CLI-246 UserPromptSubmit secrets scanner callback

kirill-knize-sonarsource · kirill-knize-sonarsource · commit 5f71102a6f4e · 2026-04-08T21:25:19.000+02:00
diff --git a/src/cli/command-tree.ts b/src/cli/command-tree.ts
@@ -40,6 +40,7 @@ import { MAX_PAGE_SIZE } from '../sonarqube/projects';
 import { apiCommand, apiExtraHelpText, type ApiCommandOptions } from './commands/api/api';
 import { GENERIC_HTTP_METHODS } from '../sonarqube/client';
 import { claudePreToolUse } from './commands/callback/claude-pre-tool-use';
+import { agentPromptSubmit } from './commands/callback/agent-prompt-submit';
 
 const DEFAULT_PAGE_SIZE = MAX_PAGE_SIZE;
 
@@ -249,16 +250,12 @@ callbackCommand
   .description('PreToolUse handler for Codex: scan files for secrets before agent reads them')
   .anonymousAction(() => claudePreToolUse());
 
-// agent-prompt-submit and agent-post-tool-use are installed by `sonar integrate claude`.
-// They are implemented in subsequent PRs; stubs here ensure scripts don't fail with
-// "unknown command" on a CLI that only has CLI-244/245.
 callbackCommand
   .command('agent-prompt-submit')
-  .description('UserPromptSubmit handler: scan prompts for secrets before sending')
-  .anonymousAction(() => {
-    return;
-  });
+  .description('UserPromptSubmit handler: scan prompt for secrets before sending')
+  .anonymousAction(() => agentPromptSubmit());
 
+// agent-post-tool-use stub — implemented in CLI-247
 callbackCommand
   .command('agent-post-tool-use')
   .option('-p, --project <project>', 'SonarCloud project key')
diff --git a/src/cli/commands/callback/agent-prompt-submit.ts b/src/cli/commands/callback/agent-prompt-submit.ts
@@ -0,0 +1,60 @@
+/*
+ * SonarQube CLI
+ * Copyright (C) 2026 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+// UserPromptSubmit callback handler — scans prompt text for secrets before it is sent.
+// Replaces the bash/PowerShell logic that was previously embedded in the hook script.
+
+import { resolveAuth } from '../../../lib/auth-resolver';
+import logger from '../../../lib/logger';
+import { readStdinJson } from './stdin';
+import { resolveSecretsBinaryPath, scanText, EXIT_CODE_SECRETS_FOUND } from './secrets-scan';
+
+interface PromptSubmitPayload {
+  prompt?: string;
+}
+
+export async function agentPromptSubmit(): Promise<void> {
+  let payload: PromptSubmitPayload;
+  try {
+    payload = await readStdinJson<PromptSubmitPayload>();
+  } catch {
+    return; // unparseable stdin — allow
+  }
+
+  const prompt = payload.prompt;
+  if (!prompt) return;
+
+  const auth = await resolveAuth().catch(() => null);
+  if (!auth) return; // not authenticated — allow gracefully
+
+  const binaryPath = resolveSecretsBinaryPath();
+  if (!binaryPath) return; // binary not installed — allow gracefully
+
+  try {
+    const exitCode = await scanText(binaryPath, prompt, auth);
+    if (exitCode === EXIT_CODE_SECRETS_FOUND) {
+      process.stdout.write(
+        JSON.stringify({ decision: 'block', reason: 'Sonar detected secrets in prompt' }) + '\n',
+      );
+    }
+  } catch (err) {
+    logger.debug(`UserPromptSubmit secrets scan failed: ${(err as Error).message}`);
+  }
+}
diff --git a/src/cli/commands/callback/secrets-scan.ts b/src/cli/commands/callback/secrets-scan.ts
@@ -75,6 +75,37 @@ export async function scanFiles(
   }
 }
 
+/**
+ * Run secrets scan on arbitrary text via sonar-secrets --input (stdin). Returns the binary exit code.
+ * Never throws — errors are surfaced as non-zero exit codes.
+ */
+export async function scanText(
+  binaryPath: string,
+  text: string,
+  auth: ResolvedAuth,
+): Promise<number> {
+  let timeoutId: ReturnType<typeof setTimeout> | undefined;
+  try {
+    const result = await Promise.race([
+      spawnProcess(binaryPath, ['--input'], {
+        stdin: 'pipe',
+        stdinData: text,
+        stdout: 'pipe',
+        stderr: 'pipe',
+        env: buildAuthEnv(auth),
+      }),
+      new Promise<never>((_, reject) => {
+        timeoutId = setTimeout(() => {
+          reject(new Error(`Scan timed out after ${SCAN_TIMEOUT_MS}ms`));
+        }, SCAN_TIMEOUT_MS);
+      }),
+    ]);
+    return result.exitCode ?? 1;
+  } finally {
+    clearTimeout(timeoutId);
+  }
+}
+
 function buildAuthEnv(auth: ResolvedAuth): Record<string, string> {
   if (auth.serverUrl && auth.token) {
     return { [BINARY_AUTH_URL_ENV]: auth.serverUrl, [BINARY_AUTH_TOKEN_ENV]: auth.token };
diff --git a/src/lib/process.ts b/src/lib/process.ts
@@ -28,6 +28,7 @@ export interface SpawnOptions {
   cwd?: string;
   env?: Record<string, string>;
   stdin?: StdioMode;
+  stdinData?: string;
   stdout?: StdioMode;
   stderr?: StdioMode;
   detached?: boolean;
@@ -70,6 +71,11 @@ export async function spawnProcess(
       });
     }
 
