use nsz package for nut and Fs

[seiya-git]

Summary by CodeRabbit

• Bug Fixes

  • Fixed an enum reference used during verification of public-data content to improve validation reliability.

• Refactor

  • Filesystem, crypto and utility implementations consolidated to a single upstream library for more consistent behavior and reduced duplication.

• Chores

  • Requirements updated to pin the upstream library and tighten dependency versions for consistent behavior and security.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

NSTools is refactored to delegate local filesystem, container, crypto, and utility implementations to nsz via wildcard re-exports; verification/import wiring and requirements updated (added git-pinned nsz) and one enum name was corrected.

Changes

Filesystem and Format Module Migration

Layer / File(s)	Summary
Filesystem foundation modules py/nstools/Fs/Type.py, py/nstools/Fs/File.py, py/nstools/Fs/BaseFs.py, py/nstools/Fs/__init__.py	Enum types, file abstractions, BaseFs, and package factory are now re-exported from nsz.Fs rather than implemented locally.
Container and archive format modules py/nstools/Fs/Nca.py, py/nstools/Fs/Nsp.py, py/nstools/Fs/Xci.py, py/nstools/Fs/Hfs0.py, py/nstools/Fs/Pfs0.py, py/nstools/Fs/Rom.py	NCA/NSP/XCI/HFS0/PFS0/ROM parsers and related classes were replaced by wildcard re-exports from nsz.Fs.
Metadata and parser modules py/nstools/Fs/Bktr.py, py/nstools/Fs/Cnmt.py, py/nstools/Fs/Ivfc.py, py/nstools/Fs/Nacp.py, py/nstools/Fs/Ticket.py	BKTR, CNMT, IVFC, NACP, and Ticket parsing/structures are now provided by nsz.Fs via re-exports.
Cryptography and utility modules py/nstools/nut/aes128.py, py/nstools/nut/Hex.py, py/nstools/nut/Keys.py, py/nstools/nut/Print.py, py/nstools/nut/Titles.py, py/nstools/nut/__init__.py	AES primitives, hex dump helpers, key management, printing, and title utilities are re-exported from nsz.nut.
Supporting scripts and verify adjustments py/requirements.txt, py/nstools/lib/Verify.py, py/nstools/lib/VerifyTools.py, py/ns_extract_hashes.py, py/ns_extract_meta.py, py/ns_verify_folder.py, py/nstools/lib/FsNcaMod.py, py/nstools/lib/FsCert.py, py/nstools/lib/FsTools.py, py/nstools/lib/PathTools.py	Added nsz as a git-pinned dependency; updated verification imports and enum usage (Type.Content.PUBLICDATA), adjusted Zstd/enlighten usage, and refactored several script import/path and minor utility changes.

Estimated code review effort:

🎯 4 (Complex) | ⏱️ ~45 minutes

"🐰
I hop through code to bind a thread,
Re-exporting homes where implementations tread,
A tiny rename, a dependency pinned,
Modules now point where upstream's grinned ✨"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main objective of the PR: migrating from local implementations to using the nsz package for nut and Fs modules.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch move-to-nsz

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@py/requirements.txt`:
- Line 1: The git dependency line for nsz
(git+https://github.com/nicoboss/nsz@c7b8d3a5617c16050966c6d9aca6a3a4b5e9f9d2)
should not be blamed for an OSV finding against requests — update
py/requirements.txt to (1) keep the nsz git URL if needed but add a short inline
note that nsz@c7b8d3a... only lists pycryptodome, zstandard, and enlighten, (2)
explicitly pin pycryptodome to a known non-vulnerable version (replace the
unpinned pycryptodome coming from nsz with pycryptodome==<safe-version> in your
requirements to override transitive unpinned use), and (3) explicitly pin
requests==<safe-version> (since its source is elsewhere) so the project’s
dependency graph is deterministically using safe releases; ensure the chosen
versions are backed by CVE/OSV fixes before committing.

🪄 Autofix (Beta)

✅ Autofix completed

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: fe05238c-6f81-4ae6-89a8-e7245460a30e

📥 Commits

Reviewing files that changed from the base of the PR and between f8e0547 and 8112e3c.

📒 Files selected for processing (24)

• py/nstools/Fs/BaseFs.py
• py/nstools/Fs/Bktr.py
• py/nstools/Fs/Cnmt.py
• py/nstools/Fs/File.py
• py/nstools/Fs/Hfs0.py
• py/nstools/Fs/Ivfc.py
• py/nstools/Fs/Nacp.py
• py/nstools/Fs/Nca.py
• py/nstools/Fs/Nsp.py
• py/nstools/Fs/Pfs0.py
• py/nstools/Fs/Rom.py
• py/nstools/Fs/Ticket.py
• py/nstools/Fs/Type.py
• py/nstools/Fs/Xci.py
• py/nstools/Fs/__init__.py
• py/nstools/__init__.py
• py/nstools/lib/Verify.py
• py/nstools/nut/Hex.py
• py/nstools/nut/Keys.py
• py/nstools/nut/Print.py
• py/nstools/nut/Titles.py
• py/nstools/nut/__init__.py
• py/nstools/nut/aes128.py
• py/requirements.txt

[coderabbitai]

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

Fixes Applied Successfully

Fixed 1 file(s) based on 1 unresolved review comment.

Files modified:

• py/requirements.txt

Commit: c9a77fb7cadfb029bf5cb756e589896c988d03a5

The changes have been pushed to the move-to-nsz branch.

