open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/config-audit/tests/scanners/hook-validator.test.mjs
Kjell Tore Guttormsen 910567d661 feat(config-audit): HKV flags verbose hook output (v5 M5) [skip-docs] 
Static heuristic — counts console.log / process.stdout.write lines per
referenced hook script. > 50 → low CA-HKV-NNN finding.

New fixtures:
- hooks-verbose/ (61 verbose lines → triggers)
- hooks-quiet/ (5 lines → no finding)

580 → 582 tests, all green.
2026-05-01 07:05:45 +02:00

108 lines
4 KiB
JavaScript
Raw Blame History

import { describe, it, beforeEach } from 'node:test';
import assert from 'node:assert/strict';
import { resolve } from 'node:path';
import { fileURLToPath } from 'node:url';
import { resetCounter } from '../../scanners/lib/output.mjs';
import { discoverConfigFiles } from '../../scanners/lib/file-discovery.mjs';
import { scan } from '../../scanners/hook-validator.mjs';
const __dirname = fileURLToPath(new URL('.', import.meta.url));
const FIXTURES = resolve(__dirname, '../fixtures');
describe('HKV scanner — healthy project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'healthy-project'));
result = await scan(resolve(FIXTURES, 'healthy-project'), discovery);
});
it('returns status ok', () => {
assert.strictEqual(result.status, 'ok');
});
it('has scanner prefix HKV', () => {
assert.strictEqual(result.scanner, 'HKV');
});
it('finds no critical or high issues', () => {
const serious = result.findings.filter(f => f.severity === 'critical' || f.severity === 'high');
assert.strictEqual(serious.length, 0, `Found: ${serious.map(f => f.title).join(', ')}`);
});
it('all finding IDs match CA-HKV-NNN', () => {
for (const f of result.findings) {
assert.match(f.id, /^CA-HKV-\d{3}$/);
}
});
});
describe('HKV scanner — broken project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'broken-project'));
result = await scan(resolve(FIXTURES, 'broken-project'), discovery);
});
it('detects unknown hook event', () => {
const found = result.findings.some(f => f.title === 'Unknown hook event');
assert.ok(found, 'Should detect InvalidEvent');
});
it('detects object matcher (should be string)', () => {
const found = result.findings.some(f => f.title.includes('Matcher must be a string'));
assert.ok(found, 'Should detect nested object matcher');
});
it('detects invalid handler type', () => {
const found = result.findings.some(f => f.title === 'Invalid hook handler type');
assert.ok(found, 'Should detect invalid_type');
});
it('detects timeout below minimum', () => {
const found = result.findings.some(f => f.title.includes('timeout'));
assert.ok(found, 'Should detect timeout of 500ms');
});
it('marks unknown event as high severity', () => {
const f = result.findings.find(f => f.title === 'Unknown hook event');
assert.strictEqual(f?.severity, 'high');
});
});
describe('HKV scanner — verbose hook output (v5 M5)', () => {
it('flags hook script with > 50 console.log/stdout.write lines (low)', async () => {
resetCounter();
const path = resolve(FIXTURES, 'hooks-verbose');
const discovery = await discoverConfigFiles(path);
const result = await scan(path, discovery);
const f = result.findings.find(x => /verbose hook output/i.test(x.title || ''));
assert.ok(f, `expected verbose-hook finding; got: ${result.findings.map(x => x.title).join(' | ')}`);
assert.equal(f.severity, 'low', `expected low, got ${f.severity}`);
assert.match(f.evidence || '', /console_log_or_stdout_lines=6\d/);
});
it('does NOT flag a quiet hook script', async () => {
resetCounter();
const path = resolve(FIXTURES, 'hooks-quiet');
const discovery = await discoverConfigFiles(path);
const result = await scan(path, discovery);
const f = result.findings.find(x => /verbose hook output/i.test(x.title || ''));
assert.equal(f, undefined, `expected no verbose-hook finding; got: ${f?.title}`);
});
});
describe('HKV scanner — empty project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'empty-project'));
result = await scan(resolve(FIXTURES, 'empty-project'), discovery);
});
it('returns status ok with 0 findings', () => {
assert.strictEqual(result.status, 'ok');
assert.strictEqual(result.findings.length, 0);
});
});
Reference in a new issue View git blame Copy permalink