tree-sitter-analyzer 0.8.2__py3-none-any.whl → 0.8.3__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of tree-sitter-analyzer might be problematic. Click here for more details.
- tree_sitter_analyzer/__init__.py +1 -1
- tree_sitter_analyzer/cli/commands/base_command.py +3 -1
- tree_sitter_analyzer/mcp/server.py +10 -0
- tree_sitter_analyzer/mcp/tools/analyze_scale_tool.py +677 -673
- tree_sitter_analyzer/mcp/tools/analyze_scale_tool_cli_compatible.py +4 -9
- tree_sitter_analyzer/project_detector.py +317 -317
- tree_sitter_analyzer/security/__init__.py +22 -22
- tree_sitter_analyzer/security/boundary_manager.py +44 -2
- tree_sitter_analyzer/security/regex_checker.py +292 -292
- tree_sitter_analyzer/security/validator.py +5 -2
- {tree_sitter_analyzer-0.8.2.dist-info → tree_sitter_analyzer-0.8.3.dist-info}/METADATA +7 -6
- {tree_sitter_analyzer-0.8.2.dist-info → tree_sitter_analyzer-0.8.3.dist-info}/RECORD +14 -14
- {tree_sitter_analyzer-0.8.2.dist-info → tree_sitter_analyzer-0.8.3.dist-info}/WHEEL +0 -0
- {tree_sitter_analyzer-0.8.2.dist-info → tree_sitter_analyzer-0.8.3.dist-info}/entry_points.txt +0 -0
|
@@ -1,22 +1,22 @@
|
|
|
1
|
-
#!/usr/bin/env python3
|
|
2
|
-
"""
|
|
3
|
-
Security module for Tree-sitter Analyzer
|
|
4
|
-
|
|
5
|
-
This module provides unified security validation and protection mechanisms
|
|
6
|
-
for file path validation, regex pattern safety, and project boundary control.
|
|
7
|
-
|
|
8
|
-
Architecture:
|
|
9
|
-
- SecurityValidator: Unified validation framework
|
|
10
|
-
- ProjectBoundaryManager: Project access control
|
|
11
|
-
- RegexSafetyChecker: ReDoS attack prevention
|
|
12
|
-
"""
|
|
13
|
-
|
|
14
|
-
from .boundary_manager import ProjectBoundaryManager
|
|
15
|
-
from .regex_checker import RegexSafetyChecker
|
|
16
|
-
from .validator import SecurityValidator
|
|
17
|
-
|
|
18
|
-
__all__ = [
|
|
19
|
-
"SecurityValidator",
|
|
20
|
-
"ProjectBoundaryManager",
|
|
21
|
-
"RegexSafetyChecker",
|
|
22
|
-
]
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
"""
|
|
3
|
+
Security module for Tree-sitter Analyzer
|
|
4
|
+
|
|
5
|
+
This module provides unified security validation and protection mechanisms
|
|
6
|
+
for file path validation, regex pattern safety, and project boundary control.
|
|
7
|
+
|
|
8
|
+
Architecture:
|
|
9
|
+
- SecurityValidator: Unified validation framework
|
|
10
|
+
- ProjectBoundaryManager: Project access control
|
|
11
|
+
- RegexSafetyChecker: ReDoS attack prevention
|
|
12
|
+
"""
|
|
13
|
+
|
|
14
|
+
from .boundary_manager import ProjectBoundaryManager
|
|
15
|
+
from .regex_checker import RegexSafetyChecker
|
|
16
|
+
from .validator import SecurityValidator
|
|
17
|
+
|
|
18
|
+
__all__ = [
|
|
19
|
+
"SecurityValidator",
|
|
20
|
+
"ProjectBoundaryManager",
|
|
21
|
+
"RegexSafetyChecker",
|
|
22
|
+
]
|
|
@@ -14,6 +14,47 @@ from ..exceptions import SecurityError
|
|
|
14
14
|
from ..utils import log_debug, log_info, log_warning
|
|
15
15
|
|
|
16
16
|
|
|
17
|
+
def _to_long_path(path: str) -> str:
|
|
18
|
+
"""Convert Windows 8.3 short paths to long form. No-op on non-Windows."""
|
|
19
|
+
try:
|
|
20
|
+
if os.name != "nt":
|
|
21
|
+
return path
|
|
22
|
+
|
|
23
|
+
# First try pathlib's resolve which often returns the proper long path
|
|
24
|
+
try:
|
|
25
|
+
from pathlib import Path
|
|
26
|
+
|
|
27
|
+
resolved = Path(path).resolve(strict=True)
|
|
28
|
+
return str(resolved)
|
|
29
|
+
except Exception:
|
|
30
|
+
pass
|
|
31
|
+
|
|
32
|
+
# Fallback to WinAPI
|
|
33
|
+
try:
|
|
34
|
+
import ctypes
|
|
35
|
+
|
|
36
|
+
GetLongPathNameW = ctypes.windll.kernel32.GetLongPathNameW # type: ignore[attr-defined]
|
|
37
|
+
GetLongPathNameW.argtypes = [ctypes.c_wchar_p, ctypes.c_wchar_p, ctypes.c_uint]
|
|
38
|
+
GetLongPathNameW.restype = ctypes.c_uint
|
|
39
|
+
|
|
40
|
+
buffer_len = 260
|
|
41
|
+
buffer = ctypes.create_unicode_buffer(buffer_len)
|
|
42
|
+
result = GetLongPathNameW(path, buffer, buffer_len)
|
|
43
|
+
|
|
44
|
+
if result == 0:
|
|
45
|
+
return path
|
|
46
|
+
if result > buffer_len:
|
|
47
|
+
buffer = ctypes.create_unicode_buffer(result)
|
|
48
|
+
result = GetLongPathNameW(path, buffer, result)
|
|
49
|
+
if result == 0:
|
|
50
|
+
return path
|
|
51
|
+
return buffer.value
|
|
52
|
+
except Exception:
|
|
53
|
+
return path
|
|
54
|
+
except Exception:
|
|
55
|
+
return path
|
|
56
|
+
|
|
57
|
+
|
|
17
58
|
class ProjectBoundaryManager:
|
|
18
59
|
"""
|
|
19
60
|
Project boundary manager for access control.
|
|
@@ -47,8 +88,9 @@ class ProjectBoundaryManager:
|
|
|
47
88
|
if not os.path.isdir(project_root):
|
|
48
89
|
raise SecurityError(f"Project root is not a directory: {project_root}")
|
|
49
90
|
|
|
50
|
-
|
|
51
|
-
|
|
91
|
+
abs_root = os.path.abspath(project_root)
|
|
92
|
+
# Use realpath for consistency with tests expecting os.path.realpath
|
|
93
|
+
self.project_root = os.path.realpath(abs_root)
|
|
52
94
|
self.allowed_directories: Set[str] = {self.project_root}
|
|
53
95
|
|
|
54
96
|
log_info(f"ProjectBoundaryManager initialized with root: {self.project_root}")
|