eric/time-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a564d430f83222dbe222c82d8d87dde86cc52545
time-tracker/AGENTS.md
Eric Taylor 595875ca07 Implement critical security fixes and enhancements 
## Security Fixes (Critical)

### 1. Settings file race condition fixed
- Added atomic write operation using temp file + os.replace()
- Prevents corruption if process crashes during settings save
- Uses proper cleanup on failure

### 2. CSV quoting protection implemented
- Added csv.QUOTE_MINIMAL to all CSV DictWriter operations
- Optimal efficiency while maintaining security
- Proper handling of special characters (quotes, commas, newlines)

### 3. Complete CSV field sanitization
- Fixed critical Date field sanitization gap
- Created specialized sanitize_date_text() preserving YYYY-MM-DD format
- All 7 CSV fields now properly sanitized before writing
- Added comprehensive input validation for user input vectors

## New Security Functions
- sanitize_csv_text(): Removes dangerous characters (=,+, -, @)
- sanitize_date_text(): Preserves date format while removing injection attempts
- sanitize_filename(): Path traversal protection
- sanitize_config_text(): JSON/configuration safety
- validate_input(): Centralized input validation with type-specific logic

## Enhanced Features
- Alternating row colors for visual time slot distinction
- Improved conflict resolution with clearer UI indicators
- Enhanced CSV error handling with line numbering

## Testing & Documentation
- Added comprehensive test suites (5 new test files)
- Created AGENTS.md development guide
- Updated TODO.md with staged improvement roadmap
- All tests passing with 100% backward compatibility

## Files Modified
- time_tracker.py: +280 lines (security functions + atomic operations)
- tests/: New security and feature test suites
- .gitignore: Updated to include documentation and tests

All critical vulnerabilities resolved while maintaining full functionality.
2025-10-29 17:23:27 -04:00

2.0 KiB
Raw Blame History

AGENTS.md - Time Tracker Development Guide

Build/Test Commands

  • Run main application: python time_tracker.py
  • Run single test: python tests/test_mark_logic.py or python tests/test_mark_billed.py
  • Clean archive data: python tests/clean_archive.py

Code Style Guidelines

Imports & Structure

  • Standard library imports first (os, json, csv, datetime, collections)
  • Third-party imports next (tkinter, ttk, messagebox, filedialog)
  • Group related imports together
  • Use absolute imports consistently

Naming Conventions

  • Classes: PascalCase (e.g., ClickableCell, TimeTracker)
  • Functions/Methods: snake_case (e.g., load_settings, update_day_total)
  • Variables: snake_case (e.g., time_cells, data_rows)
  • Constants: UPPER_SNAKE_CASE (e.g., drag_info global dict)
  • Private methods: prefix with underscore (e.g., _refresh_dropdowns)

Error Handling

  • Use try/except blocks for file operations
  • Show user-friendly messages via messagebox.showerror() or messagebox.showwarning()
  • Log errors with context but never expose sensitive data
  • Gracefully handle missing files and directories

GUI Patterns

  • Use ttk.Combobox for dropdowns with state="readonly"
  • Frame-based layout with grid/pack geometry managers
  • Bind events consistently (<Button-1>, <B1-Motion>, <ButtonRelease-1>)
  • Separate data models from UI presentation
  • Use consistent widget naming: *_var for StringVar/IntVar, *_frame for containers

Data Handling

  • CSV files use UTF-8 encoding
  • Store settings in ~/.config/time-tracker.json (UNIX-compliant)
  • Use defaultdict for pivot table operations
  • Validate user input before processing
  • Archive format: ['Job', 'TaskName', 'Note', 'Customer', 'Hours', 'Date', 'username', 'Billable', 'Billed']

Testing

  • Test files in tests/ directory with test_ prefix
  • Create sample data fixtures for consistent testing
  • Test logic separately from UI components
  • Verify both success and failure scenarios
Reference in New Issue View Git Blame Copy Permalink