IBM / detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

Apache License 2.0

73 stars 45 forks source link

fix: File enumeration fails on older git binary #150

Open bigpick opened 4 months ago

bigpick commented 4 months ago

Info

Closes https://github.com/IBM/detect-secrets/issues/148. On systems with older versions of git (i.e centOS7 in that issue) the -C <path> option is not supported. This flag was added back in 1.8.5 (https://github.com/git/git/commit/44e1e4d67d5148c245db362cc48c3cc6c2ec82ca)... And since the error is not getting logged, this results in a silent truncation of the entire .secrets.baseline file.

This PR does two things:

Attempts to use an alternative/equivalent flag if the version of git detected is < 1.8.5 via --git-dir <path>/.git
Surfaces the error (if any is encountered) when running the git command to enumerate the files, which would have made the original issue more clear what was wrong.

bigpick commented 4 months ago

(looking at tests)