UNPKG

claude-git-hooks

Version:

Git hooks with Claude CLI for code analysis and automatic commit messages

github.com/pablorovito/claude-git-hooks

pablorovito/claude-git-hooks

181 lines (156 loc) 5.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
/** * File: sanitize.js * Purpose: Input sanitization utilities for security * * Why: Prevent prompt injection and ensure valid API input * Used by: github-client.js, and any module handling external input */ import logger from './logger.js'; /** * Sanitize string input for use in prompts and API calls * Why: Prevent prompt injection and ensure valid GitHub API input * * @param {string} input - Raw input string * @param {Object} options - Sanitization options * @param {number} options.maxLength - Maximum allowed length (default: 65536) * @param {boolean} options.allowNewlines - Allow newline characters (default: true) * @param {boolean} options.stripControlChars - Remove control characters (default: true) * @returns {string} - Sanitized string */ export const sanitizeInput = (input, { maxLength = 65536, allowNewlines = true, stripControlChars = true } = {}) => { if (typeof input !== 'string') { return ''; } let sanitized = input; // Strip control characters (except newlines/tabs if allowed) if (stripControlChars) { if (allowNewlines) { // Keep \n, \r, \t but remove other control chars sanitized = sanitized.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, ''); } else { // Remove all control characters including newlines sanitized = sanitized.replace(/[\x00-\x1F\x7F]/g, ' '); } } // Truncate to max length if (sanitized.length > maxLength) { sanitized = sanitized.substring(0, maxLength); logger.debug('sanitize - sanitizeInput', 'Input truncated', { originalLength: input.length, maxLength }); } return sanitized.trim(); }; /** * Sanitize PR title for GitHub API * Why: Titles have specific requirements (single line, reasonable length) * * @param {string} title - Raw title * @returns {string} - Sanitized title */ export const sanitizePRTitle = (title) => { return sanitizeInput(title, { maxLength: 256, allowNewlines: false, stripControlChars: true }); }; /** * Sanitize PR body/description for GitHub API * Why: Body can be longer but still needs control char removal * * @param {string} body - Raw body text * @returns {string} - Sanitized body */ export const sanitizePRBody = (body) => { return sanitizeInput(body, { maxLength: 65536, // GitHub's limit is 65536 chars allowNewlines: true, stripControlChars: true }); }; /** * Sanitize array of strings (labels, reviewers) * Why: Ensure valid GitHub usernames/label names * * @param {Array<string>} items - Array of strings to sanitize * @param {RegExp} validPattern - Pattern for valid items (default: alphanumeric + hyphen + dot) * @returns {Array<string>} - Sanitized array */ export const sanitizeStringArray = (items, validPattern = /^[\w.-]+$/) => { if (!Array.isArray(items)) { return []; } return items .filter(item => typeof item === 'string') .map(item => item.trim()) .filter(item => item.length > 0 && item.length <= 100) .filter(item => validPattern.test(item)); }; /** * Sanitize GitHub username * Why: Usernames have specific format requirements * * @param {string} username - Raw username * @returns {string|null} - Sanitized username or null if invalid */ export const sanitizeUsername = (username) => { if (typeof username !== 'string') { return null; } const trimmed = username.trim().replace(/^@/, ''); // Remove leading @ // GitHub username rules: alphanumeric + hyphen, 1-39 chars, no consecutive hyphens if (!/^[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$/.test(trimmed)) { return null; } if (trimmed.length > 39 || trimmed.includes('--')) { return null; } return trimmed; }; /** * Sanitize GitHub label name * Why: Labels have format requirements * * @param {string} label - Raw label name * @returns {string|null} - Sanitized label or null if invalid */ export const sanitizeLabel = (label) => { if (typeof label !== 'string') { return null; } const trimmed = label.trim(); // Labels can contain most chars except commas, max 50 chars if (trimmed.length === 0 || trimmed.length > 50) { return null; } // Remove problematic characters return trimmed.replace(/[,\x00-\x1F\x7F]/g, ''); }; /** * Sanitize branch name * Why: Branch names have git format requirements * * @param {string} branch - Raw branch name * @returns {string|null} - Sanitized branch or null if invalid */ export const sanitizeBranchName = (branch) => { if (typeof branch !== 'string') { return null; } const trimmed = branch.trim(); // Git branch name rules (simplified) if (!/^[\w./-]+$/.test(trimmed)) { return null; } // No consecutive dots, no ending with .lock if (trimmed.includes('..') || trimmed.endsWith('.lock')) { return null; } return trimmed; };