'git secret hide' without source files gives appropriate error (#158)

* don't hide files that don't exist decrypted. and change related error message to 'file not found: filename'. * ensure all source files are present before hiding * test for 'add' while unencrypted file missing
7 years ago · deae0d1cd5
parent 5572894af7
commit deae0d1cd5
4 changed files with 36 additions and 4 deletions
--- a/src/commands/git_secret_add.sh
+++ b/src/commands/git_secret_add.sh
@ -41,7 +41,7 @@ function add {

    # Checking that file is valid:
    if [[ ! -f "$path" ]]; then
-      _abort "not a file: $item"
+      _abort "file not found: $item"
    fi

    # Checking that it is ignored:
--- a/src/commands/git_secret_hide.sh
+++ b/src/commands/git_secret_hide.sh
@ -117,8 +117,20 @@ function hide {
  local path_mappings
  path_mappings=$(_get_secrets_dir_paths_mapping)

-  local counter=0
+  # make sure all the unencrypted files needed are present
+  local to_hide=()
  while read -r record; do
+    local filename
+    filename=$(_get_record_filename "$record")
+
+    if [[ ! -f "$filename" ]]; then
+      _abort "file not found: $filename"
+    fi
+    to_hide+=("$record")  # add record to array
+  done < "$path_mappings"
+
+  local counter=0
+  for record in "${to_hide[@]}"; do
    local filename
    local fsdb_file_hash
    local encrypted_filename
@ -126,6 +138,11 @@ function hide {
    fsdb_file_hash=$(_get_record_hash "$record")
    encrypted_filename=$(_get_encrypted_filename "$filename")

+    # Checking that file is valid:
+    if [[ ! -f "$filename" ]]; then
+      _abort "file not found: $filename"
+    fi
+
    local recipients
    recipients=$(_get_recepients)

@ -152,7 +169,7 @@ function hide {
        _optional_fsdb_update_hash "$key" "$hash"
    fi
    counter=$((counter+1))
-  done < "$path_mappings"
+  done

  # If -d option was provided, it would delete the source files
  # after we have already hidden them.
--- a/src/commands/git_secret_remove.sh
+++ b/src/commands/git_secret_remove.sh
@ -37,7 +37,7 @@ function remove {

    # Checking if file exists:
    if [[ ! -f "$path" ]]; then
-      _abort "not a file: $item"
+      _abort "file not found: $item"
    fi

    # Deleting it from path mappings:
--- a/tests/test_hide.bats
+++ b/tests/test_hide.bats
@ -37,6 +37,21 @@ function teardown {
  [ -f "$encrypted_file" ]
 }

+@test "run 'hide' with missing file" {
+  # Preparations:
+  local second_file="second_file.txt"
+  local second_content="some content"
+  set_state_secret_add "$second_file" "$second_content"
+
+  # now remove the second file to cause failure
+  rm -f "$second_file"
+
+  # Now it should return an error because one file can't be found
+  run git secret hide
+  [ "$status" -ne 0 ]
+  [ "$output" != "done. all 2 files are hidden." ]
+}
+

@test "run 'hide' with multiple files" {
  # Preparations: