Skip to content

fix(diagrams): adds ast parsing to block import and from import #1528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Oct 21, 2025
+554 −633
Merged

fix(diagrams): adds ast parsing to block import and from import #1528

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a15e74c
fix(diagrams): adds ast parsing to block `import` and `from import`
theagenticguy Oct 16, 2025
169c53e
fix: failing tests
theagenticguy Oct 16, 2025
fe9c071
Update src/aws-diagram-mcp-server/awslabs/aws_diagram_mcp_server/scan…
theagenticguy Oct 16, 2025
ffdcc93
Merge branch 'main' into fix/diagrams-imports
theagenticguy Oct 17, 2025
fd709de
Merge branch 'main' into fix/diagrams-imports
theagenticguy Oct 17, 2025
28da825
Merge branch 'main' into fix/diagrams-imports
scottschreckengaust Oct 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion src/aws-diagram-mcp-server/awslabs/aws_diagram_mcp_server/scanner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,15 @@ class CodeScanResult(BaseModel):
async def validate_syntax(code: str) -> Tuple[bool, Optional[str]]:
"""Validate Python code syntax using ast."""
try:
ast.parse(code)
tree = ast.parse(code)

# Check for import statements
for node in ast.walk(tree):
if isinstance(node, ast.Import):
return False, f'Import statements are not allowed (line {node.lineno})'
elif isinstance(node, ast.ImportFrom):
return False, f'Import statements are not allowed (line {node.lineno})'

return True, None
except SyntaxError as e:
error_msg = f'Syntax error at line {e.lineno}: {e.msg}'
Expand Down Expand Up @@ -225,6 +233,7 @@ def check_dangerous_functions(code: str) -> List[Dict[str, Any]]:
'os.popen',
'__import__',
'pickle.loads',
'spawn',
]

results = []
Expand Down
61 changes: 31 additions & 30 deletions src/aws-diagram-mcp-server/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,30 @@ name = "awslabs.aws-diagram-mcp-server"
version = "1.0.10"
description = "An MCP server that seamlessly creates diagrams using the Python diagrams package DSL"
readme = "README.md"
requires-python = ">=3.10"
requires-python = ">=3.12"
dependencies = [
"bandit>=1.8.6",
"boto3>=1.40.53",
"diagrams>=0.24.4",
"boto3>=1.37.27",
"mcp[cli]>=1.11.0",
"pydantic>=2.10.6",
"bandit>=1.7.5",
"sarif-om>=1.0.0", # Fixes GitHub issue #1041: No module named 'sarif_om'
# Security fixes for CVEs
"setuptools>=78.1.1", # Fixes CVE-2025-47273
"starlette>=0.47.2", # Fixes CVE-2025-54121
"urllib3>=2.5.0", # Fixes CVE-2025-50181, CVE-2025-50182
"mcp[cli]>=1.17.0",
"pydantic>=2.12.2",
"sarif-om>=1.0.4",
"setuptools>=80.9.0",
"starlette>=0.48.0",
"urllib3>=2.5.0",
]
license = {text = "Apache-2.0"}
license-files = ["LICENSE", "NOTICE" ]
license = { text = "Apache-2.0" }
license-files = ["LICENSE", "NOTICE"]

authors = [
{name = "Amazon Web Services"},
{name = "AWSLabs MCP", email="[email protected]"},
{ name = "Amazon Web Services" },
{ name = "AWSLabs MCP", email = "[email protected]" },
]
classifiers = [
"License :: OSI Approved :: Apache Software License",
"Operating System :: OS Independent",
"Programming Language :: Python",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
]
Expand All @@ -46,13 +43,13 @@ Changelog = "https://github.com/awslabs/mcp/blob/main/src/aws-diagram-mcp-server

[dependency-groups]
dev = [
"commitizen>=4.2.2",
"pre-commit>=4.1.0",
"ruff>=0.9.7",
"pyright>=1.1.398",
"pytest>=7.4.0",
"pytest-cov>=4.1.0",
"pytest-asyncio>=0.26.0",
"commitizen>=4.9.1",
"pre-commit>=4.2.0",
"pyright>=1.1.406",
"pytest>=8.4.2",
"pytest-asyncio>=1.2.0",
"pytest-cov>=7.0.0",
"ruff>=0.14.1",
]

[build-system]
Expand All @@ -74,7 +71,7 @@ exclude = [
"**/env",
"**/.ruff_cache",
"**/.venv",
"**/.ipynb_checkpoints"
"**/.ipynb_checkpoints",
]
force-exclude = true

Expand Down Expand Up @@ -102,7 +99,13 @@ docstring-code-format = true

[tool.pyright]
include = ["awslabs", "tests"]
exclude = ["**/__pycache__", "**/.venv", "**/node_modules", "**/dist", "**/build"]
exclude = [
"**/__pycache__",
"**/.venv",
"**/node_modules",
"**/dist",
"**/build",
]
typeCheckingMode = "basic"
reportMissingImports = false
reportUnusedExpression = false
Expand All @@ -120,7 +123,7 @@ version = "0.0.0"
tag_format = "v$version"
version_files = [
"pyproject.toml:version",
"awslabs/aws_diagram_mcp_server/__init__.py:__version__"
"awslabs/aws_diagram_mcp_server/__init__.py:__version__",
]
update_changelog_on_bump = true

Expand All @@ -130,7 +133,7 @@ packages = ["awslabs"]
[tool.bandit]
# Skip specific issues
skips = ["B102"]
exclude_dirs = ["venv","tests"]
exclude_dirs = ["venv", "tests"]

# Per-file skips
per_file_skips = { "awslabs/aws_diagram_mcp_server/diagrams.py" = ["B102"] }
Expand All @@ -139,9 +142,7 @@ per_file_skips = { "awslabs/aws_diagram_mcp_server/diagrams.py" = ["B102"] }
testpaths = "tests"
asyncio_mode = "auto"
asyncio_default_fixture_loop_scope = "function"
markers = [
"asyncio: mark a test as an asyncio coroutine",
]
markers = ["asyncio: mark a test as an asyncio coroutine"]
filterwarnings = [
"ignore::DeprecationWarning:ast",
"ignore:ast.Str is deprecated:DeprecationWarning",
Expand Down
Loading
Loading