}
+            {render_findings_table_func("Module A", audit_results['drift_check'])}
         </div>
 
         <div class="section">
@@ -182,7 +111,7 @@ def generate_report(vendor_name: str, audit_results: dict) -> str:
                 Assesses high-load behavior and error handling (DORA Art. 24 & 25).
                 Checks if the system gracefully handles request flooding with appropriate 429 status codes.
             </p>
-            {render_findings_table("Module B", audit_results['resilience'])}
+            {render_findings_table_func("Module B", audit_results['resilience'])}
         </div>
 
         <div class="section">
@@ -190,7 +119,7 @@ def generate_report(vendor_name: str, audit_results: dict) -> str:
             <p style="font-size: 13px; color: #64748b; margin-bottom: 15px;">
                 Evaluates baseline security controls including TLS encryption and sensitive information leakage in URLs.
             </p>
-            {render_findings_table("Module C", audit_results['security'])}
+            {render_findings_table_func("Module C", audit_results['security'])}
         </div>
 
         <footer>
@@ -200,10 +129,3 @@ def generate_report(vendor_name: str, audit_results: dict) -> str:
     </body>
     </html>
     """
-
-    filename = f"{vendor_name.replace(' ', '_')}_{datetime.now().strftime('%Y%m%d%H%M%S')}.pdf"
-    filepath = os.path.join(REPORTS_DIR, filename)
-    
-    HTML(string=html_content).write_pdf(filepath)
-    
-    return filepath

pandoraspec/seed.py

@@ -0,0 +1,181 @@
+import re
+import requests
+from typing import Any, Optional
+from .utils.parsing import extract_json_value, extract_regex_value
+from .utils.logger import logger
+
+class SeedManager:
+    def __init__(self, seed_data: dict[str, Any], base_url: Optional[str] = None, api_key: Optional[str] = None):
+        self.seed_data = seed_data
+        self.base_url = base_url
+        self.api_key = api_key
+        self.dynamic_cache = {}
+        self._resolving_stack = set() # To detect recursion cycles
+
+    def _get_seed_config(self, method: str, path: str) -> dict[str, Any]:
+        """Merges seed data for a specific endpoint (General < Verb < Endpoint)"""
+        if not self.seed_data:
+            return {}
+
+        is_hierarchical = any(k in self.seed_data for k in ['general', 'verbs', 'endpoints'])
+        
+        if is_hierarchical:
+            # 1. General
+            merged_data = self.seed_data.get('general', {}).copy()
+            # 2. Verb
+            verb_data = self.seed_data.get('verbs', {}).get(method.upper(), {})
+            merged_data.update(verb_data)
+            # 3. Endpoint
+            endpoint_data = self.seed_data.get('endpoints', {}).get(path, {}).get(method.upper(), {})
+            merged_data.update(endpoint_data)
+        else:
+            merged_data = self.seed_data.copy()
+            
+        return merged_data
+
+    def _resolve_dynamic_value(self, config_value: Any) -> Any:
+        """Resolves dynamic seed values with recursion support"""
+        if not isinstance(config_value, dict) or "from_endpoint" not in config_value:
+            return config_value
+
+        endpoint_def = config_value["from_endpoint"]
+        
+        # Check cache first
+        if endpoint_def in self.dynamic_cache:
+            return self.dynamic_cache[endpoint_def]
+
+        # Cycle detection
+        if endpoint_def in self._resolving_stack:
+            logger.warning(f"Circular dependency detected for {endpoint_def}. Breaking cycle.")
+            return None
+        
+        self._resolving_stack.add(endpoint_def)
+
+        try:
+            try:
+                method, path = endpoint_def.split(" ", 1)
+            except ValueError:
+                logger.warning(f"Invalid endpoint definition '{endpoint_def}'. Expected 'METHOD /path'")
+                return None
+
+            if not self.base_url:
+                logger.warning("Cannot resolve dynamic seed, base_url is not set.")
+                return None
+
+            # Recursive Step: Resolve dependencies BEFORE making the request
+            # We get the seed config for the *upstream* endpoint we are about to call
+            upstream_seed_config = self._get_seed_config(method, path)
+            resolved_upstream_params = {}
+            
+            for k, v in upstream_seed_config.items():
+                resolved_val = self._resolve_dynamic_value(v)
+                if resolved_val is not None:
+                    resolved_upstream_params[k] = resolved_val
+
+            # URL Parameter Injection
+            # Iterate through resolved params to inject into path (e.g. /users/{id})
+            # Also fall back to general seeds if not explicitly resolved above (legacy behavior)
+            general_seeds = self.seed_data.get('general', {}) if self.seed_data else {}
+            
+            def replace_param(match):
+                param_name = match.group(1)
+                # specific resolved param > general seed
+                if param_name in resolved_upstream_params:
+                    return str(resolved_upstream_params[param_name])
+                if param_name in general_seeds:
+                     return str(general_seeds[param_name])
+                logger.warning(f"Missing seed value for {{{param_name}}} in dynamic endpoint {endpoint_def}")
+                return match.group(0)
+
+            url_path = re.sub(r"\{([a-zA-Z0-9_]+)\}", replace_param, path)
+            url = f"{self.base_url.rstrip('/')}/{url_path.lstrip('/')}"
+            
+            # Prepare Request
+            headers = {}
+            if self.api_key:
+                 auth_header = self.api_key if self.api_key.lower().startswith("bearer ") else f"Bearer {self.api_key}"
+                 headers["Authorization"] = auth_header
+
+            # Query Params from unused resolved seeds
+            query_params = {}
+            for k, v in resolved_upstream_params.items():
+                 # If it wasn't used in the path, put it in query params
+                 if f"{{{k}}}" not in path:
+                     query_params[k] = v
+
+            logger.debug(f"AUDIT LOG: Resolving dynamic seed from {method} {url_path}")
+            response = requests.request(method, url, headers=headers, params=query_params)
+            
+            if response.status_code >= 400:
+                logger.warning(f"Dynamic seed request failed with {response.status_code}")
+                return None
+
+            result = None
+            extract_key = config_value.get("extract")
+            regex_pattern = config_value.get("regex")
+
+            # JSON Extraction
+            if extract_key:
+                try:
+                    json_data = response.json()
+                    result = extract_json_value(json_data, extract_key)
+                except Exception:
+                    logger.warning("Failed to parse JSON for seed extraction")
+            else:
+                 result = response.text
+
+            # Regex Extraction
+            if regex_pattern and result is not None:
+                result = extract_regex_value(str(result), regex_pattern)
+            
+            self.dynamic_cache[endpoint_def] = result
+            return result
+
+        except Exception as e:
+            logger.error(f"Failed to resolve dynamic seed: {e}")
+            return None
+        finally:
+            self._resolving_stack.discard(endpoint_def)
+
+    def apply_seed_data(self, case):
+        """Helper to inject seed data into test cases with hierarchy: General < Verbs < Endpoints"""
+        if not self.seed_data:
+            return set()
+
+        if hasattr(case, 'operation'):
+            method = case.operation.method.upper()
+            path = case.operation.path
+            merged_data = self._get_seed_config(method, path)
+        else:
+            merged_data = self._get_seed_config("", "")
+
+        # Resolve dynamic values for the final merged dataset
+        resolved_data = {}
+        for k, v in merged_data.items():
+            resolved_val = self._resolve_dynamic_value(v)
+            if resolved_val is not None:
+                resolved_data[k] = resolved_val
+
+        seeded_keys = set()
+        # Inject into Path Parameters (e.g., /users/{userId})
+        if hasattr(case, 'path_parameters') and case.path_parameters:
+            for key in case.path_parameters:
+                if key in resolved_data:
+                    case.path_parameters[key] = resolved_data[key]
+                    seeded_keys.add(key)
+
+        # Inject into Query Parameters (e.g., ?status=active)
+        if hasattr(case, 'query') and case.query:
+            for key in case.query:
+                if key in resolved_data:
+                    case.query[key] = resolved_data[key]
+                    seeded_keys.add(key)
+                    
+        # Inject into Headers (e.g., X-Tenant-ID)
+        if hasattr(case, 'headers') and case.headers:
+            for key in case.headers:
+                if key in resolved_data:
+                    case.headers[key] = str(resolved_data[key])
+                    seeded_keys.add(key)
+        
+        return seeded_keys

