You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pre_commit_hook() {
local file found_match=0 rev="4b825dc642cb6eb9a060e54bf8d69288fbee4904"
# Diff against HEAD if this is not the first commit in the repo.
git rev-parse --verify HEAD >/dev/null 2>&1 && rev="HEAD"
# Filter out deleted files using --diff-filter
scan_or_die "$(git diff-index --diff-filter 'ACMU' --name-only --cached $rev --)"
}
But scan() is operating on the working directory.
scan() {
local files="$1" action='skip' patterns=$(load_patterns)
local allowed=$(git config --get-all secrets.allowed)
[ -z "${patterns}" ] && return 0
if [ -z "${files}" ]; then
output=$(GREP_OPTIONS= LC_ALL=C git grep -nwHE "${patterns}")
else
# -r only applies when file paths are provided.
[ "${RECURSIVE}" -eq 1 ] && action="recurse"
output=$(GREP_OPTIONS= LC_ALL=C grep -d $action -nwHE "${patterns}" $files)
fi
local status=$?
case "$status" in
0)
[ -z "${allowed}" ] && echo "${output}" && return 1
# Determine with a negative grep if the found matches are allowed
echo "${output}" | GREP_OPTIONS= LC_ALL=C grep -Ev "${allowed}" \
&& return 1 || return 0
;;
1) return 0 ;;
*) exit $status
esac
}
That means the pre-commit hook might not scan through the changes that will be committed.
Do I miss something? Do you agree, this is a problem? If so I would like to send you PR fixing that problem.
The text was updated successfully, but these errors were encountered:
andreaswittig
changed the title
Pre-commit hook scans working directory instead of staging area?
pre-commit hook scans working directory instead of staging area?
Mar 23, 2016
That's true; because pre-commit passes in a list of files, the scan for pre-commit scans the working directory. If the staged files drift from the working directory, then the scan wouldn't catch violations in the staged files.
I've opened a pull request that addresses this issue. Could you give that a look and let me know what you think? #13
The
pre_commit_hook()
searches for staged files.But
scan()
is operating on the working directory.That means the pre-commit hook might not scan through the changes that will be committed.
Do I miss something? Do you agree, this is a problem? If so I would like to send you PR fixing that problem.
The text was updated successfully, but these errors were encountered: