claude-crap 0.1.2

package/src/tests/pre-tool-use-hook.test.ts

@@ -0,0 +1,178 @@
+/**
+ * End-to-end tests for the PreToolUse hook (`hooks/pre-tool-use.mjs`).
+ *
+ * These tests spawn the real hook as a subprocess with crafted stdin
+ * payloads and assert on the exit code. They are the contract test for
+ * F-A06-01 (fail-closed gate for high-risk tools): the PreToolUse hook
+ * is NOT allowed to fall back to permissive mode when the tool being
+ * invoked is `Write`, `Edit`, `MultiEdit`, `NotebookEdit` or `Bash`,
+ * because those tools are the ones the Golden Rule (CLAUDE.md) protects.
+ *
+ * Claude Code's hook exit code contract:
+ *
+ *   0 → allow (permissive / "pass")
+ *   2 → block (stderr is injected into the agent's context)
+ *   * → treated as "allow" (fail-open)
+ *
+ * This suite encodes both the characterization invariants (benign calls
+ * still pass, the existing blocked-path rule still fires) and the attack
+ * invariants that were introduced for F-A06-01 (fail-closed on errors
+ * when the tool is high-risk).
+ *
+ * @module tests/pre-tool-use-hook.test
+ */
+
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { spawn } from "node:child_process";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const HERE = dirname(fileURLToPath(import.meta.url));
+const HOOK_PATH = resolve(HERE, "..", "..", "plugin", "hooks", "pre-tool-use.mjs");
+
+interface HookResult {
+  readonly code: number;
+  readonly stdout: string;
+  readonly stderr: string;
+}
+
+/**
+ * Spawn the PreToolUse hook with the given stdin payload and return its
+ * exit code plus captured stdout/stderr. The child is given a fixed
+ * environment so no user-specific CLAUDE_PLUGIN_OPTION_* overrides leak
+ * in from the developer's shell.
+ */
+function runHook(stdinPayload: string): Promise<HookResult> {
+  return new Promise((resolvePromise, reject) => {
+    const child = spawn(process.execPath, [HOOK_PATH], {
+      stdio: ["pipe", "pipe", "pipe"],
+      env: {
+        PATH: process.env.PATH ?? "",
+        NODE_ENV: "test",
+      },
+    });
+    let stdout = "";
+    let stderr = "";
+    child.stdout.on("data", (chunk) => {
+      stdout += chunk.toString();
+    });
+    child.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    child.on("error", reject);
+    child.on("exit", (code) => {
+      resolvePromise({ code: code ?? -1, stdout, stderr });
+    });
+    child.stdin.write(stdinPayload);
+    child.stdin.end();
+  });
+}
+
+describe("pre-tool-use hook — characterization (benign paths still work)", () => {
+  it("allows a well-formed Read call (exit 0)", async () => {
+    const result = await runHook(
+      JSON.stringify({
+        tool_name: "Read",
+        tool_input: { file_path: "/tmp/claude-crap-scan-fixture.txt" },
+      }),
+    );
+    assert.equal(result.code, 0, `stderr was: ${result.stderr}`);
+  });
+
+  it("allows a well-formed Write to a benign path (exit 0)", async () => {
+    const result = await runHook(
+      JSON.stringify({
+        tool_name: "Write",
+        tool_input: {
+          file_path: "/tmp/claude-crap-scan-fixture.txt",
+          content: "hello world",
+        },
+      }),
+    );
+    assert.equal(result.code, 0, `stderr was: ${result.stderr}`);
+  });
+
+  it("blocks a Write to a .env file (pre-existing SONAR-PATH-001 rule)", async () => {
+    // Characterization: the existing blocked-path rule must still fire.
+    const result = await runHook(
+      JSON.stringify({
+        tool_name: "Write",
+        tool_input: { file_path: "/tmp/.env", content: "SECRET=x" },
+      }),
+    );
+    assert.equal(result.code, 2);
+    assert.match(result.stderr, /SONAR-PATH-001/);
+  });
+
+  it("blocks a Bash command matching a destructive pattern", async () => {
+    // Characterization: the existing destructive-bash rule must still fire.
