tking/fastapi-gsap
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
fastapi-gsap/.venv/lib/python3.12/site-packages/pygments/lexers/codeql.py
Tyler J King e744336385 fix: capability enforcement, credential safety, atomic delegations, input validation 
C-6: ConnectorRuntime enforces capability_mask per operation.
     READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
     before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.

H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
     returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.

Signed-off-by: Tyler King <tking@guildhouse.dev>
2026-04-14 08:13:27 -04:00

80 lines
No EOL
2.5 KiB
Python
Raw Blame History

"""
pygments.lexers.codeql
~~~~~~~~~~~~~~~~~~~~~~
Lexer for CodeQL query language.
The grammar is originating from:
https://github.com/github/vscode-codeql/blob/main/syntaxes/README.md
:copyright: Copyright 2006-present by the Pygments team, see AUTHORS.
:license: BSD, see LICENSE for details.
"""
__all__ = ['CodeQLLexer']
import re
from pygments.lexer import RegexLexer, words
from pygments.token import Comment, Operator, Keyword, Name, String, \
Number, Punctuation, Whitespace
class CodeQLLexer(RegexLexer):
name = 'CodeQL'
aliases = ['codeql', 'ql']
filenames = ['*.ql', '*.qll']
mimetypes = []
url = 'https://github.com/github/codeql'
version_added = '2.19'
flags = re.MULTILINE | re.UNICODE
tokens = {
'root': [
# Whitespace and comments
(r'\s+', Whitespace),
(r'//.*?\n', Comment.Single),
(r'/\*', Comment.Multiline, 'multiline-comments'),
# Keywords
(words((
'module', 'import', 'class', 'extends', 'implements',
'predicate', 'select', 'where', 'from', 'as', 'and', 'or', 'not',
'in', 'if', 'then', 'else', 'exists', 'forall', 'instanceof',
'private', 'predicate', 'abstract', 'cached', 'external',
'final', 'library', 'override', 'query'
), suffix=r'\b'), Keyword.Builtin),
# Special Keywords
(words(('this'), # class related keywords
prefix=r'\b', suffix=r'\b\??:?'), Name.Builtin.Pseudo),
# Types
(words((
'boolean', 'date', 'float', 'int', 'string'
), suffix=r'\b'), Keyword.Type),
# Literals
(r'"(\\\\|\\[^\\]|[^"\\])*"', String),
(r'[0-9]+\.[0-9]+', Number.Float),
(r'[0-9]+', Number.Integer),
# Operators
(r'<=|>=|<|>|=|!=|\+|-|\*|/', Operator),
# Punctuation
(r'[.,;:\[\]{}()]+', Punctuation),
# Identifiers
(r'@[a-zA-Z_]\w*', Name.Variable), # Variables with @ prefix
(r'[A-Z][a-zA-Z0-9_]*', Name.Class), # Types and classes
(r'[a-z][a-zA-Z0-9_]*', Name.Variable), # Variables and predicates
],
'multiline-comments': [
(r'[^*/]+', Comment.Multiline),
(r'/\*', Comment.Multiline, '#push'),
(r'\*/', Comment.Multiline, '#pop'),
(r'[*/]', Comment.Multiline),
],
}
Reference in a new issue View git blame Copy permalink