praisonaiagents 0.0.109__py3-none-any.whl → 0.0.110__py3-none-any.whl

praisonaiagents/tools/python_tools.py

@@ -46,20 +46,100 @@ class PythonTools:
         timeout: int = 30,
         max_output_size: int = 10000
     ) -> Dict[str, Any]:
-        """Execute Python code safely."""
+        """Execute Python code safely with restricted builtins."""
         try:
-            # Set up execution environment
+            # Create safe builtins - restricted set of functions
+            safe_builtins = {
+                # Basic functions
+                'print': print,
+                'len': len,
+                'range': range,
+                'enumerate': enumerate,
+                'zip': zip,
+                'map': map,
+                'filter': filter,
+                'sum': sum,
+                'min': min,
+                'max': max,
+                'abs': abs,
+                'round': round,
+                'sorted': sorted,
+                'reversed': reversed,
+                'any': any,
+                'all': all,
+                # Type constructors
+                'int': int,
+                'float': float,
+                'str': str,
+                'bool': bool,
+                'list': list,
+                'tuple': tuple,
+                'dict': dict,
+                'set': set,
+                # Math functions
+                'pow': pow,
+                'divmod': divmod,
+                # Exceptions
+                'Exception': Exception,
+                'ValueError': ValueError,
+                'TypeError': TypeError,
+                'KeyError': KeyError,
+                'IndexError': IndexError,
+                'RuntimeError': RuntimeError,
+                # Other safe functions
+                'isinstance': isinstance,
+                'type': type,
+                'hasattr': hasattr,
+                'getattr': getattr,
+                'setattr': setattr,
+                'dir': dir,
+                'help': help,
+                # Disable dangerous functions
+                '__import__': None,
+                'eval': None,
+                'exec': None,
+                'compile': None,
+                'open': None,
+                'input': None,
+                'globals': None,
+                'locals': None,
+                'vars': None,
+            }
+            
+            # Set up execution environment with safe builtins
             if globals_dict is None:
-                globals_dict = {'__builtins__': __builtins__}
+                globals_dict = {'__builtins__': safe_builtins}
+            else:
+                # Override builtins in provided globals
+                globals_dict['__builtins__'] = safe_builtins
+                
             if locals_dict is None:
                 locals_dict = {}
             
+            # Security check: validate code doesn't contain dangerous patterns
+            dangerous_patterns = [
+                '__import__', 'import ', 'from ', 'exec', 'eval', 
+                'compile', 'open(', 'file(', 'input(', 'raw_input',
+                '__subclasses__', '__bases__', '__globals__', '__code__',
+                '__class__', 'globals(', 'locals(', 'vars('
+            ]
+            
+            code_lower = code.lower()
+            for pattern in dangerous_patterns:
+                if pattern.lower() in code_lower:
+                    return {
+                        'result': None,
+                        'stdout': '',
+                        'stderr': f'Security Error: Code contains restricted pattern: {pattern}',
+                        'success': False
+                    }
+            
             # Capture output
             stdout_buffer = io.StringIO()
             stderr_buffer = io.StringIO()
             
             try:
-                # Compile code
+                # Compile code with restricted mode
                 compiled_code = compile(code, '<string>', 'exec')
                 
                 # Execute with output capture

praisonaiagents/tools/shell_tools.py

@@ -12,6 +12,8 @@ import shlex
 import logging
 import os
 import time
+import platform
+import psutil
 from typing import Dict, List, Optional, Union
 from ..approval import require_approval
 
@@ -38,7 +40,6 @@ class ShellTools:
         command: str,
         cwd: Optional[str] = None,
         timeout: int = 30,
-        shell: bool = False,
         env: Optional[Dict[str, str]] = None,
         max_output_size: int = 10000
     ) -> Dict[str, Union[str, int, bool]]:
@@ -48,7 +49,6 @@ class ShellTools:
             command: Command to execute
             cwd: Working directory
             timeout: Maximum execution time in seconds
-            shell: Whether to run command in shell
             env: Environment variables
             max_output_size: Maximum output size in bytes
             
@@ -56,8 +56,12 @@ class ShellTools:
             Dictionary with execution results
         """
         try:
-            # Split command if not using shell
-            if not shell:
+            # Always split command for safety (no shell execution)
+            # Use shlex.split with appropriate posix flag
+            if platform.system() == 'Windows':
+                # Use shlex with posix=False for Windows to handle quotes properly
+                command = shlex.split(command, posix=False)
+            else:
                 command = shlex.split(command)
             
