From 59fd01070f8a717e7cdc7d10d539008b27afc645 Mon Sep 17 00:00:00 2001 From: "michael.findlater" Date: Thu, 15 Jul 2021 16:12:30 +0900 Subject: [PATCH 1/4] Do not rely on IFS from env --- git-secrets | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/git-secrets b/git-secrets index 11be153..8117a2e 100755 --- a/git-secrets +++ b/git-secrets @@ -72,9 +72,9 @@ load_allowed() { load_combined_patterns() { local patterns=$(load_patterns) local combined_patterns='' - for pattern in $patterns; do + while IFS=$'\n' read -r pattern; do combined_patterns=${combined_patterns}${pattern}"|" - done + done <<< "${patterns}" combined_patterns=${combined_patterns%?} echo $combined_patterns } From 0d5fb06406a42b4e3ecc32919b80d185def8e1f6 Mon Sep 17 00:00:00 2001 From: "michael.findlater" Date: Mon, 19 Jul 2021 15:50:46 +0900 Subject: [PATCH 2/4] Add carriage return to IFS --- git-secrets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git-secrets b/git-secrets index 8117a2e..d7d13be 100755 --- a/git-secrets +++ b/git-secrets @@ -72,7 +72,7 @@ load_allowed() { load_combined_patterns() { local patterns=$(load_patterns) local combined_patterns='' - while IFS=$'\n' read -r pattern; do + while IFS=$'\r\n' read -r pattern; do combined_patterns=${combined_patterns}${pattern}"|" done <<< "${patterns}" combined_patterns=${combined_patterns%?} From b1dfbb07498c657c1cbcc9eab21e260231248f69 Mon Sep 17 00:00:00 2001 From: "michael.findlater" Date: Mon, 19 Jul 2021 15:51:42 +0900 Subject: [PATCH 3/4] Test to ensure --scan preserves pattern spaces --- test/git-secrets.bats | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/test/git-secrets.bats b/test/git-secrets.bats index b7a5b1c..90abeee 100644 --- a/test/git-secrets.bats +++ b/test/git-secrets.bats @@ -88,6 +88,48 @@ load test_helper [ $status -eq 0 ] } +@test "Scans preserving spaces in patterns" { + cd $TEST_REPO + git config --add secrets.patterns 'first pattern' + git config --add secrets.patterns 'second pattern' + echo 'foo' > "$TEST_REPO/test.txt" + git add -A + git commit -m 'initial' + cd - + echo 'first' > "$TEST_REPO/test.txt" + + # Test --scan with and without arguments because + # the method of scanning is different (git vs. git-grep) + repo_run git-secrets --scan "$TEST_REPO/test.txt" + [ $status -eq 0 ] + repo_run git-secrets --scan + [ $status -eq 0 ] + + echo 'second' > "$TEST_REPO/test.txt" + repo_run git-secrets --scan "$TEST_REPO/test.txt" + [ $status -eq 0 ] + repo_run git-secrets --scan + [ $status -eq 0 ] + + echo 'pattern' > "$TEST_REPO/test.txt" + repo_run git-secrets --scan "$TEST_REPO/test.txt" + [ $status -eq 0 ] + repo_run git-secrets --scan + [ $status -eq 0 ] + + echo 'first pattern' > "$TEST_REPO/test.txt" + repo_run git-secrets --scan "$TEST_REPO/test.txt" + [ $status -eq 1 ] + repo_run git-secrets --scan + [ $status -eq 1 ] + + echo 'second pattern' > "$TEST_REPO/test.txt" + repo_run git-secrets --scan "$TEST_REPO/test.txt" + [ $status -eq 1 ] + repo_run git-secrets --scan + [ $status -eq 1 ] +} + @test "Excludes allowed patterns from failures" { git config --add secrets.patterns 'foo="baz{1,5}"' git config --add secrets.allowed 'foo="bazzz"' From 0c70ae6e8fa4a7e099321dffeb0dec7e14d27031 Mon Sep 17 00:00:00 2001 From: "michael.findlater" Date: Mon, 19 Jul 2021 16:42:58 +0900 Subject: [PATCH 4/4] Fix typo, formatting --- test/git-secrets.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/git-secrets.bats b/test/git-secrets.bats index 90abeee..74ba6db 100644 --- a/test/git-secrets.bats +++ b/test/git-secrets.bats @@ -96,10 +96,10 @@ load test_helper git add -A git commit -m 'initial' cd - - echo 'first' > "$TEST_REPO/test.txt" # Test --scan with and without arguments because - # the method of scanning is different (git vs. git-grep) + # the method of scanning is different (grep vs. git-grep) + echo 'first' > "$TEST_REPO/test.txt" repo_run git-secrets --scan "$TEST_REPO/test.txt" [ $status -eq 0 ] repo_run git-secrets --scan