Skip to content

Commit 3559645

Browse files
jdaltonjdalton
committed
fix(git-hooks): use printf instead of echo for consistent output
Replace echo with printf for better portability and control over output formatting in pre-push hook validation messages.
1 parent b9a4fbf commit 3559645

File tree

1 file changed

+29
-29
lines changed

1 file changed

+29
-29
lines changed

.git-hooks/pre-push

Lines changed: 29 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ YELLOW='\033[1;33m'
1111
GREEN='\033[0;32m'
1212
NC='\033[0m'
1313

14-
echo "${GREEN}Running mandatory pre-push validation...${NC}"
14+
printf "${GREEN}Running mandatory pre-push validation...${NC}\n"
1515

1616
# Allowed public API key (used in socket-lib).
1717
ALLOWED_PUBLIC_KEY="sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api"
@@ -38,60 +38,60 @@ while read local_ref local_sha remote_ref remote_sha; do
3838
# ============================================================================
3939
# CHECK 1: Scan commit messages for AI attribution
4040
# ============================================================================
41-
echo "Checking commit messages for AI attribution..."
41+
printf "Checking commit messages for AI attribution...\n"
4242

4343
# Check each commit in the range for AI patterns.
4444
while IFS= read -r commit_sha; do
4545
full_msg=$(git log -1 --format='%B' "$commit_sha")
4646

4747
if echo "$full_msg" | grep -qiE "(Generated with.*(Claude|AI)|Co-Authored-By: Claude|Co-Authored-By: AI|🤖 Generated|AI generated|@anthropic\.com|Assistant:|Generated by Claude|Machine generated)"; then
4848
if [ $ERRORS -eq 0 ]; then
49-
echo "${RED}✗ BLOCKED: AI attribution found in commit messages!${NC}"
50-
echo "Commits with AI attribution:"
49+
printf "${RED}✗ BLOCKED: AI attribution found in commit messages!${NC}\n"
50+
printf "Commits with AI attribution:\n"
5151
fi
52-
echo " - $(git log -1 --oneline "$commit_sha")"
52+
printf " - %s\n" "$(git log -1 --oneline "$commit_sha")"
5353
ERRORS=$((ERRORS + 1))
5454
fi
5555
done < <(git rev-list "$range")
5656

5757
if [ $ERRORS -gt 0 ]; then
58-
echo ""
59-
echo "These commits were likely created with --no-verify, bypassing the"
60-
echo "commit-msg hook that strips AI attribution."
61-
echo ""
62-
echo "To fix:"
63-
echo " git rebase -i $remote_sha"
64-
echo " Mark commits as 'reword', remove AI attribution, save"
65-
echo " git push"
58+
printf "\n"
59+
printf "These commits were likely created with --no-verify, bypassing the\n"
60+
printf "commit-msg hook that strips AI attribution.\n"
61+
printf "\n"
62+
printf "To fix:\n"
63+
printf " git rebase -i %s\n" "$remote_sha"
64+
printf " Mark commits as 'reword', remove AI attribution, save\n"
65+
printf " git push\n"
6666
fi
6767

6868
# ============================================================================
6969
# CHECK 2: File content security checks
7070
# ============================================================================
71-
echo "Checking files for security issues..."
71+
printf "Checking files for security issues...\n"
7272

7373
# Get all files changed in these commits.
7474
CHANGED_FILES=$(git diff --name-only "$range" 2>/dev/null || echo "")
7575

7676
if [ -n "$CHANGED_FILES" ]; then
7777
# Check for sensitive files.
7878
if echo "$CHANGED_FILES" | grep -qE '^\.env(\.local)?$'; then
79-
echo "${RED}✗ BLOCKED: Attempting to push .env file!${NC}"
80-
echo "Files: $(echo "$CHANGED_FILES" | grep -E '^\.env(\.local)?$')"
79+
printf "${RED}✗ BLOCKED: Attempting to push .env file!${NC}\n"
80+
printf "Files: %s\n" "$(echo "$CHANGED_FILES" | grep -E '^\.env(\.local)?$')"
8181
ERRORS=$((ERRORS + 1))
8282
fi
8383

8484
# Check for .DS_Store.
8585
if echo "$CHANGED_FILES" | grep -q '\.DS_Store'; then
86-
echo "${RED}✗ BLOCKED: .DS_Store file in push!${NC}"
87-
echo "Files: $(echo "$CHANGED_FILES" | grep '\.DS_Store')"
86+
printf "${RED}✗ BLOCKED: .DS_Store file in push!${NC}\n"
87+
printf "Files: %s\n" "$(echo "$CHANGED_FILES" | grep '\.DS_Store')"
8888
ERRORS=$((ERRORS + 1))
8989
fi
9090

