diff --git a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt index 525d0a1855e54..b112edd7d40fa 100644 --- a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt +++ b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt @@ -170,6 +170,6 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice private val BACKSLASH_ESCAPE_REGEX = Regex("\\\\\\\\(.)") internal fun String.fixupUrlEscaping(): String = - replace(BACKSLASH_ESCAPE_REGEX) { + replace("\\/", "/").replace(BACKSLASH_ESCAPE_REGEX) { it.groupValues[1].percentEncode() } diff --git a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt index 2fd178d1c0112..ddc2b2484fce3 100644 --- a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt +++ b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt @@ -289,6 +289,16 @@ class VulnerableCodeTest : WordSpec({ "%26_optimization:16.0.3:*:*:*:*:*:*:*" ) } + + "fixup a wrongly escaped slash" { + val brokenUrl = "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true" + + "&query=cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*" + + URI.create(brokenUrl.fixupUrlEscaping()) shouldBe URI( + "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&" + + "query=cpe:2.3:a:apple:swiftnio_http/2:*:*:*:*:*:swift:*:*" + ) + } } })