Merge dev into main

Author: DinisCruz

README.md

@@ -2,7 +2,7 @@
 
 Powerful Python util methods and classes that simplify common apis and tasks.
 
-![Current Release](https://img.shields.io/badge/release-v2.58.0-blue)
+![Current Release](https://img.shields.io/badge/release-v2.58.3-blue)
 [![codecov](https://codecov.io/gh/owasp-sbot/OSBot-Utils/graph/badge.svg?token=GNVW0COX1N)](https://codecov.io/gh/owasp-sbot/OSBot-Utils)
 
 

osbot_utils/helpers/ast/Ast_Base.py

@@ -1,11 +1,11 @@
 import ast
 import inspect
 
-from osbot_utils.utils.Dev import pprint, jprint
-from osbot_utils.utils.Exceptions import syntax_error
-from osbot_utils.utils.Files import is_file, file_contents
-from osbot_utils.utils.Objects import obj_data, obj_info
-from osbot_utils.utils.Str import str_dedent
+from osbot_utils.utils.Dev          import pprint, jprint
+from osbot_utils.utils.Exceptions   import syntax_error
+from osbot_utils.utils.Files        import is_file, file_contents
+from osbot_utils.utils.Objects      import obj_data, obj_info
+from osbot_utils.utils.Str          import str_dedent
 
 
 class Ast_Base:

osbot_utils/helpers/safe_str/Safe_Str__Html.py renamed to osbot_utils/helpers/safe_str/http/Safe_Str__Html.py

@@ -0,0 +1,12 @@
+import re
+from osbot_utils.helpers.safe_str.Safe_Str import Safe_Str
+
+TYPE_SAFE_STR__HTTP__CONTENT_TYPE__REGEX = re.compile(r'[^a-zA-Z0-9/\-+.;= ]')
+TYPE_SAFE_STR__HTTP__CONTENT_TYPE__MAX_LENGTH = 256
+
+class Safe_Str__Http__Content_Type(Safe_Str):
+    regex                      = TYPE_SAFE_STR__HTTP__CONTENT_TYPE__REGEX
+    max_length                 = TYPE_SAFE_STR__HTTP__CONTENT_TYPE__MAX_LENGTH
+    allow_empty                = False
+    trim_whitespace            = True
+    allow_all_replacement_char = False

osbot_utils/helpers/safe_str/http/Safe_Str__Http__Content_Type.py

@@ -0,0 +1,10 @@
+import re
+from osbot_utils.helpers.safe_str.Safe_Str import Safe_Str
+
+TYPE_SAFE_STR__HTTP__ETAG__REGEX = re.compile(r'[^a-zA-Z0-9"\/\-_.:]')  # Allow alphanumerics, quotes, slashes, hyphens, underscores, periods, colons
+TYPE_SAFE_STR__HTTP__ETAG__MAX_LENGTH = 128
+
+class Safe_Str__Http__ETag(Safe_Str):
+    regex                      = TYPE_SAFE_STR__HTTP__ETAG__REGEX
+    max_length                 = TYPE_SAFE_STR__HTTP__ETAG__MAX_LENGTH
+    trim_whitespace            = True

osbot_utils/helpers/safe_str/http/Safe_Str__Http__ETag.py

@@ -0,0 +1,10 @@
+import re
+from osbot_utils.helpers.safe_str.Safe_Str import Safe_Str
+
+TYPE_SAFE_STR__HTTP__LAST_MODIFIED__REGEX = re.compile(r'[^a-zA-Z0-9:, -]')
+TYPE_SAFE_STR__HTTP__LAST_MODIFIED__MAX_LENGTH = 64
+
+class Safe_Str__Http__Last_Modified(Safe_Str):
+    regex                      = TYPE_SAFE_STR__HTTP__LAST_MODIFIED__REGEX
+    max_length                 = TYPE_SAFE_STR__HTTP__LAST_MODIFIED__MAX_LENGTH
+    trim_whitespace            = True

