Fix URL verification for GitHub/GitLab (pypi#17154)

miketheman · Nov 22, 2024 · 5845366 · 5845366
1 parent b837b1d
commit 5845366
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 5 deletions.
diff --git a/tests/unit/oidc/models/test_github.py b/tests/unit/oidc/models/test_github.py
@@ -624,6 +624,20 @@ def test_github_publisher_duplicates_cant_be_created(self, db_request):
         with pytest.raises(sqlalchemy.exc.IntegrityError):
             db_request.db.commit()
 
+    @pytest.mark.parametrize(
+        "repository_name",
+        [
+            "repository_name",
+            "Repository_Name",
+        ],
+    )
+    @pytest.mark.parametrize(
+        "repository_owner",
+        [
+            "repository_owner",
+            "Repository_Owner",
+        ],
+    )
     @pytest.mark.parametrize(
         ("url", "expected"),
         [
@@ -640,10 +654,12 @@ def test_github_publisher_duplicates_cant_be_created(self, db_request):
             ("https://repository_owner.github.io/RePoSiToRy_NaMe/subpage", True),
         ],
     )
-    def test_github_publisher_verify_url(self, url, expected):
+    def test_github_publisher_verify_url(
+        self, url, expected, repository_name, repository_owner
+    ):
         publisher = github.GitHubPublisher(
-            repository_name="repository_name",
-            repository_owner="repository_owner",
+            repository_name=repository_name,
+            repository_owner=repository_owner,
             repository_owner_id="666",
             workflow_filename="workflow_filename.yml",
             environment="",

diff --git a/tests/unit/oidc/models/test_gitlab.py b/tests/unit/oidc/models/test_gitlab.py
@@ -614,6 +614,18 @@ def test_gitlab_publisher_duplicates_cant_be_created(self, db_request):
                 f"https://gitlab.com/{NAMESPACE}/{PROJECT_NAME}.git",
                 True,
             ),
+            (
+                "Project_Name",
+                NAMESPACE,
+                f"https://gitlab.com/{NAMESPACE}/{PROJECT_NAME}.git",
+                True,
+            ),
+            (
+                PROJECT_NAME,
+                "Project_Owner",
+                f"https://gitlab.com/{NAMESPACE}/{PROJECT_NAME}.git",
+                True,
+            ),
             (
                 PROJECT_NAME,
                 NAMESPACE,

diff --git a/warehouse/oidc/models/github.py b/warehouse/oidc/models/github.py
@@ -337,7 +337,10 @@ def verify_url(self, url: str):
                 break
 
         url_for_generic_check = url.removesuffix("/").removesuffix(".git")
-        if super().verify_url(url_for_generic_check):
+        if verify_url_from_reference(
+            reference_url=self.publisher_base_url.lower(),
+            url=url_for_generic_check,
+        ):
             return True
 
         return verify_url_from_reference(reference_url=docs_url, url=url)

diff --git a/warehouse/oidc/models/gitlab.py b/warehouse/oidc/models/gitlab.py
@@ -331,7 +331,9 @@ def verify_url(self, url: str):
             url = lowercase_base_url + url[len(lowercase_base_url) :]
 
         url_for_generic_check = url.removesuffix("/").removesuffix(".git")
-        if super().verify_url(url_for_generic_check):
+        if verify_url_from_reference(
+            reference_url=lowercase_base_url, url=url_for_generic_check
+        ):
             return True
 
         try: