Version 1.5.7 - See changelog for updates.

Author: jscott3201

CHANGELOG.md

@@ -5,6 +5,75 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.5.7] - 2026-02-24
+
+### Fixed
+
+- **Client decode bugs**: Fixed five methods in `app/client.py` that performed
+  `isinstance` checks on raw application-tagged bytes without first calling
+  `decode_and_unwrap()` or `decode_all_application_values()`:
+  `_traverse_hierarchy_recursive`, `discover_extended` enrichment,
+  `_discover_device_oid`, `_poll_backup_restore_state`, and `backup_device`
+  config file decoding. These could cause silent data misinterpretation or
+  `TypeError` at runtime.
+- **WritePropertyMultiple server decode**: `handle_write_property_multiple` in
+  `app/server.py` now calls `decode_and_unwrap()` on property values before
+  writing, matching the pattern used elsewhere.
+- **Segmentation double-counting**: `SegmentationManager._total_bytes` no longer
+  double-counts when a duplicate segment is received, which could cause
+  premature reassembly completion.
+- **Audit log query unbound variable**: `AuditLogQueryByTargetACK.decode()` and
+  `AuditLogQueryBySourceACK.decode()` in `services/audit.py` now initialize
+  `inner_end` before the while loop, fixing an `UnboundLocalError` on empty
+  inner sequences.
+- **`extract_context_value()` closing tag validation**: The function now verifies
+  that the closing tag number matches the expected opening tag number, raising
+  `ValueError` on mismatch instead of silently accepting malformed packets.
+- **TSM falsy-value bug**: Three places in `app/tsm.py` used `x or default`
+  which incorrectly replaced valid falsy values (e.g., `0`, `0.0`) with
+  defaults. Changed to explicit `if x is not None` checks.
+- **Schedule engine midnight race**: `ScheduleEngine._evaluate_all` now reads
+  `datetime.now()` once per evaluation instead of calling `date.today()` and
+  `datetime.now().time()` separately, preventing a rare midnight-crossing
+  inconsistency.
+
+### Changed
+
+- **`LifeSafetyOperationRequest.decode` tag class check**: Added explicit
+  `TagClass.CONTEXT` validation before decoding context tag 0, raising
+  `ValueError` with a clear message if an application tag is encountered.
+- **Decode assertions → ValueError**: Replaced 10 bare `assert` statements in
+  `services/alarm_summary.py` and `services/event_notification.py` decode paths
+  with `raise ValueError(...)`, ensuring decode errors are never silenced by
+  `-O` optimization.
+- **VT session hardening**: Added source-address validation on
+  `VT-Close` / `VT-Data` requests and a 64-session cap to prevent resource
+  exhaustion via unbounded VT session creation.
+- **Routing table cap**: `RoutingTable.update_route` now enforces a 2048-entry
+  limit, rejecting new entries when the table is full to prevent memory
+  exhaustion from malicious route advertisements.
+- **Address decode bounds checks**: `BIPAddress.decode` and `BIP6Address.decode`
+  now validate minimum buffer lengths (6 and 18 bytes respectively) before
+  parsing, raising `ValueError` instead of producing truncated addresses.
+- **BIBB conformance public API**: `ServiceRegistry` now exposes
+  `has_confirmed_handler()` and `has_unconfirmed_handler()` methods;
+  `conformance/bibb.py` uses these instead of accessing private `_confirmed` /
+  `_unconfirmed` dictionaries.
+
+### Removed
+
+- **Dead code**: Removed unused `_min_unsigned_bytes()` from
+  `encoding/primitives.py`, superseded `_MAX_SEGMENTS_DECODE` /
+  `_MAX_APDU_DECODE` dicts from `encoding/apdu.py`, and 84-line
+  `encode_npdu_with_source()` from `network/npdu.py`.
+- **Redundant branches**: Eliminated no-op ternary and identical if/else
+  branches in `app/event_engine.py`, and a redundant conditional in
+  `segmentation/manager.py` `handle_segment_ack`.
+- **Unused loggers**: Removed 8 unused `_logger` definitions and their
+  `import logging` statements from service modules (`alarm_summary`,
+  `object_mgmt`, `cov`, `virtual_terminal`, `read_property_multiple`,
+  `write_property_multiple`, `write_group`, `audit`).
+
 ## [1.5.6] - 2026-02-23
 
