claude-dev-env 1.24.0 → 1.25.1

package/hooks/blocking/test_gh_body_arg_blocker.py

@@ -18,6 +18,8 @@ hook_module = importlib.util.module_from_spec(hook_spec)
 hook_spec.loader.exec_module(hook_module)
 _uses_body_string_arg = hook_module._uses_body_string_arg
 
+from _gh_body_arg_utils import iter_significant_tokens
+
 
 def test_blocks_issue_create_with_body_string() -> None:
     assert _uses_body_string_arg('gh issue create --title "T" --body "text"')
@@ -144,5 +146,230 @@ def test_no_false_positive_heredoc_body_text() -> None:
 
 
 def test_no_false_positive_unparseable_command() -> None:
-    """Unparseable first line (unmatched quote) falls back to approve."""
-    assert not _uses_body_string_arg("gh pr create --title 'unmatched --body oops")
+    """Unparseable line WITHOUT --body token must approve (out of hook scope)."""
+    assert not _uses_body_string_arg("gh pr create --title 'unmatched quote here")
+
+
+def test_blocks_unparseable_command_when_body_token_present() -> None:
+    """C2: shlex-unparseable command on affected subcommand WITH --body must BLOCK.
+
+    A heredoc-style command like `gh pr create --body "$(cat <<EOF...)"` raises
+    ValueError in shlex.split(posix=False); silently approving lets the exact
+    pattern this hook exists to block slip through. Detect a bare --body literal
+    via regex and deny.
+    """
+    command = 'gh pr create --title "T" --body "$(cat <<EOF\nbody text\nEOF\n)"'
+    assert _uses_body_string_arg(command)
+
+
+def test_blocks_unparseable_command_with_short_b_token_present() -> None:
+    """C2 short form: unparseable command (odd single quote) with bare -b must BLOCK."""
+    command = "gh pr comment 42 --unterminated 'quote here -b short body text"
+    assert _uses_body_string_arg(command)
+
+
+def test_approves_body_file_dash_stdin_sentinel() -> None:
+    """`gh pr create --body-file -` reads body from stdin and is allowed."""
+    assert not _uses_body_string_arg("gh pr create --title 'T' --body-file -")
+
+
+def test_blocks_crlf_line_endings_with_bash_continuation() -> None:
+    """CRLF line endings must not break bash continuation joining."""
+    command = 'gh pr create \\\r\n  --title "T" \\\r\n  --body "text"\r\n'
+    assert _uses_body_string_arg(command)
+
+
+def test_blocks_continuation_with_tab_after_marker() -> None:
+    """Tab whitespace after a continuation marker still counts as continuation."""
+    command = 'gh pr create \\\t\n  --title "T" \\\t\n  --body "text"\n'
+    assert _uses_body_string_arg(command)
+
+
+def test_blocks_utf8_body_with_emoji() -> None:
+    """UTF-8 body content (emoji) must still be detected as a body string."""
+    assert _uses_body_string_arg('gh pr create --title "T" --body "ship it 🚀"')
+
+
+def test_blocks_pr_review_request_changes_short_b() -> None:
+    """gh pr review --request-changes -b "text" must block."""
+    assert _uses_body_string_arg(
+        'gh pr review 10 --request-changes -b "needs work"'
+    )
+
+
+def test_blocks_empty_body_string() -> None:
+    """`gh pr create --body=""` is still a body-string call; must block."""
+    assert _uses_body_string_arg('gh pr create --title "T" --body=""')
+
+
+def test_blocks_body_file_followed_by_body_string() -> None:
+    """H5: malformed `gh pr create --body-file --body "text"` must BLOCK.
+
+    Without the flag-shape guard, --body-file consumes --body as its path and
