Skip to content

feat(security): add sanitized command preview before scan execution#182

Open
aaniya22 wants to merge 9 commits into
utksh1:mainfrom
aaniya22:feat/command-preview-35
Open

feat(security): add sanitized command preview before scan execution#182
aaniya22 wants to merge 9 commits into
utksh1:mainfrom
aaniya22:feat/command-preview-35

Conversation

@aaniya22
Copy link
Copy Markdown
Contributor

@aaniya22 aaniya22 commented May 19, 2026

Closes #35

Summary

Adds a live sanitized command preview panel to the scan configuration page, so users can see what SecuScan is about to run before submitting — with secrets always redacted.

Changes

  • frontend/src/utils/commandPreview.ts — utility for redaction, sensitive field detection, and token building
  • frontend/src/components/CommandPreview.tsx — live preview panel component
  • frontend/src/api.ts — added sensitive? and command_template? fields to types
  • frontend/src/pages/ToolConfig.tsx — wired in the preview panel
  • frontend/testing/unit/utils/commandPreview.test.ts — 22 unit tests
  • frontend/testing/unit/pages/ToolConfigDynamic.test.tsx — additional integration tests

Acceptance Criteria

  • ✅ Users can preview the generated command before starting a scan
  • ✅ Sensitive fields (tokens, passwords, cookies, auth headers, vault refs) are redacted
  • ✅ Preview updates live when form inputs change
  • ✅ Scan submission behaviour is unchanged — original inputs always sent
  • ✅ Tests cover redaction and generated preview cases

@aaniya22 aaniya22 force-pushed the feat/command-preview-35 branch from 9233c3c to 4b40b52 Compare May 19, 2026 23:28
@aaniya22 aaniya22 force-pushed the feat/command-preview-35 branch from 71155ca to 11a3b15 Compare May 19, 2026 23:40
@aaniya22
Copy link
Copy Markdown
Contributor Author

aaniya22 commented May 21, 2026

please review and merge this pr
Also kindly add gssoc:approved label to the pr
thank you

1 similar comment
@aaniya22
Copy link
Copy Markdown
Contributor Author

aaniya22 commented May 22, 2026

please review and merge this pr
Also kindly add gssoc:approved label to the pr
thank you

utksh1
utksh1 requested changes May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@utksh1 utksh1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking issues before merge:

  • The PR adds an empty file at frontend/frontend/e2e/scan-workflow.spec.ts (note the duplicated frontend/ path). Please remove this file and ensure E2E specs live under frontend/e2e/.
  • This PR mixes multiple concerns (command preview + reports changes + E2E). Please consider splitting into focused PRs to reduce review/merge conflicts.

Once the stray path is removed and scope is clarified, happy to re-review.

@utksh1 utksh1 added area:frontend Frontend React/UI work area:security Security-sensitive implementation or tests type:security Security work category bonus label type:feature Feature work category bonus label level:advanced 55 pts difficulty label for advanced contributor PRs labels May 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@utksh1 utksh1 utksh1 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

area:frontend Frontend React/UI work area:security Security-sensitive implementation or tests level:advanced 55 pts difficulty label for advanced contributor PRs type:feature Feature work category bonus label type:security Security work category bonus label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SECURITY] Add sanitized command preview before scan execution

2 participants

@aaniya22 @utksh1