diff --git a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt index f64205ff53701..2c315e7688b27 100644 --- a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt +++ b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt @@ -173,7 +173,7 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice } } -private val BACKSLASH_ESCAPE_REGEX = """\\\\(.)""".toRegex() +private val BACKSLASH_ESCAPE_REGEX = """\\\\\\?(.)""".toRegex() internal fun String.fixupUrlEscaping(): String = replace("""\/""", "/").replace(BACKSLASH_ESCAPE_REGEX) { diff --git a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt index f18593975ee19..8b0d9b142bee6 100644 --- a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt +++ b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt @@ -294,6 +294,14 @@ class VulnerableCodeTest : WordSpec({ """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:swiftnio_http/2:*:*:*:*:*:swift:*:*""" ) } + + "fixup a wrongly escaped plus" { + val u = """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi\\\+:*:*:*:*:*:*:*:*""" + + URI.create(u.fixupUrlEscaping()) shouldBe URI( + """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi%2B:*:*:*:*:*:*:*:*""" + ) + } } })