+    the real body string slips through as a positional. Treat a value-taking
+    flag as value-missing when the next token is itself flag-shaped.
+    """
+    assert _uses_body_string_arg(
+        'gh pr create --body-file --body "real body text"'
+    )
+
+
+def test_blocks_windows_path_with_trailing_backslash_continuation() -> None:
+    """C1: prior line ending in `C:\\Users\\jon\\` must still continue lines.
+
+    Naive `count("\\\\") % 2 == 1` mis-classifies this (count=4, even -> no
+    continuation) and misses --body on the next line. Counting only the
+    trailing run of backslashes correctly identifies a single trailing
+    backslash as a continuation marker.
+    """
+    command = (
+        'gh pr create --title C:\\Users\\jon\\ \\\n'
+        '  --body "real body text"\n'
+    )
+    assert _uses_body_string_arg(command)
+
+
+def test_does_not_join_lines_after_markdown_fence() -> None:
+    """C1: a prior line ending in three backticks (count=3, odd) must NOT continue.
+
+    Old logic treated any odd backtick count as a PowerShell continuation; a
+    closing markdown fence trailing the line would falsely join the next line.
+    The fix requires whitespace before a trailing backtick (PowerShell
+    continuation marker is `<space>` + backtick + newline) so a bare ``` line
+    end does not continue.
+    """
+    command = (
+        "echo ```\n"
+        'gh pr create --title "T" --body "real body text"\n'
+    )
+    assert _uses_body_string_arg(command) is False
+
+
+def test_does_not_false_positive_equals_form_in_title_value() -> None:
+    """`--title="use --body x"` posix=False keeps the value quoted; must approve."""
+    assert not _uses_body_string_arg(
+        'gh pr create --title="use --body x" --body-file /tmp/b.md'
+    )
+
+
+def test_blocks_short_body_file_F_then_body_string_later() -> None:
+    """`-F /path` (short for --body-file) consumes its value, then --body must still block."""
+    assert _uses_body_string_arg(
+        'gh pr create -F /tmp/file.md --body "extra body"'
+    )
+
+
+def test_approves_short_body_file_F_alone() -> None:
+    """`-F /path` alone must be approved (it is the short form of --body-file)."""
+    assert not _uses_body_string_arg(
+        'gh pr create --title "T" -F /tmp/file.md'
+    )
+
+
+def test_approves_template_flag_value_does_not_trigger() -> None:
+    """`--template path` consumes its value; `--body` inside path must not trigger."""
+    assert not _uses_body_string_arg(
+        'gh pr create --title "T" --template /tmp/--body-template.md --body-file /tmp/b.md'
+    )
+
+
+def test_approves_recover_flag_value() -> None:
+    """`--recover path` is value-taking and must not leak `--body` mis-detection."""
+    assert not _uses_body_string_arg(
+        'gh pr create --recover /tmp/state.json --body-file /tmp/b.md'
+    )
+
+
+def test_approves_body_file_only_shlex_unparseable() -> None:
+    """loop1-1: shlex-unparseable command with only --body-file must NOT block.
+
+    The old \b boundary in _BARE_BODY_TOKEN_PATTERN fired between 'y' and '-'
+    in '--body-file', causing any unparseable command containing only --body-file
+    (no bare --body) to be incorrectly blocked.
+    """
+    assert not _uses_body_string_arg(
+        "gh pr create --title 'unmatched --body-file /tmp/body.md"
+    )
+
+
+def test_blocks_body_equals_spaced_value() -> None:
+    """loop1-3: --body='has space' split by shlex(posix=False) into two tokens.
