Skip to content

Add optional pre-commit hook for code formatting #5178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jamescrosswell wants to merge 17 commits into
base: main
Choose a base branch
from
+86 −0

fix(pre-commit): show dotnet format output on failure

d1f2687
Select commit
Loading
Failed to load commit list.
Open

Add optional pre-commit hook for code formatting #5178

fix(pre-commit): show dotnet format output on failure
d1f2687
Select commit
Loading
Failed to load commit list.
@sentry/warden / warden: find-bugs completed May 6, 2026 in 28s

2 issues

find-bugs: Found 2 issues (1 medium, 1 low)

Medium

Staged filenames passed unquoted to dotnet format via --include - `.githooks/pre-commit:12-15`

The hook reads staged .cs file names from git diff --cached --name-only and appends them to INCLUDE_ARGS. While each filename is passed as a separate array element (avoiding shell word-splitting), filenames containing spaces, glob characters, or leading dashes are forwarded directly to dotnet format --include. A maliciously crafted filename (e.g., starting with --) staged in a feature branch could be interpreted as an option to dotnet format, potentially altering behavior. There is no -- separator before the file list to disambiguate.

Low

`set -e` is effectively disabled for the dotnet format invocation - `.githooks/pre-commit:15`

The script uses set -e at the top, but the dotnet format ... || { ... } construct disables errexit for that command, and the surrounding $(...) capture also suppresses errors from the pipeline inside the process substitution. If git diff --cached or grep fails, the trailing || true masks it, which could lead to silently running dotnet format with zero include args (handled) but also masks genuine git failures. Low-severity hardening concern.

Duration: 24.7s · Tokens: 50.9k in / 1.6k out · Cost: $0.32 (+merge: $0.00)

Annotations

Check warning on line 15 in .githooks/pre-commit

See this annotation in the file changed.

@sentry-warden sentry-warden / warden: find-bugs

Staged filenames passed unquoted to dotnet format via --include 

The hook reads staged .cs file names from `git diff --cached --name-only` and appends them to INCLUDE_ARGS. While each filename is passed as a separate array element (avoiding shell word-splitting), filenames containing spaces, glob characters, or leading dashes are forwarded directly to `dotnet format --include`. A maliciously crafted filename (e.g., starting with `--`) staged in a feature branch could be interpreted as an option to dotnet format, potentially altering behavior. There is no `--` separator before the file list to disambiguate.
View more details on @sentry/warden