fix(hooks): close inline-DB-mutation regex bypasses + walk up for sentinel

lapc506 · claude · lapc506 · commit 288d79795273 · 2026-05-21T19:48:38.000-06:00
Greptile PR #25 review (Confidence 2/5) flagged 5 P1 findings against the v1.17.0 inline-db-mutation family. This commit closes all of them with TDD-style coverage (failing tests added first against the original patterns, then the patterns / lookup logic updated to make them pass). Regex bypasses fixed: - mysql: spacing between -e/--execute and the SQL keyword is now [[:space:]]* (was [[:space:]]+), so the short form `mysql -e"DROP ..."` and the long form `mysql --execute="..."` are no longer bypasses. - psql: same fix for -c/--command — `psql -c"UPDATE ..."` now blocks. - mongo: --eval now matches the mutation method anywhere up to a pipe, not just inside the first non-space token after --eval. Real-world `mongo --eval "db.x.update({_id: 1}, ...)"` (whitespace inside quoted JS) now blocks. The --eval= equals shape is also covered. - gcloud sql: tolerates zero-or-more `--flag[=value]` tokens between `gcloud` and `sql`. `gcloud --project=PROD sql export sql ...` — exactly the shape that targets production — now blocks. Sentinel walk-up: - hooks/lib/eval-rule.sh now walks up from cwd looking for a `.git` marker (file or directory; worktrees use a file) and resolves `disable_if_repo_file` relative to that root. Falls back to cwd if no git root is found within 32 levels (preserves the previous behavior for tarball deploys). - New hooks/test-sentinel-walkup.sh exercises 5 cases: root cwd with sentinel, subdir cwd with sentinel at root, subdir cwd without sentinel, no-git fallback with sentinel at cwd, no-git fallback with sentinel only at parent. CI now runs both test suites. Verification: - Existing hook smoke tests: 274 / 274 passing (was 262 baseline, +12 new tests for the bypasses Greptile flagged). - Sentinel walk-up tests: 5 / 5 passing. - TDD red→green confirmed: with the regex / lookup changes reverted, the 7 new bypass tests and the subdir-with-root-sentinel test all fail; with the fixes applied, they all pass. - shellcheck clean on hooks/lib/eval-rule.sh + new test script. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
diff --git a/.github/workflows/test-hooks.yml b/.github/workflows/test-hooks.yml
@@ -37,3 +37,9 @@ jobs:
 
       - name: Run hook smoke tests
         run: bash hooks/test-hooks.sh
+
+      - name: Run sentinel walk-up tests
+        # Exercises the `disable_if_repo_file` lookup from subdirectories
+        # (Greptile #25 P1 regression — sentinel at repo root must be honored
+        # even when the hook fires from any nested cwd within the repo).
+        run: bash hooks/test-sentinel-walkup.sh
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+- **Inline-DB-mutation regex bypasses** (Greptile PR #25, P1 + Security):
+  - `mysql -e"..."` / `mysql --execute="..."` short/long-option-no-space
+    shapes now block (spacing between `-e`/`--execute` and the SQL keyword
+    is `[[:space:]]*` instead of `[[:space:]]+`).
+  - `psql -c"..."` / `psql --command="..."` short/long-option-no-space
+    shapes now block.
+  - `mongo --eval "db.x.update(...)"` with whitespace inside the quoted JS
+    expression now blocks (regex no longer requires the mutation method to
+    live inside a single non-space token after `--eval`). `--eval=` shape
+    also covered.
+  - `gcloud --project=PROD sql export ...` and other variants with global
+    flags between `gcloud` and `sql` now block (regex tolerates
+    zero-or-more `--flag[=value]` tokens before the `sql` command group).
+- **`disable_if_repo_file` sentinel walks up to repo root** (Greptile PR
+  #25, P1). Previously the lookup only checked `./<sentinel>` in the
+  process cwd, so a sentinel placed at the documented location (repo
+  root) was ignored whenever the hook fired from any subdirectory. The
+  lookup now walks upward looking for a `.git` marker (file or
+  directory — worktrees use a file) and resolves the sentinel relative
+  to that root, with a cwd fallback for non-git deployments. Added
+  `hooks/test-sentinel-walkup.sh` to lock the behavior in CI.
+
 ## [1.17.0] - 2026-05-21
 
 ### Added
diff --git a/hooks/lib/eval-rule.sh b/hooks/lib/eval-rule.sh
@@ -85,12 +85,22 @@ if [ -n "$BYPASS_MARKER" ]; then
 fi
 
 # Per-repo escape hatch: if the rule declares `disable_if_repo_file: <name>`
-# and that file exists at the current working directory, the rule is a no-op.
+# and that file exists at the repo root, the rule is a no-op.
