From 8993516b850ea4614a6f7157513bb88d10eb5ac5 Mon Sep 17 00:00:00 2001
From: Sebastian Schuberth <sebastian@doubleopen.org>
Date: Fri, 2 Feb 2024 19:00:25 +0100
Subject: [PATCH] fix(vulnerable-code): Correct an URL escape fixup case

This is a fixup for 6ec2a31. As this actually fixes the case that was
used as an invalid URL in a test, simply remove that test, as the goal
is to not have invalid URLs by fixing them up anyway.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
---
 .../src/main/kotlin/VulnerableCode.kt         |  2 +-
 .../assets/__files/response_invalid_uri.json  | 27 -------------------
 .../src/test/kotlin/VulnerableCodeTest.kt     | 26 +-----------------
 3 files changed, 2 insertions(+), 53 deletions(-)
 delete mode 100644 plugins/advisors/vulnerable-code/src/test/assets/__files/response_invalid_uri.json

diff --git a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt
index 04e16c5c95748..5c0e237ce790e 100644
--- a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt
+++ b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt
@@ -182,7 +182,7 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice
     }
 }
 
-private val BACKSLASH_ESCAPE_REGEX = """\\\\\\?(.)""".toRegex()
+private val BACKSLASH_ESCAPE_REGEX = """\\\\?(.)""".toRegex()
 
 internal fun String.fixupUrlEscaping(): String =
     replace("""\/""", "/").replace(BACKSLASH_ESCAPE_REGEX) {
diff --git a/plugins/advisors/vulnerable-code/src/test/assets/__files/response_invalid_uri.json b/plugins/advisors/vulnerable-code/src/test/assets/__files/response_invalid_uri.json
deleted file mode 100644
index 9f92219086e1e..0000000000000
--- a/plugins/advisors/vulnerable-code/src/test/assets/__files/response_invalid_uri.json
+++ /dev/null
@@ -1,27 +0,0 @@
-[
-  {
-    "name": "commons-lang3",
-    "namespace": "org.apache.commons",
-    "purl": "pkg:maven/org.apache.commons/commons-lang3@3.5",
-    "qualifiers": {},
-    "resolved_vulnerabilities": [],
-    "subpath": "",
-    "type": "maven",
-    "version": "3.5",
-    "url": "http://testserver/api/packages/3467",
-    "unresolved_vulnerabilities": [
-      {
-        "references": [
-          {
-            "reference_id": "",
-            "scores": [],
-            "source": "",
-            "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*"
-          }
-        ],
-        "url": "http://testserver/api/vulnerabilities/60",
-        "vulnerability_id": "CVE-2014-8242"
-      }
-    ]
-  }
-]
diff --git a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt
index 8b0d9b142bee6..f1387c428748f 100644
--- a/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt
+++ b/plugins/advisors/vulnerable-code/src/test/kotlin/VulnerableCodeTest.kt
@@ -35,7 +35,6 @@ import io.kotest.matchers.collections.shouldHaveSize
 import io.kotest.matchers.maps.shouldNotBeEmpty
 import io.kotest.matchers.should
 import io.kotest.matchers.shouldBe
-import io.kotest.matchers.string.shouldContain
 
 import java.io.File
 import java.net.URI
@@ -141,29 +140,6 @@ class VulnerableCodeTest : WordSpec({
             strutsResult.vulnerabilities should containExactlyInAnyOrder(expStrutsVulnerabilities)
         }
 
-        "handle invalid URIs in references gracefully" {
-            server.stubPackagesRequest("response_invalid_uri.json")
-            val vulnerableCode = createVulnerableCode(server)
-            val packagesToAdvise = inputPackagesFromAnalyzerResult()
-
-            val result = vulnerableCode.retrievePackageFindings(packagesToAdvise).mapKeys { it.key.id }
-
-            val langResult = result.getValue(idLang)
-            val issues = langResult.summary.issues
-            issues shouldHaveSize 1
-            with(issues.first()) {
-                severity shouldBe Severity.HINT
-                source shouldBe ADVISOR_NAME
-                message shouldContain "oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*"
-            }
-
-            val expLangVulnerability = Vulnerability(
-                id = "CVE-2014-8242",
-                references = emptyList()
-            )
-            langResult.vulnerabilities should containExactly(expLangVulnerability)
-        }
-
         "extract the CVE ID from an alias" {
             server.stubPackagesRequest("response_junit.json", request = generatePackagesRequest(idJUnit))
             val vulnerableCode = createVulnerableCode(server)
@@ -296,7 +272,7 @@ class VulnerableCodeTest : WordSpec({
         }
 
         "fixup a wrongly escaped plus" {
-            val u = """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi\\\+:*:*:*:*:*:*:*:*"""
+            val u = """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi\+:*:*:*:*:*:*:*:*"""
 
             URI.create(u.fixupUrlEscaping()) shouldBe URI(
                 """https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi%2B:*:*:*:*:*:*:*:*"""