claude-dev-env 1.0.0

package/hooks/validators/test_run_all_validators.py

@@ -0,0 +1,228 @@
+"""Tests for run_all_validators.py."""
+
+import sys
+from pathlib import Path
+from unittest.mock import MagicMock, patch
+
+import pytest
+
+
+class TestFixFlag:
+    """Test --fix flag functionality."""
+
+    def test_fix_flag_is_accepted(self) -> None:
+        """Verify --fix flag is recognized without error."""
+        with patch("run_all_validators.get_changed_files") as mock_get_files, \
+             patch("run_all_validators.run_file_structure_checks") as mock_file, \
+             patch("run_all_validators.run_git_checks") as mock_git:
+
+            mock_get_files.return_value = []
+
+            mock_result = MagicMock()
+            mock_result.passed = True
+            mock_result.name = "Test"
+            mock_result.checks = "test"
+            mock_result.output = ""
+
+            mock_file.return_value = mock_result
+            mock_git.return_value = mock_result
+
+            from run_all_validators import main
+
+            original_argv = sys.argv
+            try:
+                sys.argv = ["run_all_validators.py", "--fix"]
+                result = main()
+                assert result == 0
+            finally:
+                sys.argv = original_argv
+
+    def test_fix_flag_calls_fix_python_style(self) -> None:
+        """Verify --fix flag triggers fix_python_style when files exist."""
+        with patch("run_all_validators.get_changed_files") as mock_get_files, \
+             patch("run_all_validators.fix_python_style") as mock_fix, \
+             patch("run_all_validators.run_python_style_checks") as mock_style, \
+             patch("run_all_validators.run_test_safety_checks") as mock_test, \
+             patch("run_all_validators.run_react_checks") as mock_react, \
+             patch("run_all_validators.run_comment_checks") as mock_comment, \
+             patch("run_all_validators.run_file_structure_checks") as mock_file, \
+             patch("run_all_validators.run_git_checks") as mock_git:
+
+            mock_get_files.return_value = [Path("test.py")]
+            mock_fix.return_value = ["test.py"]
+
+            mock_result = MagicMock()
+            mock_result.passed = True
+            mock_result.name = "Test"
+            mock_result.checks = "test"
+            mock_result.output = ""
+
+            mock_style.return_value = mock_result
+            mock_test.return_value = mock_result
+            mock_react.return_value = mock_result
+            mock_comment.return_value = mock_result
+            mock_file.return_value = mock_result
+            mock_git.return_value = mock_result
+
+            from run_all_validators import main
+
+            original_argv = sys.argv
+            try:
+                sys.argv = ["run_all_validators.py", "--fix"]
+                main()
+            finally:
+                sys.argv = original_argv
+
+            mock_fix.assert_called_once()
+
+    def test_no_fix_flag_skips_fixes(self) -> None:
+        """Verify fixes are skipped when --fix flag is not provided."""
+        with patch("run_all_validators.get_changed_files") as mock_get_files, \
+             patch("run_all_validators.fix_python_style") as mock_fix, \
+             patch("run_all_validators.run_python_style_checks") as mock_style, \
+             patch("run_all_validators.run_test_safety_checks") as mock_test, \
+             patch("run_all_validators.run_react_checks") as mock_react, \
+             patch("run_all_validators.run_comment_checks") as mock_comment, \
+             patch("run_all_validators.run_file_structure_checks") as mock_file, \
+             patch("run_all_validators.run_git_checks") as mock_git:
+
+            mock_get_files.return_value = [Path("test.py")]
+
+            mock_result = MagicMock()
+            mock_result.passed = True
+            mock_result.name = "Test"
+            mock_result.checks = "test"
+            mock_result.output = ""
+
+            mock_style.return_value = mock_result
+            mock_test.return_value = mock_result
+            mock_react.return_value = mock_result
+            mock_comment.return_value = mock_result
+            mock_file.return_value = mock_result
+            mock_git.return_value = mock_result
+
+            from run_all_validators import main
+
+            original_argv = sys.argv
+            try:
+                sys.argv = ["run_all_validators.py"]
+                main()
+            finally:
+                sys.argv = original_argv
+
+            mock_fix.assert_not_called()
+
+
+class TestGracefulDegradation:
+    def test_missing_validator_returns_skipped_result(self) -> None:
+        from run_all_validators import ValidatorResult, run_with_fallback
+
+        def failing_validator() -> ValidatorResult:
+            raise FileNotFoundError("validator.py not found")
+
+        result = run_with_fallback(
+            failing_validator,
+            "Missing Validator",
+            "99",
+        )
+
+        assert result.skipped is True
+        assert "skipped" in result.output.lower()
+        assert result.passed is False
+
+    def test_validator_exception_returns_skipped_result(self) -> None:
+        from run_all_validators import ValidatorResult, run_with_fallback
+
+        def crashing_validator() -> ValidatorResult:
+            raise RuntimeError("Unexpected crash")
+
+        result = run_with_fallback(
+            crashing_validator,
+            "Crashing Validator",
+            "99",
+        )
+
+        assert result.skipped is True
+        assert "skipped" in result.output.lower()
+
+    def test_successful_validator_returns_normal_result(self) -> None:
+        from run_all_validators import ValidatorResult, run_with_fallback
+
+        def working_validator() -> ValidatorResult:
+            return ValidatorResult(
+                name="Working",
+                checks="1",
+                passed=True,
+                output="All good",
+            )
+
+        result = run_with_fallback(
+            working_validator,
+            "Working",
+            "1",
+        )
+
+        assert result.skipped is False
+        assert result.passed is True
+
+
+class TestTimingMetrics:
+    def test_create_timing_metrics_empty(self) -> None:
+        from run_all_validators import create_timing_metrics
+
+        metrics = create_timing_metrics({})
+        assert metrics.total_seconds == 0.0
+        assert metrics.validator_times == {}
+
+    def test_create_timing_metrics_with_data(self) -> None:
+        from run_all_validators import create_timing_metrics
+
+        timings = {"Validator A": 1.5, "Validator B": 2.0}
+        metrics = create_timing_metrics(timings)
+        assert metrics.total_seconds == 3.5
+        assert metrics.validator_times == timings
+
+    def test_add_timing_returns_new_instance(self) -> None:
+        from run_all_validators import add_timing, create_timing_metrics
+
+        metrics1 = create_timing_metrics({})
+        metrics2 = add_timing(metrics1, "Test", 1.5)
+
+        assert metrics1.total_seconds == 0.0
+        assert metrics2.total_seconds == 1.5
+        assert "Test" not in metrics1.validator_times
+        assert metrics2.validator_times["Test"] == 1.5
+
+    def test_format_report_includes_all_timings(self) -> None:
+        from run_all_validators import create_timing_metrics, format_timing_report
+
+        metrics = create_timing_metrics({"Fast": 0.1, "Slow": 2.5})
+        report = format_timing_report(metrics)
+
+        assert "Fast" in report
+        assert "Slow" in report
+        assert "2.6" in report
+
+
+class TestVersionHeader:
+    def test_print_header_includes_version(self, capsys) -> None:
+        from run_all_validators import print_header
+
+        print_header()
+        captured = capsys.readouterr()
+
+        assert "PRE-PUSH VALIDATOR RESULTS" in captured.out
+        assert "(v" in captured.out
+
+    def test_build_json_output_includes_version(self) -> None:
+        from run_all_validators import build_json_output, create_timing_metrics
+
+        json_output = build_json_output(
+            results=[],
+            metrics=create_timing_metrics({}),
+            include_timing=False,
+        )
+
+        assert "version" in json_output
+        assert "timestamp" in json_output
+        assert isinstance(json_output["version"], str)

