tree-sitter-analyzer 0.9.1__py3-none-any.whl → 0.9.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of tree-sitter-analyzer might be problematic. Click here for more details.

Files changed (61) hide show
  1. tree_sitter_analyzer/__init__.py +132 -132
  2. tree_sitter_analyzer/__main__.py +11 -11
  3. tree_sitter_analyzer/api.py +533 -533
  4. tree_sitter_analyzer/cli/__init__.py +39 -39
  5. tree_sitter_analyzer/cli/__main__.py +12 -12
  6. tree_sitter_analyzer/cli/commands/__init__.py +26 -26
  7. tree_sitter_analyzer/cli/commands/advanced_command.py +88 -88
  8. tree_sitter_analyzer/cli/commands/base_command.py +182 -178
  9. tree_sitter_analyzer/cli/commands/structure_command.py +138 -138
  10. tree_sitter_analyzer/cli/commands/summary_command.py +101 -101
  11. tree_sitter_analyzer/core/__init__.py +15 -15
  12. tree_sitter_analyzer/core/analysis_engine.py +74 -78
  13. tree_sitter_analyzer/core/cache_service.py +320 -320
  14. tree_sitter_analyzer/core/engine.py +566 -566
  15. tree_sitter_analyzer/core/parser.py +293 -293
  16. tree_sitter_analyzer/encoding_utils.py +459 -459
  17. tree_sitter_analyzer/file_handler.py +210 -210
  18. tree_sitter_analyzer/formatters/__init__.py +1 -1
  19. tree_sitter_analyzer/formatters/base_formatter.py +167 -167
  20. tree_sitter_analyzer/formatters/formatter_factory.py +78 -78
  21. tree_sitter_analyzer/formatters/java_formatter.py +18 -18
  22. tree_sitter_analyzer/formatters/python_formatter.py +19 -19
  23. tree_sitter_analyzer/interfaces/__init__.py +9 -9
  24. tree_sitter_analyzer/interfaces/cli.py +528 -528
  25. tree_sitter_analyzer/interfaces/cli_adapter.py +344 -343
  26. tree_sitter_analyzer/interfaces/mcp_adapter.py +206 -206
  27. tree_sitter_analyzer/language_detector.py +53 -53
  28. tree_sitter_analyzer/languages/__init__.py +10 -10
  29. tree_sitter_analyzer/languages/java_plugin.py +1 -1
  30. tree_sitter_analyzer/languages/javascript_plugin.py +446 -446
  31. tree_sitter_analyzer/languages/python_plugin.py +755 -755
  32. tree_sitter_analyzer/mcp/__init__.py +34 -45
  33. tree_sitter_analyzer/mcp/resources/__init__.py +44 -44
  34. tree_sitter_analyzer/mcp/resources/code_file_resource.py +209 -209
  35. tree_sitter_analyzer/mcp/server.py +623 -568
  36. tree_sitter_analyzer/mcp/tools/__init__.py +30 -30
  37. tree_sitter_analyzer/mcp/tools/analyze_scale_tool.py +681 -673
  38. tree_sitter_analyzer/mcp/tools/analyze_scale_tool_cli_compatible.py +247 -247
  39. tree_sitter_analyzer/mcp/tools/base_tool.py +54 -54
  40. tree_sitter_analyzer/mcp/tools/read_partial_tool.py +310 -308
  41. tree_sitter_analyzer/mcp/tools/table_format_tool.py +386 -379
  42. tree_sitter_analyzer/mcp/tools/universal_analyze_tool.py +563 -559
  43. tree_sitter_analyzer/mcp/utils/__init__.py +107 -107
  44. tree_sitter_analyzer/models.py +10 -10
  45. tree_sitter_analyzer/output_manager.py +253 -253
  46. tree_sitter_analyzer/plugins/__init__.py +280 -280
  47. tree_sitter_analyzer/plugins/base.py +529 -529
  48. tree_sitter_analyzer/plugins/manager.py +379 -379
  49. tree_sitter_analyzer/queries/__init__.py +26 -26
  50. tree_sitter_analyzer/queries/java.py +391 -391
  51. tree_sitter_analyzer/queries/javascript.py +148 -148
  52. tree_sitter_analyzer/queries/python.py +285 -285
  53. tree_sitter_analyzer/queries/typescript.py +229 -229
  54. tree_sitter_analyzer/query_loader.py +257 -257
  55. tree_sitter_analyzer/security/validator.py +246 -241
  56. tree_sitter_analyzer/utils.py +294 -277
  57. {tree_sitter_analyzer-0.9.1.dist-info → tree_sitter_analyzer-0.9.2.dist-info}/METADATA +1 -1
  58. tree_sitter_analyzer-0.9.2.dist-info/RECORD +77 -0
  59. {tree_sitter_analyzer-0.9.1.dist-info → tree_sitter_analyzer-0.9.2.dist-info}/entry_points.txt +1 -0
  60. tree_sitter_analyzer-0.9.1.dist-info/RECORD +0 -77
  61. {tree_sitter_analyzer-0.9.1.dist-info → tree_sitter_analyzer-0.9.2.dist-info}/WHEEL +0 -0
tree_sitter_analyzer/security/validator.py CHANGED
@@ -1,241 +1,246 @@
1
- #!/usr/bin/env python3
2
- """
3
- Security Validator for Tree-sitter Analyzer
4
-
5
- Provides unified security validation framework inspired by code-index-mcp's
6
- ValidationHelper but enhanced for tree-sitter analyzer's requirements.