+    // We use `git push --force` because it has a simpler, well-defined regex;
+    // the BASH-RMROOT regex has its own edge cases that are out of scope here.
+    const result = await runHook(
+      JSON.stringify({
+        tool_name: "Bash",
+        tool_input: { command: "git push --force origin main" },
+      }),
+    );
+    assert.equal(result.code, 2);
+    assert.match(result.stderr, /BASH-GITFORCE/);
+  });
+});
+
+describe("pre-tool-use hook — F-A06-01 fail-closed gate for high-risk tools", () => {
+  it("fails CLOSED (exit 2) when stdin is unparseable but tool_name='Write' is extractable", async () => {
+    // Attack scenario: malformed JSON whose `tool_name` still leaks via regex.
+    // Before the fix this exited 1 (fail-open). After the fix it must exit 2.
+    const result = await runHook('{"tool_name":"Write","tool_input":NOT_JSON');
+    assert.equal(
+      result.code,
+      2,
+      `expected fail-closed exit 2 for high-risk tool, got ${result.code}. stderr: ${result.stderr}`,
+    );
+    assert.match(result.stderr, /SONAR-GATEKEEPER-FAILCLOSED/);
+  });
+
+  it("fails CLOSED (exit 2) when stdin is unparseable but tool_name='Bash' is extractable", async () => {
+    const result = await runHook('{"tool_name":"Bash","tool_input":broken');
+    assert.equal(result.code, 2);
+    assert.match(result.stderr, /SONAR-GATEKEEPER-FAILCLOSED/);
+  });
+
+  it("fails CLOSED (exit 2) when stdin is unparseable but tool_name='Edit' is extractable", async () => {
+    const result = await runHook('{"tool_name":"Edit"    bogus');
+    assert.equal(result.code, 2);
+  });
+
+  it("fails CLOSED (exit 2) when stdin is unparseable but tool_name='MultiEdit' is extractable", async () => {
+    const result = await runHook('{"tool_name":"MultiEdit" <garbage');
+    assert.equal(result.code, 2);
+  });
+
+  it("fails CLOSED (exit 2) when stdin is unparseable but tool_name='NotebookEdit' is extractable", async () => {
+    const result = await runHook('{"tool_name":"NotebookEdit"xxx');
+    assert.equal(result.code, 2);
+  });
+});
+
+describe("pre-tool-use hook — F-A06-01 fail-open stays for low-risk tools", () => {
+  it("fails OPEN (exit 1) when stdin is unparseable and tool_name='Read' is extractable", async () => {
+    // Read is not in the high-risk allowlist, so fail-open semantics are preserved.
+    const result = await runHook('{"tool_name":"Read","tool_input":broken');
+    assert.equal(
+      result.code,
+      1,
+      `expected fail-open exit 1 for low-risk tool, got ${result.code}. stderr: ${result.stderr}`,
+    );
+  });
+
+  it("fails OPEN (exit 1) when stdin is unparseable and no tool_name is extractable", async () => {
+    const result = await runHook("totally garbage, not even json");
+    assert.equal(result.code, 1);
+  });
+
+  it("fails OPEN (exit 1) when stdin is empty", async () => {
+    const result = await runHook("");
+    assert.equal(result.code, 1);
+  });
+});

package/src/tests/sarif-store.test.ts

@@ -0,0 +1,241 @@
+/**
+ * Unit tests for the on-disk SARIF store.
+ *
+ * Uses a fresh temp directory per test run to keep the suite hermetic.
+ * Only touches the filesystem through Node's `fs/promises` API — no
+ * external processes or fixtures.
+ *
+ * @module tests/sarif-store.test
+ */
+
+import { describe, it, before, after } from "node:test";
+import assert from "node:assert/strict";
+import { promises as fs } from "node:fs";
+import { mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+
+import { SarifStore, type PersistedSarif } from "../sarif/sarif-store.js";
+
+/**
+ * Build a minimal valid SARIF 2.1.0 document with a single finding. The
+ * `ruleId`, `uri`, `line` and `column` inputs drive the dedup key used
+ * by the store, so tests can craft duplicates or near-duplicates easily.
