From b6f22b714651f8ca4e0285bf325fe5c19f98e8a3 Mon Sep 17 00:00:00 2001
From: Nick Jones <nrjones@us.ibm.com>
Date: Thu, 14 Dec 2023 17:57:55 -0500
Subject: [PATCH] fix git diff command syntax, tests

Signed-off-by: Nick Jones <nrjones@us.ibm.com>
---
 detect_secrets/core/baseline.py |  6 ++----
 tests/core/baseline_test.py     | 28 +++++++++++++++++++++-------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/detect_secrets/core/baseline.py b/detect_secrets/core/baseline.py
index d2819e535..7e235d874 100644
--- a/detect_secrets/core/baseline.py
+++ b/detect_secrets/core/baseline.py
@@ -414,18 +414,16 @@ def _get_git_tracked_diff_files(rootdir='.',diff_branch=None):
             git_files = subprocess.check_output(
                 [
                     'git',
-                    '-C', rootdir,
                     'diff',
                     '--name-only',
                     '--diff-filter=ACMRTUX',
                     diff_branch,
+                    '--', rootdir,
                 ],
                 stderr=fnull,
             )
         for filename in git_files.decode('utf-8').split():
-            relative_path = util.get_relative_path_if_in_cwd(rootdir, filename)
-            if relative_path:
-                output.append(relative_path)
+            output.append(filename)
     except subprocess.CalledProcessError:
         pass
     return output
diff --git a/tests/core/baseline_test.py b/tests/core/baseline_test.py
index b9674ccd6..4eb1fe94f 100644
--- a/tests/core/baseline_test.py
+++ b/tests/core/baseline_test.py
@@ -187,7 +187,7 @@ def test_scan_all_files_with_bad_symlinks(self):
         assert len(results.keys()) == 0
 
     def test_diff_branch_nodiff(self):
-        results = self.get_results(path=['test_data/files'],diff_branch="staging")
+        results = self.get_results(path=['./test_data/files'],diff_branch="origin/master")
 
         # No expected results, because differences
         assert not results
@@ -197,16 +197,30 @@ def test_diff_branch_diff(self):
             'detect_secrets.core.baseline.subprocess.check_output',
             (
                 SubprocessMock(
-                    expected_input='git -C test_data/files diff --name-only --diff-filter=ACMRTUX origin/master',
-                    should_throw_exception=True,
-                    mocked_output='',
+                    expected_input='git diff --name-only --diff-filter=ACMRTUX origin/master -- ./test_data/files',
+                    mocked_output=b'test_data/files/file_with_secrets.py\n',
                 ),
             ),
         ):
-            results = self.get_results(path=['test_data/files'],diff_branch="origin/master")
+            results = self.get_results(path=['./test_data/files'],diff_branch="origin/master")
+        assert len(results.keys()) == 1
+        assert len(results['test_data/files/file_with_secrets.py']) == 1
 
-        assert not results
-        assert len(results['test_data/files/tmp/file_with_secrets.py']) == 3
+
+    def test_diff_branch_diff2(self):
+        with mock_git_calls(
+            'detect_secrets.core.baseline.subprocess.check_output',
+            (
+                SubprocessMock(
+                    expected_input='git diff --name-only --diff-filter=ACMRTUX origin/master -- ./test_data/files',
+                    mocked_output=b'test_data/files/file_with_secrets.py\ntest_data/files/tmp/file_with_secrets.py\n',
+                ),
+            ),
+        ):
+            results = self.get_results(path=['./test_data/files'],diff_branch="origin/master")
+        assert len(results.keys()) == 2
+        assert len(results['test_data/files/file_with_secrets.py']) == 1
+        assert len(results['test_data/files/tmp/file_with_secrets.py']) == 2
 
 
 class TestGetSecretsNotInBaseline: