third-party/pre-commit
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit.git synced 2026-04-15 01:51:46 +04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add checks for potentially dangerous trailing characters in files and excludes fields

Browse source 
Characters such as |, / can have unintended and potentially dangerous
effects when used in trailing position of the files and exclude fields
of pre-commit hooks.

This change adds tests to display a WARNING when user adds these
characters in some specific ways in files and exclude
fields.
This commit is contained in:
vandan revanur 2025-07-30 20:05:49 +02:00
parent c6817210b1
commit 5a0366bcb0
2 changed files with 102 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

70
tests/clientlib_test.py
View file

@ -240,6 +240,76 @@ def test_validate_optional_sensible_regex_at_hook(caplog, regex, warning):
assert caplog.record_tuples == [('pre_commit', logging.WARNING, warning)]
@pytest.mark.parametrize(
('regex', 'warning'),
(
(
"(?x)^(\n^some-dir/some-sub-dir|\n)/",
"Potentially dangerous trailing pipe pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
(
"^some/path1|",
"Potentially dangerous trailing pipe pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
(
"(?x)^(\n" "^some/path1|\n" "^some/path2|\n" ")",
"Potentially dangerous trailing pipe pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
(
"^some/path2/",
"Potentially dangerous trailing slash pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
(
"(?x)^(^some-dir/)/",
"Potentially dangerous trailing slash pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
(
"(?x)^(\n^some-dir|)/",
"Potentially dangerous trailing pipe pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
(
"(?x)^(\n^some-dir/\n)/",
"Potentially dangerous trailing slash pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
(
"(?x)^(\n^some-dir/\n\t\t\t\t)/",
"Potentially dangerous trailing slash pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
(
"(?x)^(\n^some-dir/\n )/",
"Potentially dangerous trailing slash pattern detected in 'files' field of the hook: 'flake8'"
"This can uninteded behaviour such as the files option being rendered empty"
"It is recommended to remove the trailing character prompted"
),
),
)
def test_validate_potentially_dangerous_trailing_characters_at_hook(caplog, regex, warning):
config_obj = {
'id': 'flake8',
'files': regex,
}
cfgv.validate(config_obj, CONFIG_HOOK_DICT)
assert caplog.record_tuples == [('pre_commit', logging.ERROR, warning)]
def test_validate_optional_sensible_regex_at_local_hook(caplog):
config_obj = sample_local_config()
config_obj['hooks'][0]['files'] = 'dir/*.py'