florian/git-hardening
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1795661975420c5c56512660bcf0e0c3896bdb66
git-hardening/test/interactive/helpers.sh
Flo 8037cb7908 feat: v0.2.0 expanded hardening 
Add gitleaks pre-commit hook, global gitignore, plaintext credential
detection, SSH key hygiene audit, 8 new git config settings, and
safe.directory wildcard detection. Fix ssh-keygen macOS compatibility,
FIDO2 detection via ioreg, and interactive test isolation.

Implements docs/specs/2026-03-31-v0.2.0-expanded-hardening.md

Co-Authored-By: Claude <noreply@anthropic.com>
2026-03-31 14:03:29 +02:00

106 lines
3.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Shared helpers for interactive tmux-driven tests
set -o errexit
set -o nounset
set -o pipefail
IFS=$'\n\t'
TMUX_SESSION="test-$$"
readonly SCRIPT_PATH="${HOME}/git-harden.sh"
# Colors
if [ -t 2 ]; then
readonly C_RED='\033[0;31m'
readonly C_GREEN='\033[0;32m'
readonly C_RESET='\033[0m'
else
readonly C_RED=''
readonly C_GREEN=''
readonly C_RESET=''
fi
# Wait for a string to appear in the tmux pane.
# Polls every 0.2s, times out after $2 seconds (default 10).
wait_for() {
local pattern="$1"
local timeout="${2:-10}"
local elapsed=0
while ! tmux capture-pane -t "$TMUX_SESSION" -p | grep -qF "$pattern"; do
sleep 0.2
elapsed=$(( elapsed + 1 ))
if (( elapsed > timeout * 5 )); then
printf 'TIMEOUT waiting for: %s\n' "$pattern" >&2
printf 'Current pane content:\n' >&2
tmux capture-pane -t "$TMUX_SESSION" -p >&2
return 1
fi
done
}
# Send keys to the tmux session
send() {
tmux send-keys -t "$TMUX_SESSION" "$@"
}
# Start git-harden.sh in a tmux session.
# Explicitly pass HOME and GIT_CONFIG_GLOBAL — tmux spawns a login shell
# which resets HOME from the passwd entry, breaking the isolated test env.
start_session() {
tmux kill-session -t "$TMUX_SESSION" 2>/dev/null || true
sleep 0.5
tmux new-session -d -s "$TMUX_SESSION" \
"export HOME='${HOME}'; export GIT_CONFIG_GLOBAL='${GIT_CONFIG_GLOBAL:-}'; bash '${SCRIPT_PATH}'"
# Keep the pane alive after the script exits so capture_output can read it
tmux set-option -t "$TMUX_SESSION" remain-on-exit on
sleep 0.5
# Verify session started
if ! tmux has-session -t "$TMUX_SESSION" 2>/dev/null; then
printf 'ERROR: tmux session "%s" failed to start\n' "$TMUX_SESSION" >&2
printf 'SCRIPT_PATH=%s\n' "$SCRIPT_PATH" >&2
printf 'HOME=%s\n' "$HOME" >&2
return 1
fi
}
# Wait for the script to exit and capture final output
capture_output() {
# Wait for the shell to become available (script exited)
local timeout=30
local elapsed=0
while tmux list-panes -t "$TMUX_SESSION" -F '#{pane_dead}' 2>/dev/null | grep -q '^0$'; do
sleep 0.5
elapsed=$(( elapsed + 1 ))
if (( elapsed > timeout * 2 )); then
printf 'TIMEOUT waiting for script to exit\n' >&2
tmux capture-pane -t "$TMUX_SESSION" -p >&2
return 1
fi
done
tmux capture-pane -t "$TMUX_SESSION" -p
}
# Clean up
cleanup() {
tmux kill-session -t "$TMUX_SESSION" 2>/dev/null || true
}
# Assert helper
assert_contains() {
local haystack="$1"
local needle="$2"
if printf '%s' "$haystack" | grep -qF "$needle"; then
return 0
fi
printf '%bFAIL:%b expected output to contain: %s\n' "$C_RED" "$C_RESET" "$needle" >&2
return 1
}
pass() {
printf '%b PASS:%b %s\n' "$C_GREEN" "$C_RESET" "$1" >&2
}
fail() {
printf '%b FAIL:%b %s\n' "$C_RED" "$C_RESET" "$1" >&2
}
Reference in New Issue View Git Blame Copy Permalink