+    if (options.stdinData !== undefined && proc.stdin) {
+      proc.stdin.write(options.stdinData);
+      proc.stdin.end();
+    }
+
     proc.on('error', reject);
 
     proc.on('exit', (code) => {
diff --git a/tests/unit/callback-prompt-submit.test.ts b/tests/unit/callback-prompt-submit.test.ts
@@ -0,0 +1,109 @@
+/*
+ * SonarQube CLI
+ * Copyright (C) 2026 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+import { describe, it, expect, beforeEach, afterEach, spyOn } from 'bun:test';
+import * as authResolver from '../../src/lib/auth-resolver';
+import * as stdinModule from '../../src/cli/commands/callback/stdin';
+import * as secretsScan from '../../src/cli/commands/callback/secrets-scan';
+import { agentPromptSubmit } from '../../src/cli/commands/callback/agent-prompt-submit';
+
+const { EXIT_CODE_SECRETS_FOUND } = secretsScan;
+
+describe('agentPromptSubmit', () => {
+  let stdoutSpy: ReturnType<typeof spyOn>;
+  let resolveAuthSpy: ReturnType<typeof spyOn>;
+  let readStdinJsonSpy: ReturnType<typeof spyOn>;
+  let resolveSecretsBinaryPathSpy: ReturnType<typeof spyOn>;
+  let scanTextSpy: ReturnType<typeof spyOn>;
+
+  beforeEach(() => {
+    stdoutSpy = spyOn(process.stdout, 'write').mockImplementation(() => true);
+    resolveAuthSpy = spyOn(authResolver, 'resolveAuth').mockResolvedValue({
+      token: 'tok',
+      serverUrl: 'https://sonarcloud.io',
+      connectionType: 'cloud',
+      orgKey: 'myorg',
+    });
+    readStdinJsonSpy = spyOn(stdinModule, 'readStdinJson').mockResolvedValue({
+      prompt: 'please help me push code with my token ghp_secret',
+    });
+    resolveSecretsBinaryPathSpy = spyOn(secretsScan, 'resolveSecretsBinaryPath').mockReturnValue(
+      '/usr/bin/sonar-secrets',
+    );
+    scanTextSpy = spyOn(secretsScan, 'scanText').mockResolvedValue(0);
+  });
+
+  afterEach(() => {
+    stdoutSpy.mockRestore();
+    resolveAuthSpy.mockRestore();
+    readStdinJsonSpy.mockRestore();
+    resolveSecretsBinaryPathSpy.mockRestore();
+    scanTextSpy.mockRestore();
+  });
+
+  it('writes block JSON to stdout when secrets are found in prompt', async () => {
+    scanTextSpy.mockResolvedValue(EXIT_CODE_SECRETS_FOUND);
+
+    await agentPromptSubmit();
+
+    expect(stdoutSpy).toHaveBeenCalledTimes(1);
+    const output = JSON.parse((stdoutSpy.mock.calls[0][0] as string).trim());
+    expect(output.decision).toBe('block');
+    expect(output.reason).toContain('secrets');
+  });
+
+  it('passes prompt text directly to scanText', async () => {
+    await agentPromptSubmit();
+
+    expect(scanTextSpy).toHaveBeenCalledTimes(1);
+    const [, text] = scanTextSpy.mock.calls[0] as [string, string, unknown];
+    expect(text).toContain('ghp_secret');
+  });
+
+  it('writes nothing when no secrets are found', async () => {
+    await agentPromptSubmit();
+    expect(stdoutSpy).not.toHaveBeenCalled();
+  });
+
+  it('returns without output when prompt is empty', async () => {
+    readStdinJsonSpy.mockResolvedValue({ prompt: '' });
+
+    await agentPromptSubmit();
+
+    expect(scanTextSpy).not.toHaveBeenCalled();
+    expect(stdoutSpy).not.toHaveBeenCalled();
+  });
+
+  it('returns without output when auth is unavailable', async () => {
+    resolveAuthSpy.mockResolvedValue(null);
+
+    await agentPromptSubmit();
+
+    expect(scanTextSpy).not.toHaveBeenCalled();
+  });
+
+  it('returns without output when binary is not installed', async () => {
+    resolveSecretsBinaryPathSpy.mockReturnValue(null);
+
+    await agentPromptSubmit();
+
+    expect(scanTextSpy).not.toHaveBeenCalled();
+  });
+});