package/hooks/validators/test_run_all_validators_integration.py

@@ -0,0 +1,48 @@
+"""Integration test for new validators in run_all_validators.py"""
+
+import subprocess
+import sys
+from pathlib import Path
+
+import pytest
+
+
+VALIDATORS_DIR = Path(__file__).parent
+
+
+class TestNewValidatorsIntegration:
+    def test_abbreviation_checks_called(self) -> None:
+        """Verify abbreviation_checks is invoked by run_all_validators."""
+        result = subprocess.run(
+            [sys.executable, str(VALIDATORS_DIR / "run_all_validators.py"), "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert "Abbreviations" in result.stdout or result.returncode == 0
+
+    def test_pr_reference_checks_called(self) -> None:
+        """Verify pr_reference_checks is invoked by run_all_validators."""
+        result = subprocess.run(
+            [sys.executable, str(VALIDATORS_DIR / "run_all_validators.py"), "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert "PR References" in result.stdout or result.returncode == 0
+
+    def test_magic_value_checks_called(self) -> None:
+        """Verify magic_value_checks is invoked by run_all_validators."""
+        result = subprocess.run(
+            [sys.executable, str(VALIDATORS_DIR / "run_all_validators.py"), "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert "Magic Values" in result.stdout or result.returncode == 0
+
+    def test_useless_test_checks_called(self) -> None:
+        """Verify useless_test_checks is invoked by run_all_validators."""
+        result = subprocess.run(
+            [sys.executable, str(VALIDATORS_DIR / "run_all_validators.py"), "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert "Useless Tests" in result.stdout or result.returncode == 0