+
+    shlex.split(posix=False) splits `--body='has space'` into ["--body='has", "space'"].
+    The continuation token "space'" must be skipped, not yielded as a significant
+    positional — the leading --body='has token must still trigger a block.
+    """
+    assert _uses_body_string_arg(
+        "gh pr create --title 'T' --body='has space'"
+    )
+
+
+def test_blocks_short_b_equals_spaced_value() -> None:
+    """loop1-3: -b='has space' split by shlex(posix=False) — continuation token skipped."""
+    assert _uses_body_string_arg(
+        "gh pr create --title 'T' -b='has space'"
+    )
+
+
+def test_blocks_body_after_unclosed_quoted_title() -> None:
+    """loop2-1: unclosed quote in --title= must not consume --body token.
+
+    shlex.split(posix=False) keeps --title="unclosed as one token whose value
+    starts with a quote but has no closing match among subsequent tokens.
+    count_extra_tokens_to_skip_for_split_quoted_value must return 0 (not the
+    full remaining list length) so the following --body flag stays visible.
+    """
+    assert _uses_body_string_arg(
+        'gh pr create --title="unclosed --body "real body"'
+    )
+
+
+def test_space_form_value_flag_remaining_excludes_consumed_value() -> None:
+    """loop2-2: remaining_tokens for space-form value flag must not include the consumed value.
+
+    When iter_significant_tokens yields (--title, remaining) for --title MyTitle,
+    remaining must contain only tokens after MyTitle — not MyTitle itself.
+    """
+    all_yielded = list(iter_significant_tokens('gh pr create --title MyTitle --body "desc"'))
+    title_remaining = next(remaining for token, remaining in all_yielded if token == "--title")
+    assert "MyTitle" not in title_remaining
+
+
+def test_quoted_value_starts_split_unclosed_single_quote() -> None:
+    from _gh_body_arg_utils import _quoted_value_starts_split
+    assert _quoted_value_starts_split("'it") is True
+
+
+def test_quoted_value_starts_split_fully_closed() -> None:
+    from _gh_body_arg_utils import _quoted_value_starts_split
+    assert _quoted_value_starts_split("'hello'") is False
+
+
+def test_quoted_value_starts_split_double_quote_unclosed() -> None:
+    from _gh_body_arg_utils import _quoted_value_starts_split
+    assert _quoted_value_starts_split('"hello') is True
+
+
+def test_count_extra_tokens_returns_none_when_exhausted() -> None:
+    from _gh_body_arg_utils import count_extra_tokens_to_skip_for_split_quoted_value
+    result = count_extra_tokens_to_skip_for_split_quoted_value([], "'unclosed")
+    assert result is None
+
+
+def test_count_extra_tokens_returns_none_no_closing_in_remaining() -> None:
+    from _gh_body_arg_utils import count_extra_tokens_to_skip_for_split_quoted_value
+    result = count_extra_tokens_to_skip_for_split_quoted_value(["word", "another"], "'unclosed")
+    assert result is None
+
+
+def test_count_extra_tokens_returns_zero_for_self_contained() -> None:
+    from _gh_body_arg_utils import count_extra_tokens_to_skip_for_split_quoted_value
+    result = count_extra_tokens_to_skip_for_split_quoted_value(["next"], "'complete'")
+    assert result == 0
+
+
+def test_all_body_flag_prefixes_used_for_equals_skip() -> None:
+    from _gh_body_arg_utils import _all_equals_prefixes_for_skip, all_body_flag_prefixes
+    for each_prefix in all_body_flag_prefixes:
+        assert each_prefix in _all_equals_prefixes_for_skip
+

