config-audit/tests/scanners/hook-validator.test.mjs
Kjell Tore Guttormsen d2c45a3bb8 feat(hooks): additionalContext injection advisory + filter-before lever (v5.10 B5) [skip-docs]
HKV now flags hooks that build hookSpecificOutput.additionalContext from
un-grepped command output as an INFO advisory (weight 0, never severity-bearing
— excluded from the self-audit nonInfo set). That field enters Claude's context
every time the hook fires (plain stdout on exit 0 does not), so an unfiltered
payload is a recurring per-turn token cost.

- New lib scanners/lib/hook-additional-context.mjs: pure assessHookAdditionalContext
  (unit-tested, no IO) + IO wrapper assessHookContextForRepo (walk hooks->scripts).
  Heuristic: additionalContext + verbose-prone capture (cat/git log/execSync/…) &&
  no filter (grep/head/jq/.slice). Deliberately low precision -> advisory only.
- HKV: emits the advisory inline on scripts it already reads (after the M5 verbose
  check). Additive, info severity -> frozen v5.0.0 + SC-5 snapshots untouched.
- feature-gap: new filterHookLeverFinding companion, fires ONLY when >=1 chatty
  hook is detected — surfaces the filter-before-Claude-reads lever (CC
  filter-test-output.sh). Silent otherwise (opportunity, not noise).
- docs: README HKV + GAP scanner rows; scanner-internals.md HKV row + full B5
  implementation note. CLAUDE.md kept lean ([skip-docs]); B5 fully documented in
  README + scanner-internals.

Mechanism verified 2026-06-23 against code.claude.com/docs context-window.md
(additionalContext enters context; plain stdout does not). Suite 1239 -> 1254 green.
Version/badges/CHANGELOG wait for the v5.10 release cut.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 20:28:33 +02:00

290 lines
12 KiB
JavaScript

import { describe, it, beforeEach, afterEach } from 'node:test';
import assert from 'node:assert/strict';
import { resolve, join } from 'node:path';
import { fileURLToPath } from 'node:url';
import { mkdtemp, mkdir, writeFile, rm } from 'node:fs/promises';
import { tmpdir } from 'node:os';
import { resetCounter } from '../../scanners/lib/output.mjs';
import { discoverConfigFiles } from '../../scanners/lib/file-discovery.mjs';
import { scan } from '../../scanners/hook-validator.mjs';
const __dirname = fileURLToPath(new URL('.', import.meta.url));
const FIXTURES = resolve(__dirname, '../fixtures');
describe('HKV scanner — healthy project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'healthy-project'));
result = await scan(resolve(FIXTURES, 'healthy-project'), discovery);
});
it('returns status ok', () => {
assert.strictEqual(result.status, 'ok');
});
it('has scanner prefix HKV', () => {
assert.strictEqual(result.scanner, 'HKV');
});
it('finds no critical or high issues', () => {
const serious = result.findings.filter(f => f.severity === 'critical' || f.severity === 'high');
assert.strictEqual(serious.length, 0, `Found: ${serious.map(f => f.title).join(', ')}`);
});
it('all finding IDs match CA-HKV-NNN', () => {
for (const f of result.findings) {
assert.match(f.id, /^CA-HKV-\d{3}$/);
}
});
});
describe('HKV scanner — broken project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'broken-project'));
result = await scan(resolve(FIXTURES, 'broken-project'), discovery);
});
it('detects unknown hook event', () => {
// CA-HKV-001 in broken-project, evidence='InvalidEvent'.
const found = result.findings.some(f => f.scanner === 'HKV' && /InvalidEvent/.test(f.evidence || ''));
assert.ok(found, 'Should detect InvalidEvent');
});
it('detects object matcher (should be string)', () => {
// CA-HKV-002 in broken-project, evidence contains the object matcher snippet.
const found = result.findings.some(f => f.scanner === 'HKV' && f.id === 'CA-HKV-002');
assert.ok(found, 'Should detect nested object matcher');
});
it('detects invalid handler type', () => {
// CA-HKV-003 in broken-project, evidence='type: "invalid_type"'.
const found = result.findings.some(f => f.scanner === 'HKV' && /invalid_type/.test(f.evidence || ''));
assert.ok(found, 'Should detect invalid_type');
});
it('detects timeout below minimum', () => {
// CA-HKV-004 in broken-project, evidence='timeout: 500'.