 # Use case: a repo explicitly opts out of a class of enforcement because its
 # workflow legitimately requires the otherwise-blocked operation (e.g., a
 # data-migration repo that runs inline DB mutations as part of its job).
 # The filename is validated to be a flat, safe name (no slashes / dots /
 # wildcards) so the lookup can't escape the cwd or pull in unintended files.
+#
+# Lookup strategy (Greptile #25 P1): walk upward from cwd looking for a
+# repo-root marker (`.git` file or dir — `.git` is a file in worktrees) and
+# check the sentinel at that root. If no repo root is found within a
+# bounded ascent, fall back to checking cwd itself (preserves the previous
+# behavior for repos without `.git`, e.g. tarball deploys).
+#
+# The ascent is bounded (32 levels) so an unrooted absolute path can't loop
+# forever — `/` has no parent, so the loop terminates naturally, but the
+# bound is defensive against pathological symlink trees.
 DISABLE_IF_REPO_FILE="$(printf '%s' "$RULE_JSON" | jq -r '.disable_if_repo_file // empty')"
 if [ -n "$DISABLE_IF_REPO_FILE" ]; then
   # Validate filename: only [a-zA-Z0-9._-], and reject "." / ".." sentinels.
@@ -101,6 +111,30 @@ if [ -n "$DISABLE_IF_REPO_FILE" ]; then
       echo "make-no-mistakes: rule ${RULE_ID} has invalid disable_if_repo_file (must be a flat filename of [a-zA-Z0-9._-]); ignoring escape hatch." >&2
       ;;
     *)
+      # Walk up looking for a `.git` marker (worktrees use a `.git` *file*,
+      # standard checkouts use a `.git` *directory* — both satisfy `-e`).
+      SENTINEL_DIR=""
+      SEARCH_DIR="$PWD"
+      DEPTH=0
+      while [ "$DEPTH" -lt 32 ]; do
+        if [ -e "${SEARCH_DIR}/.git" ]; then
+          SENTINEL_DIR="$SEARCH_DIR"
+          break
+        fi
+        PARENT="$(dirname "$SEARCH_DIR")"
+        # `dirname /` returns `/` — bail when we stop moving up.
+        if [ "$PARENT" = "$SEARCH_DIR" ]; then
+          break
+        fi
+        SEARCH_DIR="$PARENT"
+        DEPTH=$((DEPTH + 1))
+      done
+
+      # If we found a repo root, check the sentinel there. Otherwise fall
+      # back to cwd so non-git deployments still have an opt-out path.
+      if [ -n "$SENTINEL_DIR" ] && [ -f "${SENTINEL_DIR}/${DISABLE_IF_REPO_FILE}" ]; then
+        exit 0
+      fi
       if [ -f "./${DISABLE_IF_REPO_FILE}" ]; then
         exit 0
       fi
diff --git a/hooks/rules/rules.json b/hooks/rules/rules.json
@@ -2795,7 +2795,7 @@
     "match": [
       {
         "field": "command",
-        "pattern": "(\\bmysql[[:space:]][^|<]*(-e|--execute)([[:space:]]+|=)['\"]?[[:space:]]*(UPDATE|DELETE|INSERT|REPLACE|CREATE|ALTER|DROP|GRANT|REVOKE|TRUNCATE|RENAME)\\b)|(\\bmysql[[:space:]][^|]*<[[:space:]]*[^[:space:]]+\\.sql\\b)|(\\bmysqldump\\b[^|]*\\|[[:space:]]*mysql\\b)",
+        "pattern": "(\\bmysql[[:space:]][^|<]*(-e|--execute)([[:space:]]*|=)['\"]?[[:space:]]*(UPDATE|DELETE|INSERT|REPLACE|CREATE|ALTER|DROP|GRANT|REVOKE|TRUNCATE|RENAME)\\b)|(\\bmysql[[:space:]][^|]*<[[:space:]]*[^[:space:]]+\\.sql\\b)|(\\bmysqldump\\b[^|]*\\|[[:space:]]*mysql\\b)",
         "flags": "i"
       },
       {
@@ -2836,6 +2836,33 @@
         },
         "expected_exit": 2
       },
+      {
+        "name": "blocks-mysql-long-execute-space",
+        "input": {
+          "tool_input": {
+            "command": "mysql --execute \"UPDATE users SET active=1\""
+          }
+        },
+        "expected_exit": 2
+      },
+      {
+        "name": "blocks-mysql-long-execute-equals",
+        "input": {
+          "tool_input": {
+            "command": "mysql --execute=\"DROP TABLE legacy\""
+          }
+        },
+        "expected_exit": 2
+      },
+      {
+        "name": "blocks-mysql-short-e-no-space-quoted",
+        "input": {
+          "tool_input": {
+            "command": "mysql -uroot -e\"DROP TABLE legacy\""
+          }
+        },
+        "expected_exit": 2
+      },
       {
         "name": "blocks-mysql-stdin-redirect",
         "input": {
@@ -2910,7 +2937,7 @@
     "match": [
       {
         "field": "command",
-        "pattern": "(\\bpsql\\b[^|]*(-c|--command)([[:space:]]+|=)['\"]?[[:space:]]*(UPDATE|INSERT|REPLACE|CREATE|ALTER|GRANT|REVOKE|RENAME)\\b)|(\\bpg_restore\\b)",
