Exclude security scripts from self-scan false positives

Author: 307158-carmax

Scripts/security/pre-push-security-check.ps1

@@ -51,6 +51,11 @@ $allowedPlaceholders = @(
 
 $violations = New-Object System.Collections.Generic.List[string]
 
+$excludedFiles = @(
+    'Scripts/security/pre-push-security-check.ps1',
+    'Scripts/security/install-git-hooks.ps1'
+)
+
 foreach ($r in $refs) {
     if ($r.LocalSha -match '^0+$') { continue }
 
@@ -61,7 +66,17 @@ foreach ($r in $refs) {
     if (-not $patch) { continue }
 
     $lines = $patch -split "`n"
+    $currentFile = ''
     foreach ($line in $lines) {
+        if ($line.StartsWith('+++ b/')) {
+            $currentFile = $line.Substring(6).Trim()
+            continue
+        }
+
+        if ($excludedFiles -contains $currentFile) {
+            continue
+        }
+
         if (-not $line.StartsWith('+')) { continue }
         if ($line.StartsWith('+++')) { continue }