             # Set up process environment
@@ -72,7 +76,7 @@ class ShellTools:
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
                 cwd=cwd,
-                shell=shell,
+                shell=False,  # Always use shell=False for security
                 env=process_env,
                 text=True
             )
@@ -201,7 +205,9 @@ class ShellTools:
         try:
             cpu_percent = psutil.cpu_percent(interval=1)
             memory = psutil.virtual_memory()
-            disk = psutil.disk_usage('/')
+            # Use appropriate root path for the OS
+            root_path = os.path.abspath(os.sep)
+            disk = psutil.disk_usage(root_path)
             
             return {
                 'cpu': {
@@ -223,7 +229,7 @@ class ShellTools:
                     'percent': disk.percent
                 },
                 'boot_time': psutil.boot_time(),
-                'platform': os.uname().sysname
+                'platform': platform.system()
             }
         except Exception as e:
             error_msg = f"Error getting system info: {str(e)}"
@@ -246,7 +252,11 @@ if __name__ == "__main__":
     # 1. Execute command
     print("1. Command Execution")
     print("------------------------------")
-    result = execute_command("ls -la")
+    # Cross-platform directory listing
+    if platform.system() == 'Windows':
+        result = execute_command("dir")
+    else:
+        result = execute_command("ls -la")
     print(f"Success: {result['success']}")
     print(f"Output:\n{result['stdout']}")
     if result['stderr']:

praisonaiagents/tools/spider_tools.py

@@ -27,6 +27,57 @@ class SpiderTools:
         """Initialize SpiderTools and check for required packages."""
         self._session = None
         
+    def _validate_url(self, url: str) -> bool:
+        """
+        Validate URL to prevent SSRF attacks.
+        
+        Args:
+            url: URL to validate
+            
+        Returns:
+            bool: True if URL is safe, False otherwise
+        """
+        try:
+            parsed = urlparse(url)
+            
+            # Only allow http/https protocols
+            if parsed.scheme not in ['http', 'https']:
+                return False
+            
+            # Reject URLs with no hostname
+            if not parsed.hostname:
+                return False
+            
+            # Reject local/internal addresses
+            hostname = parsed.hostname.lower()
+            
+            # Block localhost and loopback
+            if hostname in ['localhost', '127.0.0.1', '0.0.0.0', '::1']:
+                return False
+            
+            # Block private IP ranges
+            import ipaddress
+            try:
+                ip = ipaddress.ip_address(hostname)
+                if ip.is_private or ip.is_reserved or ip.is_loopback or ip.is_link_local:
+                    return False
+            except ValueError:
+                # Not an IP address, continue with domain validation
+                pass
+            
+            # Block common internal domains
+            if any(hostname.endswith(domain) for domain in ['.local', '.internal', '.localdomain']):
+                return False
+            
+            # Block metadata service endpoints
+            if hostname in ['169.254.169.254', 'metadata.google.internal']:
+                return False
+            
+            return True
+            
+        except Exception:
+            return False
+        
     def _get_session(self):
         """Get or create requests session with common headers."""
         if util.find_spec('requests') is None:
@@ -70,6 +121,10 @@ class SpiderTools:
             Dict: Scraped content or error dict
         """
         try:
+            # Validate URL to prevent SSRF
+            if not self._validate_url(url):
+                return {"error": f"Invalid or potentially dangerous URL: {url}"}
+            
             session = self._get_session()
             if session is None:
                 return {"error": "requests package not available"}

{praisonaiagents-0.0.109.dist-info → praisonaiagents-0.0.110.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: praisonaiagents
-Version: 0.0.109
+Version: 0.0.110
 Summary: Praison AI agents for completing complex tasks with Self Reflection Agents
 Author: Mervin Praison
 Requires-Python: >=3.10

