4151c3c3a5
* Migration from docker to standalone server Migration handling Fixed tests Use simpler in-memory storage Support for concurrent logging to disk Simplified direct connections to localhost * Migration from docker / redis to standalone script Updated tests Updated run script Fixed requirements Use dotenv Ask if user would like to install MCP in Claude Desktop once Updated docs * More cleanup and references to docker removed * Cleanup * Comments * Fixed tests * Fix GitHub Actions workflow for standalone Python architecture - Install requirements-dev.txt for pytest and testing dependencies - Remove Docker setup from simulation tests (now standalone) - Simplify linting job to use requirements-dev.txt - Update simulation tests to run directly without Docker Fixes unit test failures in CI due to missing pytest dependency. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Remove simulation tests from GitHub Actions - Removed simulation-tests job that makes real API calls - Keep only unit tests (mocked, no API costs) and linting - Simulation tests should be run manually with real API keys - Reduces CI costs and complexity GitHub Actions now only runs: - Unit tests (569 tests, all mocked) - Code quality checks (ruff, black) 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Fixed tests * Fixed tests --------- Co-authored-by: Claude <noreply@anthropic.com>
105 lines
1.9 KiB
Python
105 lines
1.9 KiB
Python
"""
|
|
Security configuration and path validation constants
|
|
|
|
This module contains security-related constants and configurations
|
|
for file access control.
|
|
"""
|
|
|
|
from pathlib import Path
|
|
|
|
# Dangerous paths that should never be scanned
|
|
# These would give overly broad access and pose security risks
|
|
DANGEROUS_PATHS = {
|
|
"/",
|
|
"/etc",
|
|
"/usr",
|
|
"/bin",
|
|
"/var",
|
|
"/root",
|
|
"/home",
|
|
"C:\\",
|
|
"C:\\Windows",
|
|
"C:\\Program Files",
|
|
"C:\\Users",
|
|
}
|
|
|
|
# Directories to exclude from recursive file search
|
|
# These typically contain generated code, dependencies, or build artifacts
|
|
EXCLUDED_DIRS = {
|
|
# Python
|
|
"__pycache__",
|
|
".venv",
|
|
"venv",
|
|
"env",
|
|
".env",
|
|
"*.egg-info",
|
|
".eggs",
|
|
"wheels",
|
|
".Python",
|
|
".mypy_cache",
|
|
".pytest_cache",
|
|
".tox",
|
|
"htmlcov",
|
|
".coverage",
|
|
"coverage",
|
|
# Node.js / JavaScript
|
|
"node_modules",
|
|
".next",
|
|
".nuxt",
|
|
"bower_components",
|
|
".sass-cache",
|
|
# Version Control
|
|
".git",
|
|
".svn",
|
|
".hg",
|
|
# Build Output
|
|
"build",
|
|
"dist",
|
|
"target",
|
|
"out",
|
|
# IDEs
|
|
".idea",
|
|
".vscode",
|
|
".sublime",
|
|
".atom",
|
|
".brackets",
|
|
# Temporary / Cache
|
|
".cache",
|
|
".temp",
|
|
".tmp",
|
|
"*.swp",
|
|
"*.swo",
|
|
"*~",
|
|
# OS-specific
|
|
".DS_Store",
|
|
"Thumbs.db",
|
|
# Java / JVM
|
|
".gradle",
|
|
".m2",
|
|
# Documentation build
|
|
"_build",
|
|
"site",
|
|
# Mobile development
|
|
".expo",
|
|
".flutter",
|
|
# Package managers
|
|
"vendor",
|
|
}
|
|
|
|
|
|
def is_dangerous_path(path: Path) -> bool:
|
|
"""
|
|
Check if a path is in the dangerous paths list.
|
|
|
|
Args:
|
|
path: Path to check
|
|
|
|
Returns:
|
|
True if the path is dangerous and should not be accessed
|
|
"""
|
|
try:
|
|
resolved = path.resolve()
|
|
return str(resolved) in DANGEROUS_PATHS or resolved.parent == resolved
|
|
except Exception:
|
|
return True # If we can't resolve, consider it dangerous
|