+ */
+function makeSarif(opts: {
+  ruleId: string;
+  uri: string;
+  line: number;
+  column: number;
+  message?: string;
+}): PersistedSarif {
+  return {
+    version: "2.1.0",
+    runs: [
+      {
+        tool: { driver: { name: "test-tool", version: "0.0.1" } },
+        results: [
+          {
+            ruleId: opts.ruleId,
+            level: "warning",
+            message: { text: opts.message ?? "finding" },
+            locations: [
+              {
+                physicalLocation: {
+                  artifactLocation: { uri: opts.uri },
+                  region: { startLine: opts.line, startColumn: opts.column },
+                },
+              },
+            ],
+          },
+        ],
+      },
+    ],
+  };
+}
+
+describe("SarifStore", () => {
+  let workspace = "";
+
+  before(async () => {
+    workspace = await mkdtemp(join(tmpdir(), "claude-crap-test-"));
+  });
+
+  after(async () => {
+    if (workspace) await rm(workspace, { recursive: true, force: true });
+  });
+
+  it("starts empty when no report exists on disk", async () => {
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: "reports" });
+    await store.loadLatest();
+    assert.equal(store.size(), 0);
+    assert.equal(store.invocationsCount, 0);
+  });
+
+  it("accepts a fresh finding and reports the stats", async () => {
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: "reports" });
+    await store.loadLatest();
+    const stats = store.ingestRun(
+      makeSarif({ ruleId: "R1", uri: "src/a.ts", line: 10, column: 5 }),
+      "test-tool",
+    );
+    assert.deepEqual(stats, { accepted: 1, duplicates: 0, total: 1 });
+    assert.equal(store.size(), 1);
+  });
+
+  it("deduplicates identical findings across ingestions", async () => {
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: "reports2" });
+    await store.loadLatest();
+    const doc = makeSarif({ ruleId: "R2", uri: "src/b.ts", line: 1, column: 1 });
+    store.ingestRun(doc, "test-tool");
+    const second = store.ingestRun(doc, "test-tool");
+    assert.deepEqual(second, { accepted: 0, duplicates: 1, total: 1 });
+    assert.equal(store.size(), 1);
+  });
+
+  it("treats different columns as distinct findings", async () => {
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: "reports3" });
+    await store.loadLatest();
+    store.ingestRun(makeSarif({ ruleId: "R3", uri: "src/c.ts", line: 1, column: 1 }), "t");
+    store.ingestRun(makeSarif({ ruleId: "R3", uri: "src/c.ts", line: 1, column: 2 }), "t");
+    assert.equal(store.size(), 2);
+  });
+
+  it("persists to disk and reloads the same findings", async () => {
+    const dir = "reports4";
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: dir });
+    await store.loadLatest();
+    store.ingestRun(
+      makeSarif({ ruleId: "R4", uri: "src/d.ts", line: 7, column: 3, message: "boom" }),
+      "semgrep",
+    );
+    await store.persist();
+
+    // New store instance reading the same file should see the finding.
+    const store2 = new SarifStore({ workspaceRoot: workspace, outputDir: dir });
+    await store2.loadLatest();
+    assert.equal(store2.size(), 1);
+    const [finding] = store2.list();
+    assert.equal(finding?.ruleId, "R4");
+    assert.equal(finding?.sourceTool, "semgrep");
+  });
+
+  it("rejects non-SARIF-2.1.0 documents", async () => {
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: "reports5" });
+    await store.loadLatest();
+    assert.throws(() =>
+      store.ingestRun(
+        { version: "2.0.0", runs: [] } as unknown as PersistedSarif,
+        "old-tool",
+      ),
+    );
+  });
+
+  it("ignores findings with missing coordinates", async () => {
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: "reports6" });
+    await store.loadLatest();
+    const malformed: PersistedSarif = {
+      version: "2.1.0",
+      runs: [
+        {
+          tool: { driver: { name: "bad", version: "0" } },
+          results: [
+            {
+              ruleId: "R",
+              message: { text: "no location" },
+              // locations intentionally missing
+            },
+          ],
+        },
+      ],
+    };
+    const stats = store.ingestRun(malformed, "bad");
+    assert.equal(stats.accepted, 0);
+    assert.equal(stats.total, 1);
+  });
+
+  it("reports an absolute path for the consolidated report", async () => {
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: "reports7" });
+    await store.loadLatest();
+    assert.ok(store.consolidatedReportPath.startsWith(workspace));
+    assert.ok(store.consolidatedReportPath.endsWith("latest.sarif"));
+    // Sanity: directory should not yet exist until persist() runs.
