Add latest changes from gitlab-org/gitlab@master

2 files changed, 12 insertions, 2 deletions

diff --git a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan.rb b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan.rb
index 37103912615..3918d584ccd 100644
--- a/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan.rb
+++ b/gems/gitlab-secret_detection/lib/gitlab/secret_detection/scan.rb
@@ -86,9 +86,9 @@ module Gitlab
           next SecretDetection::Response.new(SecretDetection::Status::NOT_FOUND) if matched_blobs.empty?
 
           secrets = if subprocess
-                      run_scan_within_subprocess(blobs, blob_timeout)
+                      run_scan_within_subprocess(matched_blobs, blob_timeout)
                     else
-                      run_scan(blobs, blob_timeout)
+                      run_scan(matched_blobs, blob_timeout)
                     end
 
           scan_status = overall_scan_status(secrets)
diff --git a/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb b/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb
index e69fcceeaab..c2377f57173 100644
--- a/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb
+++ b/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb
@@ -149,6 +149,16 @@ RSpec.describe Gitlab::SecretDetection::Scan, feature_category: :secret_detectio
         )
       end
 
+      it "attempts to keyword match returning only filtered blobs for further scan" do
+        expected = blobs.filter { |b| b.data != "data with no secret" }
+
+        expect(scan).to receive(:filter_by_keywords)
+                          .with(blobs)
+                          .and_return(expected)
+
+        scan.secrets_scan(blobs)
+      end
+
       it "matches multiple rules when running in main process" do
         expect(scan.secrets_scan(blobs, subprocess: false)).to eq(expected_response)
       end