eliott/get-shit-done
1
0
Fork 0
mirror of https://github.com/glittercowboy/get-shit-done synced 2026-05-13 10:36:38 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a33cbe72f569e75e72d94de85d0930296d1ca1df
get-shit-done/.changeset/fix-3129-validate-commit-bypass.md
Tom Boucher 7827e1ddee fix(#3129): replace bypassed bash regex with token-walk git-cmd.js classifier (#3141) 
* fix(#3129): replace bypassed bash regex with token-walk git-cmd.js classifier

Root cause: gsd-validate-commit.sh used:
  if [[ "$CMD" =~ ^git[[:space:]]+commit ]]
This regex silently bypasses Conventional Commits enforcement for:
  git -C /path commit -m ...     (working-directory prefix)
  GIT_AUTHOR_NAME=x git commit   (env-var prefix)
  /usr/bin/git commit -m ...     (full-path executable)

Fix: introduces hooks/lib/git-cmd.js with isGitSubcommand(cmd, sub) —
a token-walk classifier that handles all four forms by:
  1. Skipping leading VAR=VALUE env assignments
  2. Validating the git executable (basename check for full-path support)
  3. Consuming git global options (-C <path>, --git-dir=, -p, etc.)
  4. Checking the subcommand token

The hook delegates to this classifier via node shell-out. node is
already called twice in this hook (config check + JSON parse), so no
new runtime dependency.

This becomes the single source of truth for all hooks that gate on
git subcommands (pre-commit-review-gate, post-push-verify, etc.).

Regression test: 27 assertions — tokenize correctness, 12 must-match
cases (including all 3 bypass forms), 8 must-not-match cases, 3 source
checks. All are real behavioral tests, not string comparisons.
Suite: 7035/7035. Closes #3129.

* fix(lint+hook+changeset): allow-test-rule, fix HOOK_DIR quote injection, fix changeset pr+typo
2026-05-05 15:02:15 -04:00

702 B
Raw Blame History

type, pr
type pr
Fixed 3141

gsd-validate-commit.sh community hook now catches all git commit forms — the previous [[ "$CMD" =~ ^git[[:space:]]+commit ]] bash regex silently bypassed Conventional Commits enforcement for git -C /path commit, GIT_AUTHOR_NAME=x git commit, and /usr/bin/git commit. Introduces hooks/lib/git-cmd.js — a token-walk classifier (isGitSubcommand(cmd, sub)) that correctly handles env-prefix assignments, -C path working-directory flags, full-path executables, --git-dir= options, and all git global boolean flags. The hook now delegates detection to this module — the single source of truth for all hooks that gate on git subcommands. Closes #3129.

Reference in New Issue View Git Blame Copy Permalink