const found = result.findings.some(f => f.scanner === 'HKV' && /timeout:\s*500/.test(f.evidence || ''));
assert.ok(found, 'Should detect timeout of 500ms');
});
it('marks unknown event as high severity', () => {
// CA-HKV-001 in broken-project = unknown-event finding (evidence='InvalidEvent').
const f = result.findings.find(x => x.scanner === 'HKV' && /InvalidEvent/.test(x.evidence || ''));
assert.strictEqual(f?.severity, 'high');
});
});
describe('HKV scanner — verbose hook output (v5 M5)', () => {
it('flags hook script with > 50 console.log/stdout.write lines (low)', async () => {
resetCounter();
const path = resolve(FIXTURES, 'hooks-verbose');
const discovery = await discoverConfigFiles(path);
const result = await scan(path, discovery);
// Verbose-hook finding in hooks-verbose; evidence carries the line-count metric.
const f = result.findings.find(x => x.scanner === 'HKV' && /console_log_or_stdout_lines=/.test(x.evidence || ''));
assert.ok(f, `expected verbose-hook finding; got: ${result.findings.map(x => x.title).join(' | ')}`);
assert.equal(f.severity, 'low', `expected low, got ${f.severity}`);
assert.match(f.evidence || '', /console_log_or_stdout_lines=6\d/);
});
it('does NOT flag a quiet hook script', async () => {
resetCounter();
const path = resolve(FIXTURES, 'hooks-quiet');
const discovery = await discoverConfigFiles(path);
const result = await scan(path, discovery);
const f = result.findings.find(x => x.scanner === 'HKV' && /console_log_or_stdout_lines=/.test(x.evidence || ''));
assert.equal(f, undefined, `expected no verbose-hook finding; got id=${f?.id}`);
});
});
describe('HKV scanner — additionalContext injection advisory (v5.10 B5)', () => {
it('flags a hook that injects unfiltered command output into additionalContext (info advisory)', async () => {
resetCounter();
const path = resolve(FIXTURES, 'hooks-additional-context');
const discovery = await discoverConfigFiles(path);
const result = await scan(path, discovery);
const f = result.findings.find(
x => x.scanner === 'HKV' && /additional_context_unfiltered=true/.test(x.evidence || ''),
);
assert.ok(f, `expected additionalContext advisory; got: ${result.findings.map(x => x.title).join(' | ')}`);
assert.equal(f.severity, 'info', `expected info (advisory), got ${f.severity}`);
// The chatty.sh script (SessionStart) is the one flagged, not filtered.sh.
assert.match(f.file || '', /chatty\.sh$/);
// Precision caveat must be disclosed in the description (low-precision advisory).
assert.match(f.description || '', /every time|enters Claude's context|advisory/i);
});
it('does NOT flag the filtered (grep|head) sibling hook', async () => {
resetCounter();
const path = resolve(FIXTURES, 'hooks-additional-context');
const discovery = await discoverConfigFiles(path);
const result = await scan(path, discovery);
const filtered = result.findings.find(
x => x.scanner === 'HKV' && /additional_context_unfiltered=true/.test(x.evidence || '') && /filtered\.sh$/.test(x.file || ''),
);
assert.equal(filtered, undefined, `filtered.sh should not be flagged; got id=${filtered?.id}`);
});
it('does NOT flag a quiet hook with no additionalContext', async () => {
resetCounter();
const path = resolve(FIXTURES, 'hooks-quiet');
const discovery = await discoverConfigFiles(path);
const result = await scan(path, discovery);
const f = result.findings.find(
x => x.scanner === 'HKV' && /additional_context_unfiltered=true/.test(x.evidence || ''),
);
assert.equal(f, undefined, `expected no additionalContext advisory; got id=${f?.id}`);
});
});
describe('HKV scanner — CC 2.1.152 MessageDisplay event (Batch 1 false-positive fix)', () => {
// The pre-write path-guard blocks committing settings.json/hooks.json, so
// this suite materializes a hermetic temp fixture at runtime.
let tmpRoot;
let result;
const VALID_NEW = ['MessageDisplay'];
beforeEach(async () => {
resetCounter();
tmpRoot = await mkdtemp(join(tmpdir(), 'ca-hkv-events-'));
await mkdir(join(tmpRoot, '.claude'), { recursive: true });
const settings = {
hooks: {
// 'echo …' commands skip the script-existence check (extractScriptPath
// only resolves bash/node/sh), isolating the event-name validation.