 ### Fixed

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "bac-py"
-version = "1.5.6"
+version = "1.5.7"
 description = "Asynchronous BACnet protocol library for Python — BACnet/IP, IPv6, Ethernet, and Secure Connect"
 readme = "README.md"
 requires-python = ">=3.13"

src/bac_py/__init__.py

@@ -8,7 +8,7 @@
         value = await client.read("192.168.1.100", "ai,1", "pv")
 """
 
-__version__ = "1.5.6"
+__version__ = "1.5.7"
 
 from bac_py.app.application import (
     BACnetApplication,

src/bac_py/app/client.py

@@ -1254,7 +1254,9 @@ async def _enrich_device(dev: DiscoveredDevice) -> DiscoveredDevice:
                         if elem.property_access_error is not None:
                             continue
                         pid = elem.property_identifier
-                        val = elem.property_value
+                        val = (
+                            decode_and_unwrap(elem.property_value) if elem.property_value else None
+                        )
                         if pid == PropertyIdentifier.PROFILE_NAME:
                             profile_name = val if isinstance(val, str) else None
                         elif pid == PropertyIdentifier.PROFILE_LOCATION:
@@ -1337,13 +1339,13 @@ async def _traverse_hierarchy_recursive(
                 PropertyIdentifier.SUBORDINATE_LIST,
                 timeout=timeout,
             )
-            subordinates = ack.property_value
-            if not isinstance(subordinates, list):
+            raw_subordinates = decode_all_application_values(ack.property_value)
+            if not isinstance(raw_subordinates, list):
                 return
         except (BACnetError, BACnetTimeoutError, TimeoutError):
             return
 
-        for sub in subordinates:
+        for sub in raw_subordinates:
             if isinstance(sub, ObjectIdentifier):
                 result.append(sub)
                 if sub.object_type == ObjectType.STRUCTURED_VIEW:
@@ -2780,12 +2782,13 @@ async def backup_device(
             timeout=timeout,
         )
         config_file_ids: list[ObjectIdentifier] = []
-        if isinstance(ack.property_value, list):
-            for v in ack.property_value:
+        decoded_files = decode_all_application_values(ack.property_value)
+        if isinstance(decoded_files, list):
+            for v in decoded_files:
                 if isinstance(v, ObjectIdentifier):
                     config_file_ids.append(v)
-        elif isinstance(ack.property_value, ObjectIdentifier):
-            config_file_ids.append(ack.property_value)
+        elif isinstance(decoded_files, ObjectIdentifier):
+            config_file_ids.append(decoded_files)
 
         # Step 4: Download each file
         file_contents: list[tuple[ObjectIdentifier, bytes]] = []
@@ -2881,8 +2884,9 @@ async def _discover_device_oid(
             PropertyIdentifier.OBJECT_IDENTIFIER,
             timeout=timeout,
         )
-        if isinstance(ack.property_value, ObjectIdentifier):
-            return ack.property_value
+        decoded = decode_and_unwrap(ack.property_value)
+        if isinstance(decoded, ObjectIdentifier):
+            return decoded
         return ObjectIdentifier(ObjectType.DEVICE, 4194303)
 
     async def _poll_backup_restore_state(
@@ -2892,21 +2896,28 @@ async def _poll_backup_restore_state(
         target_states: tuple[BackupAndRestoreState, ...],
         poll_interval: float = 1.0,
         timeout: float | None = None,
+        overall_timeout: float = 300.0,
     ) -> BackupAndRestoreState:
         """Poll BACKUP_AND_RESTORE_STATE until it reaches a target state."""
+        deadline = asyncio.get_event_loop().time() + overall_timeout
         while True:
             ack = await self.read_property(
                 address,
                 device_oid,
                 PropertyIdentifier.BACKUP_AND_RESTORE_STATE,
                 timeout=timeout,
             )
-            raw_state = ack.property_value
-            if isinstance(raw_state, int):
-                state = BackupAndRestoreState(raw_state)
+            decoded_state = decode_and_unwrap(ack.property_value)
+            if isinstance(decoded_state, int):
+                state = BackupAndRestoreState(decoded_state)
                 if state in target_states:
                     return state
-            await asyncio.sleep(poll_interval)
+            remaining = deadline - asyncio.get_event_loop().time()
+            if remaining <= 0:
+                from bac_py.services.errors import BACnetTimeoutError
+
+                raise BACnetTimeoutError("Timed out waiting for backup/restore state")
+            await asyncio.sleep(min(poll_interval, remaining))
 
     async def _download_file(
         self,

src/bac_py/app/event_engine.py

@@ -824,11 +824,7 @@ def _evaluate_intrinsic(self, obj: BACnetObject, now: float) -> None:
         reliability = obj._properties.get(
             PropertyIdentifier.RELIABILITY, Reliability.NO_FAULT_DETECTED
         )
-        fault_result = (
-            reliability
-            if reliability != Reliability.NO_FAULT_DETECTED
-            else Reliability.NO_FAULT_DETECTED
-        )
+        fault_result = reliability
 