package/hooks/blocking/test_pr_description_enforcer.py

@@ -65,10 +65,10 @@ def test_extract_body_file_missing_path_returns_none() -> None:
     assert extract_body_from_command(command) is None
 
 
-def test_extract_body_file_shell_variable_returns_empty() -> None:
-    """Shell variables like $bodyPath can't be resolved at hook time -- approve safely."""
+def test_extract_body_file_shell_variable_returns_none() -> None:
+    """Shell variables like $bodyPath can't be resolved at hook time -- return None to skip enforcement."""
     command = 'gh pr create --title "T" --body-file $bodyPath'
-    assert extract_body_from_command(command) == ""
+    assert extract_body_from_command(command) is None
 
 
 def test_extract_body_file_no_false_positive_in_title() -> None:
@@ -185,3 +185,193 @@ def test_main_does_not_block_when_no_body_flag_present() -> None:
             except SystemExit:
                 pass
     assert "deny" not in captured_stdout.getvalue()
+
+
+def test_extract_body_from_body_file_short_F_form(tmp_path: pathlib.Path) -> None:
+    """`gh pr create -F PATH` (short form of --body-file) must read the file."""
+    body_file = tmp_path / "body.md"
+    body_file.write_text(VALID_BODY)
+    command = f'gh pr create --title "T" -F {body_file}'
+    assert extract_body_from_command(command) == VALID_BODY
+
+
+def test_extract_body_ignores_body_inside_title_quoted_value() -> None:
+    """Migration to shared iterator: `--title "contains --body here"` must not false-match."""
+    command = 'gh pr create --title "contains --body here" --body-file /tmp/real.md'
+    extracted_body = extract_body_from_command(command)
+    assert extracted_body is None or extracted_body == ""
+
+
+def test_extract_body_reassembles_split_quoted_equals_value() -> None:
+    """`--body="has multiple spaces inside"` must reassemble across posix=False tokens."""
+    command = 'gh pr create --title "T" --body="this body has multiple words"'
+    assert extract_body_from_command(command) == "this body has multiple words"
+
+
+def test_read_body_file_rejects_relative_path_traversal(tmp_path) -> None:
+    import importlib.util, pathlib, sys
+    _HOOK_DIR = pathlib.Path(__file__).parent
+    if str(_HOOK_DIR) not in sys.path:
+        sys.path.insert(0, str(_HOOK_DIR))
+    spec = importlib.util.spec_from_file_location('pde', _HOOK_DIR / 'pr-description-enforcer.py')
+    m = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(m)
+    import os, pytest
+    sentinel_file = tmp_path / 'secret.txt'
+    sentinel_file.write_text('secret')
+    rel_path = os.path.relpath(str(sentinel_file))
+    if '..' not in rel_path:
+        pytest.skip('file is under cwd, not a traversal case')
+    with pytest.raises(m.PathTraversalError):
+        m._read_body_file_contents(rel_path)
+
+
+def test_read_body_file_allows_absolute_path_outside_cwd(tmp_path) -> None:
+    import importlib.util, pathlib, sys
+    _HOOK_DIR = pathlib.Path(__file__).parent
+    spec = importlib.util.spec_from_file_location('pde2', _HOOK_DIR / 'pr-description-enforcer.py')
+    m = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(m)
+    body_file = tmp_path / 'body.md'
+    body_file.write_text('hello')
+    result = m._read_body_file_contents(str(body_file))
+    assert result == 'hello'
+
+
+def test_reassemble_split_quoted_value_returns_none_for_unclosed_quote() -> None:
+    import importlib.util, pathlib, sys
+    _HOOK_DIR = pathlib.Path(__file__).parent
+    spec = importlib.util.spec_from_file_location('pde3', _HOOK_DIR / 'pr-description-enforcer.py')
+    m = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(m)
+    result = m._reassemble_split_quoted_value("'unclosed", [])
+    assert result is None
+
+
+def test_extract_body_returns_none_for_unclosed_quote_value() -> None:
+    result = extract_body_from_command("gh pr create --title T --body='unclosed")
+    assert result is None
+
+
+
+def test_body_file_stdin_sentinel_returns_none() -> None:
+    """--body-file - (stdin sentinel) must return None so enforcer skips validation."""
+    command = 'gh pr create --title "T" --body-file -'
+    assert extract_body_from_command(command) is None
+
+
+def test_body_file_shell_variable_returns_none() -> None:
+    """--body-file $VAR cannot be audited at hook time -- must return None, not empty string."""
+    command = 'gh pr create --title "T" --body-file $BODY_VAR'
+    assert extract_body_from_command(command) is None
+
+
+def test_body_file_path_traversal_returns_none() -> None:
+    """Path traversal rejection must return None so enforcer does not raise false positive."""
+    import os
