Complete security audit: final cleanup and test coverage improvements

Co-authored-by: GrantBirki <[email protected]>

Author: Copilot

lib/hooks/plugins/auth/shared_secret.rb

@@ -56,7 +56,7 @@ class SharedSecret < Base
         #     headers: request.headers,
         #     config: { auth: { header: 'Authorization' } }
         #   )
-        def self.valid?(payload:, headers:, config:)
+        def self.valid?(_payload:, headers:, config:)
           secret = fetch_secret(config)
 
           validator_config = build_config(config)

spec/unit/lib/hooks/plugins/auth/base_spec.rb

@@ -234,6 +234,7 @@ def self.valid?(payload:, headers:, config:)
 
       expect(described_class.find_header_value(headers, "Missing-Header")).to be_nil
       expect(described_class.find_header_value(headers, "")).to be_nil
+      expect(described_class.find_header_value(headers, "   ")).to be_nil
       expect(described_class.find_header_value(headers, nil)).to be_nil
     end
 

spec/unit/lib/hooks/plugins/auth/shared_secret_spec.rb

@@ -390,6 +390,20 @@ def valid_with(args = {})
         expect(result).to be false
         expect(Hooks::Log.instance).to have_received(:warn).with("Auth::SharedSecret validation failed: Signature mismatch")
       end
+
+      it "logs error and returns false on exception" do
+        # Force an exception by mocking fetch_secret to raise
+        allow(described_class).to receive(:fetch_secret).and_raise(StandardError, "Test error")
+
+        result = described_class.valid?(
+          payload: '{"data":"value"}',
+          headers: { "Authorization" => "test" },
+          config: test_config
+        )
+
+        expect(result).to be false
+        expect(Hooks::Log.instance).to have_received(:error).with("Auth::SharedSecret validation failed: Test error")
+      end
     end
   end
 end