GitHubDriver: stricter URL validation to avoid issues with undefined index owner (#10985)

2022-08-16 10:08:03 +01:00 · 2022-08-16 10:08:03 +01:00 · 1f0bd51f55
parent b0674c421a
commit 1f0bd51f55
2 changed files with 20 additions and 4 deletions
--- a/src/Composer/Repository/Vcs/GitHubDriver.php
+++ b/src/Composer/Repository/Vcs/GitHubDriver.php
@ -59,7 +59,7 @@ class GitHubDriver extends VcsDriver
     */
    public function initialize()
    {
-        if (!Preg::isMatch('#^(?:(?:https?|git)://([^/]+)/|git@([^:]+):/?)([^/]+)/(.+?)(?:\.git|/)?$#', $this->url, $match)) {
+        if (!Preg::isMatch('#^(?:(?:https?|git)://([^/]+)/|git@([^:]+):/?)([^/]+)/([^/]+?)(?:\.git|/)?$#', $this->url, $match)) {
            throw new \InvalidArgumentException(sprintf('The GitHub repository URL %s is invalid.', $this->url));
        }

@ -390,7 +390,7 @@ class GitHubDriver extends VcsDriver
     */
    public static function supports(IOInterface $io, Config $config, $url, $deep = false)
    {
-        if (!Preg::isMatch('#^((?:https?|git)://([^/]+)/|git@([^:]+):/?)([^/]+)/(.+?)(?:\.git|/)?$#', $url, $matches)) {
+        if (!Preg::isMatch('#^((?:https?|git)://([^/]+)/|git@([^:]+):/?)([^/]+)/([^/]+?)(?:\.git|/)?$#', $url, $matches)) {
            return false;
        }

--- a/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php
+++ b/tests/Composer/Test/Repository/Vcs/GitHubDriverTest.php
@ -342,14 +342,16 @@ class GitHubDriverTest extends TestCase
    }

    /**
+     * @dataProvider invalidUrlProvider
+     * @param string $url
     * @return void
     */
-    public function initializeInvalidReoUrl()
+    public function testInitializeInvalidReoUrl($url)
    {
        $this->setExpectedException('\InvalidArgumentException');

        $repoConfig = array(
-            'url' => 'https://github.com/acme',
+            'url' => $url,
        );

        $io = $this->getMockBuilder('Composer\IO\IOInterface')->getMock();
@ -361,6 +363,18 @@ class GitHubDriverTest extends TestCase
        $gitHubDriver->initialize();
    }

+    /**
+     * @return list<array{bool, string}>
+     */
+    public function invalidUrlProvider()
+    {
+        return array(
+            array(false, 'https://github.com/acme'),
+            array(false, 'https://github.com/acme/repository/releases'),
+            array(false, 'https://github.com/acme/repository/pulls'),
+        );
+    }
+
    /**
     * @dataProvider supportsProvider
     * @param bool $expected
@ -382,6 +396,8 @@ class GitHubDriverTest extends TestCase
            array(false, 'https://github.com/acme'),
            array(true, 'https://github.com/acme/repository'),
            array(true, 'git@github.com:acme/repository.git'),
+            array(false, 'https://github.com/acme/repository/releases'),
+            array(false, 'https://github.com/acme/repository/pulls'),
        );
    }