#9 pathguard registered matcher Write only, so an Edit/MultiEdit to an existing protected file (settings.json, .env, .ssh, the hooks themselves) bypassed it entirely; matcher now Edit|Write (the script already reads only tool_input.file_path). #10 the primary trifecta detector's 20-entry window counted marker lines, so accumulated markers scrolled a real leg out (false negative); the window now counts tool-call entries. #13 pre-edit-secrets caught bare provider keys only inside a quoted label assignment; added anchored patterns for Anthropic sk-ant, OpenAI sk-proj, fine-grained github_pat_, Google AIza, and JWT eyJ (minimum-length guarded against prose false positives). #12 the remote-pipe-to-shell block required a shell immediately after the first pipe, so xargs/sudo/tee/env interposition evaded it and the comment falsely claimed xargs was caught; broadened to reach a shell through intermediate segments while leaving shell-OR fallbacks unblocked. #11 (doc only): knowledge/owasp-skills-top10.md claimed pre-bash-destructive blocks persistence commands — it does not; corrected to mark persistence detection as unimplemented/future (the detector itself is deferred to v8). Suite 2004/0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TcQyMTQfyrsAapaCMPxTtQ
274 lines
10 KiB
JavaScript
274 lines
10 KiB
JavaScript
// pre-edit-secrets.test.mjs — Tests for hooks/scripts/pre-edit-secrets.mjs
|
|
// Zero external dependencies: node:test + node:assert only.
|
|
//
|
|
// Fake credentials are assembled ONLY at runtime so this source file cannot
|
|
// self-trigger the pre-edit-secrets hook when written by Claude Code.
|
|
|
|
import { describe, it } from 'node:test';
|
|
import assert from 'node:assert/strict';
|
|
import { resolve } from 'node:path';
|
|
import { runHook } from './hook-helper.mjs';
|
|
|
|
const SCRIPT = resolve(import.meta.dirname, '../../hooks/scripts/pre-edit-secrets.mjs');
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Runtime-assembled fake credentials (no literal patterns in source)
|
|
// ---------------------------------------------------------------------------
|
|
|
|
// AWS key ID: AKIA + 16 uppercase alphanumeric chars
|
|
const awsKeyId = ['AKIA', 'IOSFODNN7EXAMPLE'].join(''); // 20 chars total
|
|
|
|
// AWS secret: keyword + 40-char base64-ish value
|
|
const awsSecretLine = [
|
|
'aws_secret_access_key = "',
|
|
'abcdefghij1234567890ABCDEFGHIJ1234567890',
|
|
'"',
|
|
].join('');
|
|
|
|
// GitHub token: ghp_ prefix + 36 alphanum chars (total >= 40)
|
|
const ghToken = ['ghp_', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij'].join('');
|
|
|
|
// Generic password assignment (>= 8 char value)
|
|
const pwdLine = ['pass', 'word', ' = "longvalue123456789"'].join('');
|
|
|
|
// Bearer token (>= 20 non-space chars after "Bearer ")
|
|
const bearerLine = [
|
|
'Authorization: Bearer ',
|
|
'eyJhbGciOiJSUzI1NiJ9.payload.sig12345678',
|
|
].join('');
|
|
|
|
// v7.8.3 #13 — bare provider keys (documented in knowledge/secrets-patterns.md)
|
|
// that previously slipped through unless wrapped in a quoted label assignment.
|
|
|
|
// Anthropic API key: sk-ant-api03- + 93 chars of [A-Za-z0-9_-]
|
|
const anthropicKey = ['sk-ant-', 'api03-', 'x'.repeat(92) + 'Q'].join('');
|
|
|
|
// OpenAI project key: sk-proj- + >= 40 chars of [A-Za-z0-9_-]
|
|
const openaiProjKey = ['sk-', 'proj-', 'Ab1'.repeat(14)].join('');
|
|
|
|
// GitHub fine-grained PAT: github_pat_ + 82 chars of [A-Za-z0-9_]
|
|
const githubFinePat = ['github_', 'pat_', 'A1'.repeat(41)].join('');
|
|
|
|
// Google API key: AIza + exactly 35 chars of [0-9A-Za-z_-]
|
|
const googleApiKey = ['AIza', 'Sy' + 'D'.repeat(33)].join('');
|
|
|
|
// JWT: three base64url parts separated by dots, header starts with eyJ
|
|
const jwtToken = [
|
|
'eyJ', 'hbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9',
|
|
'.', 'eyJzdWIiOiIxMjM0NTY3ODkwIn0',
|
|
'.', 'TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ',
|
|
].join('');
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Helpers
|
|
// ---------------------------------------------------------------------------
|
|
|
|
function writePayload(filePath, content) {
|
|
return { tool_name: 'Write', tool_input: { file_path: filePath, content } };
|
|
}
|
|
|
|
function editPayload(filePath, newString) {
|
|
return { tool_name: 'Edit', tool_input: { file_path: filePath, new_string: newString } };
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// BLOCK cases
|
|
// ---------------------------------------------------------------------------
|
|
|
|
describe('pre-edit-secrets — BLOCK cases', () => {
|
|
it('blocks a Write containing an AWS Access Key ID pattern', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'src/config.js',
|
|
`const key = "${awsKeyId}";`
|
|
));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /AWS Access Key ID/);
|
|
});
|
|
|
|
it('blocks a Write containing an AWS Secret Access Key assignment', async () => {
|
|
const result = await runHook(SCRIPT, writePayload('src/config.js', awsSecretLine));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /AWS Secret Access Key/);
|
|
});
|
|
|
|
it('blocks a Write containing a GitHub token pattern', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'src/config.js',
|
|
`const t = "${ghToken}";`
|
|
));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /GitHub Token/);
|
|
});
|
|
|
|
it('blocks a Write containing a generic password assignment with a long value', async () => {
|
|
const result = await runHook(SCRIPT, writePayload('src/config.js', pwdLine));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /Generic credential assignment/);
