systemlink-cli 1.13.3__tar.gz → 1.13.4__tar.gz

{systemlink_cli-1.13.3 → systemlink_cli-1.13.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: systemlink-cli
-Version: 1.13.3
+Version: 1.13.4
 Summary: SystemLink Integrator CLI - cross-platform CLI for SystemLink workflows and templates.
 License-File: LICENSE
 Author: Fred Visser

{systemlink_cli-1.13.3 → systemlink_cli-1.13.4}/dff-editor/editor.js

@@ -651,9 +651,7 @@ function downloadConfiguration() {
         const a = document.createElement('a');
         a.href = url;
         a.download = 'dff-configuration.json';
-        document.body.appendChild(a);
         a.click();
-        document.body.removeChild(a);
         URL.revokeObjectURL(url);
         showStatus('Configuration downloaded', 'success');
     } catch (e) {
@@ -682,53 +680,130 @@ function refreshTree() {
     
     const config = currentConfig;
     if (!config) return;
-    
-    let html = '<div class="tree-node" onclick="selectTreeNode(\'root\')"><span class="tree-icon">📄</span><span>Root Configuration</span></div>';
-    
-    // Configurations
+
+    treeView.replaceChildren();
+    treeView.appendChild(createTreeNode({
+        nodeId: 'root',
+        icon: '📄',
+        label: 'Root Configuration'
+    }));
+
     if (config.configurations && config.configurations.length > 0) {
         config.configurations.forEach((conf, i) => {
             const confLabel = conf.displayText || conf.name || conf.key || ('Configuration ' + (i + 1));
-            html += `<div class="tree-node indent-1" onclick="selectTreeNode('config-${i}')"><span class="tree-icon">⚙️</span><span>${confLabel}</span><button class="edit-btn" aria-label="Edit configuration: ${confLabel}" title="Edit configuration" onclick="event.stopPropagation(); showEditDialog('configuration', ${i})">✎</button></div>`;
-            // Show views under each configuration
+            treeView.appendChild(createTreeNode({
+                nodeId: `config-${i}`,
+                icon: '⚙️',
+                label: confLabel,
+                indent: 1,
+                editLabel: `Edit configuration: ${confLabel}`,
+                editTitle: 'Edit configuration',
+                onEdit: () => showEditDialog('configuration', i)
+            }));
+
             if (conf.views && conf.views.length > 0) {
                 conf.views.forEach((view, vi) => {
-                    html += `<div class="tree-node indent-2" onclick="selectTreeNode('config-${i}-view-${vi}')"><span class="tree-icon">👁️</span><span>${view.displayText || view.key}</span><button class="edit-btn" aria-label="Edit view: ${view.displayText || view.key}" title="Edit view" onclick="event.stopPropagation(); showEditDialog('view', ${i}, ${vi})">✎</button></div>`;
+                    const viewLabel = view.displayText || view.key;
+                    treeView.appendChild(createTreeNode({
+                        nodeId: `config-${i}-view-${vi}`,
+                        icon: '👁️',
+                        label: viewLabel,
+                        indent: 2,
+                        editLabel: `Edit view: ${viewLabel}`,
+                        editTitle: 'Edit view',
+                        onEdit: () => showEditDialog('view', i, vi)
+                    }));
                 });
             }
         });
     }
-    
-    // Groups
+
     if (config.groups && config.groups.length > 0) {
-        html += '<div class="tree-node indent-1"><span class="tree-icon">📁</span><span>Groups (' + config.groups.length + ')</span></div>';
+        treeView.appendChild(createTreeSummaryNode('📁', `Groups (${config.groups.length})`, 1));
         config.groups.forEach((group, i) => {
             const groupLabel = group.displayText || group.key;
-            html += `<div class="tree-node indent-2" onclick="selectTreeNode('group-${i}')"><span class="tree-icon">📦</span><span>${groupLabel}</span><button class="edit-btn" aria-label="Edit group: ${groupLabel}" title="Edit group" onclick="event.stopPropagation(); showEditDialog('group', ${i})">✎</button></div>`;
+            treeView.appendChild(createTreeNode({
+                nodeId: `group-${i}`,
+                icon: '📦',
+                label: groupLabel,
+                indent: 2,
+                editLabel: `Edit group: ${groupLabel}`,
+                editTitle: 'Edit group',
+                onEdit: () => showEditDialog('group', i)
+            }));
         });
     }
-    
-    // Fields
+
     if (config.fields && config.fields.length > 0) {
-        html += '<div class="tree-node indent-1"><span class="tree-icon">📁</span><span>Fields (' + config.fields.length + ')</span></div>';
+        treeView.appendChild(createTreeSummaryNode('📁', `Fields (${config.fields.length})`, 1));
         config.fields.forEach((field, i) => {
             const icon = field.required ? '🏷️' : '🔖';
             const fieldLabel = field.displayText || field.key;
-            html += `<div class="tree-node indent-2" onclick="selectTreeNode('field-${i}')"><span class="tree-icon">${icon}</span><span>${fieldLabel}</span><button class="edit-btn" aria-label="Edit field: ${fieldLabel}" title="Edit field" onclick="event.stopPropagation(); showEditDialog('field', ${i})">✎</button></div>`;
+            treeView.appendChild(createTreeNode({
+                nodeId: `field-${i}`,
+                icon,
+                label: fieldLabel,
+                indent: 2,
+                editLabel: `Edit field: ${fieldLabel}`,
+                editTitle: 'Edit field',
+                onEdit: () => showEditDialog('field', i)
+            }));
         });
     }
-    
-    treeView.innerHTML = html;
 }
 
