Add CallCommand - Githubissues

## File Changed: `patchwork/steps/CallCommand/CallCommand.py` Details: The `CallCommand` class and `__parse_env_text` method lack docstrings explaining their purpose, parameters, and return types. Affected Code Snippet: ```python class CallCommand(Step, input_class=CallCommandInputs, output_class=CallCommandOutputs): def __init__(self, inputs: dict): super().__init__(inputs) self.command = shutil.which(inputs["command"]) if self.command is None: raise ValueError(f"Command `{inputs['command']}` not found in PATH") self.command_args = shlex.split(inputs.get("command_args", "")) self.working_dir = inputs.get("working_dir", Path.cwd()) self.env = self.__parse_env_text(inputs.get("env", "")) @staticmethod def __parse_env_text(env_text: str) -> dict[str, str]: env_spliter = shlex.shlex(env_text, posix=True) env_spliter.whitespace_split = True env_spliter.whitespace += ";" ``` Start Line: 14 End Line: 26 ------------- Details: Some function parameters and return values lack type hints. Affected Code Snippet: ```python def __init__(self, inputs: dict): super().__init__(inputs) self.command = shutil.which(inputs["command"]) if self.command is None: raise ValueError(f"Command `{inputs['command']}` not found in PATH") self.command_args = shlex.split(inputs.get("command_args", "")) self.working_dir = inputs.get("working_dir", Path.cwd()) self.env = self.__parse_env_text(inputs.get("env", "")) def run(self) -> dict: cmd = [self.command, *self.command_args] p = subprocess.run(cmd, capture_output=True, text=True, cwd=self.working_dir, env=self.env) try: p.check_returncode() return dict(stdout_output=p.stdout) except subprocess.CalledProcessError as e: self.set_status(StepStatus.FAILED, f"`{self.command} {self.command_args}` failed with stdout:\n{p.stdout}\nstderr:\n{e.stderr}") return dict() ``` Start Line: 15 End Line: 57 ------------- ## File Changed: `patchwork/steps/ScanPSFuzz/ScanPSFuzz.py` Details: The code is missing function docstrings, including parameter types, return types, and function purpose descriptions. Affected Code Snippet: ```python class ScanPSFuzz(Step, input_class=ScanPSFuzzInputs, output_class=ScanPSFuzzOutputs): def __init__(self, inputs: dict): if not self.__is_ps_fuzz_installed(): raise ValueError("""\ `prompt-security-fuzzer` is not installed. Please install with the following instructions: 1. Install pipx: https://github.com/pypa/pipx 2. pipx install prompt-security-fuzzer 3. pipx inject prompt-security-fuzzer setuptools """) super().__init__(inputs) wrapped_input = dict( command="prompt-security-fuzzer", command_args=f'-b {inputs["prompt_file_path"]}', env=f'OPENAI_API_KEY={inputs["openai_api_key"]}' ) working_dir = inputs.get("working_dir") if working_dir is not None: wrapped_input["working_dir"] = working_dir self.inner_step = CallCommand(wrapped_input) @staticmethod def __is_ps_fuzz_installed(): try: subprocess.run(["prompt-security-fuzzer", "-h"], capture_output=True, check=True) return True except subprocess.CalledProcessError as e: err = e except FileNotFoundError as e: err = e # If the command fails, prompt-security-fuzzer is not installed logger.info(f"prompt-security-fuzzer is not installed: {err}") return False def run(self) -> DataPoint: rv = self.inner_step.run() self.set_status(self.inner_step.status, self.inner_step.status_message) return rv ``` Start Line: 11 End Line: 49 ------------- Details: The code uses f-strings with potentially untrusted user input, which could lead to security vulnerabilities. Affected Code Snippet: ```python wrapped_input = dict( command="prompt-security-fuzzer", command_args=f'-b {inputs["prompt_file_path"]}', env=f'OPENAI_API_KEY={inputs["openai_api_key"]}' ) ``` Start Line: 22 End Line: 26 ------------- Details: The code is missing type hints for some function parameters and return values. Affected Code Snippet: ```python def __init__(self, inputs: dict): @staticmethod def __is_ps_fuzz_installed(): def run(self) -> DataPoint: ``` Start Line: 12, 34, 46 End Line: 12, 34, 46 ------------- Details: The code potentially introduces a security vulnerability by using f-strings with untrusted user input in command arguments and environment variables. Affected Code Snippet: ```python wrapped_input = dict( command="prompt-security-fuzzer", command_args=f'-b {inputs["prompt_file_path"]}', env=f'OPENAI_API_KEY={inputs["openai_api_key"]}' ) ``` Start Line: 22 End Line: 26 ------------- ## File Changed: `patchwork/steps/__init__.py` Details: The `__init__.py` file is being updated, but new module imports are not included in the `__all__` list. Affected Code Snippet: ```python from patchwork.steps.CallCommand.CallCommand import CallCommand from patchwork.steps.ScanPSFuzz.ScanPSFuzz import ScanPSFuzz # ... (other imports) __all__ = [ "AnalyzeImpact", "CallAPI", "CallCode2Prompt", "CallCommand", "CallLLM", # ... (other items) "ReadPRs", "ScanDepscan", "ScanPSFuzz" "ScanSemgrep", # ... (remaining items) ] ``` Start Line: 4 End Line: 97 ## File Changed: `pyproject.toml` Details: The version number in the pyproject.toml file does not adhere to the versioning conventions for development versions (X.X.X.devX format). The current version "0.0.79.dev1" should be "0.0.79.dev0" to follow the correct format. Affected Code Snippet: ```toml -version = "0.0.78" +version = "0.0.79.dev1" ``` Start Line: 3 End Line: 3 ------------- ## File Changed: `pyproject.toml` Details: The version number in the pyproject.toml file does not adhere to the versioning conventions for development versions (X.X.X.devX format). The current version "0.0.79.dev1" should be "0.0.79.dev0" to follow the correct format. Affected Code Snippet: ```toml -version = "0.0.78" +version = "0.0.79.dev1" ``` Start Line: 3 End Line: 3

patched-codes / patchwork

Add CallCommand #1015

PR Checklist

PR Type

What is the current behavior?

What is the new behavior?

Other information