fix: version parsing and SSH config comment/quote handling

Replace sed 's/[^0-9.]//g' with grep -oE for semver extraction — fixes breakage on Apple Git suffix and rc versions. Add strip_ssh_value() helper to strip inline comments and surrounding quotes from SSH config values. Applied to IdentityFile scanning, audit_ssh_directive, and apply_ssh_directive. 9 new tests (62 total). Closes: #8 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-03-30 23:40:51 +02:00
parent b227ec1f73
commit d204ae5a9a
2 changed files with 111 additions and 4 deletions
--- a/test/git-harden.bats
+++ b/test/git-harden.bats
@@ -108,6 +108,60 @@ source_functions() {
    assert_failure
 }

+# ===========================================================================
+# Version extraction (grep-based, not sed)
+# ===========================================================================
+
+@test "version extraction handles standard git output" {
+    local ver
+    ver="$(echo "git version 2.39.5" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
+    [ "$ver" = "2.39.5" ]
+}
+
+@test "version extraction handles Apple Git suffix" {
+    local ver
+    ver="$(echo "git version 2.39.5 (Apple Git-154)" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
+    [ "$ver" = "2.39.5" ]
+}
+
+@test "version extraction handles rc suffix" {
+    local ver
+    ver="$(echo "git version 2.45.0-rc1" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
+    [ "$ver" = "2.45.0" ]
+}
+
+# ===========================================================================
+# strip_ssh_value helper
+# ===========================================================================
+
+@test "strip_ssh_value removes inline comment" {
+    source_functions
+    local result
+    result="$(strip_ssh_value "~/.ssh/id_ed25519 # signing key")"
+    [ "$result" = "~/.ssh/id_ed25519" ]
+}
+
+@test "strip_ssh_value removes surrounding double quotes" {
+    source_functions
+    local result
+    result="$(strip_ssh_value '"~/.ssh/my key"')"
+    [ "$result" = "~/.ssh/my key" ]
+}
+
+@test "strip_ssh_value removes quotes and comment together" {
+    source_functions
+    local result
+    result="$(strip_ssh_value '"~/.ssh/my key" # comment')"
+    [ "$result" = "~/.ssh/my key" ]
+}
+
+@test "strip_ssh_value handles plain value" {
+    source_functions
+    local result
+    result="$(strip_ssh_value "accept-new")"
+    [ "$result" = "accept-new" ]
+}
+
 # ===========================================================================
 # Audit: git config settings
 # ===========================================================================
@@ -493,6 +547,36 @@ SSHEOF
    [ "$SIGNING_PUB_PATH" = "${TEST_HOME}/.ssh/my_custom_key.pub" ]
 }

+@test "detect_existing_keys handles IdentityFile with inline comment" {
+    ssh-keygen -t ed25519 -f "${TEST_HOME}/.ssh/my_key" -N "" -q
+
+    cat > "${TEST_HOME}/.ssh/config" <<SSHEOF
+Host github.com
+    IdentityFile ${TEST_HOME}/.ssh/my_key # signing key
+SSHEOF
+
+    source_functions
+    detect_existing_keys
+
+    [ "$SIGNING_KEY_FOUND" = true ]
+    [ "$SIGNING_PUB_PATH" = "${TEST_HOME}/.ssh/my_key.pub" ]
+}
+
+@test "detect_existing_keys handles quoted IdentityFile path" {
+    ssh-keygen -t ed25519 -f "${TEST_HOME}/.ssh/my_key" -N "" -q
+
+    cat > "${TEST_HOME}/.ssh/config" <<SSHEOF
+Host github.com
+    IdentityFile "${TEST_HOME}/.ssh/my_key"
+SSHEOF
+
+    source_functions
+    detect_existing_keys
+
+    [ "$SIGNING_KEY_FOUND" = true ]
+    [ "$SIGNING_PUB_PATH" = "${TEST_HOME}/.ssh/my_key.pub" ]
+}
+
@test "detect_existing_keys finds configured key via user.signingkey" {
    ssh-keygen -t ed25519 -f "${TEST_HOME}/.ssh/signing_key" -N "" -q
    git config --global user.signingkey "${TEST_HOME}/.ssh/signing_key.pub"