-function selectTreeNode(nodeId) {
+function createTreeSummaryNode(icon, label, indent = 0) {
+    const node = document.createElement('div');
+    node.className = 'tree-node';
+    if (indent > 0) {
+        node.classList.add(`indent-${indent}`);
+    }
+
+    const iconElement = document.createElement('span');
+    iconElement.className = 'tree-icon';
+    iconElement.textContent = icon;
+    node.appendChild(iconElement);
+
+    const labelElement = document.createElement('span');
+    labelElement.textContent = label;
+    node.appendChild(labelElement);
+
+    return node;
+}
+
+function createTreeNode({ nodeId, icon, label, indent = 0, editLabel = '', editTitle = '', onEdit = null }) {
+    const node = createTreeSummaryNode(icon, label, indent);
+    node.dataset.nodeId = nodeId;
+    node.addEventListener('click', () => selectTreeNode(nodeId, node));
+
+    if (onEdit) {
+        const editButton = document.createElement('button');
+        editButton.className = 'edit-btn';
+        editButton.type = 'button';
+        editButton.textContent = '✎';
+        editButton.setAttribute('aria-label', editLabel);
+        editButton.title = editTitle;
+        editButton.addEventListener('click', (event) => {
+            event.stopPropagation();
+            onEdit();
+        });
+        node.appendChild(editButton);
+    }
+
+    return node;
+}
+
+function selectTreeNode(nodeId, nodeElement = null) {
     selectedTreeNode = nodeId;
     
     // Update visual selection
     document.querySelectorAll('.tree-node').forEach(node => {
         node.classList.remove('selected');
     });
-    event.currentTarget.classList.add('selected');
+    const activeNode = nodeElement || document.querySelector(`[data-node-id="${nodeId}"]`);
+    if (activeNode) {
+        activeNode.classList.add('selected');
+    }
     
     // Highlight corresponding JSON in editor
     selectNodeInEditor(nodeId);

{systemlink_cli-1.13.3 → systemlink_cli-1.13.4}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "systemlink-cli"
-version = "1.13.3"
+version = "1.13.4"
 description = "SystemLink Integrator CLI - cross-platform CLI for SystemLink workflows and templates."
 authors = ["Fred Visser <fred.visser@emerson.com>"]
 packages = [{ include = "slcli" }]

{systemlink_cli-1.13.3 → systemlink_cli-1.13.4}/slcli/_version.py

@@ -1,4 +1,4 @@
 """Version information for slcli."""
 
 # This file is auto-generated. Do not edit manually.
-__version__ = "1.13.3"
+__version__ = "1.13.4"

{systemlink_cli-1.13.3 → systemlink_cli-1.13.4}/slcli/notebook_click.py

@@ -6,6 +6,7 @@ All commands use Click for robust CLI interfaces and error handling.
 
 import datetime
 import json
+import re
 import sys
 import time
 import urllib.parse
@@ -50,6 +51,56 @@ PREDEFINED_NOTEBOOK_INTERFACES = [
     "Work Item Scheduler",
 ]
 
