Skip to content

Commit

Permalink
fix(vulnerable-code): Fixup another case of wrong URL escaping
Browse files Browse the repository at this point in the history
Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
  • Loading branch information
sschuberth committed Dec 15, 2023
1 parent e1803f0 commit 96d87c0
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,6 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice
private val BACKSLASH_ESCAPE_REGEX = Regex("\\\\\\\\(.)")

internal fun String.fixupUrlEscaping(): String =
replace(BACKSLASH_ESCAPE_REGEX) {
replace("\\/", "/").replace(BACKSLASH_ESCAPE_REGEX) {
it.groupValues[1].percentEncode()
}
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,16 @@ class VulnerableCodeTest : WordSpec({
"%26_optimization:16.0.3:*:*:*:*:*:*:*"
)
}

"fixup a wrongly escaped slash" {
val brokenUrl = "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true" +
"&query=cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*"

URI.create(brokenUrl.fixupUrlEscaping()) shouldBe URI(
"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&" +
"query=cpe:2.3:a:apple:swiftnio_http/2:*:*:*:*:*:swift:*:*"
)
}
}
})

Expand Down

0 comments on commit 96d87c0

Please sign in to comment.