7
- """
8
-
9
- import os
10
- import re
11
- from pathlib import Path
12
- from typing import Optional, Tuple
13
-
14
- from ..exceptions import SecurityError
15
- from ..utils import log_debug, log_warning
16
- from .boundary_manager import ProjectBoundaryManager
17
- from .regex_checker import RegexSafetyChecker
18
-
19
-
20
- class SecurityValidator:
21
- """
22
- Unified security validation framework.
23
-
24
- This class provides comprehensive security validation for file paths,
25
- regex patterns, and other user inputs to prevent security vulnerabilities.
26
-
27
- Features:
28
- - Multi-layer path traversal protection
29
- - Project boundary enforcement
30
- - ReDoS attack prevention
31
- - Input sanitization
32
- """
33
-
34
- def __init__(self, project_root: Optional[str] = None) -> None:
35
- """
36
- Initialize security validator.
37
-
38
- Args:
39
- project_root: Optional project root directory for boundary checks
40
- """
41
- self.boundary_manager = (
42
- ProjectBoundaryManager(project_root) if project_root else None
43
- )
44
- self.regex_checker = RegexSafetyChecker()
45
-
46
- log_debug(f"SecurityValidator initialized with project_root: {project_root}")
47
-
48
- def validate_file_path(
49
- self, file_path: str, base_path: Optional[str] = None
50
- ) -> Tuple[bool, str]:
51
- """
52
- Validate file path with comprehensive security checks.
53
-
54
- Implements multi-layer defense against path traversal attacks
55
- and ensures file access stays within project boundaries.
56
-
57
- Args:
58
- file_path: File path to validate
59
- base_path: Optional base path for relative path validation
60
-
61
- Returns:
62
- Tuple of (is_valid, error_message)
63
-
64
- Example:
65
- >>> validator = SecurityValidator("/project/root")
66
- >>> is_valid, error = validator.validate_file_path("src/main.py")
67
- >>> assert is_valid
68
- """
69
- try:
70
- # Layer 1: Basic input validation
71
- if not file_path or not isinstance(file_path, str):
72
- return False, "File path must be a non-empty string"
73
-
74
- # Layer 2: Null byte injection check
75
- if "\x00" in file_path:
76
- log_warning(f"Null byte detected in file path: {file_path}")
77
- return False, "File path contains null bytes"
78
-
79
- # Layer 3: Windows drive letter check (only on non-Windows systems)
80
- if len(file_path) > 1 and file_path[1] == ":" and os.name != 'nt':
81
- return False, "Windows drive letters are not allowed on this system"
82
-
83
- # Layer 4: Absolute path check
84
- if os.path.isabs(file_path):
85
- # If we have a project root, check if the absolute path is within it
86
- if self.boundary_manager and self.boundary_manager.project_root:
87
- if not self.boundary_manager.is_within_project(file_path):
88
- return False, "Absolute path must be within project directory"
89
- else:
90
- # In test environments (temp directories), allow absolute paths
91
- import tempfile
92
- temp_dir = tempfile.gettempdir()
93
- if file_path.startswith(temp_dir):
94
- return True, ""
95
- # No project root defined, reject all other absolute paths
96
- return False, "Absolute file paths are not allowed"
97
-
98
- # Layer 5: Path normalization and traversal check
99
- norm_path = os.path.normpath(file_path)
100
- if "..\\" in norm_path or "../" in norm_path or norm_path.startswith(".."):
101
- log_warning(f"Path traversal attempt detected: {file_path}")
102
- return False, "Directory traversal not allowed"
103
-
104
- # Layer 6: Project boundary validation
105
- if self.boundary_manager and base_path:
106
- if not self.boundary_manager.is_within_project(
107
- os.path.join(base_path, norm_path)
108
- ):
109
- return False, "Access denied. File path must be within project directory"
110
-
111
- # Layer 7: Symbolic link check (if file exists)
112
- if base_path:
113
- full_path = os.path.join(base_path, norm_path)
114
- if os.path.exists(full_path) and os.path.islink(full_path):
115
- log_warning(f"Symbolic link detected: {full_path}")
116
- return False, "Symbolic links are not allowed"
117
-
118
- log_debug(f"File path validation passed: {file_path}")
119
- return True, ""
120
-
121
- except Exception as e:
122
- log_warning(f"File path validation error: {e}")
123
- return False, f"Validation error: {str(e)}"
124
-
125
- def validate_directory_path(
126
- self, dir_path: str, must_exist: bool = True
127
- ) -> Tuple[bool, str]:
128
- """
129
- Validate directory path for security and existence.
