Skip to content

Commit

Permalink
fix: Do not pass scp-style URLs to the WhatWG url.URL
Browse files Browse the repository at this point in the history
Fix #60

PR-URL: #63
Credit: @isaacs
Close: #63
Reviewed-by: @isaacs
  • Loading branch information
isaacs committed Feb 26, 2020
1 parent 6f39e93 commit 0835306
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 4 deletions.
19 changes: 16 additions & 3 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -109,9 +109,22 @@ function parseGitUrl (giturl) {
if (!matched) {
var legacy = url.parse(giturl)
if (legacy.auth) {
var whatwg = new url.URL(giturl)
legacy.auth = whatwg.username || ''
if (whatwg.password) legacy.auth += ':' + whatwg.password
// git urls can be in the form of scp-style/ssh-connect strings, like
// git+ssh://[email protected]:some/path, which the legacy url parser
// supports, but WhatWG url.URL class does not. However, the legacy
// parser de-urlencodes the username and password, so something like
// https://user%3An%40me:p%40ss%[email protected]/ becomes
// https://user:n@me:p@ss:[email protected]/ which is all kinds of wrong.
// Pull off just the auth and host, so we dont' get the confusing
// scp-style URL, then pass that to the WhatWG parser to get the
// auth properly escaped.
const authmatch = giturl.match(/[^@]+@[^:/]+/)
/* istanbul ignore else - this should be impossible */
if (authmatch) {
var whatwg = new url.URL(authmatch[0])
legacy.auth = whatwg.username || ''
if (whatwg.password) legacy.auth += ':' + whatwg.password
}
}
return legacy
}
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
"scripts": {
"prerelease": "npm t",
"postrelease": "npm publish && git push --follow-tags",
"pretest": "standard",
"posttest": "standard",
"release": "standard-version -s",
"test:coverage": "tap --coverage-report=html -J --100 --no-esm test/*.js",
"test": "tap -J --100 --no-esm test/*.js"
Expand Down
2 changes: 2 additions & 0 deletions test/basic.js
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ test('basic', function (t) {
t.is(HostedGit.fromUrl('github.com/abc/def/'), undefined, 'forgot the protocol')
t.is(HostedGit.fromUrl('completely-invalid'), undefined, 'not a url is not hosted')

t.is(HostedGit.fromUrl('git+ssh://[email protected]:RND/electron-tools/some-tool#2.0.1'), undefined, 'properly ignores non-hosted scp style urls')

t.is(HostedGit.fromUrl('https://github.com/foo/bar').toString(), 'git+ssh://[email protected]/foo/bar.git', 'github http protocol use git+ssh urls')
t.end()
})

0 comments on commit 0835306

Please sign in to comment.