pandoraspec/utils/logger.py

@@ -0,0 +1,21 @@
+import logging
+from rich.logging import RichHandler
+
+def setup_logger(name: str = "pandoraspec", level: int = logging.INFO) -> logging.Logger:
+    """Configures a rich-enabled logger for the application."""
+    logger = logging.getLogger(name)
+    
+    # Avoid adding multiple handlers if setup is called multiple times
+    if logger.handlers:
+        return logger
+        
+    logger.setLevel(level)
+    
+    handler = RichHandler(rich_tracebacks=True, markup=True, show_time=False)
+    handler.setFormatter(logging.Formatter("%(message)s"))
+    
+    logger.addHandler(handler)
+    return logger
+
+# Singleton instance
+logger = setup_logger()

pandoraspec/utils/parsing.py

@@ -0,0 +1,35 @@
+from typing import Any, Optional
+import re
+
+def extract_json_value(data: Any, path: str) -> Any:
+    """
+    Extracts a value from a nested dictionary or list using dot notation.
+    Supports list indices (e.g. 'items.0.id').
+    """
+    keys = path.split('.')
+    val = data
+    for k in keys:
+        if isinstance(val, dict):
+            val = val.get(k)
+        elif isinstance(val, list) and k.isdigit():
+            try:
+                val = val[int(k)]
+            except IndexError:
+                val = None
+                break
+        else:
+            val = None
+            break
+    return val
+
+def extract_regex_value(text: str, pattern: str) -> Optional[str]:
+    """
+    Extracts a value from text using a regex pattern.
+    Returns the first group if present, otherwise the whole match.
+    """
+    if not text or not pattern:
+        return None
+    match = re.search(pattern, str(text))
+    if match:
+        return match.group(1) if match.groups() else match.group(0)
+    return None

pandoraspec/utils/url.py

@@ -0,0 +1,23 @@
+from typing import Optional
+from urllib.parse import urlparse, urlunparse
+
+def derive_base_url_from_target(target_url: str) -> Optional[str]:
+    """
+    Derives a base URL from a target spec URL by stripping the filename.
+    e.g., https://api.com/v1/swagger.json -> https://api.com/v1
+    """
+    try:
+        if not target_url or not target_url.startswith("http"):
+            return None
+            
+        parsed = urlparse(target_url)
+        path_parts = parsed.path.split('/')
+        
+        # Simple heuristic: remove the last segment if it looks like a file (has dot)
+        if '.' in path_parts[-1]: 
+            path_parts.pop()
+            
+        new_path = '/'.join(path_parts)
+        return urlunparse(parsed._replace(path=new_path))
+    except Exception:
+        return None