Fix issue #135, allow whitespace in parent directories (#1210)

* Fix spaces in parent directory paths breaking gawk commands (issue #135)

Refactor _gawk_inplace to pass arguments directly to gawk instead of
constructing a command string for bash -c, which caused word-splitting
on paths containing spaces. Update all callers to pass arguments
directly instead of with single-quote wrapping for bash -c.

Add test for git secret init in directory with spaces in parent path.

Change TEST_DIR to "/tmp/git-secret-test/this dir has spaces" in
utils/tests.sh so the entire test suite exercises paths with spaces.

Replace the GPGTEST string variable with a _gpgtest function in
_test_base.bash to properly handle --homedir quoting when the path
contains spaces. Inline the bash -c gpg import logic directly.

* Change cp command to use -R for recursive copy

* Fix SC2005 lint: remove useless echo in install_fixture_full_key

Author: joshrabinowitz

docs/build.sh

@@ -11,7 +11,7 @@ POSTS_LOCATION='docs/_posts'
 
 
 function checkout_manuals {
-  cp -r man/ docs/man
+  cp -R man/ docs/man
 }
 
 

src/_utils/_git_secret_tools.sh

@@ -202,13 +202,11 @@ function _temporary_file {
 
 
 function _gawk_inplace {
-  local parms="$*"
-  local dest_file
-  dest_file="$(echo "$parms" | gawk -v RS="'" -v FS="'" 'END{ gsub(/^\s+/,""); print $1 }')"
+  local dest_file="${!#}"  # last argument
 
   _temporary_file
 
-  bash -c "gawk ${parms}" > "$temporary_filename"
+  gawk "$@" > "$temporary_filename"
   mv "$temporary_filename" "$dest_file"
 }
 
@@ -253,15 +251,15 @@ function _fsdb_rm_record {
   local key="$1"  # required
   local fsdb="$2" # required
 
-  _gawk_inplace -v key="'$key'" "'$AWK_FSDB_RM_RECORD'" "$fsdb"
+  _gawk_inplace -v "key=$key" "$AWK_FSDB_RM_RECORD" "$fsdb"
 }
 
 
 function _fsdb_clear_hashes {
   # First parameter is the path to fsdb
   local fsdb="$1" # required
 
-  _gawk_inplace "'$AWK_FSDB_CLEAR_HASHES'" "$fsdb"
+  _gawk_inplace "$AWK_FSDB_CLEAR_HASHES" "$fsdb"
 }
 
 

src/commands/git_secret_hide.sh

@@ -64,7 +64,7 @@ function _fsdb_update_hash {
 
   fsdb=$(_get_secrets_dir_paths_mapping)
 
-  _gawk_inplace -v key="'$key'" -v hash="$hash" "'$AWK_FSDB_UPDATE_HASH'" "$fsdb"
+  _gawk_inplace -v "key=$key" -v "hash=$hash" "$AWK_FSDB_UPDATE_HASH" "$fsdb"
 }
 
 

src/commands/git_secret_init.sh

@@ -36,7 +36,7 @@ function gitignore_add_pattern {
   gitignore_file_path=$(_prepend_root_path '.gitignore')
 
   _maybe_create_gitignore
-  _gawk_inplace -v pattern="$pattern" "'$AWK_ADD_TO_GITIGNORE'" "$gitignore_file_path"
+  _gawk_inplace -v "pattern=$pattern" "$AWK_ADD_TO_GITIGNORE" "$gitignore_file_path"
 }
 
 function init {

tests/_test_base.bash

@@ -56,8 +56,10 @@ function is_git_version_ge_2_28_0 { # based on code from github autopilot
 # GPG-based stuff:
 : "${SECRETS_GPG_COMMAND:='gpg'}"
 
-# This command is used with absolute homedir set and disabled warnings:
-GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning --batch"
+# This function is used with absolute homedir set and disabled warnings:
+function _gpgtest {
+  "$SECRETS_GPG_COMMAND" --homedir "$TEST_GPG_HOMEDIR" --no-permission-warning --batch "$@"
+}
 
 # Test key fixture data. Fixtures are at tests/fixtures/gpg/$email
 
@@ -134,21 +136,11 @@ function stop_gpg_agent {
 }
 
 
-function get_gpgtest_prefix {
-  if [[ $GPG_VER_21 -eq 1  ]]; then
-    # shellcheck disable=SC2086
-    echo "echo \"$(test_user_password $1)\" | "
-  else
-    echo ''
-  fi
-}
-
-
 function get_gpg_fingerprint_by_email {
   local email="$1"
   local fingerprint
 
