MCPcopy
hub / github.com/openai/plugins / require_scope

Function require_scope

plugins/codex-security/scripts/workbench_db.py:1095–1116  ·  view source on GitHub ↗
(scope: str, mode: str, target: Path)

Source from the content-addressed store, hash-verified

1093
1094
1095def require_scope(scope: str, mode: str, target: Path) -> str:
1096 value = scope.strip() or "."
1097 if "\\" in value:
1098 raise SystemExit("Scan scope must use repository-relative POSIX paths.")
1099 parsed = PurePosixPath(value)
1100 if ".." in parsed.parts:
1101 raise SystemExit("Scan scope must stay inside the scanned target.")
1102 try:
1103 resolved_scope = (
1104 Path(parsed.as_posix()).resolve()
1105 if parsed.is_absolute()
1106 else (target / parsed.as_posix()).resolve()
1107 )
1108 relative_scope = resolved_scope.relative_to(target)
1109 except (RuntimeError, ValueError) as exc:
1110 raise SystemExit("Scan scope must stay inside the scanned target.") from exc
1111 normalized = relative_scope.as_posix() or "."
1112 if mode == "deep" and normalized != ".":
1113 raise SystemExit("Deep Scan is repository-wide and cannot use a scoped path.")
1114 if not resolved_scope.is_dir():
1115 raise SystemExit("Scan scope must reference an existing directory inside the target.")
1116 return normalized
1117
1118
1119def require_workspace(connection: sqlite3.Connection, workspace_id: str) -> sqlite3.Row:

Callers 2

inspect_setup_valuesFunction · 0.85
start_scanFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected