UNPKG

claude-buddy

Version:

Your friendly AI development companion for Claude Code - supercharge Claude Code with intelligent workflows and safety features

265 lines (210 loc) 8.64 kB
# ADR-004: Security-First Hook System Design **Status**: Accepted **Date**: 2024-07-22 **Authors**: Claude Code Buddy Contributors **Reviewers**: Development Team ## Context Claude Code Buddy integrates with Claude Code through a hook system that executes Python scripts for file protection, command validation, and automation. Since hooks run automatically during development workflows, they present potential security risks: - Arbitrary code execution in the development environment - Access to sensitive files and directories - Potential for malicious script injection - Need for safe command validation without compromising security - Protection against accidental destructive operations The hook system needed to be designed with security as the primary concern while maintaining functionality and usability. ## Decision Implement a security-first hook system with multiple layers of protection: 1. **File Guard System**: Protect critical files from accidental modification 2. **Command Validation**: Validate commands before execution with allowlists 3. **Input Sanitization**: Comprehensive input validation and escaping 4. **Execution Isolation**: UV-based isolation and controlled script execution 5. **Audit Logging**: Track all hook executions for security monitoring 6. **Fail-Safe Defaults**: Conservative behavior when security checks fail ## Options Considered ### Option 1: No Hook System - **Pros**: - No security risks from hook execution - Simple implementation - No execution overhead - **Cons**: - Limited automation capabilities - No file protection - Manual command validation required - Reduced developer productivity ### Option 2: Simple Hook Execution Without Security - **Pros**: - Maximum flexibility - Easy to implement - No security overhead - **Cons**: - Significant security risks - No protection against malicious scripts - Potential for accidental damage - Unsuitable for production environments ### Option 3: Security-First Hook System (Selected) - **Pros**: - Multi-layered security protection - Safe automation capabilities - File protection against accidents - Audit trail for security monitoring - Controlled script execution environment - **Cons**: - Implementation complexity - Performance overhead for security checks - Potential for false positives in validation ### Option 4: Sandboxed Execution Environment - **Pros**: - Complete isolation - Maximum security - No risk to host system - **Cons**: - Significant implementation complexity - Limited access to development environment - Performance impact of sandboxing - Platform compatibility issues ## Consequences ### Positive Outcomes - **Security Assurance**: Multiple layers of protection against malicious or accidental damage - **File Protection**: Critical files (configs, security files) protected from modification - **Command Validation**: Dangerous commands blocked before execution - **Audit Trail**: Complete logging of hook executions for security analysis - **Developer Safety**: Safe automation without compromising system security - **Compliance**: Meets security requirements for enterprise environments ### Negative Outcomes - **Performance Overhead**: Security checks add latency to hook execution - **Complexity**: More sophisticated implementation and testing requirements - **False Positives**: Legitimate operations may be blocked by conservative security rules - **Maintenance**: Security rules and allowlists require ongoing updates ### Neutral Impacts - **Functionality**: Core automation capabilities preserved with security constraints - **User Experience**: Minimal impact on normal development workflows ## Implementation ### 1. File Guard System (`file-guard.py`) Protects critical files using configurable rules: ```python PROTECTED_PATTERNS = [ r'\.env$', # Environment files r'\.env\.', # Environment variants r'keys?\.json$', # Key files r'secrets?\.json$', # Secret files r'\.ssh/', # SSH directory r'\.aws/', # AWS credentials r'\.config/.*auth', # Auth configs ] def is_protected_file(file_path): """Check if file should be protected from modification""" for pattern in PROTECTED_PATTERNS: if re.search(pattern, file_path, re.IGNORECASE): return True return False ``` ### 2. Command Validator (`command-validator.py`) Validates commands against allowlists and blocklists: ```python DANGEROUS_COMMANDS = [ 'rm -rf /', 'format c:', 'dd if=', '> /dev/', 'chmod 777', ] ALLOWED_COMMANDS = [ 'git', 'npm', 'yarn', 'node', 'python', 'pip', 'code', 'vim', 'nano', 'ls', 'cat', 'grep' ] def validate_command(command): """Validate command for safety before execution""" # Check against dangerous patterns for dangerous in DANGEROUS_COMMANDS: if dangerous in command.lower(): return False, f"Dangerous command blocked: {dangerous}" # Validate against allowed commands cmd_parts = command.strip().split() if cmd_parts and cmd_parts[0] not in ALLOWED_COMMANDS: return False, f"Command not in allowlist: {cmd_parts[0]}" return True, "Command validated" ``` ### 3. Input Sanitization All inputs are sanitized before processing: ```python import shlex import html def sanitize_input(user_input): """Sanitize user input to prevent injection attacks""" # HTML escape sanitized = html.escape(user_input) # Shell escape for command execution sanitized = shlex.quote(sanitized) # Remove null bytes and control characters sanitized = re.sub(r'[\x00-\x1f\x7f-\x9f]', '', sanitized) return sanitized ``` ### 4. UV Execution Isolation Hooks execute through UV with controlled environment: ```json { "file_guard": { "command": "uv run --no-project python {{INSTALL_DIR}}/hooks/file-guard.py", "timeout": 5000, "isolation": "process" } } ``` ### 5. Audit Logging All hook executions are logged for security monitoring: ```python import logging import json from datetime import datetime def log_hook_execution(hook_name, command, result, user_context): """Log hook execution for security audit""" log_entry = { 'timestamp': datetime.utcnow().isoformat(), 'hook': hook_name, 'command': command, 'result': result, 'user': user_context.get('user', 'unknown'), 'working_dir': user_context.get('cwd', 'unknown'), 'files_accessed': user_context.get('files', []) } logging.info(f"HOOK_EXECUTION: {json.dumps(log_entry)}") ``` ### 6. Configuration Security Hook configurations are validated at load time: ```typescript interface SecureHookConfig { command: string; timeout: number; // Maximum execution time allowedPaths: string[]; // Restricted file access environment: 'isolated'; // Execution environment validation: 'strict'; // Input validation level } function validateHookConfig(config: SecureHookConfig): boolean { // Validate command doesn't contain dangerous patterns // Check timeout is reasonable (< 30 seconds) // Ensure paths are within allowed directories // Verify environment isolation is enabled return isConfigSecure(config); } ``` ## Monitoring and Success Criteria Security indicators: - ✅ Zero security incidents from hook execution - ✅ All dangerous commands successfully blocked - ✅ Protected files remain unmodified by hooks - ✅ Complete audit trail of hook executions - ✅ Input sanitization preventing injection attacks Ongoing monitoring: - Hook execution audit logs reviewed regularly - Security rule effectiveness metrics - False positive rates for validation rules - Performance impact of security checks - User feedback on security restrictions ## Related ADRs - [ADR-003](./ADR-003-uv-python-package-management.md) - UV provides execution isolation for hooks - [ADR-001](./ADR-001-typescript-migration.md) - TypeScript enables type-safe hook configuration - [ADR-002](./ADR-002-persona-system-architecture.md) - Security persona integrates with hook validation ## References - [OWASP Secure Coding Practices](https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/) - [Python Security Best Practices](https://python.org/dev/security/) - [Command Injection Prevention](https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html) - [Input Validation Guidelines](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)