+        "pattern": "(\\bpsql\\b[^|]*(-c|--command)([[:space:]]*|=)['\"]?[[:space:]]*(UPDATE|INSERT|REPLACE|CREATE|ALTER|GRANT|REVOKE|RENAME)\\b)|(\\bpg_restore\\b)",
         "flags": "i"
       },
       {
@@ -2960,6 +2987,24 @@
         },
         "expected_exit": 2
       },
+      {
+        "name": "blocks-psql-c-no-space-quoted",
+        "input": {
+          "tool_input": {
+            "command": "psql -d mydb -c\"UPDATE users SET active=true\""
+          }
+        },
+        "expected_exit": 2
+      },
+      {
+        "name": "blocks-psql-long-command-equals",
+        "input": {
+          "tool_input": {
+            "command": "psql -d mydb --command=\"UPDATE sessions SET expired=true\""
+          }
+        },
+        "expected_exit": 2
+      },
       {
         "name": "blocks-pg-restore",
         "input": {
@@ -3104,7 +3149,7 @@
     "match": [
       {
         "field": "command",
-        "pattern": "(\\b(mongo|mongosh)\\b[^|]*--eval[[:space:]]+[^[:space:]]*\\.(update|insert|delete|drop|createCollection|dropDatabase|replaceOne|save|findAndModify|deleteOne|deleteMany|updateOne|updateMany|insertOne|insertMany)\\b)|(\\bmongorestore\\b)"
+        "pattern": "(\\b(mongo|mongosh)\\b[^|]*--eval[[:space:]=][^|]*\\.(update|insert|delete|drop|createCollection|dropDatabase|replaceOne|save|findAndModify|deleteOne|deleteMany|updateOne|updateMany|insertOne|insertMany)\\b)|(\\bmongorestore\\b)"
       },
       {
         "field": "command",
@@ -3126,6 +3171,33 @@
         },
         "expected_exit": 2
       },
+      {
+        "name": "blocks-mongo-eval-update-with-spaces-inside-arg",
+        "input": {
+          "tool_input": {
+            "command": "mongo --eval \"db.users.update({_id: 42}, {$set: {active: true}})\""
+          }
+        },
+        "expected_exit": 2
+      },
+      {
+        "name": "blocks-mongosh-eval-insertOne-spaces",
+        "input": {
+          "tool_input": {
+            "command": "mongosh --eval \"db.audit.insertOne({ event: \\\"oneshot\\\" })\""
+          }
+        },
+        "expected_exit": 2
+      },
+      {
+        "name": "blocks-mongo-eval-equals",
+        "input": {
+          "tool_input": {
+            "command": "mongo --eval=\"db.users.deleteMany({active:false})\""
+          }
+        },
+        "expected_exit": 2
+      },
       {
         "name": "blocks-mongo-eval-deleteMany",
         "input": {
@@ -3324,7 +3396,7 @@
     "match": [
       {
         "field": "command",
-        "pattern": "\\bgcloud[[:space:]]+sql[[:space:]]+(import|export)[[:space:]]+(sql|csv|bak)\\b",
+        "pattern": "\\bgcloud[[:space:]]+(--?[a-zA-Z0-9_-]+(=[^[:space:]]*)?[[:space:]]+)*sql[[:space:]]+(import|export)[[:space:]]+(sql|csv|bak)\\b",
         "flags": "i"
       },
       {
@@ -3377,6 +3449,42 @@
         },
         "expected_exit": 2
       },
+      {
+        "name": "blocks-gcloud-global-project-sql-export",
+        "input": {
+          "tool_input": {
+            "command": "gcloud --project=my-prod sql export sql my-instance gs://backups/dump.sql --database=mydb"
+          }
+        },
+        "expected_exit": 2
+      },
+      {
+        "name": "blocks-gcloud-global-quiet-sql-import",
+        "input": {
+          "tool_input": {
+            "command": "gcloud --quiet sql import sql my-instance gs://backups/dump.sql --database=mydb"
+          }
+        },
+        "expected_exit": 2
+      },
+      {
+        "name": "blocks-gcloud-global-account-sql-export-csv",
+        "input": {
+          "tool_input": {
+            "command": "gcloud --account=svc@example.iam.gserviceaccount.com sql export csv my-instance gs://backups/users.csv --database=mydb --query=\"SELECT * FROM users\""
+          }
+        },
+        "expected_exit": 2
+      },
+      {
+        "name": "blocks-gcloud-multiple-global-flags-sql-export",
+        "input": {
+          "tool_input": {
+            "command": "gcloud --project=my-prod --quiet sql export sql my-instance gs://backups/dump.sql --database=mydb"
+          }
+        },
+        "expected_exit": 2
+      },
       {
         "name": "allows-gcloud-sql-instances-list",
         "input": {
diff --git a/hooks/rules/rules.yaml b/hooks/rules/rules.yaml
diff --git a/hooks/test-sentinel-walkup.sh b/hooks/test-sentinel-walkup.sh