130
-
131
- Args:
132
- dir_path: Directory path to validate
133
- must_exist: Whether directory must exist
134
-
135
- Returns:
136
- Tuple of (is_valid, error_message)
137
- """
138
- try:
139
- # Basic validation using file path validator
140
- is_valid, error = self.validate_file_path(dir_path)
141
- if not is_valid:
142
- return False, error
143
-
144
- # Check if path exists and is directory
145
- if must_exist:
146
- if not os.path.exists(dir_path):
147
- return False, f"Directory does not exist: {dir_path}"
148
-
149
- if not os.path.isdir(dir_path):
150
- return False, f"Path is not a directory: {dir_path}"
151
-
152
- log_debug(f"Directory path validation passed: {dir_path}")
153
- return True, ""
154
-
155
- except Exception as e:
156
- log_warning(f"Directory path validation error: {e}")
157
- return False, f"Validation error: {str(e)}"
158
-
159
- def validate_regex_pattern(self, pattern: str) -> Tuple[bool, str]:
160
- """
161
- Validate regex pattern for ReDoS attack prevention.
162
-
163
- Args:
164
- pattern: Regex pattern to validate
165
-
166
- Returns:
167
- Tuple of (is_valid, error_message)
168
- """
169
- return self.regex_checker.validate_pattern(pattern)
170
-
171
- def sanitize_input(self, user_input: str, max_length: int = 1000) -> str:
172
- """
173
- Sanitize user input by removing dangerous characters.
174
-
175
- Args:
176
- user_input: Input string to sanitize
177
- max_length: Maximum allowed length
178
-
179
- Returns:
180
- Sanitized input string
181
-
182
- Raises:
183
- SecurityError: If input is too long or contains dangerous content
184
- """
185
- if not isinstance(user_input, str):
186
- raise SecurityError("Input must be a string")
187
-
188
- if len(user_input) > max_length:
189
- raise SecurityError(f"Input too long: {len(user_input)} > {max_length}")
190
-
191
- # Remove null bytes and control characters
192
- sanitized = re.sub(r'[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]', '', user_input)
193
-
194
- # Remove HTML/XML tags for XSS prevention
195
- sanitized = re.sub(r'<[^>]*>', '', sanitized)
196
-
197
- # Remove potentially dangerous characters
198
- sanitized = re.sub(r'[<>"\']', '', sanitized)
199
-
200
- # Log if sanitization occurred
201
- if sanitized != user_input:
202
- log_warning("Input sanitization performed")
203
-
204
- return sanitized
205
-
206
- def validate_glob_pattern(self, pattern: str) -> Tuple[bool, str]:
207
- """
208
- Validate glob pattern for safe file matching.
209
-
210
- Args:
211
- pattern: Glob pattern to validate
212
-
213
- Returns:
214
- Tuple of (is_valid, error_message)
215
- """
216
- try:
217
- # Basic input validation
218
- if not pattern or not isinstance(pattern, str):
219
- return False, "Pattern must be a non-empty string"
220
-
221
- # Check for dangerous patterns
222
- dangerous_patterns = [
223
- "..", # Path traversal
224
- "//", # Double slashes
225
- "\\\\", # Double backslashes
226
- ]
227
-
228
- for dangerous in dangerous_patterns:
229
- if dangerous in pattern:
230
- return False, f"Dangerous pattern detected: {dangerous}"
231
-
232
- # Validate length
233
- if len(pattern) > 500:
234
- return False, "Pattern too long"
235
-
236
- log_debug(f"Glob pattern validation passed: {pattern}")
237
- return True, ""
238
-
239
- except Exception as e:
240
- log_warning(f"Glob pattern validation error: {e}")
241
- return False, f"Validation error: {str(e)}"
1
+ #!/usr/bin/env python3
2
+ """
3
+ Security Validator for Tree-sitter Analyzer
4
+
5
+ Provides unified security validation framework inspired by code-index-mcp's
6
+ ValidationHelper but enhanced for tree-sitter analyzer's requirements.
