e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
43 lines
1,008 B
Python
43 lines
1,008 B
Python
"""
|
|
pygments.modeline
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
A simple modeline parser (based on pymodeline).
|
|
|
|
:copyright: Copyright 2006-present by the Pygments team, see AUTHORS.
|
|
:license: BSD, see LICENSE for details.
|
|
"""
|
|
|
|
import re
|
|
|
|
__all__ = ['get_filetype_from_buffer']
|
|
|
|
|
|
modeline_re = re.compile(r'''
|
|
(?: vi | vim | ex ) (?: [<=>]? \d* )? :
|
|
.* (?: ft | filetype | syn | syntax ) = ( [^:\s]+ )
|
|
''', re.VERBOSE)
|
|
|
|
|
|
def get_filetype_from_line(l): # noqa: E741
|
|
m = modeline_re.search(l)
|
|
if m:
|
|
return m.group(1)
|
|
|
|
|
|
def get_filetype_from_buffer(buf, max_lines=5):
|
|
"""
|
|
Scan the buffer for modelines and return filetype if one is found.
|
|
"""
|
|
lines = buf.splitlines()
|
|
for line in lines[-1:-max_lines-1:-1]:
|
|
ret = get_filetype_from_line(line)
|
|
if ret:
|
|
return ret
|
|
for i in range(max_lines, -1, -1):
|
|
if i < len(lines):
|
|
ret = get_filetype_from_line(lines[i])
|
|
if ret:
|
|
return ret
|
|
|
|
return None
|