guardy 0.2.4

Fast, secure git hooks in Rust with secret scanning and protected file synchronization
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217

use std::{env, process::Command};

/// Test environment variable precedence for boolean configuration values
/// Ensures that environment variables override CLI defaults but not explicit CLI args
#[test]
fn test_env_var_precedence_boolean_fields() {
    // Try multiple possible locations for the binary
    let guardy_binary = env::var("CARGO_BIN_EXE_guardy")
        .or_else(|_| {
            // Try relative paths from test directory
            let paths = [
                "target/release/guardy",
                "target/debug/guardy",
                "../../target/release/guardy",
                "../../target/debug/guardy",
            ];
            for path in &paths {
                if std::path::Path::new(path).exists() {
                    return Ok(path.to_string());
                }
            }
            Err("Could not find guardy binary")
        })
        .expect("Failed to locate guardy binary for testing");

    // Create a test file with a fake secret
    std::fs::write(
        "/tmp/test_secrets.txt",
        "sk-1234567890abcdefghijklmnopqrstuvwxyz123456",
    )
    .unwrap();

    // Test 1: GUARDY_SCAN_SHOW=1 should override default false value
    let output = Command::new(&guardy_binary)
        .args(["scan", "/tmp/test_secrets.txt"])
        .env("GUARDY_SCAN_SHOW", "1")
        .env("RUST_LOG", "debug")
        .output()
        .expect("Failed to execute guardy");

    let stderr = String::from_utf8_lossy(&output.stderr);
    let stdout = String::from_utf8_lossy(&output.stdout);

    println!("Binary path: {guardy_binary}");
    println!("Exit status: {}", output.status);
    println!("Stdout: {stdout}");
    println!("Stderr: {stderr}");

    // Check if command executed successfully
    if !output.status.success() {
        panic!(
            "Command failed with status: {}. Stdout: {stdout}. Stderr: {stderr}",
            output.status
        );
    }

    // Debug logs go to stdout, not stderr
    let logs = format!("{stdout}{stderr}");

    // Verify environment variable was parsed
    assert!(
        logs.contains("Found env var GUARDY_SCAN_SHOW (type: bool): 1"),
        "Environment variable should be parsed. Output: {logs}"
    );

    // Verify it was parsed as true
    assert!(
        logs.contains("Parsed GUARDY_SCAN_SHOW as boolean: true"),
        "Environment variable should be parsed as true. Output: {logs}"
    );

    // Most importantly: Verify it affected the final configuration
    assert!(
        logs.contains("scanner config check") && logs.contains("show: true"),
        "Environment variable should override default in final scanner config. Output: {logs}"
    );

    // Test 2: GUARDY_SCAN_SENSITIVE=1 should override default false value
    let output = Command::new(&guardy_binary)
        .args(["scan", "/dev/null"])
        .env("GUARDY_SCAN_SENSITIVE", "1")
        .env("RUST_LOG", "debug")
        .output()
        .expect("Failed to execute guardy");

    let stderr = String::from_utf8_lossy(&output.stderr);
    let stdout = String::from_utf8_lossy(&output.stdout);
    let logs = format!("{stdout}{stderr}");

    assert!(
        logs.contains("Found env var GUARDY_SCAN_SENSITIVE (type: bool): 1"),
        "GUARDY_SCAN_SENSITIVE should be parsed. Output: {logs}"
    );

    assert!(
        logs.contains("sensitive: true"),
        "GUARDY_SCAN_SENSITIVE should override default. Output: {logs}"
    );

    // Test 3: Multiple boolean env vars should work together
    let output = Command::new(&guardy_binary)
        .args(["scan", "/dev/null"])
        .env("GUARDY_SCAN_SHOW", "1")
        .env("GUARDY_SCAN_SENSITIVE", "1")
        .env("RUST_LOG", "debug")
        .output()
        .expect("Failed to execute guardy");

    let stderr = String::from_utf8_lossy(&output.stderr);
    let stdout = String::from_utf8_lossy(&output.stdout);
    let logs = format!("{stdout}{stderr}");

    assert!(
        logs.contains("show: true") && logs.contains("sensitive: true"),
        "Both environment variables should work together. Output: {logs}"
    );
}

/// Test that environment variables support various truthy/falsy values
#[test]
fn test_env_var_boolean_parsing() {
    // Try multiple possible locations for the binary
    let guardy_binary = env::var("CARGO_BIN_EXE_guardy")
        .or_else(|_| {
            // Try relative paths from test directory
            let paths = [
                "target/release/guardy",
                "target/debug/guardy",
                "../../target/release/guardy",
                "../../target/debug/guardy",
            ];
            for path in &paths {
                if std::path::Path::new(path).exists() {
                    return Ok(path.to_string());
                }
            }
            Err("Could not find guardy binary")
        })
        .expect("Failed to locate guardy binary for testing");

    // Test different truthy values
    for truthy_val in ["1", "true", "TRUE", "yes", "YES", "on", "ON"] {
        let output = Command::new(&guardy_binary)
            .args(["scan", "/dev/null"])
            .env("GUARDY_SCAN_SHOW", truthy_val)
            .env("RUST_LOG", "debug")
            .output()
            .expect("Failed to execute guardy");

        let stderr = String::from_utf8_lossy(&output.stderr);
        let stdout = String::from_utf8_lossy(&output.stdout);
        let logs = format!("{stdout}{stderr}");
        assert!(
            logs.contains("show: true"),
            "Value '{truthy_val}' should be parsed as true. Output: {logs}"
        );
    }

    // Test different falsy values
    for falsy_val in ["0", "false", "FALSE", "no", "NO", "off", "OFF"] {
        let output = Command::new(&guardy_binary)
            .args(["scan", "/dev/null"])
            .env("GUARDY_SCAN_SHOW", falsy_val)
            .env("RUST_LOG", "debug")
            .output()
            .expect("Failed to execute guardy");

        let stderr = String::from_utf8_lossy(&output.stderr);
        let stdout = String::from_utf8_lossy(&output.stdout);
        let logs = format!("{stdout}{stderr}");
        assert!(
            logs.contains("show: false"),
            "Value '{falsy_val}' should be parsed as false. Output: {logs}"
        );
    }
}

/// Test that non-boolean environment variables still work with CLI precedence
#[test]
fn test_env_var_non_boolean_precedence() {
    // Try multiple possible locations for the binary
    let guardy_binary = env::var("CARGO_BIN_EXE_guardy")
        .or_else(|_| {
            // Try relative paths from test directory
            let paths = [
                "target/release/guardy",
                "target/debug/guardy",
                "../../target/release/guardy",
                "../../target/debug/guardy",
            ];
            for path in &paths {
                if std::path::Path::new(path).exists() {
                    return Ok(path.to_string());
                }
            }
            Err("Could not find guardy binary")
        })
        .expect("Failed to locate guardy binary for testing");

    // Test max_file_size_mb environment variable (non-boolean)
    let output = Command::new(&guardy_binary)
        .args(["scan", "/dev/null"])
        .env("GUARDY_SCAN_MAX_SIZE", "50")
        .env("RUST_LOG", "debug")
        .output()
        .expect("Failed to execute guardy");

    let stderr = String::from_utf8_lossy(&output.stderr);
    let stdout = String::from_utf8_lossy(&output.stdout);
    let logs = format!("{stdout}{stderr}");

    // Should find and parse the environment variable
    assert!(
        logs.contains("Found env var GUARDY_SCAN_MAX_SIZE"),
        "Non-boolean environment variable should be parsed. Output: {logs}"
    );
}