4i"|UdZddlmZddlZddlmZddlmZddlm Z ddl m Z e e Z ded <Gd d Zy) a<Security-hardened path utilities for Component v2. This module centralizes path validation and resolution logic used by the Component v2 registration and file access code paths. All helpers here are designed to prevent path traversal, insecure prefix checks, and symlink escapes outside of a declared package root. ) annotationsN)Path)Final)StreamlitComponentRegistryError) get_loggerr_LOGGERc|eZdZdZed dZed dZed dZed dZed dZ eddZ y)ComponentPathUtilszDUtility class for component path operations and security validation.c,tfddDS)zCheck if a path contains glob pattern characters. Parameters ---------- path : str The path to check Returns ------- bool True if the path contains glob characters c3&K|]}|v ywN).0charpaths v/home/obispo/Crisostomo_bridge/mision_env/lib/python3.12/site-packages/streamlit/components/v2/component_path_utils.py z9ComponentPathUtils.has_glob_characters..4sAD44<As)*?[])anyrs`rhas_glob_charactersz&ComponentPathUtils.has_glob_characters&sA,@AAAc2tj|dy)a@Validate that a path doesn't contain security vulnerabilities. Parameters ---------- path : str The path to validate Raises ------ StreamlitComponentRegistryError If the path contains security vulnerabilities like path traversal attempts zcomponent pathslabelN)r _assert_relative_no_traversalrs rvalidate_path_securityz)ComponentPathUtils.validate_path_security6s 88EV8WrcZtj|dt|j|}g}|D]\} |j }|j }|j |st jd|L|j|^t|dk(rtd|d|t|d kDr*d jd |D}td |d |dt|dS#ttf$r!}t jd||Yd}~d}~wwxYw)a#Resolve a glob pattern to a single file path with security checks. Parameters ---------- pattern : str The glob pattern to resolve package_root : Path The package root directory for security validation Returns ------- Path The resolved file path Raises ------ StreamlitComponentRegistryError If zero or more than one file matches the pattern, or if security checks fail (path traversal attempts) z glob patternsrz&Skipping file outside package root: %szFailed to resolve path %s: %sNrz!No files found matching pattern 'z' in package root z, c32K|]}t|ywr )str)rfs rrz:ComponentPathUtils.resolve_glob_pattern..}s!BQ#a&!Bsz'Multiple files found matching pattern '': z*. Exactly one file must match the pattern.)r rlistglobresolveis_relative_torwarningappendOSError ValueErrorlenrjoinr) pattern package_rootmatching_filesvalidated_files file_path resolved_pathpackage_root_resolvede file_lists rresolve_glob_patternz'ComponentPathUtils.resolve_glob_patternFsM. 888Xl//89' I  ) 1 1 3 (4(<(<(>%%334IJOO@-&&}5 (  1 $13G9.s/ssd{/sz+Path traversal attempts are not allowed in N) r/isalpha startswithosrisabsrreplacesplitr)rris_windows_drive_abs is_unc_absis_rooted_backslash normalizedrCsegmentss rrz0ComponentPathUtils._assert_relative_no_traversals IN 'Q! 'Q3 'Q;&  __V, #ood3FJ GGMM$ #"14UG2dVD  \\$, #-#3#3C#8FCC2ICFF /h/ /1=eWBtfM  0Gs 9 C.C.c  |j}|j}|j|st|d|d|dy#t$r}td|d|d||d}~wwxYw)aEnsure that abs_path is within root; raise if not. Parameters ---------- abs_path : Path Absolute file path root : Path Root directory path kind : str Human-readable descriptor for error messages (e.g., "js" or "css") Raises ------ StreamlitComponentRegistryError If the path cannot be resolved or if the resolved path does not reside within ``root`` after following symlinks. zFailed to resolve z path 'r&Nz%' is outside the declared asset_dir 'z'.)r) Exceptionrr*)abs_pathrootkindresolved root_resolvedr8s rensure_within_rootz%ComponentPathUtils.ensure_within_roots& '')H LLNM&&}51&z)NtfTVW 6  1$TF'(3qcB  s A A+A&&A+c|j}d|vsd|vrytj|ry|jdryd|vsd|vry|j j d S) aHeuristic to detect inline JS/CSS content strings. Treat a string as a file path ONLY if it looks path-like: - Does not contain newlines - Contains glob characters (*, ?, [, ]) - Starts with ./, /, or \ - Contains a path separator ("/" or "\\") - Or ends with a common asset extension like .js, .mjs, .cjs, or .css Otherwise, treat it as inline content. Parameters ---------- value : str The string to classify as inline content or a file path. Returns ------- bool True if ``value`` looks like inline content; False if it looks like a file path.   TF)z./r?r@r?r@)z.jsz.cssz.mjsz.cjs)stripr rrElowerendswith)valuess rlooks_like_inline_contentz,ComponentPathUtils.looks_like_inline_contentsk0 KKM 19   1 1! 4 <<) * !8tqyGGI&&'FGHHrN)rr$returnbool)rr$r`None)r1r$r2rr`r)rr$rr$r`rb)rQrrRrrSr$r`rb)r]r$r`ra) __name__ __module__ __qualname____doc__ staticmethodrr r:rrVr_rrrr r #sN B B X X<(<(|&&P@%I%Irr )rf __future__rrFpathlibrtypingrstreamlit.errorsrstreamlit.loggerrrcr__annotations__r rrrrns;# <'H%%RIRIr