         # Check Reliability_Evaluation_Inhibit (Clause 13.2.2, p.638)
         rel_inhibit = obj._properties.get(PropertyIdentifier.RELIABILITY_EVALUATION_INHIBIT)
@@ -931,14 +927,11 @@ def _run_intrinsic_algorithm(
             life_safety_alarm_values = obj._properties.get(
                 PropertyIdentifier.LIFE_SAFETY_ALARM_VALUES, ()
             )
-            if not isinstance(alarm_values, tuple):
-                alarm_values = tuple(int(v) for v in alarm_values)
-            else:
-                alarm_values = tuple(int(v) for v in alarm_values)
-            if not isinstance(life_safety_alarm_values, tuple):
-                life_safety_alarm_values = tuple(int(v) for v in life_safety_alarm_values)
-            else:
-                life_safety_alarm_values = tuple(int(v) for v in life_safety_alarm_values)
+            alarm_values = tuple(int(v) for v in alarm_values)
+            life_safety_alarm_values = obj._properties.get(
+                PropertyIdentifier.LIFE_SAFETY_ALARM_VALUES, ()
+            )
+            life_safety_alarm_values = tuple(int(v) for v in life_safety_alarm_values)
             return evaluate_change_of_life_safety(
                 tracking_value, int(mode), alarm_values, life_safety_alarm_values
             )

src/bac_py/app/schedule_engine.py

@@ -96,8 +96,9 @@ async def _run_loop(self) -> None:
     def _evaluate_cycle(self) -> None:
         """Run one evaluation cycle."""
         db = self._app.object_db
-        today = datetime.date.today()
-        now = datetime.datetime.now().time()
+        _now = datetime.datetime.now()
+        today = _now.date()
+        now = _now.time()
 
         # 1. Evaluate all Calendar objects
         for cal_obj in db.get_objects_of_type(ObjectType.CALENDAR):

src/bac_py/app/server.py

@@ -915,9 +915,13 @@ async def handle_write_property_multiple(
         # Pass 2: Apply all writes
         for obj, properties in validated:
             for pv in properties:
+                try:
+                    write_value = decode_and_unwrap(pv.value)
+                except (ValueError, IndexError):
+                    raise BACnetError(ErrorClass.PROPERTY, ErrorCode.INVALID_DATA_TYPE) from None
                 await obj.async_write_property(
                     pv.property_identifier,
-                    pv.value,
+                    write_value,
                     pv.priority,
                     pv.property_array_index,
                 )
@@ -2071,11 +2075,16 @@ async def handle_vt_open(
             raise BACnetError(ErrorClass.VT, ErrorCode.UNKNOWN_VT_CLASS)
 
         # Allocate a session — use a simple counter on the app
+        sessions: dict[int, dict[str, Any]] = getattr(self._app, "_vt_sessions", {})
+        max_vt_sessions = 64
+        if len(sessions) >= max_vt_sessions:
+            logger.warning("vt_open: session limit (%d) reached from %s", max_vt_sessions, source)
+            raise BACnetError(ErrorClass.RESOURCES, ErrorCode.NO_VT_SESSIONS_AVAILABLE)
+
         session_counter = getattr(self._app, "_vt_session_counter", 0) + 1
         self._app._vt_session_counter = session_counter  # type: ignore[attr-defined]
 