+    assert.rejects(() => fs.access(store.consolidatedReportPath));
+  });
+
+  it("F-A08-01: loadLatest survives a run with non-iterable results", async () => {
+    // Persist a document whose first run has a non-array `results`
+    // field. A naive `for (const r of run.results)` throws TypeError
+    // "X is not iterable" on this input, which would crash the MCP
+    // server on boot (persistent DoS). After the fix the store must
+    // skip the malformed run, load the second run's well-formed
+    // finding, and return without throwing.
+    const dir = "reports-a08-a";
+    const reportDir = join(workspace, dir);
+    await fs.mkdir(reportDir, { recursive: true });
+    const latestPath = join(reportDir, "latest.sarif");
+    const corrupted = {
+      version: "2.1.0",
+      runs: [
+        // Malformed: `results` is null, not an array.
+        {
+          tool: { driver: { name: "broken", version: "0" } },
+          results: null,
+        },
+        // Well-formed: must survive.
+        {
+          tool: { driver: { name: "claude-crap", version: "0.1.0" } },
+          results: [
+            {
+              ruleId: "GOOD-001",
+              level: "warning",
+              message: { text: "a normal finding" },
+              locations: [
+                {
+                  physicalLocation: {
+                    artifactLocation: { uri: "src/ok.ts" },
+                    region: { startLine: 1, startColumn: 1 },
+                  },
+                },
+              ],
+            },
+          ],
+        },
+      ],
+    };
+    await fs.writeFile(latestPath, JSON.stringify(corrupted, null, 2), "utf8");
+
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: dir });
+    await assert.doesNotReject(
+      () => store.loadLatest(),
+      "loadLatest must not throw when a run has a non-iterable results field",
+    );
+    assert.equal(store.size(), 1, "only the well-formed finding should survive");
+    const [survivor] = store.list();
+    assert.equal(survivor?.ruleId, "GOOD-001");
+  });
+
+  it("F-A08-01: loadLatest survives a top-level runs field that is not an array", async () => {
+    // If `runs` is serialized as an object instead of an array (a
+    // tampered file, or a mis-generated report), the outer
+    // `for (const run of parsed.runs)` throws. The store must catch
+    // the failure, log to stderr, and return with zero findings — NOT
+    // crash the MCP server startup.
+    const dir = "reports-a08-b";
+    const reportDir = join(workspace, dir);
+    await fs.mkdir(reportDir, { recursive: true });
+    const latestPath = join(reportDir, "latest.sarif");
+    await fs.writeFile(
+      latestPath,
+      JSON.stringify({ version: "2.1.0", runs: { notAnArray: true } }),
+      "utf8",
+    );
+
+    const store = new SarifStore({ workspaceRoot: workspace, outputDir: dir });
+    await assert.doesNotReject(
+      () => store.loadLatest(),
+      "loadLatest must not throw when `runs` is not an array",
+    );
+    assert.equal(store.size(), 0, "no findings should survive a bad top-level shape");
+  });
+});

package/src/tests/sarif-validator.test.ts

@@ -0,0 +1,164 @@
+/**
+ * Unit tests for the AJV-backed SARIF validator.
+ *
+ * F-A05-01: the `ingest_sarif` MCP tool used to accept any object
+ * shaped like `{version: "2.1.0", runs: [...]}` without verifying
+ * the inner structure. These tests pin (a) the characterization
+ * invariants — valid minimal SARIF documents still pass — and (b)
+ * the attack invariants — every kind of malformed input throws a
+ * `SarifValidationError`.
+ *
+ * @module tests/sarif-validator.test
+ */
+
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+
+import {
+  SarifValidationError,
+  validateSarifDocument,
+} from "../sarif/sarif-validator.js";
+
+/**
+ * Produce a minimal, fully-valid SARIF 2.1.0 document with a single
+ * result. Tests use this as the "known good" baseline and then mutate
+ * one field at a time to exercise a specific validator branch.
