From 1f0049e70ad4e87cb5408fb6f0179f099b16152d Mon Sep 17 00:00:00 2001
From: Yishi Wang <yishiwang@microsoft.com>
Date: Thu, 28 Nov 2024 11:01:25 +0800
Subject: [PATCH 1/3] fix file name space when iterating git diffs

---
 .githooks/pre-commit.sh | 2 +-
 azure-pipelines.yml     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.githooks/pre-commit.sh b/.githooks/pre-commit.sh
index 7a69ad338b5..182b7e8259d 100644
--- a/.githooks/pre-commit.sh
+++ b/.githooks/pre-commit.sh
@@ -20,7 +20,7 @@ else
     against=$(git hash-object -t tree /dev/null)
 fi
 has_secrets=0
-for FILE in `git diff --cached --name-only --diff-filter=AM $against` ; do
+for FILE in "`git diff --cached --name-only --diff-filter=AM $against`" ; do
     # Check if the file contains secrets
     detected=$(azdev scan -f "$FILE" | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])")
     if [ "$detected" = "True" ]; then
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 9b2fb78e582..3f5baf3a91e 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -1137,7 +1137,8 @@ jobs:
         . env/bin/activate
         git fetch origin --depth=1 $(System.PullRequest.TargetBranch)
         declare -A secret_files
-        for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do
+        for FILE in "`git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)`" ; do
+          echo $FILE
           detected=$(azdev scan -f "$FILE" | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])")
           if [ $detected == 'True' ]; then
             printf "\033[0;31mDetected secrets from %s, You can run 'azdev mask' to remove secrets.\033[0m\n" "$FILE"

From d73aac819ab7a0e11fd6fc482e050a9448c59a68 Mon Sep 17 00:00:00 2001
From: Yishi Wang <yishiwang@microsoft.com>
Date: Thu, 28 Nov 2024 12:13:51 +0800
Subject: [PATCH 2/3] fix

---
 .githooks/pre-commit.sh | 4 ++++
 azure-pipelines.yml     | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/.githooks/pre-commit.sh b/.githooks/pre-commit.sh
index 182b7e8259d..af03558594c 100644
--- a/.githooks/pre-commit.sh
+++ b/.githooks/pre-commit.sh
@@ -20,6 +20,9 @@ else
     against=$(git hash-object -t tree /dev/null)
 fi
 has_secrets=0
+
+IFS_OLD=${IFS}
+IFS=$'\n'
 for FILE in "`git diff --cached --name-only --diff-filter=AM $against`" ; do
     # Check if the file contains secrets
     detected=$(azdev scan -f "$FILE" | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])")
@@ -28,6 +31,7 @@ for FILE in "`git diff --cached --name-only --diff-filter=AM $against`" ; do
       has_secrets=1
     fi
 done
+IFS=${IFS_OLD}
 
 if [ $has_secrets -eq 1 ]; then
     printf "\033[0;31mSecret detected. If you want to skip that, run add '--no-verify' in the end of 'git commit' command.\033[0m\n"
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 3f5baf3a91e..23d7f900ce0 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -1137,6 +1137,8 @@ jobs:
         . env/bin/activate
         git fetch origin --depth=1 $(System.PullRequest.TargetBranch)
         declare -A secret_files
+        IFS_OLD=${IFS}
+        IFS=$'\n'
         for FILE in "`git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)`" ; do
           echo $FILE
           detected=$(azdev scan -f "$FILE" | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])")
@@ -1145,6 +1147,7 @@ jobs:
             secret_files+=$FILE
           fi
         done
+        IFS=${IFS_OLD}
         if [ "${#secret_files[@]}" -gt 0 ]; then
           exit 1
         fi

From db5b3dbf9cfd68f4085d5106f5ebd604662413b4 Mon Sep 17 00:00:00 2001
From: Yishi Wang <yishiwang@microsoft.com>
Date: Mon, 2 Dec 2024 15:17:51 +0800
Subject: [PATCH 3/3] revert double quote

---
 .githooks/pre-commit.sh | 2 +-
 azure-pipelines.yml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.githooks/pre-commit.sh b/.githooks/pre-commit.sh
index af03558594c..6a368450353 100644
--- a/.githooks/pre-commit.sh
+++ b/.githooks/pre-commit.sh
@@ -23,7 +23,7 @@ has_secrets=0
 
 IFS_OLD=${IFS}
 IFS=$'\n'
-for FILE in "`git diff --cached --name-only --diff-filter=AM $against`" ; do
+for FILE in `git diff --cached --name-only --diff-filter=AM $against` ; do
     # Check if the file contains secrets
     detected=$(azdev scan -f "$FILE" | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])")
     if [ "$detected" = "True" ]; then
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 23d7f900ce0..70cfad1e7cc 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -1139,7 +1139,7 @@ jobs:
         declare -A secret_files
         IFS_OLD=${IFS}
         IFS=$'\n'
-        for FILE in "`git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)`" ; do
+        for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do
           echo $FILE
           detected=$(azdev scan -f "$FILE" | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])")
           if [ $detected == 'True' ]; then