add new tools

[CTY-git]

PR Checklist

• The commit message follows our guidelines: Code of conduct
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)
• Does this PR introduce a breaking change?
• Include PR in release notes?

PR Type

• Bugfix
• Feature
• Refactoring
• Build /CI
• Documentation
• Others

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

[patched-admin]

File Changed: patchwork/common/tools/__init__.py

Rule 2: Do not overlook possible security vulnerabilities

Details: Potential security consideration - The addition of FileViewTool, FindTool, and FindTextTool could introduce filesystem access vulnerabilities if not properly secured. While not a direct violation, implementers should ensure these tools have proper access controls and input validation.

Affected Code Snippet:

from patchwork.common.tools.code_edit_tools import CodeEditTool, FileViewTool
from patchwork.common.tools.grep_tool import FindTextTool, FindTool

Start Line: 2

End Line: 3

File Changed: patchwork/common/tools/bash_tool.py

Rule 1: Do not ignore potential bugs in the code

Details: Potential bug identified in parameter signature change. The removal of *args and **kwargs could break existing code that relies on passing additional arguments to the execute method. This is a backward compatibility breaking change that should be carefully considered.

Affected Code Snippet:

def execute(
    self,
    command: Optional[str] = None,
) -> str:

Start Line: 37
End Line: 41

---

Rule 2: Do not overlook possible security vulnerabilities

Details: The command parameter of type Optional[str] could potentially allow for command injection if not properly sanitized before execution. While this is not a new vulnerability (as it existed in the original code), the type annotation change makes it more explicit that the method accepts string input that could be dangerous if not properly validated.

Affected Code Snippet:

def execute(
    self,
    command: Optional[str] = None,
) -> str:

Start Line: 37
End Line: 41

File Changed: patchwork/common/tools/code_edit_tools.py

Rule 1: Do not ignore potential bugs in the code

Details: There is a potential bug in the execute method of CodeEditTool where self.modified_files.update({abs_path}) is executed unconditionally after the try-except block, even if the command fails.

Affected Code Snippet:

def execute(
    self,
    command: Optional[Literal["create", "str_replace", "insert"]] = None,
    file_text: str = "",
    insert_line: Optional[int] = None,
    new_str: str = "",
    old_str: Optional[str] = None,
    path: Optional[str] = None,
) -> str:
    try:
        # ... execution code ...
    except Exception as e:
        return f"Error: {str(e)}"

    self.modified_files.update({abs_path})  # Bug: Updates even on failure
    return result

Start Line: 144
End Line: 174

Details: Another potential bug exists in the FileViewTool where the view_range validation is missing. If users provide invalid indices, it could lead to IndexError.

Affected Code Snippet:

if view_range:
    lines = content.splitlines()
    start, end = view_range
    content = "\n".join(lines[start - 1 : end])  # No bounds checking

Start Line: 61
End Line: 64

Rule 2: Do not overlook possible security vulnerabilities

Details: A security vulnerability exists in both tools where file content is read without size limits before truncation, potentially leading to memory exhaustion attacks.

Affected Code Snippet:

with open(abs_path, "r") as f:
    content = f.read()  # Reads entire file into memory

if len(content) > self.__VIEW_LIMIT:
    content = content[: self.__VIEW_LIMIT] + self.__TRUNCATION_TOKEN

Start Line: 57
End Line: 60

File Changed: patchwork/common/tools/grep_tool.py

Rule 1: Do not ignore potential bugs in the code

Details: Several potential bugs identified:

1. No error handling for file read operations which could fail
2. Memory issues with reading entire file at once using readlines()
3. No validation of depth parameter being non-negative in FindTool

Affected Code Snippet:

with path.open("r") as f:
    for i, line in enumerate(f.readlines()):
        if not matcher(line, pattern):
            continue

Start Line: 173
End Line: 176

---

Rule 2: Do not overlook possible security vulnerabilities

Details: Several security concerns identified:

1. Path traversal vulnerability in FindTool and FindTextTool
2. Potential memory exhaustion from unlimited file size reading
3. No restrictions on file types that can be read

Affected Code Snippet:

path = Path(path).resolve()
if not path.is_relative_to(self.__working_dir):
    raise ValueError("Path must be relative to working dir")

Start Line: 167
End Line: 169

File Changed: patchwork/common/tools/tool.py

Rule 1: Do not ignore potential bugs in the code

Details: Potential bug detected in type annotation change from "ToolProtocol" to "Tool". This change might break existing code that relies on the protocol interface, as it makes the type annotation more restrictive. The "ToolProtocol" might have been designed to allow for broader interface compatibility.

Affected Code Snippet:

@staticmethod
-    def get_description(tooling: "ToolProtocol") -> str:
+    def get_description(tooling: "Tool") -> str:
        return tooling.json_schema.get("description", "")

@staticmethod
-    def get_parameters(tooling: "ToolProtocol") -> str:
+    def get_parameters(tooling: "Tool") -> str:
        return ", ".join(tooling.json_schema.get("required", []))

Start Line: 39
End Line: 45