osbot_utils/helpers/safe_str/http/Safe_Str__Http__Last_Modified.py

@@ -0,0 +1,35 @@
+import re
+from osbot_utils.helpers.safe_str.Safe_Str import Safe_Str
+
+
+TYPE_SAFE_STR__TEXT__MAX_LENGTH = 1048576           # Define the size constant - 1 megabyte in bytes
+
+# A more permissive regex that primarily filters out:
+# - NULL byte (U+0000)
+# - Control characters (U+0001 to U+0008, U+000B to U+000C, U+000E to U+001F)
+# - Some potentially problematic characters in various contexts
+# But allows:
+# - All standard printable ASCII characters
+# - Tab (U+0009), Line Feed (U+000A), and Carriage Return (U+000D)
+# - A wide range of punctuation, symbols, and Unicode characters for international text
+
+TYPE_SAFE_STR__HTTP__TEXT__REGEX = re.compile(r'[\x00\x01-\x08\x0B\x0C\x0E-\x1F\x7F]')
+
+class Safe_Str__Http__Text(Safe_Str):
+    """
+    Safe string class for general text content with a 1MB limit.
+    Allows a wide range of characters suitable for natural language text,
+    including international characters, while filtering out control characters
+    and other potentially problematic sequences.
+    """
+    max_length                  = TYPE_SAFE_STR__TEXT__MAX_LENGTH
+    regex                       = TYPE_SAFE_STR__HTTP__TEXT__REGEX
+    trim_whitespace             = True              # Trim leading/trailing whitespace
+    normalize_newlines          = True              # Option to normalize different newline styles
+
+    def __new__(cls, value=None):
+
+        if cls.normalize_newlines and value is not None and isinstance(value, str):         # Handle newline normalization before passing to parent class
+            value = value.replace('\r\n', '\n').replace('\r', '\n')                         # Normalize different newline styles to \n
+
+        return super().__new__(cls, value)                                                  # Now call the parent implementation

osbot_utils/helpers/safe_str/http/Safe_Str__Http__Text.py

@@ -25,13 +25,13 @@ def function_name(function):
     if isinstance(function, types.FunctionType):
         return function.__name__
 
-def function_source_code(function):
-    if isinstance(function, types.FunctionType):
-        source_code = inspect.getsource(function)
+def function_source_code(target):
+    if isinstance(target, (types.FunctionType, types.MethodType)):
+        source_code = inspect.getsource(target)
         source_code = textwrap.dedent(source_code).strip()
         return source_code
-    elif isinstance(function, str):
-        return function
+    elif isinstance(target, str):                               # todo: see if we really need this logic (or we just return none when "target" is a str)
+        return target
     return None
 
 def get_line_number(function):
@@ -110,4 +110,5 @@ def type_file(target):
 
 
 function_line_number = get_line_number
-method_line_number   = get_line_number
+method_line_number   = get_line_number
+method_source_code   = function_source_code

osbot_utils/utils/Functions.py

@@ -1 +1 @@
-v2.58.0
+v2.58.3

osbot_utils/version

@@ -1,6 +1,6 @@
 [tool.poetry]
 name        = "osbot_utils"
-version     = "v2.58.0"
+version     = "v2.58.3"
 description = "OWASP Security Bot - Utils"
 authors     = ["Dinis Cruz <[email protected]>"]
 license     = "MIT"

pyproject.toml

@@ -1,8 +1,8 @@
 import re
-from unittest                                       import TestCase
-from osbot_utils.helpers.safe_str.Safe_Str          import Safe_Str
-from osbot_utils.helpers.safe_str.Safe_Str__Html    import Safe_Str__Html, TYPE_SAFE_STR__HTML__REGEX, TYPE_SAFE_STR__HTML__MAX_LENGTH
-from osbot_utils.utils.Objects                      import base_types
+from unittest                                           import TestCase
+from osbot_utils.helpers.safe_str.Safe_Str              import Safe_Str
+from osbot_utils.helpers.safe_str.http.Safe_Str__Html   import Safe_Str__Html, TYPE_SAFE_STR__HTML__REGEX, TYPE_SAFE_STR__HTML__MAX_LENGTH
+from osbot_utils.utils.Objects                          import base_types
 
 
 class test_Safe_Str__Html(TestCase):

tests/unit/helpers/safe_str/test_Safe_Str__Html.py renamed to tests/unit/helpers/safe_str/html/test_Safe_Str__Html.py

