Fix giturl handling of paths containing `%`

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials

https://trufflesecurity.com

GNU Affero General Public License v3.0

15.83k stars 1.65k forks source link

Fix giturl handling of paths containing `%` #2982

Open rgmz opened 3 months ago

rgmz commented 3 months ago

Description:

This fixes an issue where paths that contain % cause UpdateLinkLineNumber to fail.

parse \"https://github.com/coinbase/cbpay-js/blob/abcdefg/folder/%/name\": invalid URL escape \"%/n\"

Checklist:

[x] Tests passing (make test-community)?
[x] Lint passing (make lint this requires golangci-lint)?

dustin-decker commented 3 months ago

Should we consider url encoding path elements? It seems like this could have just as easily been a different special character. I'm surprised it wasn't already encoded.

rgmz commented 3 months ago

That's probably a better solution. This is an old change I had sitting around, I didn't look to deeply into other solutions.

zricethezav commented 3 months ago

Should we consider url encoding path elements?

@rgmz did you want to follow up on this? Seems like a worthwhile change.