fix not being able to scan from subdirectories

detect_secrets/core/scan.py

@@ -1,4 +1,4 @@
-import os
+import os.path
 import subprocess
 from typing import Any
 from typing import cast
@@ -20,7 +20,6 @@
 from ..util.code_snippet import CodeSnippet
 from ..util.code_snippet import get_code_snippet
 from ..util.inject import call_function_with_arguments
-from ..util.path import get_relative_path
 from .log import log
 from .plugins import Plugin
 from .potential_secret import PotentialSecret
@@ -54,8 +53,8 @@ def get_files_to_scan(
 
     :param root: if not specified, will assume current repository as root.
     """
-    if root:
-        root = os.path.realpath(root)
+    root = os.path.realpath(root)
+    paths = tuple(map(os.path.realpath, paths))
 
     # First, we determine the appropriate filtering mode to be used.
     # If this is True, then it will consider everything to be valid.
@@ -69,7 +68,14 @@ def get_files_to_scan(
 
         if not should_scan_all_files:
             try:
-                valid_paths = git.get_tracked_files(git.get_root_directory(root))
+                git_root = git.get_root_directory(root)
+                relative_root = os.path.relpath(root, git_root) + '/' if root != git_root else ''
+                tracked_paths = git.get_tracked_files(git_root)
+                valid_paths = set(
+                    os.path.relpath(os.path.join(git_root, path), root)
+                    for path in tracked_paths
+                    if path.startswith(relative_root)
+                )
             except subprocess.CalledProcessError:
                 log.warning('Did not detect git repository. Try scanning all files instead.')
                 valid_paths = False
@@ -84,17 +90,14 @@ def get_files_to_scan(
 
     for path in paths:
         iterator = (
-            cast(List[Tuple], [(root or os.getcwd(), None, [path])])
+            cast(List[Tuple], [(root, None, [path])])
             if os.path.isfile(path)
             else os.walk(path)
         )
 
         for path_root, _, filenames in iterator:
             for filename in filenames:
-                relative_path = get_relative_path(
-                    root=root or os.getcwd(),
-                    path=os.path.join(path_root, filename),
-                )
+                relative_path = os.path.relpath(os.path.join(path_root, filename), root)
                 if not relative_path:
                     # e.g. symbolic links may be pointing outside the root directory
                     continue

detect_secrets/util/git.py

@@ -1,9 +1,8 @@
-import os
+import os.path
 import subprocess
 from typing import Set
 
 from ..core.log import log
-from .path import get_relative_path
 
 
 def get_root_directory(path: str = '') -> str:
@@ -36,7 +35,7 @@ def get_tracked_files(root: str) -> Set[str]:
         )
 
         for filename in files.decode('utf-8').splitlines():
-            path = get_relative_path(root, os.path.join(root, filename))
+            path = os.path.relpath(os.path.join(root, filename), root)
             if path:
                 output.add(path)
 

tests/core/baseline_test.py

@@ -1,4 +1,5 @@
 import json
+import os.path
 import subprocess
 import tempfile
 from pathlib import Path
@@ -8,7 +9,6 @@
 
 from detect_secrets.core import baseline
 from detect_secrets.settings import get_settings
-from detect_secrets.util.path import get_relative_path_if_in_cwd
 from testing.mocks import mock_named_temporary_file
 
 
@@ -79,7 +79,7 @@ def test_scan_all_files():
             assert f.name not in secrets.data
 
             secrets = baseline.create('test_data/files/tmp', should_scan_all_files=True)
-            assert get_relative_path_if_in_cwd(f.name) in secrets.data
+            assert os.path.relpath(f.name, '') in secrets.data
 
 
 def test_load_and_output():

tests/core/scan_test.py

@@ -1,4 +1,4 @@
-import os
+import os.path
 import textwrap
 from pathlib import Path
 
@@ -7,7 +7,6 @@
 from detect_secrets.core import scan
 from detect_secrets.settings import transient_settings
 from detect_secrets.util import git
-from detect_secrets.util.path import get_relative_path_if_in_cwd
 from testing.mocks import mock_named_temporary_file
 
 
@@ -16,10 +15,19 @@ class TestGetFilesToScan:
     def test_should_scan_specific_non_tracked_file(non_tracked_file):
         assert list(scan.get_files_to_scan(non_tracked_file.name, should_scan_all_files=False))
 
+    @staticmethod
+    def test_should_scan_tracked_files_when_in_subdirectory(non_tracked_file):
+        pwd = os.getcwd()
+        try:
+            os.chdir('test_data')
+            assert len(list(scan.get_files_to_scan('.', should_scan_all_files=False))) == 23
+        finally:
+            os.chdir(pwd)
+
     @staticmethod
     def test_should_scan_tracked_files_in_directory(non_tracked_file):
         assert (
-            get_relative_path_if_in_cwd(non_tracked_file.name) not in set(
+            os.path.relpath(non_tracked_file.name, '') not in set(
                 scan.get_files_to_scan(
                     os.path.dirname(non_tracked_file.name),
                     should_scan_all_files=False,
@@ -30,7 +38,7 @@ def test_should_scan_tracked_files_in_directory(non_tracked_file):
     @staticmethod
     def test_should_scan_all_files_in_directory_if_flag_is_provided(non_tracked_file):
         assert (
-            get_relative_path_if_in_cwd(non_tracked_file.name) in set(
+            os.path.relpath(non_tracked_file.name, '') in set(
                 scan.get_files_to_scan(
                     os.path.dirname(non_tracked_file.name),
                     should_scan_all_files=True,