From b6ade040ee663cbea2f8564b7696a5d024c052bb Mon Sep 17 00:00:00 2001 From: mig5 Date: Fri, 7 Feb 2025 11:53:46 +1100 Subject: [PATCH] Potential fix for code scanning alert no. 11: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- flatpak/golang-to-requirements.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flatpak/golang-to-requirements.py b/flatpak/golang-to-requirements.py index b2b3664a..d0100fbd 100755 --- a/flatpak/golang-to-requirements.py +++ b/flatpak/golang-to-requirements.py @@ -12,6 +12,7 @@ import tempfile import yaml import requests from bs4 import BeautifulSoup +from urllib.parse import urlparse def parse_args(): @@ -147,16 +148,15 @@ def get_git_url(module_name): module_name = re.sub(r"/v\d+$", "", module_name) # Remove the subdirectory, if present (e.g. github.com/foo/bar/subdir -> github.com/foo/bar) - if "gitlab.com" in module_name or "github.com" in module_name: - url_parts = module_name.split("/") - if len(url_parts) > 3: - module_name = "/".join(url_parts[:3]) + from urllib.parse import urlparse + parsed_url = urlparse(f"https://{module_name}") + hostname = parsed_url.hostname - if "gitlab.com" in module_name: + if hostname == "gitlab.com": return f"https://gitlab.com/{module_name.replace('gitlab.com/', '')}" - elif "github.com" in module_name: + elif hostname == "github.com": return f"https://github.com/{module_name.replace('github.com/', '')}" - elif "git.torproject.org" in module_name: + elif hostname == "git.torproject.org": return f"https://{module_name}" else: response = requests.get(f"https://{module_name}/?go-get=1")