+WINDOWS_RESERVED_FILENAMES = {
+    "CON",
+    "PRN",
+    "AUX",
+    "NUL",
+    "COM1",
+    "COM2",
+    "COM3",
+    "COM4",
+    "COM5",
+    "COM6",
+    "COM7",
+    "COM8",
+    "COM9",
+    "LPT1",
+    "LPT2",
+    "LPT3",
+    "LPT4",
+    "LPT5",
+    "LPT6",
+    "LPT7",
+    "LPT8",
+    "LPT9",
+}
+
+
+def _get_safe_notebook_download_name(notebook_name: str, suffix: str) -> str:
+    """Build a local filename from remote notebook metadata without honoring path segments."""
+    name_segment = notebook_name.replace("\\", "/").split("/")[-1].strip()
+    if name_segment in {"", ".", ".."}:
+        name_segment = "notebook"
+
+    stem = name_segment[:-6] if name_segment.lower().endswith(".ipynb") else name_segment
+    safe_stem = re.sub(r"[^A-Za-z0-9._ -]+", "_", stem).strip(" ._") or "notebook"
+    if safe_stem.upper() in WINDOWS_RESERVED_FILENAMES:
+        safe_stem = f"{safe_stem}_file"
+    normalized_suffix = suffix if suffix.startswith(".") else f".{suffix}"
+
+    return f"{safe_stem}{normalized_suffix}"
+
+
+def _get_safe_notebook_download_path(notebook_name: str, suffix: str) -> Path:
+    """Build a safe local output path for remote-derived notebook filenames."""
+    safe_filename = _get_safe_notebook_download_name(notebook_name, suffix)
+    working_directory = Path.cwd().resolve()
+    output_path = (working_directory / safe_filename).resolve()
+    if output_path.parent != working_directory:
+        raise ValueError("Notebook download path must stay within the current working directory")
+    return output_path
+
 
 def _normalize_sls_notebook(notebook: Dict[str, Any]) -> None:
     """Normalize SLS notebook response to include id/name fields.
@@ -529,9 +580,10 @@ def _download_notebook_content_and_metadata(
     if download_type in ("content", "both"):
         try:
             content = _get_notebook_content_http(notebook_id)
-            output_path = output or (
-                notebook_name if notebook_name.endswith(".ipynb") else f"{notebook_name}.ipynb"
-            )
+            if output:
+                output_path = Path(output)
+            else:
+                output_path = _get_safe_notebook_download_path(notebook_name, ".ipynb")
             with open(output_path, "wb") as f:
                 f.write(content)
             click.echo(f"Notebook content downloaded to {output_path}")
@@ -543,14 +595,17 @@ def _download_notebook_content_and_metadata(
     if download_type in ("metadata", "both"):
         try:
             meta = _get_notebook_http(notebook_id)
-            meta_path = (output or notebook_name.replace(".ipynb", "")) + ".json"
+            if output:
+                meta_path = Path(f"{output}.json")
+            else:
+                meta_path = _get_safe_notebook_download_path(notebook_name, ".json")
 
             def _json_default(obj: Any) -> str:
                 if isinstance(obj, (datetime.datetime, datetime.date)):
                     return obj.isoformat()
                 return str(obj)
 
-            save_json_file(meta, meta_path, _json_default)
+            save_json_file(meta, str(meta_path), _json_default)
             click.echo(f"Notebook metadata downloaded to {meta_path}")
         except Exception as exc:
             click.echo(f"Failed to download notebook metadata: {exc}")

{systemlink_cli-1.13.3 → systemlink_cli-1.13.4}/slcli/web_editor.py

@@ -43,10 +43,9 @@ def _build_proxy_url(
     origin_scheme: str,
     origin_netloc: str,
     target_path: str,
-    query: str = "",
 ) -> str:
     """Build a proxy URL from a validated origin and allowlisted path."""
-    return urllib.parse.urlunsplit((origin_scheme, origin_netloc, target_path, query, ""))
+    return urllib.parse.urlunsplit((origin_scheme, origin_netloc, target_path, "", ""))
 
 
 def _validated_proxy_path(request_path: str) -> str:
@@ -59,6 +58,118 @@ def _validated_proxy_path(request_path: str) -> str:
     return decoded_path
 
