Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f2cdfcf

Browse filesBrowse files
isaacsisaacs
committed
fix: Do not pass scp-style URLs to the WhatWG url.URL
Fix #60 (for the legacy branch)
1 parent e1b83df commit f2cdfcf
Copy full SHA for f2cdfcf

File tree

Expand file treeCollapse file tree

3 files changed

+19
-4
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

3 files changed

+19
-4
lines changed
Open diff view settings
Collapse file

‎index.js‎

Copy file name to clipboardExpand all lines: index.js
+16-3Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -109,9 +109,22 @@ function parseGitUrl (giturl) {
109109
if (!matched) {
110110
var legacy = url.parse(giturl)
111111
if (legacy.auth) {
112-
var whatwg = new url.URL(giturl)
113-
legacy.auth = whatwg.username || ''
114-
if (whatwg.password) legacy.auth += ':' + whatwg.password
112+
// git urls can be in the form of scp-style/ssh-connect strings, like
113+
// git+ssh://user@host.com:some/path, which the legacy url parser
114+
// supports, but WhatWG url.URL class does not. However, the legacy
115+
// parser de-urlencodes the username and password, so something like
116+
// https://user%3An%40me:p%40ss%3Aword@x.com/ becomes
117+
// https://user:n@me:p@ss:word@x.com/ which is all kinds of wrong.
118+
// Pull off just the auth and host, so we dont' get the confusing
119+
// scp-style URL, then pass that to the WhatWG parser to get the
120+
// auth properly escaped.
121+
const authmatch = giturl.match(/[^@]+@[^:/]+/)
122+
/* istanbul ignore else - this should be impossible */
123+
if (authmatch) {
124+
var whatwg = new url.URL(authmatch[0])
125+
legacy.auth = whatwg.username || ''
126+
if (whatwg.password) legacy.auth += ':' + whatwg.password
127+
}
115128
}
116129
return legacy
117130
}
Collapse file

‎package.json‎

Copy file name to clipboardExpand all lines: package.json
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
"scripts": {
2323
"prerelease": "npm t",
2424
"postrelease": "npm publish --tag=ancient-legacy-fixes && git push --follow-tags",
25-
"pretest": "standard",
25+
"posttest": "standard",
2626
"release": "standard-version -s",
2727
"test:coverage": "tap --coverage-report=html -J --100 --no-esm test/*.js",
2828
"test": "tap -J --100 --no-esm test/*.js"
Collapse file

‎test/basic.js‎

Copy file name to clipboardExpand all lines: test/basic.js
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,8 @@ test('basic', function (t) {
3737
t.is(HostedGit.fromUrl('github.com/abc/def/'), undefined, 'forgot the protocol')
3838
t.is(HostedGit.fromUrl('completely-invalid'), undefined, 'not a url is not hosted')
3939

40+
t.is(HostedGit.fromUrl('git+ssh://git@git.unlucky.com:RND/electron-tools/some-tool#2.0.1'), undefined, 'properly ignores non-hosted scp style urls')
41+
4042
t.is(HostedGit.fromUrl('http://github.com/foo/bar').toString(), 'git+ssh://git@github.com/foo/bar.git', 'github http protocol use git+ssh urls')
4143
t.end()
4244
})

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.