         # Store session mapping
-        sessions = getattr(self._app, "_vt_sessions", {})
         sessions[session_counter] = {
             "source": source,
             "vt_class": request.vt_class,
@@ -2103,6 +2112,9 @@ async def handle_vt_close(
             if session_id not in sessions:
                 logger.warning("vt_close: unknown VT session %s from %s", session_id, source)
                 raise BACnetError(ErrorClass.VT, ErrorCode.UNKNOWN_VT_SESSION)
+            if sessions[session_id]["source"] != source:
+                logger.warning("vt_close: session %s not owned by %s", session_id, source)
+                raise BACnetError(ErrorClass.VT, ErrorCode.UNKNOWN_VT_SESSION)
             del sessions[session_id]
         logger.info(
             "VT-Close from %s: sessions=%s",
@@ -2124,13 +2136,21 @@ async def handle_vt_data(
         """
         request = VTDataRequest.decode(data)
         sessions = getattr(self._app, "_vt_sessions", {})
-        if request.vt_session_identifier not in sessions:
+        session = sessions.get(request.vt_session_identifier)
+        if session is None:
             logger.warning(
                 "vt_data: unknown VT session %d from %s",
                 request.vt_session_identifier,
                 source,
             )
             raise BACnetError(ErrorClass.VT, ErrorCode.UNKNOWN_VT_SESSION)
+        if session["source"] != source:
+            logger.warning(
+                "vt_data: session %d not owned by %s",
+                request.vt_session_identifier,
+                source,
+            )
+            raise BACnetError(ErrorClass.VT, ErrorCode.UNKNOWN_VT_SESSION)
         logger.debug(
             "VT-Data from %s: session=%d, %d bytes, flag=%s",
             source,

src/bac_py/app/tsm.py

@@ -150,7 +150,9 @@ async def send_request(
         :raises BACnetAbortError: On Abort-PDU response.
         :raises BACnetTimeoutError: On timeout after all retries.
         """
-        effective_max_apdu = max_apdu_override or self._max_apdu_length
+        effective_max_apdu = (
+            max_apdu_override if max_apdu_override is not None else self._max_apdu_length
+        )
         loop = self._loop
         if loop is None:
             loop = self._loop = asyncio.get_running_loop()
@@ -366,7 +368,7 @@ def _send_confirmed_request(
         self, txn: ClientTransaction, effective_max_apdu: int | None = None
     ) -> None:
         """Encode and send a non-segmented confirmed request APDU."""
-        max_apdu = effective_max_apdu or self._max_apdu_length
+        max_apdu = effective_max_apdu if effective_max_apdu is not None else self._max_apdu_length
         pdu = ConfirmedRequestPDU(
             segmented=False,
             more_follows=False,
@@ -388,7 +390,7 @@ def _send_segmented_request(
         self, txn: ClientTransaction, effective_max_apdu: int | None = None
     ) -> None:
         """Begin sending a segmented request."""
-        max_apdu = effective_max_apdu or self._max_apdu_length
+        max_apdu = effective_max_apdu if effective_max_apdu is not None else self._max_apdu_length
         try:
             sender = SegmentSender.create(
                 payload=txn.request_data,

src/bac_py/conformance/bibb.py

@@ -362,5 +362,7 @@ def _is_supported(self, bibb: BIBBDefinition) -> bool:
 
         # B-role: check server handlers
         return all(
-            svc.value in self._registry._confirmed for svc in bibb.confirmed_services
-        ) and all(svc.value in self._registry._unconfirmed for svc in bibb.unconfirmed_services)
+            self._registry.has_confirmed_handler(svc.value) for svc in bibb.confirmed_services
+        ) and all(
+            self._registry.has_unconfirmed_handler(svc.value) for svc in bibb.unconfirmed_services
+        )

src/bac_py/encoding/apdu.py

@@ -28,17 +28,6 @@
 _MAX_SEGMENTS_UNSPECIFIED = 0  # B'000'
 _MAX_SEGMENTS_OVER_64 = 7  # B'111'
 
-_MAX_SEGMENTS_DECODE: dict[int, int | None] = {
-    0: None,  # Unspecified
-    1: 2,
-    2: 4,
-    3: 8,
-    4: 16,
-    5: 32,
-    6: 64,
-    7: None,  # Greater than 64 (also treated as unlimited)
-}
-
 # Fast tuple lookup for decode (indexed 0-7)
 _MAX_SEGMENTS_DECODE_TUPLE: tuple[int | None, ...] = (None, 2, 4, 8, 16, 32, 64, None)
 
@@ -52,15 +41,6 @@
     1476: 5,
 }
 
-_MAX_APDU_DECODE: dict[int, int] = {
-    0: 50,
-    1: 128,
-    2: 206,
-    3: 480,
-    4: 1024,
-    5: 1476,
-}
-
 # Fast tuple lookup for decode (indexed 0-5, default 1476 for 6+)
 _MAX_APDU_DECODE_TUPLE: tuple[int, ...] = (50, 128, 206, 480, 1024, 1476)