7
+ """
8
+
9
+ import os
10
+ import re
11
+
12
+ from ..exceptions import SecurityError
13
+ from ..utils import log_debug, log_warning
14
+ from .boundary_manager import ProjectBoundaryManager
15
+ from .regex_checker import RegexSafetyChecker
16
+
17
+
18
+ class SecurityValidator:
19
+ """
20
+ Unified security validation framework.
21
+
22
+ This class provides comprehensive security validation for file paths,
23
+ regex patterns, and other user inputs to prevent security vulnerabilities.
24
+
25
+ Features:
26
+ - Multi-layer path traversal protection
27
+ - Project boundary enforcement
28
+ - ReDoS attack prevention
29
+ - Input sanitization
30
+ """
31
+
32
+ def __init__(self, project_root: str | None = None) -> None:
33
+ """
34
+ Initialize security validator.
35
+
36
+ Args:
37
+ project_root: Optional project root directory for boundary checks
38
+ """
39
+ self.boundary_manager = (
40
+ ProjectBoundaryManager(project_root) if project_root else None
41
+ )
42
+ self.regex_checker = RegexSafetyChecker()
43
+
44
+ log_debug(f"SecurityValidator initialized with project_root: {project_root}")
45
+
46
+ def validate_file_path(
47
+ self, file_path: str, base_path: str | None = None
48
+ ) -> tuple[bool, str]:
49
+ """
50
+ Validate file path with comprehensive security checks.
51
+
52
+ Implements multi-layer defense against path traversal attacks
53
+ and ensures file access stays within project boundaries.
54
+
55
+ Args:
56
+ file_path: File path to validate
57
+ base_path: Optional base path for relative path validation
58
+
59
+ Returns:
60
+ Tuple of (is_valid, error_message)
61
+
62
+ Example:
63
+ >>> validator = SecurityValidator("/project/root")
64
+ >>> is_valid, error = validator.validate_file_path("src/main.py")
65
+ >>> assert is_valid
66
+ """
67
+ try:
68
+ # Layer 1: Basic input validation
69
+ if not file_path or not isinstance(file_path, str):
70
+ return False, "File path must be a non-empty string"
71
+
72
+ # Layer 2: Null byte injection check
73
+ if "\x00" in file_path:
74
+ log_warning(f"Null byte detected in file path: {file_path}")
75
+ return False, "File path contains null bytes"
76
+
77
+ # Layer 3: Windows drive letter check (only on non-Windows systems)
78
+ if len(file_path) > 1 and file_path[1] == ":" and os.name != "nt":
79
+ return False, "Windows drive letters are not allowed on this system"
80
+
81
+ # Layer 4: Absolute path check (cross-platform)
82
+ if os.path.isabs(file_path) or file_path.startswith(("/", "\\")):
83
+ # If project boundaries are configured, enforce them strictly
84
+ if self.boundary_manager and self.boundary_manager.project_root:
85
+ if not self.boundary_manager.is_within_project(file_path):
86
+ return False, "Absolute path must be within project directory"
87
+ # Within project
88
+ return True, ""
89
+ else:
90
+ # In test/dev contexts without project boundaries, allow absolute
91
+ # paths under system temp folder only (safe sandbox)
92
+ import tempfile
93
+
94
+ temp_dir = os.path.realpath(tempfile.gettempdir())
95
+ real_path = os.path.realpath(file_path)
96
+ if real_path.startswith(temp_dir + os.sep) or real_path == temp_dir:
97
+ return True, ""
98
+ return False, "Absolute file paths are not allowed"
99
+
100
+ # Layer 5: Path normalization and traversal check
101
+ norm_path = os.path.normpath(file_path)
102
+ if "..\\" in norm_path or "../" in norm_path or norm_path.startswith(".."):
103
+ log_warning(f"Path traversal attempt detected: {file_path}")
104
+ return False, "Directory traversal not allowed"
105
+
106
+ # Layer 6: Project boundary validation
107
+ if self.boundary_manager and base_path:
108
+ if not self.boundary_manager.is_within_project(
109
+ os.path.join(base_path, norm_path)
110
+ ):
111
+ return (
112
+ False,
113
+ "Access denied. File path must be within project directory",
114
+ )
115
+
116
+ # Layer 7: Symbolic link check (if file exists)
117
+ if base_path:
118
+ full_path = os.path.join(base_path, norm_path)
119
+ if os.path.exists(full_path) and os.path.islink(full_path):
120
+ log_warning(f"Symbolic link detected: {full_path}")
121
+ return False, "Symbolic links are not allowed"
122
+
123
+ log_debug(f"File path validation passed: {file_path}")
124
+ return True, ""
125
+
126
+ except Exception as e:
127
+ log_warning(f"File path validation error: {e}")
128
+ return False, f"Validation error: {str(e)}"
129
+
130
+ def validate_directory_path(
131
+ self, dir_path: str, must_exist: bool = True
132
+ ) -> tuple[bool, str]:
133
+ """
134
+ Validate directory path for security and existence.