+ */
+function validMinimalSarif(): unknown {
+  return {
+    version: "2.1.0",
+    runs: [
+      {
+        tool: { driver: { name: "semgrep", version: "1.50.0" } },
+        results: [
+          {
+            ruleId: "R1",
+            level: "warning",
+            message: { text: "a finding" },
+            locations: [
+              {
+                physicalLocation: {
+                  artifactLocation: { uri: "src/a.ts" },
+                  region: { startLine: 1, startColumn: 1 },
+                },
+              },
+            ],
+          },
+        ],
+      },
+    ],
+  };
+}
+
+describe("validateSarifDocument — characterization (valid docs pass)", () => {
+  it("accepts a minimal valid SARIF 2.1.0 document", () => {
+    assert.doesNotThrow(() => validateSarifDocument(validMinimalSarif()));
+  });
+
+  it("accepts a document with multiple runs", () => {
+    const doc = validMinimalSarif() as { runs: unknown[] };
+    doc.runs.push({
+      tool: { driver: { name: "eslint", version: "8" } },
+      results: [],
+    });
+    assert.doesNotThrow(() => validateSarifDocument(doc));
+  });
+
+  it("accepts a result with no locations array (passthrough)", () => {
+    const doc = validMinimalSarif() as any;
+    delete doc.runs[0].results[0].locations;
+    assert.doesNotThrow(() => validateSarifDocument(doc));
+  });
+
+  it("accepts a result with an extra passthrough property", () => {
+    const doc = validMinimalSarif() as any;
+    doc.runs[0].results[0].customExtensionField = { foo: "bar" };
+    assert.doesNotThrow(() => validateSarifDocument(doc));
+  });
+
+  it("accepts a document with an empty results array", () => {
+    const doc = validMinimalSarif() as any;
+    doc.runs[0].results = [];
+    assert.doesNotThrow(() => validateSarifDocument(doc));
+  });
+});
+
+describe("validateSarifDocument — attack invariants", () => {
+  it("rejects non-object input (null)", () => {
+    assert.throws(() => validateSarifDocument(null), SarifValidationError);
+  });
+
+  it("rejects non-object input (string)", () => {
+    assert.throws(() => validateSarifDocument("not a sarif doc"), SarifValidationError);
+  });
+
+  it("rejects input with wrong version", () => {
+    const doc = validMinimalSarif() as any;
+    doc.version = "2.0.0";
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects input missing the runs field", () => {
+    const doc = validMinimalSarif() as any;
+    delete doc.runs;
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects input where runs is not an array", () => {
+    const doc = validMinimalSarif() as any;
+    doc.runs = { notAnArray: true };
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects a run with no tool.driver", () => {
+    const doc = validMinimalSarif() as any;
+    delete doc.runs[0].tool;
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects a run with no results array", () => {
+    const doc = validMinimalSarif() as any;
+    delete doc.runs[0].results;
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects a result missing ruleId", () => {
+    const doc = validMinimalSarif() as any;
+    delete doc.runs[0].results[0].ruleId;
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects a result with an empty ruleId", () => {
+    const doc = validMinimalSarif() as any;
+    doc.runs[0].results[0].ruleId = "";
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects a result missing message", () => {
+    const doc = validMinimalSarif() as any;
+    delete doc.runs[0].results[0].message;
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects a result with an empty message.text", () => {
+    const doc = validMinimalSarif() as any;
+    doc.runs[0].results[0].message.text = "";
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("rejects a result with a non-enum level", () => {
+    const doc = validMinimalSarif() as any;
+    doc.runs[0].results[0].level = "critical"; // not in {none,note,warning,error}
+    assert.throws(() => validateSarifDocument(doc), SarifValidationError);
+  });
+
+  it("exposes the AJV error list on the thrown error", () => {
+    try {
+      validateSarifDocument({ version: "2.1.0", runs: "not-an-array" });
+      assert.fail("expected validateSarifDocument to throw");
+    } catch (err) {
+      assert.ok(err instanceof SarifValidationError);
+      assert.ok(Array.isArray(err.errors) || err.errors === null);
+    }
+  });
+});