multifile grep: perform greps in series

Passing a very long argument list to git-grep can cause it to fail; indeed, it's possible for the list of paths passed by git-secrets to either grep or git-grep to exceed the maximum number of arguments allowed in a user's environment (`getconf ARG_MAX`). Instead, let xargs check that the number of arguments won't exceed the system limit. Signed-off-by: Emily Shaffer <[email protected]>
awslabs · Mar 16, 2020 · f1a905c · f1a905c
1 parent 5e28df3
commit f1a905c
Showing 1 changed file with 23 additions and 2 deletions.
diff --git a/git-secrets b/git-secrets
@@ -111,18 +111,39 @@ scan_history() {
 git_grep() {
   local options="$1"; shift
   local files=("${@}") combined_patterns=$(load_combined_patterns)
+  local status=0
 
   [ -z "${combined_patterns}" ] && return 1
-  GREP_OPTIONS= LC_ALL=C git grep -nwHEI ${options} "${combined_patterns}" -- "${files[@]}"
+  # let xargs watch for system limit on arg count for us
+  GREP_OPTIONS= LC_ALL=C xargs git grep -nwHEI ${options} "${combined_patterns}" -- \
+    <<<${files[@]}
+  status=$?
+
+  # xargs returns 123 if any invocations exit with status 1-125
+  if [ $status -eq 123 ]; then
+    return 1
+  else
+    return $status
+  fi
 }
 
 # Performs a regular grep, taking into account patterns and recursion.
 # Note: this function returns 1 on success, 0 on error.
 regular_grep() {
   local files=("${@}") patterns=$(load_patterns) action='skip'
+  local status=0
   [ -z "${patterns}" ] && return 1
   [ ${RECURSIVE} -eq 1 ] && action="recurse"
-  GREP_OPTIONS= LC_ALL=C grep -d "${action}" -nwHEI "${patterns}" "${files[@]}"
+  # let xargs watch for system limit on arg count for us
+  GREP_OPTIONS= LC_ALL=C xargs grep -d "${action}" -nwHEI "${patterns}" <<<${files[@]}
+  status=$?
+
+  # xargs returns 123 if any invocations exit with status 1-125
+  if [ $status -eq 123 ]; then
+    return 1
+  else
+    return $status
+  fi
 }
 
 # Process the given status ($1) and output variables ($2).