MessageDisplay: [{ hooks: [{ type: 'command', command: 'echo display' }] }],
},
};
await writeFile(
join(tmpRoot, '.claude', 'settings.json'),
JSON.stringify(settings, null, 2) + '\n',
'utf8',
);
const discovery = await discoverConfigFiles(tmpRoot);
result = await scan(tmpRoot, discovery);
});
afterEach(async () => {
if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true });
});
for (const event of VALID_NEW) {
it(`does NOT flag "${event}" as an unknown hook event`, () => {
const unknown = result.findings.find(f =>
f.title === 'Unknown hook event' && f.evidence === event);
assert.equal(unknown, undefined, `${event} should be in VALID_EVENTS`);
});
}
it('produces zero findings for a valid MessageDisplay config', () => {
assert.equal(result.findings.length, 0,
`expected clean scan; got: ${result.findings.map(f => `${f.title}:${f.evidence || ''}`).join(' | ')}`);
});
});
describe('HKV scanner — post-session is NOT a settings.json hook event (Verifiseringsplikt)', () => {
// Verified 2026-06-20 against hooks.md + the 2.1.169 changelog: the
// `post-session` hook in that changelog is a SELF-HOSTED-RUNNER
// workspace-lifecycle hook, NOT a settings.json hook event. It is absent
// from hooks.md's (all-PascalCase) event list, so a settings.json hook
// keyed on it never fires and MUST be flagged.
let tmpRoot;
let result;
beforeEach(async () => {
resetCounter();
tmpRoot = await mkdtemp(join(tmpdir(), 'ca-hkv-postsession-'));
await mkdir(join(tmpRoot, '.claude'), { recursive: true });
const settings = {
hooks: {
'post-session': [{ hooks: [{ type: 'command', command: 'echo bye' }] }],
},
};
await writeFile(
join(tmpRoot, '.claude', 'settings.json'),
JSON.stringify(settings, null, 2) + '\n',
'utf8',
);
const discovery = await discoverConfigFiles(tmpRoot);
result = await scan(tmpRoot, discovery);
});
afterEach(async () => {
if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true });
});
it('flags "post-session" as an unknown hook event', () => {
const f = result.findings.find(x =>
x.title === 'Unknown hook event' && x.evidence === 'post-session');
assert.ok(f, 'post-session must be flagged as an unknown settings.json hook event');
});
});
describe('HKV scanner — Setup/UserPromptExpansion/PostToolBatch events (Batch 2 false-positive fix)', () => {
// Three more events verified live against code.claude.com/docs/en/hooks.md
// (2026-06-19): Setup (session-level), UserPromptExpansion (per-turn),
// PostToolBatch (agentic loop). Same hermetic temp-fixture pattern — the
// path-guard blocks committing settings.json/hooks.json fixtures.
let tmpRoot;
let result;
const NEW_EVENTS = ['Setup', 'UserPromptExpansion', 'PostToolBatch'];
beforeEach(async () => {
resetCounter();
tmpRoot = await mkdtemp(join(tmpdir(), 'ca-hkv-events2-'));
await mkdir(join(tmpRoot, '.claude'), { recursive: true });
const settings = {
hooks: {
// 'echo …' commands skip the script-existence check, isolating
// event-name validation.
Setup: [{ hooks: [{ type: 'command', command: 'echo setup' }] }],
UserPromptExpansion: [{ hooks: [{ type: 'command', command: 'echo expand' }] }],
PostToolBatch: [{ hooks: [{ type: 'command', command: 'echo batch' }] }],
},
};
await writeFile(
join(tmpRoot, '.claude', 'settings.json'),
JSON.stringify(settings, null, 2) + '\n',
'utf8',
);
const discovery = await discoverConfigFiles(tmpRoot);
result = await scan(tmpRoot, discovery);
});
afterEach(async () => {
if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true });
});
for (const event of NEW_EVENTS) {
it(`does NOT flag "${event}" as an unknown hook event`, () => {
const unknown = result.findings.find(f =>
f.title === 'Unknown hook event' && f.evidence === event);
assert.equal(unknown, undefined, `${event} should be in VALID_EVENTS`);
});
}
it('produces zero findings for a valid Setup + UserPromptExpansion + PostToolBatch config', () => {
assert.equal(result.findings.length, 0,
`expected clean scan; got: ${result.findings.map(f => `${f.title}:${f.evidence || ''}`).join(' | ')}`);
});
});
describe('HKV scanner — empty project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'empty-project'));
result = await scan(resolve(FIXTURES, 'empty-project'), discovery);
});
it('returns status ok with 0 findings', () => {
assert.strictEqual(result.status, 'ok');
assert.strictEqual(result.findings.length, 0);
});
});