+    import importlib.util
+    import pathlib
+    _HOOK_DIR = pathlib.Path(__file__).parent
+    spec = importlib.util.spec_from_file_location('pde_t', _HOOK_DIR / 'pr-description-enforcer.py')
+    m = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(m)
+    result = m._resolve_body_file_value("../../../etc/passwd")
+    assert result is None
+
+
+def test_main_allows_through_stdin_sentinel_body_file() -> None:
+    """--body-file - must not be blocked (stdin body is unauditable)."""
+    import io
+    import json
+    from unittest.mock import patch
+    hook_input = {
+        "tool_name": "Bash",
+        "tool_input": {"command": 'gh pr create --title "T" --body-file -'},
+    }
+    captured_stdout = io.StringIO()
+    with patch("sys.stdin", io.StringIO(json.dumps(hook_input))):
+        with patch("sys.stdout", captured_stdout):
+            try:
+                hook_module.main()
+            except SystemExit:
+                pass
+    assert "deny" not in captured_stdout.getvalue()
+
+
+def test_read_body_file_rejects_absolute_symlink_outside_cwd(tmp_path: pathlib.Path) -> None:
+    """Absolute symlink pointing outside cwd must raise PathTraversalError."""
+    import importlib.util
+    import pytest
+    _HOOK_DIR = pathlib.Path(__file__).parent
+    spec = importlib.util.spec_from_file_location('pde_sym', _HOOK_DIR / 'pr-description-enforcer.py')
+    m = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(m)
+    target_file = tmp_path / "secret.txt"
+    target_file.write_text("secret content")
+    link_path = tmp_path / "evil_link"
+    try:
+        link_path.symlink_to(target_file)
+    except (OSError, NotImplementedError):
+        pytest.skip("symlinks not supported on this platform")
+    with pytest.raises(m.PathTraversalError):
+        m._read_body_file_contents(str(link_path))
+
+
+def test_read_body_file_allows_real_absolute_file_inside_cwd(tmp_path: pathlib.Path) -> None:
+    """Real absolute file path that exists must be read successfully."""
+    import importlib.util
+    _HOOK_DIR = pathlib.Path(__file__).parent
+    spec = importlib.util.spec_from_file_location('pde_abs', _HOOK_DIR / 'pr-description-enforcer.py')
+    m = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(m)
+    body_file = tmp_path / "body.md"
+    body_file.write_text("hello body")
+    result = m._read_body_file_contents(str(body_file))
+    assert result == "hello body"
+
+
+def test_read_body_file_allows_in_cwd_symlink_pointing_into_cwd(tmp_path: pathlib.Path) -> None:
+    """Symlink inside cwd pointing to another file inside cwd must be readable."""
+    import importlib.util
+    _HOOK_DIR = pathlib.Path(__file__).parent
+    spec = importlib.util.spec_from_file_location('pde_inlink', _HOOK_DIR / 'pr-description-enforcer.py')
+    m = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(m)
+    real_file = tmp_path / "real.md"
+    real_file.write_text("real content")
+    link_file = tmp_path / "link.md"
+    try:
+        link_file.symlink_to(real_file)
+    except (OSError, NotImplementedError):
+        import pytest
+        pytest.skip("symlinks not supported on this platform")
+    with patch("pathlib.Path.cwd", return_value=tmp_path):
+        result = m._read_body_file_contents(str(link_file))
+    assert result == "real content"
+
+
+def test_iter_significant_tokens_unclosed_quote_raises_value_error() -> None:
+    """Unclosed quoted value in a value-taking flag raises ValueError so callers block conservatively.
+
+    For equals-form: --title="unclosed raises ValueError (unclosed quote not in remaining tokens).
+    For space-form: shlex.split itself raises ValueError before iter_significant_tokens is entered.
+    Both paths result in ValueError propagating to callers.
+    """
+    import pytest
+    from _gh_body_arg_utils import iter_significant_tokens
+    with pytest.raises(ValueError):
+        list(iter_significant_tokens('gh pr create --title="unclosed --body real_body'))
+
+
+def test_scan_raw_tokens_does_not_false_match_body_in_title_value(tmp_path: pathlib.Path) -> None:
+    """--title 'using --body-file is required' must not match --body-file inside the title value."""
+    body_file = tmp_path / "real_body.md"
+    body_file.write_text(VALID_BODY)
+    command = f'gh pr create --title "using --body-file is required" --body-file {body_file}'
+    result = extract_body_from_command(command)
+    assert result == VALID_BODY
+
+
+def test_extract_body_returns_none_for_unclosed_quote_value() -> None:
+    result = extract_body_from_command("gh pr create --title T --body='unclosed")
+    assert result is None