fix: ignore git crypt files (#1465)

* Exclude file patterns from git-crypt in pathspec

git-crypt could be used to encrypt files in a repository.
These files should be excluded from the pathspec to avoid
sending them to the RAG service.
git-crypt relies on a filter attribute in the .gitattributes so we can
use ls-files to get the files that are encrypted.

* Add some logging about ignored file

The logging is quite verbose, given it logs every ignored file but I
think it useful for the end user to have an explicit feedback about
sensitive files that are being ignored.

* Fix lint errors

* Avoid Shell=true for subprocess.run() (S604)

Removing S604 "Avoid Shell=true for subprocess.run()" we get S603 "subprocess call: check for execution of untrusted input"
I dit not found a way to fix this issue, so I'm putting it in the ignore list.
I also used shutil to retrieve the absolute git path to run the subprocess commands.

This commit is contained in:

Francesco Tassi

2025-03-06 11:34:12 +01:00

committed by

GitHub

parent dec794ac85

commit 2b0e7e09ae

2 changed files with 99 additions and 6 deletions

									
										1

ruff.toml
									
												View File
												
				@@ -28,6 +28,7 @@ ignore = [

				  "D101",

				  "D203",  # 1 blank line required before class docstring

				  "D212",  # Multi-line docstring summary should start at the first line

				  "S603",

				  "TRY300",

				  "TRY400",

				  "PGH003",

fix: ignore git crypt files (#1465)

1 ruff.toml Unescape Escape View File

1

ruff.toml

View File