package/hooks/validators/test_safety_checks.py

@@ -0,0 +1,243 @@
+#!/usr/bin/env python3
+"""AST-based safety validators for test files and development scripts.
+
+This module provides checks for:
+1. No skip decorators in test files (tests must fail, not skip)
+2. DEBUG guard in Django management commands (dev tools only for DEBUG mode)
+"""
+
+import ast
+import sys
+from dataclasses import dataclass
+from pathlib import Path
+from typing import List
+
+
+SKIP_DECORATOR_NAMES = frozenset([
+    "skip",
+    "skipif",
+    "skipunless",
+])
+
+SKIP_DECORATOR_MESSAGE = (
+    "Skip decorator not allowed. Tests should fail if they can't run. "
+    "Missing dependencies should make the test fail with a clear error."
+)
+
+DEBUG_CHECK_MESSAGE = (
+    "Management command in management/commands/ must check settings.DEBUG. "
+    "Dev tools should only run in DEBUG mode."
+)
+
+
+@dataclass(frozen=True)
+class Violation:
+    """Represents a code violation found by a validator."""
+
+    file: str
+    line: int
+    message: str
+
+    def __str__(self) -> str:
+        return f"{self.file}:{self.line}: {self.message}"
+
+
+def check_no_skip_decorators(code: str, filepath: str) -> List[Violation]:
+    """Check that test files don't use skip decorators.
+
+    Args:
+        code: Python source code to check
+        filepath: Path to the file being checked (for error reporting)
+
+    Returns:
+        List of violations found
+    """
+    violations: List[Violation] = []
+
+    try:
+        tree = ast.parse(code)
+    except SyntaxError:
+        return violations
+
+    for node in ast.walk(tree):
+        if not isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef)):
+            continue
+
+        for decorator in node.decorator_list:
+            decorator_name = _get_decorator_name(decorator)
+            if decorator_name.lower() in SKIP_DECORATOR_NAMES:
+                violations.append(
+                    Violation(
+                        file=filepath,
+                        line=node.lineno,
+                        message=SKIP_DECORATOR_MESSAGE,
+                    )
+                )
+
+    return violations
+
+
+def _get_decorator_name(decorator: ast.expr) -> str:
+    """Extract the name from a decorator node.
+
+    Handles both simple decorators (@skip) and attribute decorators
+    (@pytest.mark.skip, @unittest.skip).
+
+    Args:
+        decorator: AST decorator node
+
+    Returns:
+        The decorator name (e.g., "skip", "skipif")
+    """
+    if isinstance(decorator, ast.Name):
+        return decorator.id
+
+    if isinstance(decorator, ast.Attribute):
+        return decorator.attr
+
+    if isinstance(decorator, ast.Call):
+        if isinstance(decorator.func, ast.Name):
+            return decorator.func.id
+        if isinstance(decorator.func, ast.Attribute):
+            return decorator.func.attr
+
+    return ""
+
+
+def check_debug_guard_in_dev_scripts(code: str, filepath: str) -> List[Violation]:
+    """Check that Django management commands check settings.DEBUG.
+
+    Only applies to files in management/commands/ directories.
+
+    Args:
+        code: Python source code to check
+        filepath: Path to the file being checked
+
+    Returns:
+        List of violations found
+    """
+    violations: List[Violation] = []
+
+    normalized_path = filepath.replace("\\", "/")
+    if "management/commands/" not in normalized_path:
+        return violations
+
+    try:
+        tree = ast.parse(code)
+    except SyntaxError:
+        return violations
+
+    has_command_class = False
+    has_debug_check = False
+    command_line = 0
+
+    for node in ast.walk(tree):
+        if isinstance(node, ast.ClassDef):
+            if any(
+                isinstance(base, ast.Name) and base.id == "BaseCommand"
+                for base in node.bases
+            ):
+                has_command_class = True
+                command_line = node.lineno
+
+                for item in node.body:
+                    if isinstance(item, ast.FunctionDef) and item.name == "handle":
+                        if _has_debug_guard(item):
+                            has_debug_check = True
+
+    if has_command_class and not has_debug_check:
+        violations.append(
+            Violation(
+                file=filepath,
+                line=command_line,
+                message=DEBUG_CHECK_MESSAGE,
+            )
+        )
+
+    return violations
+
+
+def _has_debug_guard(func: ast.FunctionDef) -> bool:
+    """Check if a function has a settings.DEBUG guard at the start.
+
+    Looks for patterns like:
+    - if not settings.DEBUG: raise/return
+    - if settings.DEBUG: ... else: raise/return
+
+    Args:
+        func: Function definition node to check
+
+    Returns:
+        True if function has proper DEBUG guard
+    """
+    if not func.body:
+        return False
+
+    for stmt in func.body[:5]:
+        if isinstance(stmt, ast.If):
+            test = stmt.test
+
+            if isinstance(test, ast.UnaryOp) and isinstance(test.op, ast.Not):
+                if _is_debug_check(test.operand):
+                    return True
+
+            if _is_debug_check(test) and stmt.orelse:
+                return True
+
+    return False
+
+
+def _is_debug_check(node: ast.expr) -> bool:
+    """Check if a node is a settings.DEBUG check.
+
+    Args:
+        node: AST expression node
+
+    Returns:
+        True if node is settings.DEBUG
+    """
+    if not isinstance(node, ast.Attribute):
+        return False
+
+    if node.attr != "DEBUG":
+        return False
+
+    if isinstance(node.value, ast.Name) and node.value.id == "settings":
+        return True
+
+    return False
+
+
+def main(file_paths: List[str]) -> int:
+    """Run all safety checks on the given files.
+
+    Args:
+        file_paths: List of file paths to check
+
+    Returns:
+        Exit code: 0 if all checks pass, 1 if violations found
+    """
+    all_violations: List[Violation] = []
+
+    for filepath in file_paths:
+        path = Path(filepath)
+        if not path.exists():
+            print(f"Error: File not found: {filepath}", file=sys.stderr)
+            continue
+
+        code = path.read_text(encoding="utf-8")
+
+        violations = check_no_skip_decorators(code, filepath)
+        all_violations.extend(violations)
+
+        violations = check_debug_guard_in_dev_scripts(code, filepath)
+        all_violations.extend(violations)
+
+    for violation in all_violations:
+        print(violation)
+
+    return 1 if all_violations else 0
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))