Time taken: 3m 41s

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

py/ns_verify_folder.py (1)

64-80: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Path objects are treated as strings in the scan loop and will crash verification.

item is a Path, so item.lower() (Line 68) raises AttributeError, and passing item directly to Verify.parse_name() (Line 80) can raise TypeError. Keep file name/path types consistent in the loop.

Suggested fix

-    for item in sorted(list(Path(ipath).iterdir())):
-        item_path = fsPathJoin(ipath, item)
-        if not fsIsFile(item_path):
+    for item in sorted(Path(ipath).iterdir()):
+        if not item.is_file():
             continue
-        if not item.lower().endswith(('.xci', '.xcz', '.nsp', '.nsz')):
+        item_name = item.name
+        if not item_name.lower().endswith(('.xci', '.xcz', '.nsp', '.nsz')):
             continue
-        files.append(item)
+        files.append(item_name)
@@
-        item_path = fsPathJoin(ipath, item)
+        item_path = fsPathJoin(ipath, item)
@@
-        data = Verify.parse_name(item)
+        data = Verify.parse_name(item)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@py/ns_verify_folder.py` around lines 64 - 80, The loop treats Path objects as
strings which causes AttributeError/TypeError; fix by normalizing to strings
early: when iterating over Path items, extract the filename (e.g., name =
item.name or filename = str(item)) and use that for comparisons
(filename.lower().endswith(...)), for files.append(filename) and for
Verify.parse_name(filename); also ensure fsPathJoin(ipath, ...) receives the
string filename (or str(item_path)) so send_hook and Verify.parse_name get
consistent string paths/names instead of Path objects.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@py/ns_verify_folder.py`:
- Around line 49-52: The webhook POST using req_post(WHOOK_URL,
data=json_dumps(payload), headers=headers) currently has no timeout and uses a
bare except that swallows errors; update the call to include a sensible timeout
(e.g., timeout=5) and replace the bare except with explicit exception handling
for requests.exceptions.RequestException (and optionally
requests.exceptions.Timeout) around the req_post/response.raise_for_status
calls, then log or surface the exception instead of silently passing so failures
are visible (refer to req_post, WHOOK_URL, payload, and
response.raise_for_status to locate the code).

---

Outside diff comments:
In `@py/ns_verify_folder.py`:
- Around line 64-80: The loop treats Path objects as strings which causes
AttributeError/TypeError; fix by normalizing to strings early: when iterating
over Path items, extract the filename (e.g., name = item.name or filename =
str(item)) and use that for comparisons (filename.lower().endswith(...)), for
files.append(filename) and for Verify.parse_name(filename); also ensure
fsPathJoin(ipath, ...) receives the string filename (or str(item_path)) so
send_hook and Verify.parse_name get consistent string paths/names instead of
Path objects.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 5aa61aa8-21b5-41df-9eed-c70710ff0d20

📥 Commits

Reviewing files that changed from the base of the PR and between 4d5b474 and 9a5eaf6.

📒 Files selected for processing (11)

• py/ns_extract_hashes.py
• py/ns_extract_meta.py
• py/ns_verify_folder.py
• py/nstools/lib/BlockDecompressorReader.py
• py/nstools/lib/FsCert.py
• py/nstools/lib/FsNcaMod.py
• py/nstools/lib/FsTools.py
• py/nstools/lib/Header.py
• py/nstools/lib/PathTools.py
• py/nstools/lib/Verify.py
• py/nstools/lib/VerifyTools.py

💤 Files with no reviewable changes (3)

• py/nstools/lib/Header.py
• py/nstools/lib/BlockDecompressorReader.py
• py/nstools/lib/PathTools.py

✅ Files skipped from review due to trivial changes (3)

• py/ns_extract_meta.py
• py/nstools/lib/FsTools.py
• py/nstools/lib/FsCert.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Webhook post should have a timeout and explicit exception handling.

The request can hang indefinitely without a timeout, and bare except hides transport/HTTP failures.

Suggested fix

+from requests import RequestException
@@
-        response = req_post(WHOOK_URL, data=json_dumps(payload), headers=headers)
+        response = req_post(WHOOK_URL, data=json_dumps(payload), headers=headers, timeout=10)
         response.raise_for_status()
-    except:
-        pass
+    except RequestException:
+        pass

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	response = req_post(WHOOK_URL, data=json_dumps(payload), headers=headers)
	response.raise_for_status()
	except:
	pass
	response = req_post(WHOOK_URL, data=json_dumps(payload), headers=headers, timeout=10)
	response.raise_for_status()
	except RequestException:
	pass

🧰 Tools

🪛 Ruff (0.15.15)

[error] 49-49: Probable use of requests call without timeout

(S113)

---

[error] 51-51: Do not use bare except

(E722)

---

[error] 51-52: try-except-pass detected, consider logging the exception

(S110)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@py/ns_verify_folder.py` around lines 49 - 52, The webhook POST using
req_post(WHOOK_URL, data=json_dumps(payload), headers=headers) currently has no
timeout and uses a bare except that swallows errors; update the call to include
a sensible timeout (e.g., timeout=5) and replace the bare except with explicit
exception handling for requests.exceptions.RequestException (and optionally
requests.exceptions.Timeout) around the req_post/response.raise_for_status
calls, then log or surface the exception instead of silently passing so failures
are visible (refer to req_post, WHOOK_URL, payload, and
response.raise_for_status to locate the code).

Source: Linters/SAST tools