Merge pull request #3318 from dependabot/npmrc-builder-lowercase-uri-…

…component NpmRcBuilder accept lowercase escaped slash
dependabot · Mar 23, 2021 · 186b14a · 186b14a
2 parents d7437a0 + c30444c
commit 186b14a
Show file tree

Hide file tree

Showing 4 changed files with 152 additions and 1 deletion.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb
@@ -169,7 +169,7 @@ def registry_scopes(registry)
             end
 
           scopes = affected_urls.map do |url|
-            url.split(/\%40|@/)[1]&.split(%r{\%2F|/})&.first
+            url.split(/\%40|@/)[1]&.split(%r{\%2[fF]|/})&.first
           end
 
           # Registry used for unscoped packages

diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npmrc_builder_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npmrc_builder_spec.rb
@@ -581,6 +581,23 @@
                 to eq("@dependabot:registry=https://npm.fury.io/dependabot/")
             end
           end
+
+          context "that match a scoped package with lowercase escaped slash" do
+            let(:dependency_files) { project_dependency_files("npm6/private_source_lower") }
+            let(:credentials) do
+              [{
+                "type" => "git_source",
+                "host" => "github.com"
+              }, {
+                "type" => "npm_registry",
+                "registry" => "npm.fury.io/dependabot"
+              }]
+            end
+            it "adds auth details, and scopes them correctly" do
+              expect(npmrc_content).
+                to eq("@dependabot:registry=https://npm.fury.io/dependabot/")
+            end
+          end
         end
       end
 

diff --git a/npm_and_yarn/spec/fixtures/projects/npm6/private_source_lower/package-lock.json b/npm_and_yarn/spec/fixtures/projects/npm6/private_source_lower/package-lock.json
diff --git a/npm_and_yarn/spec/fixtures/projects/npm6/private_source_lower/package.json b/npm_and_yarn/spec/fixtures/projects/npm6/private_source_lower/package.json
@@ -0,0 +1,30 @@
+{
+  "name": "test",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+      "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+      "type": "git",
+      "url": "git+https://github.com/waltfy/PROTO_TEST.git"
+  },
+  "author": "",
+  "license": "ISC",
+  "bugs": {
+      "url": "https://github.com/waltfy/PROTO_TEST/issues"
+  },
+  "homepage": "https://github.com/waltfy/PROTO_TEST#readme",
+  "dependencies": {
+    "fetch-factory": "^0.0.1",
+    "chalk": "^2.0.0"
+  },
+  "devDependencies": {
+    "@dependabot/etag": "^1.0.0",
+    "@dependabot/pack-core": "^2.0.1",
+    "@dependabot/pack-core-2": "^2.0.1",
+    "@dependabot/pack-core-3": "^2.0.1",
+    "@dependabot/pack-core-4": "^2.0.1"
+  }
+}