Fix for not scanned except the first file awslabs#66

- filenames are treated as array (whitespace/newline consideration)
adityavs · Feb 2, 2018 · 89b311c · 89b311c
1 parent 6312039
commit 89b311c
Showing 1 changed file with 11 additions and 9 deletions.
diff --git a/git-secrets b/git-secrets
@@ -81,15 +81,15 @@ load_combined_patterns() {
 
 # Scans files or a repo using patterns.
 scan() {
-  local files="$1" options=""
+  local files=("${@}") options=""
   [ "${SCAN_CACHED}" == 1 ] && options+="--cached"
   [ "${SCAN_UNTRACKED}" == 1 ] && options+=" --untracked"
   [ "${SCAN_NO_INDEX}" == 1 ] && options+=" --no-index"
   # Scan using git-grep if there are no files or if git options are applied.
-  if [ -z "${files}" ] || [ ! -z "${options}" ]; then
-    output=$(git_grep $options $files)
+  if [ ${#files[@]} -eq 0 ] || [ ! -z "${options}" ]; then
+    output=$(git_grep $options "${files[@]}")
   else
-    output=$(regular_grep $files)
+    output=$(regular_grep "${files[@]}")
   fi
   process_output $? "${output}"
 }
@@ -110,18 +110,19 @@ scan_history() {
 # Note: this function returns 1 on success, 0 on error.
 git_grep() {
   local options="$1"; shift
-  local files=$@ combined_patterns=$(load_combined_patterns)
+  local files=("${@}") combined_patterns=$(load_combined_patterns)
+
   [ -z "${combined_patterns}" ] && return 1
-  GREP_OPTIONS= LC_ALL=C git grep -nwHEI ${options} "${combined_patterns}" -- $files
+  GREP_OPTIONS= LC_ALL=C git grep -nwHEI ${options} "${combined_patterns}" -- "${files[@]}"
 }
 
 # Performs a regular grep, taking into account patterns and recursion.
 # Note: this function returns 1 on success, 0 on error.
 regular_grep() {
-  local files=$@ patterns=$(load_patterns) action='skip'
+  local files=("${@}") patterns=$(load_patterns) action='skip'
   [ -z "${patterns}" ] && return 1
   [ ${RECURSIVE} -eq 1 ] && action="recurse"
-  GREP_OPTIONS= LC_ALL=C grep -d "${action}" -nwHEI "${patterns}" $files
+  GREP_OPTIONS= LC_ALL=C grep -d "${action}" -nwHEI "${patterns}" "${files[@]}"
 }
 
 # Process the given status ($1) and output variables ($2).
@@ -172,7 +173,8 @@ pre_commit_hook() {
   # Diff against HEAD if this is not the first commit in the repo.
   git rev-parse --verify HEAD >/dev/null 2>&1 && rev="HEAD"
   # Filter out deleted files using --diff-filter
-  IFS=$'\n' scan_with_fn_or_die "scan" "$(git diff-index --diff-filter 'ACMU' --name-only --cached $rev --)"
+  readarray -t files <<< $(git diff-index --diff-filter 'ACMU' --name-only --cached $rev --)
+  scan_with_fn_or_die "scan" "${files[@]}"
 }
 
 # Determines if merging in a commit will introduce tainted history.