blob: 9f268a1ffab992fd39970105b0622d317b8d1fde (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#!/usr/bin/env bats
#
# Tests for languages/bash/claude/hooks/validate-bash.sh — the PostToolUse hook
# that runs shellcheck on edited shell files and blocks on a violation.
#
# The hook reads tool-call JSON on stdin and extracts the file path, so each
# test pipes a JSON payload naming a real file it wrote into a temp dir. The
# shellcheck dependency is real (integration): clean files pass, genuinely
# broken ones fail. Tests needing shellcheck skip when it's absent so the suite
# stays portable.
HOOK="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)/claude/hooks/validate-bash.sh"
setup() {
TEST_DIR="$(mktemp -d -t validate-bash-bats.XXXXXX)"
}
teardown() {
rm -rf "$TEST_DIR"
}
# Build a tool-call JSON payload naming a file_path.
payload() {
printf '{"tool_input": {"file_path": "%s"}}' "$1"
}
# ---- Normal ----------------------------------------------------------
@test "validate-bash: a clean .sh file passes silently (exit 0)" {
command -v shellcheck >/dev/null 2>&1 || skip "shellcheck not installed"
printf '#!/usr/bin/env bash\nset -euo pipefail\necho "ok"\n' > "$TEST_DIR/clean.sh"
run bash "$HOOK" <<< "$(payload "$TEST_DIR/clean.sh")"
[ "$status" -eq 0 ]
[ -z "$output" ]
}
# ---- Error -----------------------------------------------------------
@test "validate-bash: a shellcheck violation blocks (exit 2, names shellcheck)" {
command -v shellcheck >/dev/null 2>&1 || skip "shellcheck not installed"
# SC2086: unquoted expansion that word-splits — a real shellcheck warning.
printf '#!/usr/bin/env bash\nf=$1\nrm $f\n' > "$TEST_DIR/bad.sh"
run bash "$HOOK" <<< "$(payload "$TEST_DIR/bad.sh")"
[ "$status" -eq 2 ]
[[ "$output" == *"SHELLCHECK"* ]]
}
# ---- Boundary --------------------------------------------------------
@test "validate-bash: a non-shell file is ignored (exit 0)" {
printf 'print("hello")\n' > "$TEST_DIR/script.py"
run bash "$HOOK" <<< "$(payload "$TEST_DIR/script.py")"
[ "$status" -eq 0 ]
[ -z "$output" ]
}
@test "validate-bash: an extensionless file with a bash shebang is validated" {
command -v shellcheck >/dev/null 2>&1 || skip "shellcheck not installed"
printf '#!/usr/bin/env bash\nf=$1\nrm $f\n' > "$TEST_DIR/cli-tool"
run bash "$HOOK" <<< "$(payload "$TEST_DIR/cli-tool")"
[ "$status" -eq 2 ]
[[ "$output" == *"SHELLCHECK"* ]]
}
@test "validate-bash: an extensionless non-shell file is ignored (exit 0)" {
printf 'just some text\nno shebang here\n' > "$TEST_DIR/notes"
run bash "$HOOK" <<< "$(payload "$TEST_DIR/notes")"
[ "$status" -eq 0 ]
[ -z "$output" ]
}
@test "validate-bash: empty file_path is a no-op (exit 0)" {
run bash "$HOOK" <<< '{"tool_input": {}}'
[ "$status" -eq 0 ]
[ -z "$output" ]
}
@test "validate-bash: a missing file is a no-op (exit 0)" {
run bash "$HOOK" <<< "$(payload "$TEST_DIR/does-not-exist.sh")"
[ "$status" -eq 0 ]
[ -z "$output" ]
}
@test "validate-bash: shellcheck absent does not block the edit (exit 0)" {
# PATH with jq + coreutils symlinked but no shellcheck → hook can't validate,
# must not block.
STUB="$TEST_DIR/bin"
mkdir -p "$STUB"
for b in bash jq head cat printf grep sed; do
src="$(command -v "$b" 2>/dev/null)" && ln -sf "$src" "$STUB/$b"
done
printf '#!/usr/bin/env bash\nf=$1\nrm $f\n' > "$TEST_DIR/bad.sh"
run env PATH="$STUB" bash "$HOOK" <<< "$(payload "$TEST_DIR/bad.sh")"
[ "$status" -eq 0 ]
[ -z "$output" ]
}
|