{praisonaiagents-0.0.109.dist-info → praisonaiagents-0.0.110.dist-info}/RECORD

@@ -1,9 +1,10 @@
-praisonaiagents/__init__.py,sha256=10wExtoVkZ31OwxoKjj9gtWq2uvC05dYBommV2Eii4M,2769
+praisonaiagents/__init__.py,sha256=TezvgadS1p5FGnIRAUVOB_6Jzb3Of7ZtzjtyeCqRsmM,3017
 praisonaiagents/approval.py,sha256=UJ4OhfihpFGR5CAaMphqpSvqdZCHi5w2MGw1MByZ1FQ,9813
 praisonaiagents/main.py,sha256=_-XE7_Y7ChvtLQMivfNFrrnAhv4wSSDhH9WJMWlkS0w,16315
 praisonaiagents/session.py,sha256=d-CZPYikOHb0q-H9f_IWKJsypnQfz1YKeLLkyxs6oDo,15532
-praisonaiagents/agent/__init__.py,sha256=j0T19TVNbfZcClvpbZDDinQxZ0oORgsMrMqx16jZ-bA,128
-praisonaiagents/agent/agent.py,sha256=VILZRrFbUJFF_gtATMfx-fpqoBMMwyiRmvBWo9592Ds,112093
+praisonaiagents/agent/__init__.py,sha256=IhIDtAkfJ99cxbttwou52coih_AejS2-jpazsX6LbDY,350
+praisonaiagents/agent/agent.py,sha256=20w8H2Fqu8oxX6pbvdEx2VBX6G-U7_lsdjRNI89SwTg,113894
+praisonaiagents/agent/handoff.py,sha256=Saq0chqfvC6Zf5UbXvmctybbehqnotrXn72JsS-76Q0,13099
 praisonaiagents/agent/image_agent.py,sha256=-5MXG594HVwSpFMcidt16YBp7udtik-Cp7eXlzLE1fY,8696
 praisonaiagents/agents/__init__.py,sha256=_1d6Pqyk9EoBSo7E68sKyd1jDRlN1vxvVIRpoMc0Jcw,168
 praisonaiagents/agents/agents.py,sha256=C_yDdJB4XUuwKA9DrysAtAj3zSYT0IKtfCT4Pxo0oyI,63309
@@ -15,12 +16,12 @@ praisonaiagents/knowledge/__init__.py,sha256=xL1Eh-a3xsHyIcU4foOWF-JdWYIYBALJH9b
 praisonaiagents/knowledge/chunking.py,sha256=G6wyHa7_8V0_7VpnrrUXbEmUmptlT16ISJYaxmkSgmU,7678
 praisonaiagents/knowledge/knowledge.py,sha256=OKPar-XGyAp1ndmbOOdCgqFnTCqpOThYVSIZRxZyP58,15683
 praisonaiagents/llm/__init__.py,sha256=bSywIHBHH0YUf4hSx-FmFXkRv2g1Rlhuk-gjoImE8j8,925
-praisonaiagents/llm/llm.py,sha256=NfsJNSScR_kS2sLeU1Ah41IXYN804cOQEMuxpt59zuM,104505
+praisonaiagents/llm/llm.py,sha256=e6lER7PVJsmY7ytzTG-PoJgriRjNjUP1_edaecxRLB4,113777
 praisonaiagents/mcp/__init__.py,sha256=ibbqe3_7XB7VrIcUcetkZiUZS1fTVvyMy_AqCSFG8qc,240
-praisonaiagents/mcp/mcp.py,sha256=qr9xbTfM3V6ZQgs3o9mGv6pDiJPnfbI24nUK_vUnGOI,18771
+praisonaiagents/mcp/mcp.py,sha256=-fFx4MHffnN2woLnnV7Pzx3-1SFkn2j8Gp5F5ZIwKJ0,19698
 praisonaiagents/mcp/mcp_sse.py,sha256=z8TMFhW9xuLQ7QnpOa3n1-nSHt0-Bf27qso0u4qxYSY,8357
 praisonaiagents/memory/__init__.py,sha256=aEFdhgtTqDdMhc_JCWM-f4XI9cZIj7Wz5g_MUa-0amg,397
-praisonaiagents/memory/memory.py,sha256=eYXVvuXrvt4LaEJ-AAbAiwpFUCuS5LH5F7Z0cBW5_gQ,42186
+praisonaiagents/memory/memory.py,sha256=D5BmQTktv6VOJ49yW2m1MjjCJ5UDSX1Qo46_443ymKo,44276
 praisonaiagents/process/__init__.py,sha256=lkYbL7Hn5a0ldvJtkdH23vfIIZLIcanK-65C0MwaorY,52
 praisonaiagents/process/process.py,sha256=gxhMXG3s4CzaREyuwE5zxCMx2Wp_b_Wd53tDfkj8Qk8,66567
 praisonaiagents/task/__init__.py,sha256=VL5hXVmyGjINb34AalxpBMl-YW9m5EDcRkMTKkSSl7c,80
@@ -33,17 +34,17 @@ praisonaiagents/tools/__init__.py,sha256=Rrgi7_3-yLHpfBB81WUi0-wD_wb_BsukwHVdjDY
 praisonaiagents/tools/arxiv_tools.py,sha256=1stb31zTjLTon4jCnpZG5de9rKc9QWgC0leLegvPXWo,10528
 praisonaiagents/tools/calculator_tools.py,sha256=S1xPT74Geurvjm52QMMIG29zDXVEWJmM6nmyY7yF298,9571
