Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions src/agent_sync/publish/external_source.py
Original file line number Diff line number Diff line change
Expand Up @@ -199,12 +199,14 @@ def _find_skills_in_repo(cache_path: Path, source: SourceConfig) -> list[SkillSo

def _is_valid_skill_name(name: str) -> bool:
"""Check if skill name is valid.

Valid: lowercase, numbers, hyphens. No leading/trailing/consecutive hyphens.
"""
import re

# Match: starts with letter, then letters/numbers/hyphens, ends with letter/number
pattern = r'^[a-z][a-z0-9]*(-[a-z0-9]+)*$'
# Use \Z to prevent newline injection
pattern = r"^[a-z][a-z0-9]*(-[a-z0-9]+)*\Z"
return bool(re.match(pattern, name))


Expand Down
17 changes: 6 additions & 11 deletions src/agent_sync/publish/git_publish.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,19 +30,14 @@

def _ignore_func(*patterns):
"""Create a callable that returns a list of filenames to ignore."""
import fnmatch

def _ignore(path, names):
ignored = []
for name in names:
for pattern in patterns:
if pattern.startswith('*.'):
if name.endswith(pattern[1:]):
ignored.append(name)
break
elif pattern.startswith('.'):
if name == pattern or name.startswith(pattern.rstrip('/') + '/'):
ignored.append(name)
break
return ignored
for pattern in patterns:
ignored.extend(fnmatch.filter(names, pattern))
return set(ignored)

return _ignore
Comment on lines +33 to 41

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Instead of manually implementing the pattern filtering logic using fnmatch.filter and returning a custom callable, you can directly leverage the standard library's shutil.ignore_patterns function. This simplifies the code, improves maintainability, and avoids redundant implementation of standard library features.

Suggested change
import fnmatch
def _ignore(path, names):
ignored = []
for name in names:
for pattern in patterns:
if pattern.startswith('*.'):
if name.endswith(pattern[1:]):
ignored.append(name)
break
elif pattern.startswith('.'):
if name == pattern or name.startswith(pattern.rstrip('/') + '/'):
ignored.append(name)
break
return ignored
for pattern in patterns:
ignored.extend(fnmatch.filter(names, pattern))
return set(ignored)
return _ignore
return shutil.ignore_patterns(*patterns)


from rich.console import Console
Expand Down
6 changes: 4 additions & 2 deletions src/agent_sync/publish/local_source.py
Original file line number Diff line number Diff line change
Expand Up @@ -82,12 +82,14 @@ def _create_skill_source(path: Path) -> SkillSource | None:

def _is_valid_skill_name(name: str) -> bool:
"""Check if skill name is valid.

Valid: lowercase, numbers, hyphens. No leading/trailing/consecutive hyphens.
"""
import re

# Match: starts with letter, then letters/numbers/hyphens, ends with letter/number
pattern = r'^[a-z][a-z0-9]*(-[a-z0-9]+)*$'
# Use \Z to prevent newline injection
pattern = r"^[a-z][a-z0-9]*(-[a-z0-9]+)*\Z"
return bool(re.match(pattern, name))


Expand Down
26 changes: 26 additions & 0 deletions tests/test_skill_validation_sentinel.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@

import unittest
import sys
import os

# Add src to sys.path
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'src')))

from agent_sync.publish.local_source import _is_valid_skill_name as local_val
from agent_sync.publish.external_source import _is_valid_skill_name as external_val

class TestSkillValidationSentinel(unittest.TestCase):
def test_newline_injection_local(self):
self.assertTrue(local_val("valid-skill-123"))
self.assertFalse(local_val("invalid-skill\n"))
self.assertFalse(local_val("invalid\nskill"))
self.assertFalse(local_val("\ninvalid"))

def test_newline_injection_external(self):
self.assertTrue(external_val("valid-skill-123"))
self.assertFalse(external_val("invalid-skill\n"))
self.assertFalse(external_val("invalid\nskill"))
self.assertFalse(external_val("\ninvalid"))

if __name__ == '__main__':
unittest.main()
Loading