Skip to content

feat(security): add sanitized command preview before scan execution#182

Open
aaniya22 wants to merge 8 commits into
utksh1:mainfrom
aaniya22:feat/command-preview-35
Open

feat(security): add sanitized command preview before scan execution#182
aaniya22 wants to merge 8 commits into
utksh1:mainfrom
aaniya22:feat/command-preview-35

Conversation

@aaniya22
Copy link
Copy Markdown
Contributor

@aaniya22 aaniya22 commented May 19, 2026

Closes #35

Summary

Adds a live sanitized command preview panel to the scan configuration page, so users can see what SecuScan is about to run before submitting — with secrets always redacted.

Changes

  • frontend/src/utils/commandPreview.ts — utility for redaction, sensitive field detection, and token building
  • frontend/src/components/CommandPreview.tsx — live preview panel component
  • frontend/src/api.ts — added sensitive? and command_template? fields to types
  • frontend/src/pages/ToolConfig.tsx — wired in the preview panel
  • frontend/testing/unit/utils/commandPreview.test.ts — 22 unit tests
  • frontend/testing/unit/pages/ToolConfigDynamic.test.tsx — additional integration tests

Acceptance Criteria

  • ✅ Users can preview the generated command before starting a scan
  • ✅ Sensitive fields (tokens, passwords, cookies, auth headers, vault refs) are redacted
  • ✅ Preview updates live when form inputs change
  • ✅ Scan submission behaviour is unchanged — original inputs always sent
  • ✅ Tests cover redaction and generated preview cases

@aaniya22 aaniya22 force-pushed the feat/command-preview-35 branch 2 times, most recently from 71155ca to 11a3b15 Compare May 19, 2026 23:40
@aaniya22
Copy link
Copy Markdown
Contributor Author

aaniya22 commented May 21, 2026

please review and merge this pr
Also kindly add gssoc:approved label to the pr
thank you

1 similar comment
@aaniya22
Copy link
Copy Markdown
Contributor Author

aaniya22 commented May 22, 2026

please review and merge this pr
Also kindly add gssoc:approved label to the pr
thank you

utksh1
utksh1 requested changes May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@utksh1 utksh1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking issues before merge:

  • The PR adds an empty file at frontend/frontend/e2e/scan-workflow.spec.ts (note the duplicated frontend/ path). Please remove this file and ensure E2E specs live under frontend/e2e/.
  • This PR mixes multiple concerns (command preview + reports changes + E2E). Please consider splitting into focused PRs to reduce review/merge conflicts.

Once the stray path is removed and scope is clarified, happy to re-review.

@utksh1 utksh1 added area:frontend Frontend React/UI work area:security Security-sensitive implementation or tests type:security Security work category bonus label type:feature Feature work category bonus label level:advanced 55 pts difficulty label for advanced contributor PRs labels May 22, 2026
@aaniya22 aaniya22 force-pushed the feat/command-preview-35 branch from 60e63f8 to c793559 Compare May 24, 2026 05:37
aaniya22 added 2 commits May 24, 2026 11:19
@aaniya22
fix: resolve leftover conflict marker in date.ts
653959d 
Signed-off-by: aaniya22 <aaniyaatomar@gmail.com>
@aaniya22
fix: add userEvent import and missing user setup in test file
9a94b69 
Signed-off-by: aaniya22 <aaniyaatomar@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@utksh1 utksh1 utksh1 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

area:frontend Frontend React/UI work area:security Security-sensitive implementation or tests level:advanced 55 pts difficulty label for advanced contributor PRs type:feature Feature work category bonus label type:security Security work category bonus label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SECURITY] Add sanitized command preview before scan execution

2 participants

@aaniya22 @utksh1