@@ -0,0 +1,57 @@
+import pytest
+from unittest                                                       import TestCase
+from osbot_utils.helpers.safe_str.http.Safe_Str__Http__Content_Type import Safe_Str__Http__Content_Type
+
+
+class test_Safe_Str__Http__Content_Type(TestCase):
+
+    def test_Safe_Str__Http__ContentType_class(self):
+        # Standard MIME types
+        assert Safe_Str__Http__Content_Type('text/html') == 'text/html'
+        assert Safe_Str__Http__Content_Type('application/json') == 'application/json'
+        assert Safe_Str__Http__Content_Type('image/jpeg') == 'image/jpeg'
+        assert Safe_Str__Http__Content_Type('audio/mpeg') == 'audio/mpeg'
+        assert Safe_Str__Http__Content_Type('video/mp4') == 'video/mp4'
+
+        # With parameters
+        assert Safe_Str__Http__Content_Type('text/html; charset=utf-8') == 'text/html; charset=utf-8'
+        assert Safe_Str__Http__Content_Type('application/json; charset=utf-8') == 'application/json; charset=utf-8'
+        assert Safe_Str__Http__Content_Type('text/plain; charset=iso-8859-1') == 'text/plain; charset=iso-8859-1'
+
+        # Complex content types
+        assert Safe_Str__Http__Content_Type('application/vnd.api+json') == 'application/vnd.api+json'
+        assert Safe_Str__Http__Content_Type('application/ld+json') == 'application/ld+json'
+        assert Safe_Str__Http__Content_Type('application/vnd.ms-excel') == 'application/vnd.ms-excel'
+
+        # Whitespace handling (trim_whitespace = True)
+        assert Safe_Str__Http__Content_Type('  text/html  ') == 'text/html'
+        assert Safe_Str__Http__Content_Type('application/json; charset=utf-8  ') == 'application/json; charset=utf-8'
+
+        # Numeric conversion
+        assert Safe_Str__Http__Content_Type(12345) == '12345'
+
+        # Invalid characters get replaced
+        assert Safe_Str__Http__Content_Type('text/html<script>') == 'text/html_script_'
+        assert Safe_Str__Http__Content_Type('text/html:invalid') == 'text/html_invalid'
+        assert Safe_Str__Http__Content_Type('text@html') == 'text_html'
+
+        # Edge cases and exceptions
+        with pytest.raises(ValueError) as exc_info:
+            Safe_Str__Http__Content_Type(None)
+        assert "Value cannot be None when allow_empty is False" in str(exc_info.value)
+
+        with pytest.raises(ValueError) as exc_info:
+            Safe_Str__Http__Content_Type('')
+        assert "Value cannot be empty when allow_empty is False" in str(exc_info.value)
+
+        with pytest.raises(ValueError) as exc_info:
+            Safe_Str__Http__Content_Type('<?&*^?>')  # All invalid chars
+        assert "Sanitized value consists entirely of '_' characters" in str(exc_info.value)
+
+        with pytest.raises(ValueError) as exc_info:
+            Safe_Str__Http__Content_Type('   ')  # Spaces only (will be trimmed)
+        assert "Value cannot be empty when allow_empty is False" in str(exc_info.value)
+
+        with pytest.raises(ValueError) as exc_info:
+            Safe_Str__Http__Content_Type('a' * 257)  # Exceeds max length
+        assert "Value exceeds maximum length of 256" in str(exc_info.value)

tests/unit/helpers/safe_str/html/test_Safe_Str__Http__ContentType.py

@@ -0,0 +1,62 @@
+import pytest
+from unittest                                               import TestCase
+from osbot_utils.helpers.safe_str.http.Safe_Str__Http__ETag import Safe_Str__Http__ETag
+
+
+class test_Safe_Str__Http__ETag(TestCase):
+
+    def test_Safe_Str__Http__ETag_class(self):
+        # Strong ETags
+        assert str(Safe_Str__Http__ETag('"abc123"')) == '"abc123"'
+        assert str(Safe_Str__Http__ETag('"67890"')) == '"67890"'
+        assert str(Safe_Str__Http__ETag('"a1b2c3d4e5f6"')) == '"a1b2c3d4e5f6"'
+        assert str(Safe_Str__Http__ETag('"0123456789abcdef"')) == '"0123456789abcdef"'
+
+        # Weak ETags
+        assert str(Safe_Str__Http__ETag('W/"abc123"')) == 'W/"abc123"'
+        assert str(Safe_Str__Http__ETag('W/"67890"')) == 'W/"67890"'
+        assert str(Safe_Str__Http__ETag('W/"a1b2c3d4e5f6"')) == 'W/"a1b2c3d4e5f6"'
+
+        # ETags with special characters
+        assert str(Safe_Str__Http__ETag('"abc-123"')) == '"abc-123"'
+        assert str(Safe_Str__Http__ETag('"file.txt"')) == '"file.txt"'
+        assert str(Safe_Str__Http__ETag('"resource:123"')) == '"resource:123"'
+        assert str(Safe_Str__Http__ETag('"v1.0/api"')) == '"v1.0/api"'
+        assert str(Safe_Str__Http__ETag('"v1_2"')) == '"v1_2"'
+
+        # Without quotes (still valid as HTTP servers can return them)
+        assert str(Safe_Str__Http__ETag('abc123')) == 'abc123'
+        assert str(Safe_Str__Http__ETag('67890')) == '67890'
+
+        # Whitespace handling (trim_whitespace = True)
+        assert str(Safe_Str__Http__ETag('  "abc123"  ')) == '"abc123"'
+        assert str(Safe_Str__Http__ETag('W/"abc123"  ')) == 'W/"abc123"'
+
+        # Numeric conversion
+        assert str(Safe_Str__Http__ETag(12345)) == '12345'
+
+        # Invalid characters get replaced
+        assert Safe_Str__Http__ETag('"abc<script>123"'         ) == '"abc_script_123"'
+        assert Safe_Str__Http__ETag('"abc!@#$%^&*()123"'       ) == '"abc__________123"'
+        assert Safe_Str__Http__ETag('W/"abc+=[]{};\'\\<>?,123"') == 'W/"abc_____________123"'
+        assert Safe_Str__Http__ETag('<?&*^?>'                  ) == '_______'
+
+        # empty values
+        assert Safe_Str__Http__ETag(None ) == ''
+        assert Safe_Str__Http__ETag(''   ) == ''
+        assert Safe_Str__Http__ETag('   ') == ''                # Spaces only (will be trimmed)
+
+        with pytest.raises(ValueError) as exc_info:
+            Safe_Str__Http__ETag('a' * 129)  # Exceeds max length
+        assert "Value exceeds maximum length of 128" in str(exc_info.value)
+
+    def test_special_etag_formats(self):
+        # More complex ETags that servers might generate
+        assert str(Safe_Str__Http__ETag('"5d8e-3f4-f2340"')) == '"5d8e-3f4-f2340"'
+        assert str(Safe_Str__Http__ETag('"5d8e_3f4_f2340"')) == '"5d8e_3f4_f2340"'
+        assert str(Safe_Str__Http__ETag('"a.b.c.d"')) == '"a.b.c.d"'
+        assert str(Safe_Str__Http__ETag('"v1.2.3:4567"')) == '"v1.2.3:4567"'
+
+        # Non-standard but potentially used formats
+        assert str(Safe_Str__Http__ETag('W/"v1-5d8e3f4f2340"')) == 'W/"v1-5d8e3f4f2340"'
+        assert str(Safe_Str__Http__ETag('W/"a/b/c:12345"')) == 'W/"a/b/c:12345"'

