mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-03-22 12:01:39 -07:00
53 lines
1.5 KiB
TypeScript
53 lines
1.5 KiB
TypeScript
/**
|
|
* @license
|
|
* Copyright 2025 Google LLC
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
/**
|
|
* Sanitize hook name to remove potentially sensitive information.
|
|
* Extracts the base command name without arguments or full paths.
|
|
*
|
|
* This function protects PII by removing:
|
|
* - Full file paths that may contain usernames
|
|
* - Command arguments that may contain credentials, API keys, tokens
|
|
* - Environment variables with sensitive values
|
|
*
|
|
* Examples:
|
|
* - "/path/to/.gemini/hooks/check-secrets.sh --api-key=abc123" -> "check-secrets.sh"
|
|
* - "python /home/user/script.py --token=xyz" -> "python"
|
|
* - "node index.js" -> "node"
|
|
* - "C:\\Windows\\System32\\cmd.exe /c secret.bat" -> "cmd.exe"
|
|
* - "" or " " -> "unknown-command"
|
|
*
|
|
* @param hookName Full command string.
|
|
* @returns Sanitized command name.
|
|
*/
|
|
export function sanitizeHookName(hookName: string): string {
|
|
// Handle empty or whitespace-only strings
|
|
if (!hookName || !hookName.trim()) {
|
|
return 'unknown-command';
|
|
}
|
|
|
|
// Split by spaces to get command parts
|
|
const parts = hookName.trim().split(/\s+/);
|
|
if (parts.length === 0) {
|
|
return 'unknown-command';
|
|
}
|
|
|
|
// Get the first part (the command)
|
|
const command = parts[0];
|
|
if (!command) {
|
|
return 'unknown-command';
|
|
}
|
|
|
|
// If it's a path, extract just the basename
|
|
if (command.includes('/') || command.includes('\\')) {
|
|
const pathParts = command.split(/[/\\]/);
|
|
const basename = pathParts[pathParts.length - 1];
|
|
return basename || 'unknown-command';
|
|
}
|
|
|
|
return command;
|
|
}
|