 
+def _validated_proxy_query_params(query: str) -> dict[str, list[str]]:
+    """Return parsed proxy query parameters."""
+    if not query:
+        return {}
+
+    try:
+        return urllib.parse.parse_qs(
+            query,
+            keep_blank_values=True,
+            strict_parsing=True,
+            separator="&",
+        )
+    except ValueError as exc:
+        raise ValueError("Editor proxy received an invalid query string") from exc
+
+
+def _validated_single_query_value(
+    query_params: dict[str, list[str]],
+    name: str,
+) -> str:
+    """Return a single query value and reject repeated parameters."""
+    values = query_params.get(name)
+    if not values:
+        raise ValueError(f"Editor proxy requires query parameter: {name}")
+    if len(values) != 1:
+        raise ValueError(f"Editor proxy rejects repeated query parameter: {name}")
+    return values[0]
+
+
+def _validated_integer_query_value(
+    query_params: dict[str, list[str]],
+    name: str,
+    *,
+    minimum: int,
+    maximum: Optional[int] = None,
+) -> str:
+    """Return a validated integer query value preserved as a string."""
+    raw_value = _validated_single_query_value(query_params, name)
+
+    try:
+        parsed_value = int(raw_value)
+    except ValueError as exc:
+        raise ValueError(f"Editor proxy requires an integer query parameter: {name}") from exc
+
+    if parsed_value < minimum or (maximum is not None and parsed_value > maximum):
+        raise ValueError(f"Editor proxy rejected out-of-range query parameter: {name}")
+
+    return str(parsed_value)
+
+
+def _validated_identifier_query_value(query_params: dict[str, list[str]], name: str) -> str:
+    """Return a single identifier-like query value safe for proxy forwarding."""
+    value = _validated_single_query_value(query_params, name)
+    if not value.strip():
+        raise ValueError(f"Editor proxy requires a non-empty query parameter: {name}")
+    if len(value) > 256:
+        raise ValueError(f"Editor proxy rejected oversized query parameter: {name}")
+    if any(ord(character) < 32 for character in value):
+        raise ValueError(f"Editor proxy rejected invalid query parameter: {name}")
+    if any(character in value for character in "/\\?#"):
+        raise ValueError(f"Editor proxy rejected invalid query parameter: {name}")
+    return value
+
+
+def _resolve_proxy_target(
+    method: str,
+    request_path: str,
+    query: str,
+) -> Optional[tuple[str, dict[str, str]]]:
+    """Resolve a frontend route to a fixed upstream path and validated params."""
+    query_params = _validated_proxy_query_params(query)
+
+    if method == "POST":
+        post_route_map = {
+            "/api/dff/configurations": "/nidynamicformfields/v1/configurations",
+            "/api/dff/update-configurations": "/nidynamicformfields/v1/update-configurations",
+            "/nidynamicformfields/v1/update-configurations": "/nidynamicformfields/v1/update-configurations",
+        }
+        target_path = post_route_map.get(request_path)
+        if target_path is None:
+            return None
+        if query_params:
+            raise ValueError("Editor proxy does not forward query parameters for this route")
+        return target_path, {}
+
+    if method == "GET" and request_path == "/niuser/v1/workspaces":
+        unexpected_params = set(query_params) - {"take", "skip"}
+        if unexpected_params:
+            raise ValueError("Editor proxy rejected unsupported workspace query parameters")
+
+        safe_params: dict[str, str] = {}
+        if "take" in query_params:
+            safe_params["take"] = _validated_integer_query_value(
+                query_params, "take", minimum=1, maximum=1000
+            )
+        if "skip" in query_params:
+            safe_params["skip"] = _validated_integer_query_value(query_params, "skip", minimum=0)
+        return "/niuser/v1/workspaces", safe_params
+
+    if method == "GET" and request_path == "/nidynamicformfields/v1/resolved-configuration":
+        unexpected_params = set(query_params) - {"configurationId"}
+        if unexpected_params:
+            raise ValueError(
+                "Editor proxy rejected unsupported resolved-configuration query parameters"
+            )
+        return "/nidynamicformfields/v1/resolved-configuration", {
+            "configurationId": _validated_identifier_query_value(query_params, "configurationId")
+        }
+
+    return None
+
+
 class DFFWebEditor:
     """Web-based editor for custom fields configurations."""
 
@@ -224,21 +335,17 @@ class DFFWebEditor:
                         self.send_error(404, "Config file not found")
                         return True
 
-                # Handle API proxying
-                path_map = {
-                    "/api/dff/configurations": "/nidynamicformfields/v1/configurations",
-                    "/api/dff/update-configurations": "/nidynamicformfields/v1/update-configurations",
-                }
-
-                if request_path in path_map:
-                    target_path = path_map[request_path]
-                elif request_path.startswith("/nidynamicformfields/v1/"):
-                    target_path = request_path
-                elif request_path.startswith("/niuser/v1/workspaces"):
-                    target_path = request_path
-                else:
+                try:
+                    resolved_target = _resolve_proxy_target(method, request_path, parsed.query)
+                except ValueError as exc:
+                    self.send_error(400, str(exc))
+                    return True
+
+                if resolved_target is None:
                     return False
 
+                target_path, target_params = resolved_target
+
                 # Require per-session secret on all proxied routes
                 req_secret = self.headers.get("X-Editor-Secret")
                 if not secret or req_secret != secret:
@@ -249,7 +356,6 @@ class DFFWebEditor:
                     origin_scheme=api_scheme,
                     origin_netloc=api_netloc,
                     target_path=target_path,
-                    query=parsed.query,
                 )
 
                 headers = dict(default_headers)
@@ -266,6 +372,7 @@ class DFFWebEditor:
                         url=target_url,
                         headers=headers,
                         data=data,
+                        params=target_params or None,
                         verify=ssl_verify,
                     )
                 except requests.RequestException as exc:  # pragma: no cover