tests/unit/helpers/safe_str/html/test_Safe_Str__Http__ETag.py

@@ -0,0 +1,37 @@
+import pytest
+from unittest                                                        import TestCase
+from osbot_utils.helpers.safe_str.http.Safe_Str__Http__Last_Modified import Safe_Str__Http__Last_Modified
+
+
+class test_Safe_Str__Http__Last_Modified(TestCase):
+
+    def test_Safe_Str__Http__LastModified_class(self):
+        # Standard RFC formats
+        assert Safe_Str__Http__Last_Modified('Wed, 21 Oct 2023 07:28:00 GMT') == 'Wed, 21 Oct 2023 07:28:00 GMT'
+        assert Safe_Str__Http__Last_Modified('Mon, 15 May 2024 12:30:45 GMT') == 'Mon, 15 May 2024 12:30:45 GMT'
+        assert Safe_Str__Http__Last_Modified('Sat, 01 Jan 2022 00:00:00 GMT') == 'Sat, 01 Jan 2022 00:00:00 GMT'
+
+        # Different date formats that might be used
+        assert Safe_Str__Http__Last_Modified('2023-10-21T07:28:00Z') == '2023-10-21T07:28:00Z'
+        assert Safe_Str__Http__Last_Modified('21 Oct 2023 07:28:00 GMT') == '21 Oct 2023 07:28:00 GMT'
+
+        # Whitespace handling (trim_whitespace = True)
+        assert Safe_Str__Http__Last_Modified('  Wed, 21 Oct 2023 07:28:00 GMT  ') == 'Wed, 21 Oct 2023 07:28:00 GMT'
+
+        # Invalid characters get replaced
+        assert Safe_Str__Http__Last_Modified('Wed, 21 Oct 2023<script>') == 'Wed, 21 Oct 2023_script_'
+        assert Safe_Str__Http__Last_Modified('Wed; 21 Oct 2023') == 'Wed_ 21 Oct 2023'
+        assert Safe_Str__Http__Last_Modified('Wed, 21/Oct/2023') == 'Wed, 21_Oct_2023'
+
+        assert Safe_Str__Http__Last_Modified('<?&*^?>')  == '_______'
+        # allow empty values
+        assert Safe_Str__Http__Last_Modified(None)  == ''
+        assert Safe_Str__Http__Last_Modified('')    == ''
+        assert Safe_Str__Http__Last_Modified('   ') == '' # Spaces only (will be trimmed)
+
+        # Numeric conversion
+        assert Safe_Str__Http__Last_Modified(20231021) == '20231021'
+
+        with pytest.raises(ValueError) as exc_info:
+            Safe_Str__Http__Last_Modified('a' * 65)  # Exceeds max length
+        assert "Value exceeds maximum length of 64" in str(exc_info.value)