-  fingerprint=$($GPGTEST --with-fingerprint \
+  fingerprint=$(_gpgtest --with-fingerprint \
                          --with-colon \
                          --list-secret-key "$email" | gawk "$AWK_GPG_GET_FP")
   echo "$fingerprint"
@@ -159,25 +151,27 @@ function install_fixture_key {
   local public_key="$BATS_TMPDIR/public-${1}.key"
 
   cp "$FIXTURES_DIR/gpg/${1}/public.key" "$public_key"
-  $GPGTEST --import "$public_key" >> "$TEST_OUTPUT_FILE" 2>&1
+  _gpgtest --import "$public_key" >> "$TEST_OUTPUT_FILE" 2>&1
   rm -f "$public_key" || _abort "Couldn't delete public key: $public_key"
 }
 
 
 function install_fixture_full_key {
   local private_key="$BATS_TMPDIR/private-${1}.key"
-  local gpgtest_prefix
-  gpgtest_prefix=$(get_gpgtest_prefix "$1")
-  local gpgtest_import="$gpgtest_prefix $GPGTEST"
   local email
   local fingerprint
 
   email="$1"
 
   cp "$FIXTURES_DIR/gpg/${1}/private.key" "$private_key"
 
-  bash -c "$gpgtest_import --allow-secret-key-import \
-    --import \"$private_key\"" >> "${TEST_OUTPUT_FILE}" 2>&1
+  if [[ "${GPG_VER_21:-0}" -eq 1 ]]; then
+    test_user_password "$1" | _gpgtest --allow-secret-key-import \
+      --import "$private_key" >> "${TEST_OUTPUT_FILE}" 2>&1
+  else
+    _gpgtest --allow-secret-key-import \
+      --import "$private_key" >> "${TEST_OUTPUT_FILE}" 2>&1
+  fi
 
   # since 0.1.2 fingerprint is returned:
   fingerprint=$(get_gpg_fingerprint_by_email "$email")
@@ -194,7 +188,7 @@ function uninstall_fixture_key {
   local email
 
   email="$1"
-  $GPGTEST --yes --delete-key "$email" >> "$TEST_OUTPUT_FILE" 2>&1
+  _gpgtest --yes --delete-key "$email" >> "$TEST_OUTPUT_FILE" 2>&1
 }
 
 
@@ -208,7 +202,7 @@ function uninstall_fixture_full_key {
     fingerprint=$(get_gpg_fingerprint_by_email "$email")
   fi
 
-  $GPGTEST --yes --delete-secret-keys "$fingerprint" >> "$TEST_OUTPUT_FILE" 2>&1
+  _gpgtest --yes --delete-secret-keys "$fingerprint" >> "$TEST_OUTPUT_FILE" 2>&1
 
   uninstall_fixture_key "$1"
 }

tests/test_init.bats

@@ -82,6 +82,41 @@ function teardown {
 }
 
 
+@test "run 'init' in directory with spaces in parent path" {
+  # This test covers this issue:
+  # https://github.com/sobolevn/git-secret/issues/135
+
+  if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then
+    skip "this test is skipped while 'git commit'. See #334"
+  fi
+
+  local test_dir="$BATS_TMPDIR/path with spaces"
+  local current_dir="$PWD"
+
+  mkdir -p "$test_dir"
+  cd "$test_dir"
+
+  local has_initial_branch_option
+  has_initial_branch_option=$(is_git_version_ge_2_28_0)
+  if [[ "$has_initial_branch_option" == 0 ]]; then
+    git init --initial-branch=main >> "$TEST_OUTPUT_FILE" 2>&1
+  else
+    git init >> "$TEST_OUTPUT_FILE" 2>&1
+  fi
+
+  run git secret init
+  [ "$status" -eq 0 ]
+
+  local secrets_dir
+  secrets_dir=$(_get_secrets_dir)
+  [[ -d "$secrets_dir" ]]
+
+  # Cleaning up:
+  cd "$current_dir"
+  rm -rf "$test_dir"
+}
+
+
 @test "run 'init' with '.gitsecret' already initialized" {
   local secrets_dir
   secrets_dir=$(_get_secrets_dir)

utils/tests.sh

@@ -4,10 +4,10 @@
 
 set -e
 
-TEST_DIR=/tmp/git-secret-test
+TEST_DIR="/tmp/git-secret-test/this dir has spaces"
 
 rm -rf "${TEST_DIR}"
-mkdir "${TEST_DIR}"
+mkdir -p "${TEST_DIR}"
 echo "# created dir: ${TEST_DIR}"
 
 chmod 0700 "${TEST_DIR}"