135
+
136
+ Args:
137
+ dir_path: Directory path to validate
138
+ must_exist: Whether directory must exist
139
+
140
+ Returns:
141
+ Tuple of (is_valid, error_message)
142
+ """
143
+ try:
144
+ # Basic validation using file path validator
145
+ is_valid, error = self.validate_file_path(dir_path)
146
+ if not is_valid:
147
+ return False, error
148
+
149
+ # Check if path exists and is directory
150
+ if must_exist:
151
+ if not os.path.exists(dir_path):
152
+ return False, f"Directory does not exist: {dir_path}"
153
+
154
+ if not os.path.isdir(dir_path):
155
+ return False, f"Path is not a directory: {dir_path}"
156
+
157
+ log_debug(f"Directory path validation passed: {dir_path}")
158
+ return True, ""
159
+
160
+ except Exception as e:
161
+ log_warning(f"Directory path validation error: {e}")
162
+ return False, f"Validation error: {str(e)}"
163
+
164
+ def validate_regex_pattern(self, pattern: str) -> tuple[bool, str]:
165
+ """
166
+ Validate regex pattern for ReDoS attack prevention.
167
+
168
+ Args:
169
+ pattern: Regex pattern to validate
170
+
171
+ Returns:
172
+ Tuple of (is_valid, error_message)
173
+ """
174
+ return self.regex_checker.validate_pattern(pattern)
175
+
176
+ def sanitize_input(self, user_input: str, max_length: int = 1000) -> str:
177
+ """
178
+ Sanitize user input by removing dangerous characters.
179
+
180
+ Args:
181
+ user_input: Input string to sanitize
182
+ max_length: Maximum allowed length
183
+
184
+ Returns:
185
+ Sanitized input string
186
+
187
+ Raises:
188
+ SecurityError: If input is too long or contains dangerous content
189
+ """
190
+ if not isinstance(user_input, str):
191
+ raise SecurityError("Input must be a string")
192
+
193
+ if len(user_input) > max_length:
194
+ raise SecurityError(f"Input too long: {len(user_input)} > {max_length}")
195
+
196
+ # Remove null bytes and control characters
197
+ sanitized = re.sub(r"[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]", "", user_input)
198
+
199
+ # Remove HTML/XML tags for XSS prevention
200
+ sanitized = re.sub(r"<[^>]*>", "", sanitized)
201
+
202
+ # Remove potentially dangerous characters
203
+ sanitized = re.sub(r'[<>"\']', "", sanitized)
204
+
205
+ # Log if sanitization occurred
206
+ if sanitized != user_input:
207
+ log_warning("Input sanitization performed")
208
+
209
+ return sanitized
210
+
211
+ def validate_glob_pattern(self, pattern: str) -> tuple[bool, str]:
212
+ """
213
+ Validate glob pattern for safe file matching.
214
+
215
+ Args:
216
+ pattern: Glob pattern to validate
217
+
218
+ Returns:
219
+ Tuple of (is_valid, error_message)
220
+ """
221
+ try:
222
+ # Basic input validation
223
+ if not pattern or not isinstance(pattern, str):
224
+ return False, "Pattern must be a non-empty string"
225
+
226
+ # Check for dangerous patterns
227
+ dangerous_patterns = [
228
+ "..", # Path traversal
229
+ "//", # Double slashes
230
+ "\\\\", # Double backslashes
231
+ ]
232
+
233
+ for dangerous in dangerous_patterns:
234
+ if dangerous in pattern:
235
+ return False, f"Dangerous pattern detected: {dangerous}"
236
+
237
+ # Validate length
238
+ if len(pattern) > 500:
239
+ return False, "Pattern too long"
240
+
241
+ log_debug(f"Glob pattern validation passed: {pattern}")
242
+ return True, ""
243
+
244
+ except Exception as e:
245
+ log_warning(f"Glob pattern validation error: {e}")
246
+ return False, f"Validation error: {str(e)}"