git-secret: some commands fail when the current directory's path includes spaces

Some commands, specifically at least git secret init and git secret reveal, encounter errors when the current directory’s path contains any spaces. I personally avoid using spaces in directory names, but I am attempting to set up git-secret with our CI server and must work around the existing structure there.

What are the steps to reproduce this issue?

In place of the suggested sections, I will provide two full examples which I hope will show the issue clearly.

Note: both of these examples take place on a machine on which I am able to use git-secret without issue when the path does not contain a space

Example 1 - Initializing to a directory which contains a space

Here is the base case where I try to set up git-secret from scratch in a directory which already contains a space in the path

Example 2 - Calling git secret reveal from a directory which contains a space

Here, I first initialize git-secret and encrypt a file successfully in a directory with no spaces in the path so that I can get further along in the process. I then rename the directory to contain a space and try to call git secret reveal

Any other comments?

I inserted some logging and played with the code a bit, and I believe the issue is stemming from lines of the form

$($gpg_local ......)

A little research pointed me towards the use of eval for better interpretation of commands formed by concatenating strings, but I am not sure of the security implications around that command.

What versions of software are you using?

Operating system: macOS 10.13.3

Darwin -- 17.4.0 Darwin Kernel Version 17.4.0: Sun Dec 17 09:19:54 PST 2017; root:xnu-4570.41.2~1/RELEASE_X86_64 x86_64

git-secret path: /usr/local/bin/git-secret

git-secret version: 0.2.2

git version: 2.11.1

Shell type and version: zsh 5.3 (x86_64-apple-darwin17.0)

gpg version: 2.2.5