 praisonaiagents/tools/csv_tools.py,sha256=4Yr0QYwBXt-1BDXGLalB2eSsFR2mB5rH3KdHmRBQY6E,10036
-praisonaiagents/tools/duckdb_tools.py,sha256=KB3b-1HcX7ocoxskDpk_7RRpTGHnH8hizIY0ZdLRbIE,8816
+praisonaiagents/tools/duckdb_tools.py,sha256=OxVCwHoeZLed04Qjwj-GWwFaZ_03IlTUfFlU0H8xW-k,10421
 praisonaiagents/tools/duckduckgo_tools.py,sha256=ynlB5ZyWfHYjUq0JZXH12TganqTihgD-2IyRgs32y84,1657
 praisonaiagents/tools/excel_tools.py,sha256=e2HqcwnyBueOyss0xEKxff3zB4w4sNWCOMXvZfbDYlE,11309
-praisonaiagents/tools/file_tools.py,sha256=-RE1LfJA3vr7JYoHQaElGTLMAEvc0NvN8pCsO8YGOHg,9011
+praisonaiagents/tools/file_tools.py,sha256=N0fjTxxi89UupAvtEUwXjPrBvbppf8bwaNLfnjZ05q4,10824
 praisonaiagents/tools/json_tools.py,sha256=ApUYNuQ1qnbmYNCxSlx6Tth_H1yo8mhWtZ7Rr2WS6C4,16507
 praisonaiagents/tools/newspaper_tools.py,sha256=NyhojNPeyULBGcAWGOT1X70qVkh3FgZrpH-S7PEmrwI,12667
 praisonaiagents/tools/pandas_tools.py,sha256=yzCeY4jetKrFIRA15Tr5OQ5d94T8DaSpzglx2UiWfPs,11092
-praisonaiagents/tools/python_tools.py,sha256=puqLANl5YaG1YG8ixkl_MgWayF7uj5iXUEE15UYwIZE,13513
+praisonaiagents/tools/python_tools.py,sha256=4dWJddySR0snCEcQudemg5qvbuNrUYxO-jXnzuWixqM,16461
 praisonaiagents/tools/searxng_tools.py,sha256=LzxFenzGlSBxnckEPwtEZYemAkU8FUflbFbHf5IZE7o,3159
-praisonaiagents/tools/shell_tools.py,sha256=6IlnFkNg04tVxQVM_fYgscIWLtcgIikpEi3olB1THuA,9431
-praisonaiagents/tools/spider_tools.py,sha256=lrZnT1V1BC46We-AzBrDB1Ryifr3KKGmYNntMsScU7w,15094
+praisonaiagents/tools/shell_tools.py,sha256=zTdp2B0-9mfnHBJuAErEIh8xtMrP-95mdBtR1uuGLhI,9916
+praisonaiagents/tools/spider_tools.py,sha256=VCn-D-mbD4uuOnEaknRR9QVJP3dsUJgbfUDIO44N56E,16964
 praisonaiagents/tools/test.py,sha256=UHOTNrnMo0_H6I2g48re1WNZkrR7f6z25UnlWxiOSbM,1600
 praisonaiagents/tools/tools.py,sha256=TK5njOmDSpMlyBnbeBzNSlnzXWlnNaTpVqkFPhkMArg,265
 praisonaiagents/tools/wikipedia_tools.py,sha256=pGko-f33wqXgxJTv8db7TbizY5XnzBQRkNdq_GsplvI,9465
@@ -51,7 +52,7 @@ praisonaiagents/tools/xml_tools.py,sha256=iYTMBEk5l3L3ryQ1fkUnNVYK-Nnua2Kx2S0dxN
 praisonaiagents/tools/yaml_tools.py,sha256=uogAZrhXV9O7xvspAtcTfpKSQYL2nlOTvCQXN94-G9A,14215
 praisonaiagents/tools/yfinance_tools.py,sha256=s2PBj_1v7oQnOobo2fDbQBACEHl61ftG4beG6Z979ZE,8529
 praisonaiagents/tools/train/data/generatecot.py,sha256=H6bNh-E2hqL5MW6kX3hqZ05g9ETKN2-kudSjiuU_SD8,19403
-praisonaiagents-0.0.109.dist-info/METADATA,sha256=978n4Xm55N1ZwIQYE4vtLBVqsIuCylWFOEW1bWZTa6g,1669
-praisonaiagents-0.0.109.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-praisonaiagents-0.0.109.dist-info/top_level.txt,sha256=_HsRddrJ23iDx5TTqVUVvXG2HeHBL5voshncAMDGjtA,16
-praisonaiagents-0.0.109.dist-info/RECORD,,
+praisonaiagents-0.0.110.dist-info/METADATA,sha256=YvEuh5oBB5MkA7fXyYwD6fCJxMqOcI5L34pJ7lQvm8M,1669
+praisonaiagents-0.0.110.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+praisonaiagents-0.0.110.dist-info/top_level.txt,sha256=_HsRddrJ23iDx5TTqVUVvXG2HeHBL5voshncAMDGjtA,16
+praisonaiagents-0.0.110.dist-info/RECORD,,