From 97aaadf97c0eb12af688cbf20ef315f156e271db Mon Sep 17 00:00:00 2001 From: Matthias Date: Wed, 31 Mar 2021 01:38:21 +0200 Subject: [PATCH] Only allow true Github links to be checked through the Github API (#201) --- src/client.rs | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/src/client.rs b/src/client.rs index 88f3bd6..8f71b4b 100644 --- a/src/client.rs +++ b/src/client.rs @@ -263,10 +263,10 @@ impl Client { } fn extract_github(&self, url: &str) -> Result<(String, String)> { - let re = Regex::new(r"github\.com/([^/]*)/([^/]*)")?; + let re = Regex::new(r#"^(https?://)?(www.)?github.com/(?P[^/]*)/(?P[^/]*)"#)?; let caps = re.captures(&url).context("Invalid capture")?; - let owner = caps.get(1).context("Cannot capture owner")?; - let repo = caps.get(2).context("Cannot capture repo")?; + let owner = caps.name("owner").context("Cannot capture owner")?; + let repo = caps.name("repo").context("Cannot capture repo")?; Ok((owner.as_str().into(), repo.as_str().into())) } @@ -358,6 +358,22 @@ mod test { #[test] fn test_is_github() { + assert_eq!( + ClientBuilder::default() + .build() + .unwrap() + .extract_github("github.com/lycheeverse/lychee") + .unwrap(), + ("lycheeverse".into(), "lychee".into()) + ); + assert_eq!( + ClientBuilder::default() + .build() + .unwrap() + .extract_github("www.github.com/lycheeverse/lychee") + .unwrap(), + ("lycheeverse".into(), "lychee".into()) + ); assert_eq!( ClientBuilder::default() .build() @@ -366,6 +382,11 @@ mod test { .unwrap(), ("lycheeverse".into(), "lychee".into()) ); + assert!(ClientBuilder::default() + .build() + .unwrap() + .extract_github("https://pkg.go.dev/github.com/Debian/pkg-go-tools/cmd/pgt-gopath") + .is_err()); } #[tokio::test] async fn test_github() {