Expand description
Input validation and path safety utilities for Pattern Analysis commands.
Provides security-focused validation functions to mitigate:
- T01 - Path Traversal: BLOCKED_PREFIXES for system directories
- T02 - Project Root Enforcement: validate_file_path_in_project()
- T03 - Integer Overflow: Checked arithmetic for depth calculations
- T08 - Memory Exhaustion: Resource limit constants
All file paths are canonicalized and checked against project boundaries. Resource limits are enforced to prevent denial-of-service conditions.
Constants§
- MAX_
ANALYSIS_ DEPTH - Maximum recursion depth for analysis algorithms. Used for CFG path enumeration, temporal mining, etc.
- MAX_
AST_ DEPTH - Maximum AST traversal depth. Prevents stack overflow from deeply nested source code.
- MAX_
CLASSES_ PER_ FILE - Maximum classes per file.
- MAX_
CLASS_ COMPLEXITY - Maximum class complexity (methods * fields) for analysis.
- MAX_
CONSTRAINTS_ PER_ FILE - Maximum constraints to report per file.
- MAX_
DIRECTORY_ FILES - Maximum files to scan in directory analysis.
- MAX_
FIELDS_ PER_ CLASS - Maximum fields per class for cohesion analysis.
- MAX_
FILE_ SIZE - Maximum file size for analysis (10 MB). Files larger than this will be rejected.
- MAX_
FUNCTION_ NAME_ LEN - Maximum function name length.
- MAX_
METHODS_ PER_ CLASS - Maximum methods per class for cohesion analysis.
- MAX_
PATHS - Maximum CFG paths to enumerate (TIGER-04). Prevents unbounded path enumeration in resources command.
- MAX_
TRIGRAMS - Maximum trigrams to collect (TIGER-05). Prevents memory exhaustion in temporal mining.
- WARN_
FILE_ SIZE - Warning threshold for file size (1 MB). Files larger than this emit a warning but are still processed.
Functions§
- approaching_
limit - Check if a count is approaching a limit (>80%).
- check_
analysis_ depth - Check if analysis depth limit has been exceeded.
- check_
ast_ depth - Check if AST depth limit has been exceeded.
- check_
directory_ file_ count - Check if directory file count limit has been exceeded.
- format_
large_ file_ warning - Format a warning message for a large file.
- is_
path_ traversal_ attempt - Check if a path contains path traversal patterns.
- read_
file_ safe - Safely read a file with size limits and UTF-8 validation.
- saturating_
count_ add - Safely add to a counter with overflow protection.
- saturating_
depth_ increment - Safely increment a depth counter with overflow protection.
- should_
warn_ file_ size - Check if a file size is large enough to warrant a warning.
- validate_
directory_ path - Validate and canonicalize a directory path.
- validate_
file_ path - Validate and canonicalize a file path.
- validate_
file_ path_ in_ project - Validate a file path ensuring it stays within a project root.
- validate_
file_ size - Validate file size against limits.
- validate_
function_ name - Validate a function name for safety.
- warn_
if_ approaching_ limit - Log a warning if approaching a limit.
- within_
limit - Check if a value is within a limit using checked arithmetic.