Skip to content

fix: security-hardened hooks, portable config, non-UTF8 handling#52

Open
pixincreate wants to merge 23 commits intomainfrom
fix/keywatch-security-hooks
Open

fix: security-hardened hooks, portable config, non-UTF8 handling#52
pixincreate wants to merge 23 commits intomainfrom
fix/keywatch-security-hooks

Conversation

@pixincreate
Copy link
Copy Markdown
Owner

@pixincreate pixincreate commented Apr 21, 2026

Summary

Security and usability fixes for KeyWatch:

Security

  • Shell injection protection - Escape user input in generated hooks (allowed_repos, blocked_repos, exclude patterns)
  • Path validation - Hooks verify key-watch is on PATH before running

Usability

  • Portable detector loading - Checks executable directory first, falls back to CWD
  • Non-UTF8 handling - Binary files gracefully skipped (no crash)
  • Filenames with spaces - Hook uses IFS= read -r for safe handling
  • Error distinction - Exit code 1 = secret found, other = runtime error

Cleanup

  • Remove CLI help text typos ("push/push" → "push")
  • Remove non-English text

Testing

  • Added 4 new tests covering:
    • test_non_utf8_file_handling
    • test_hook_generation_pre_push
    • test_hook_generation_pre_commit
    • test_hook_shell_escaping

All tests pass (14 total).

Files changed:

  • src/hooks.rs - New module for hook generation
  • src/detector.rs - Portable config loading
  • src/scanner.rs - Non-UTF8 handling
  • src/lib.rs - Export hooks
  • src/main.rs - Use hooks module
  • tests/integration_tests.rs - New tests

@pixincreate
fix: security-hardened hooks, portable config, non-UTF8 handling
865a887 
- Add shell injection protection in generated hooks (escape user input)
- Make detector loading portable (check exe dir first, then CWD)
- Handle non-UTF8 files gracefully (skip binary files)
- Fix filenames with spaces via IFS= read -r in pre-commit hook
- Distinguish secret detection (exit 1) from runtime errors
- Clean CLI help text (remove typos and non-English text)
- Add comprehensive tests for new features

Closes #32
@pixincreate pixincreate self-assigned this Apr 21, 2026
@pixincreate pixincreate added bug Something isn't working enhancement New feature or request labels Apr 21, 2026
@pixincreate
test: add behavioral tests for hooks, exit modes, integrity
1eff966 
- Add exit_code_on_secrets/no_secrets tests (verify findings behavior)
- Add verify_integrity_flag test
- Add exclude_pattern_filtering test (verify *.log exclusion works)
- Add portable_config_loading test (detectors.toml loading)
- Add hook_missing_binary_path and hook_missing_detectors_toml tests

21 tests now pass (was 14).

Closes #32
@pixincreate
chore: add justfile for common development tasks
35472ce
@pixincreate
docs: update README and CHANGELOG for v1.1.0
200d10a 
- Document security hardening in hooks
- Add Development section with just commands
- Add Security Notes section
- Update project structure
- Add CHANGELOG entry for v1.1.0
@pixincreate
fix: keep unreleased, not dated
c26a590
@pixincreate
fix: remove unused import
e23b436
@pixincreate
chore: remove noise comments
f9c5792
@pixincreate
refactor: extract hooks to templates/, meaningful variable names
ab22ef5 
- Move hook templates to templates/pre-push.sh and templates/pre-commit.sh
- Rename v->escaped, ch->character for clarity
- just check passes (21 tests)
@pixincreate
refactor: named constants, simplify template rendering
99a7af8 
- DEFAULT_BINARY_NAME constant
- Remove generic render_template, use specific render_pre_push/pre_commit
- Remove empty string placeholders from templates
- just check passes
@pixincreate
fix: hook finds binary relative to itself, not just PATH
a4a087b 
- find_keywatch() searches: PATH -> hook_dir -> target/debug
- Works during development without cargo install
- Remove blocking local hooks
@pixincreate
revert: PATH-only check for global installs
3c93584
@pixincreate
refactor: remove redundant ReportMetadata struct
e664ae0 
Consolidate ScanMetadata and ReportMetadata into single struct.
Move scan_time to report level, not metadata level.
@pixincreate
refactor: replace hardcoded strings with named constants
be33293 
- Add EXIT_MODE_ALWAYS, EXIT_MODE_CRITICAL, EXIT_MODE_STRICT constants
- Add SEVERITY_HIGH constant
- Use descriptive variable names instead of single-char
- Remove redundant imports
@pixincreate
Fix: use EXIT_MODE_STRICT constant in match arm
2c5ec5f
@pixincreate
Fix: user-friendly output, add install/uninstall scripts
0b6b47d 
- Output summary instead of JSON by default (verbose for full JSON)
- Add install.sh script for easy installation to ~/.local/bin or /usr/local/bin
- Add uninstall.sh script for clean removal
- Update README with script-based installation instructions
@pixincreate
chore: update rust edition to 2024
3a7949a
@pixincreate
Simplify: concise README, binary aliases, single install script
b9664df 
- Rewrite README to be concise (~50 lines)
- Add binary aliases: keywatch, watch (in addition to key-watch)
- Simplify install script: cargo install first, then local binary fallback
- Remove legacy hooks/keywatch.sh
- Remove .pre-commit-config.yaml
- Default: all repos allowed (no restrictions)
@pixincreate
Fix: remove redundant .to_string(), restore .git exclusion in scanner
d04c63f
@pixincreate
Fix: rename single-char vars f->finding in get_severity_counts
3c3c8c7
@pixincreate
Update: concise README/CHANGELOG, add 3 tests (24 total)
71885c5 
- Simplify README (~60 lines)
- Rewrite CHANGELOG with clear sections
- Add tests: binary_aliases, exit_mode_always, exit_mode_critical
@pixincreate
Refactor: split tests into 5 module files
c810fa5 
- scanner_tests.rs (9 tests)
- hooks_tests.rs (5 tests)
- report_tests.rs (2 tests)
- exit_tests.rs (5 tests)
- utils_tests.rs (2 tests)

24 tests pass
@pixincreate
Fix: fmt and clippy warnings
ecc745c
@pixincreate
Fix: unused variable in scanner_tests
6c0572c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pixincreate pixincreate

Labels

bug Something isn't working enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pixincreate