package/hooks/validators/test_security_checks.py

@@ -0,0 +1,105 @@
+"""Tests for security vulnerability detection."""
+
+import ast
+
+import pytest
+
+from security_checks import (
+    check_hardcoded_secrets,
+    check_sql_injection,
+    check_xss_risk,
+)
+from validator_base import Violation
+
+
+GOOD_NO_SECRETS = '''
+import os
+
+def get_api_key():
+    return os.environ.get("API_KEY")
+'''
+
+BAD_HARDCODED_API_KEY = '''
+API_KEY = "sk-abc123xyz789"
+'''
+
+BAD_HARDCODED_PASSWORD = '''
+def connect():
+    password = "super_secret_123"
+    return password
+'''
+
+GOOD_PARAMETERIZED_SQL = '''
+def get_user(user_id):
+    cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
+'''
+
+BAD_FSTRING_SQL = '''
+def get_user(user_id):
+    cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
+'''
+
+BAD_FORMAT_SQL = '''
+def get_user(user_id):
+    cursor.execute("SELECT * FROM users WHERE id = {}".format(user_id))
+'''
+
+GOOD_ESCAPED_HTML = '''
+from django.utils.html import escape
+
+def render(user_input):
+    return escape(user_input)
+'''
+
+BAD_MARK_SAFE = '''
+from django.utils.safestring import mark_safe
+
+def render(user_input):
+    return mark_safe(user_input)
+'''
+
+
+class TestHardcodedSecrets:
+    def test_env_variable_passes(self) -> None:
+        tree = ast.parse(GOOD_NO_SECRETS)
+        violations = check_hardcoded_secrets(tree, "test.py")
+        assert violations == []
+
+    def test_hardcoded_api_key_fails(self) -> None:
+        tree = ast.parse(BAD_HARDCODED_API_KEY)
+        violations = check_hardcoded_secrets(tree, "test.py")
+        assert len(violations) == 1
+        assert "API_KEY" in violations[0].message or "secret" in violations[0].message.lower()
+
+    def test_hardcoded_password_fails(self) -> None:
+        tree = ast.parse(BAD_HARDCODED_PASSWORD)
+        violations = check_hardcoded_secrets(tree, "test.py")
+        assert len(violations) == 1
+
+
+class TestSqlInjection:
+    def test_parameterized_query_passes(self) -> None:
+        violations = check_sql_injection(GOOD_PARAMETERIZED_SQL, "test.py")
+        assert violations == []
+
+    def test_fstring_sql_fails(self) -> None:
+        violations = check_sql_injection(BAD_FSTRING_SQL, "test.py")
+        assert len(violations) == 1
+        assert "SQL" in violations[0].message or "injection" in violations[0].message.lower()
+
+    def test_format_sql_fails(self) -> None:
+        violations = check_sql_injection(BAD_FORMAT_SQL, "test.py")
+        assert len(violations) == 1
+
+
+class TestXssRisk:
+    def test_escaped_html_passes(self) -> None:
+        tree = ast.parse(GOOD_ESCAPED_HTML)
+        violations = check_xss_risk(tree, "test.py")
+        assert violations == []
+
+    def test_mark_safe_fails(self) -> None:
+        tree = ast.parse(BAD_MARK_SAFE)
+        violations = check_xss_risk(tree, "test.py")
+        assert len(violations) == 1
+        assert "mark_safe" in violations[0].message or "XSS" in violations[0].message