Skip to content

Commit d7752f9

Browse files
arimxyerclaude
andcommitted
fix: resolve macOS location filtering failures with symlink canonicalization
Fixed location-based credential filtering on macOS where /var is a symlink to /private/var, causing path mismatches between stored and filtered paths. Root cause: - Usage tracking stored paths from os.Getwd() as /var/folders/... - Location filtering resolved paths to /private/var/folders/... - Paths didn't match despite being the same directory Changes: 1. internal/vault/vault.go (lines 614-625) - Resolve symlinks when recording usage locations - Use filepath.EvalSymlinks() to get canonical path - Ensures stored paths are in canonical form 2. cmd/list.go (lines 175-221) - Resolve symlinks in filterCredentialsByLocation - Apply EvalSymlinks to both filter path and credential locations - Compare canonical paths instead of raw paths This ensures both stored and filtered paths are in canonical form, fixing all location filtering tests on macOS. Fixes: - TestListByLocation/T037_Location_Exact_Path - TestListByLocation/T039_Location_Recursive - TestListByLocation/T041_Location_JSON_Format 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
1 parent 0e0b82c commit d7752f9

File tree

2 files changed

+24
-3
lines changed

2 files changed

+24
-3
lines changed

cmd/list.go

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,13 @@ func filterCredentialsByLocation(metadata []vault.CredentialMetadata, location s
179179
return nil, fmt.Errorf("failed to resolve path: %w", err)
180180
}
181181

182+
// Resolve symlinks to get canonical path (fixes macOS /var -> /private/var symlink issue)
183+
canonicalLocation, err := filepath.EvalSymlinks(absLocation)
184+
if err != nil {
185+
// If symlink resolution fails (e.g., path doesn't exist), use absolute path
186+
canonicalLocation = absLocation
187+
}
188+
182189
filtered := make([]vault.CredentialMetadata, 0)
183190

184191
for _, meta := range metadata {
@@ -191,17 +198,24 @@ func filterCredentialsByLocation(metadata []vault.CredentialMetadata, location s
191198
continue
192199
}
193200

201+
// Resolve symlinks to get canonical path
202+
canonicalCredLocation, err := filepath.EvalSymlinks(absCredLocation)
203+
if err != nil {
204+
// If symlink resolution fails, use absolute path
205+
canonicalCredLocation = absCredLocation
206+
}
207+
194208
matched := false
195209

196210
if recursive {
197211
// T047: Recursive mode - check if credential location is under the specified location
198212
// Use filepath.HasPrefix logic (check if credLocation starts with location)
199-
if absCredLocation == absLocation || strings.HasPrefix(absCredLocation, absLocation+string(filepath.Separator)) {
213+
if canonicalCredLocation == canonicalLocation || strings.HasPrefix(canonicalCredLocation, canonicalLocation+string(filepath.Separator)) {
200214
matched = true
201215
}
202216
} else {
203217
// T046: Exact match mode - credential location must exactly match
204-
if absCredLocation == absLocation {
218+
if canonicalCredLocation == canonicalLocation {
205219
matched = true
206220
}
207221
}

internal/vault/vault.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -611,10 +611,17 @@ func (v *VaultService) RecordFieldAccess(service, field string) error {
611611
return ErrCredentialNotFound
612612
}
613613

614-
// Get current working directory
614+
// Get current working directory and resolve symlinks for canonical path
615+
// (fixes macOS /var -> /private/var symlink matching issue)
615616
location, err := os.Getwd()
616617
if err != nil {
617618
location = "unknown"
619+
} else {
620+
// Resolve symlinks to canonical path
621+
if canonical, err := filepath.EvalSymlinks(location); err == nil {
622+
location = canonical
623+
}
624+
// If symlink resolution fails, keep the original path
618625
}
619626

620627
// Try to get git repo info

0 commit comments

Comments
 (0)