9191
# Check for log files.
9292
if echo "$CHANGED_FILES" | grep -E '\.log$' | grep -v 'test.*\.log' | grep -q .; then
93-
echo "${RED}✗ BLOCKED: Log file in push!${NC}"
94-
echo "Files: $(echo "$CHANGED_FILES" | grep -E '\.log$' | grep -v 'test.*\.log')"
93+
printf "${RED}✗ BLOCKED: Log file in push!${NC}\n"
94+
printf "Files: %s\n" "$(echo "$CHANGED_FILES" | grep -E '\.log$' | grep -v 'test.*\.log')"
9595
ERRORS=$((ERRORS + 1))
9696
fi
9797

@@ -105,35 +105,35 @@ while read local_ref local_sha remote_ref remote_sha; do
105105

106106
# Check for hardcoded user paths.
107107
if grep -E '(/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' "$file" 2>/dev/null | grep -q .; then
108-
echo "${RED}✗ BLOCKED: Hardcoded personal path found in: $file${NC}"
108+
printf "${RED}✗ BLOCKED: Hardcoded personal path found in: %s${NC}\n" "$file"
109109
grep -n -E '(/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' "$file" | head -3
110110
ERRORS=$((ERRORS + 1))
111111
fi
112112

113113
# Check for Socket API keys.
114114
if grep -E 'sktsec_[a-zA-Z0-9_-]+' "$file" 2>/dev/null | grep -v "$ALLOWED_PUBLIC_KEY" | grep -v 'your_api_key_here' | grep -v 'SOCKET_SECURITY_API_KEY=' | grep -v 'fake-token' | grep -v 'test-token' | grep -q .; then
115-
echo "${RED}✗ BLOCKED: Real API key detected in: $file${NC}"
115+
printf "${RED}✗ BLOCKED: Real API key detected in: %s${NC}\n" "$file"
116116
grep -n 'sktsec_' "$file" | grep -v "$ALLOWED_PUBLIC_KEY" | grep -v 'your_api_key_here' | grep -v 'fake-token' | grep -v 'test-token' | head -3
117117
ERRORS=$((ERRORS + 1))
118118
fi
119119

120120
# Check for AWS keys.
121121
if grep -iE '(aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' "$file" 2>/dev/null | grep -q .; then
122-
echo "${RED}✗ BLOCKED: Potential AWS credentials found in: $file${NC}"
122+
printf "${RED}✗ BLOCKED: Potential AWS credentials found in: %s${NC}\n" "$file"
123123
grep -n -iE '(aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' "$file" | head -3
124124
ERRORS=$((ERRORS + 1))
125125
fi
126126

127127
# Check for GitHub tokens.
128128
if grep -E 'gh[ps]_[a-zA-Z0-9]{36}' "$file" 2>/dev/null | grep -q .; then
129-
echo "${RED}✗ BLOCKED: Potential GitHub token found in: $file${NC}"
129+
printf "${RED}✗ BLOCKED: Potential GitHub token found in: %s${NC}\n" "$file"
130130
grep -n -E 'gh[ps]_[a-zA-Z0-9]{36}' "$file" | head -3
131131
ERRORS=$((ERRORS + 1))
132132
fi
133133

134134
# Check for private keys.
135135
if grep -E '-----BEGIN (RSA |EC |DSA )?PRIVATE KEY-----' "$file" 2>/dev/null | grep -q .; then
136-
echo "${RED}✗ BLOCKED: Private key found in: $file${NC}"
136+
printf "${RED}✗ BLOCKED: Private key found in: %s${NC}\n" "$file"
137137
ERRORS=$((ERRORS + 1))
138138
fi
139139
fi
@@ -144,11 +144,11 @@ while read local_ref local_sha remote_ref remote_sha; do
144144
done
145145

146146
if [ $TOTAL_ERRORS -gt 0 ]; then
147-
echo ""
148-
echo "${RED}✗ Push blocked by mandatory validation!${NC}"
149-
echo "Fix the issues above before pushing."
147+
printf "\n"
148+
printf "${RED}✗ Push blocked by mandatory validation!${NC}\n"
149+
printf "Fix the issues above before pushing.\n"
150150
exit 1
151151
fi
152152

153-
echo "${GREEN}✓ All mandatory validation passed!${NC}"
153+
printf "${GREEN}✓ All mandatory validation passed!${NC}\n"
154154
exit 0

0 commit comments

Comments
 (0)