|
|
});
|
|
|
|
it('blocks a Write containing a Bearer token in an Authorization header', async () => {
|
|
const result = await runHook(SCRIPT, writePayload('src/api.js', bearerLine));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /Authorization header/);
|
|
});
|
|
|
|
it('blocks an Edit where new_string contains an AWS Access Key ID pattern', async () => {
|
|
const result = await runHook(SCRIPT, editPayload(
|
|
'src/config.js',
|
|
`const accessKey = "${awsKeyId}";`
|
|
));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
});
|
|
});
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// v7.8.3 #13 — bare provider keys must block WITHOUT a label assignment
|
|
// ---------------------------------------------------------------------------
|
|
|
|
describe('pre-edit-secrets — bare provider keys (#13)', () => {
|
|
it('blocks a bare Anthropic API key (sk-ant-api03-...)', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'src/config.js',
|
|
`const k = "${anthropicKey}";`
|
|
));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /Anthropic/);
|
|
});
|
|
|
|
it('blocks a bare OpenAI project key (sk-proj-...)', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'src/config.js',
|
|
`const k = "${openaiProjKey}";`
|
|
));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /OpenAI/);
|
|
});
|
|
|
|
it('blocks a bare fine-grained GitHub PAT (github_pat_...)', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'src/config.js',
|
|
`const k = "${githubFinePat}";`
|
|
));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /GitHub/);
|
|
});
|
|
|
|
it('blocks a bare Google API key (AIza...)', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'src/config.js',
|
|
`const k = "${googleApiKey}";`
|
|
));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /Google/);
|
|
});
|
|
|
|
it('blocks a bare JWT (eyJ...header.payload.signature)', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'src/config.js',
|
|
`const t = "${jwtToken}";`
|
|
));
|
|
assert.equal(result.code, 2);
|
|
assert.match(result.stderr, /BLOCKED/);
|
|
assert.match(result.stderr, /JWT/);
|
|
});
|
|
|
|
// FP probes — prose mentioning the prefixes must not trip the patterns.
|
|
it('allows prose mentioning the sk-ant- prefix without a key body', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'docs/notes.md',
|
|
'Anthropic keys start with sk-ant- and must never be committed.'
|
|
));
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows prose mentioning the AIza prefix without a key body', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'docs/notes.md',
|
|
'Google API keys have the AIza prefix (39 chars total).'
|
|
));
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows prose mentioning the github_pat_ prefix without a key body', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'docs/notes.md',
|
|
'Fine-grained PATs use the github_pat_ prefix.'
|
|
));
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows prose mentioning eyJ with short/dotted fragments (not a real JWT)', async () => {
|
|
const result = await runHook(SCRIPT, writePayload(
|
|
'docs/notes.md',
|
|
'JWTs start with eyJ... e.g. eyJabc.def.ghi is too short to be real.'
|
|
));
|
|
assert.equal(result.code, 0);
|
|
});
|
|
});
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// ALLOW cases
|
|
// ---------------------------------------------------------------------------
|
|
|
|
describe('pre-edit-secrets — ALLOW cases', () => {
|
|
it('allows a generic pattern where the value is shorter than 8 characters', async () => {
|
|
const result = await runHook(SCRIPT, writePayload('src/config.js', 'x = "abc"'));
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows a Write to a file in /project/knowledge/ (absolute path) even if content matches a secret pattern', async () => {
|
|
// The exclusion pattern requires a directory separator before "knowledge"
|
|
const result = await runHook(SCRIPT, {
|
|
tool_name: 'Write',
|
|
tool_input: { file_path: '/project/knowledge/aws-docs.md', content: `Example: ${awsKeyId}` },
|
|
});
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows a Write to a .test.js file even if content matches a secret pattern', async () => {
|
|
// The exclusion matches .(test|spec|mock).[jt]sx? — covers .test.js but not .test.mjs
|
|
const result = await runHook(SCRIPT, {
|
|
tool_name: 'Write',
|
|
tool_input: { file_path: 'tests/config.test.js', content: `const k = "${awsKeyId}"; // fixture` },
|
|
});
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows a Write to a .example file even if content matches a secret pattern', async () => {
|
|
const result = await runHook(SCRIPT, {
|
|
tool_name: 'Write',
|
|
tool_input: { file_path: 'config.example', content: pwdLine },
|
|
});
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows a Write with content that contains no secrets', async () => {
|
|
const result = await runHook(SCRIPT, writePayload('src/app.js', 'console.log("Hello");'));
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows a Write with empty content', async () => {
|
|
const result = await runHook(SCRIPT, writePayload('src/app.js', ''));
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('allows a Write where the content field is absent', async () => {
|
|
const result = await runHook(SCRIPT, { tool_name: 'Write', tool_input: { file_path: 'src/app.js' } });
|
|
assert.equal(result.code, 0);
|
|
});
|
|
|
|
it('exits 0 gracefully when stdin is not valid JSON', async () => {
|
|
const result = await runHook(SCRIPT, 'this is not json {{{');
|
|
assert.equal(result.code, 0);
|
|
});
|
|
});
|