packages/nodejs-hosted-git-info
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nodejs-hosted-git-info/CVE-2021-23362-pre1.patch
wang_yue111 68c72c9910 fix CVE-2021-23362
2021-03-29 16:26:23 +08:00

54 lines
2.2 KiB
Diff
Raw Permalink Blame History

From bc60d363413aca8e81be6d81d2cd491945b84478 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Mon, 29 Mar 2021 15:30:44 +0800
Subject: [PATCH] Preserve case of user and project names
Fixes: #16
---
index.js | 7 ++++---
test/basic.js | 4 ++++
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/index.js b/index.js
index 453ce87..6fcef6d 100644
--- a/index.js
+++ b/index.js
@@ -29,6 +29,7 @@ module.exports.fromUrl = function (giturl) {
isGitHubShorthand(giturl) ? 'github:' + giturl : giturl
)
var parsed = parseGitUrl(url)
+ var shortcutMatch = url.match(new RegExp('^([^:]+):([^/]+)[/](.+)$'))
var matches = Object.keys(gitHosts).map(function (gitHostName) {
var gitHostInfo = gitHosts[gitHostName]
var auth = null
@@ -39,9 +40,9 @@ module.exports.fromUrl = function (giturl) {
var user = null
var project = null
var defaultRepresentation = null
- if (parsed.protocol === gitHostName + ':') {
- user = decodeURIComponent(parsed.host)
- project = parsed.path && decodeURIComponent(parsed.path.replace(/^[/](.*?)(?:[.]git)?$/, '$1'))
+ if (shortcutMatch && shortcutMatch[1] === gitHostName) {
+ user = decodeURIComponent(shortcutMatch[2])
+ project = decodeURIComponent(shortcutMatch[3])
defaultRepresentation = 'shortcut'
} else {
if (parsed.host !== gitHostInfo.domain) return
diff --git a/test/basic.js b/test/basic.js
index 0b93f50..3902264 100644
--- a/test/basic.js
+++ b/test/basic.js
@@ -11,5 +11,9 @@ test('basic', function (t) {
t.is(HostedGit.fromUrl('git@github.com:abc/def').getDefaultRepresentation(), 'sshurl', 'match ssh connect strings')
t.is(HostedGit.fromUrl('git://github.com/abc/def').getDefaultRepresentation(), 'git', 'match git urls')
t.is(HostedGit.fromUrl('github:abc/def').getDefaultRepresentation(), 'shortcut', 'match shortcuts')
+
+ t.is(HostedGit.fromUrl('dEf/AbC').https(), 'git+https://github.com/dEf/AbC.git', 'mixed case shortcut')
+ t.is(HostedGit.fromUrl('gitlab:dEf/AbC').https(), 'git+https://gitlab.com/dEf/AbC.git', 'mixed case prefixed shortcut')
+ t.is(HostedGit.fromUrl('git://github.com/dEf/AbC.git').https(), 'git+https://github.com/dEf/AbC.git', 'mixed case url')
t.end()
})
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink