fix(vulnerable-code): Correct an URL escape fixup case

This is a fixup for 6ec2a31. As this actually fixes the case that was unsed as an invalid URL in a test, simply remove that test, as the goal is to not have invalid URLs by fixing them up anyway. Signed-off-by: Sebastian Schuberth <[email protected]>
oss-review-toolkit · Feb 2, 2024 · 45a34f3 · 45a34f3
1 parent 38709a7
commit 45a34f3
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 53 deletions.
diff --git a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt
@@ -182,7 +182,7 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice
     }
 }
 
-private val BACKSLASH_ESCAPE_REGEX = """\\\\\\?(.)""".toRegex()
+private val BACKSLASH_ESCAPE_REGEX = """\\\\?(.)""".toRegex()
 
 internal fun String.fixupUrlEscaping(): String =
     replace("""\/""", "/").replace(BACKSLASH_ESCAPE_REGEX) {

diff --git a/plugins/advisors/vulnerable-code/src/test/assets/__files/response_invalid_uri.json b/plugins/advisors/vulnerable-code/src/test/assets/__files/response_invalid_uri.json
diff --git a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt
@@ -35,7 +35,6 @@ import io.kotest.matchers.collections.shouldHaveSize
 import io.kotest.matchers.maps.shouldNotBeEmpty
 import io.kotest.matchers.should
 import io.kotest.matchers.shouldBe
-import io.kotest.matchers.string.shouldContain
 
 import java.io.File
 import java.net.URI
@@ -141,29 +140,6 @@ class VulnerableCodeTest : WordSpec({
             strutsResult.vulnerabilities should containExactlyInAnyOrder(expStrutsVulnerabilities)
         }
 
-        "handle invalid URIs in references gracefully" {
-            server.stubPackagesRequest("response_invalid_uri.json")
-            val vulnerableCode = createVulnerableCode(server)
-            val packagesToAdvise = inputPackagesFromAnalyzerResult()
-
-            val result = vulnerableCode.retrievePackageFindings(packagesToAdvise).mapKeys { it.key.id }
-
-            val langResult = result.getValue(idLang)
-            val issues = langResult.summary.issues
-            issues shouldHaveSize 1
-            with(issues.first()) {
-                severity shouldBe Severity.HINT
-                source shouldBe ADVISOR_NAME
-                message shouldContain "oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*"
-            }
-
-            val expLangVulnerability = Vulnerability(
-                id = "CVE-2014-8242",
-                references = emptyList()
-            )
-            langResult.vulnerabilities should containExactly(expLangVulnerability)
-        }
-
         "extract the CVE ID from an alias" {
             server.stubPackagesRequest("response_junit.json", request = generatePackagesRequest(idJUnit))
             val vulnerableCode = createVulnerableCode(server)
@@ -296,7 +272,7 @@ class VulnerableCodeTest : WordSpec({
         }
 
         "fixup a wrongly escaped plus" {
-            val u = """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi\\\+:*:*:*:*:*:*:*:*"""
+            val u = """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi\+:*:*:*:*:*:*:*:*"""
 
             URI.create(u.fixupUrlEscaping()) shouldBe URI(
                 """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi%2B:*:*:*:*:*:*:*:*"""