fix: Correctly parsing %-encoded URLs from .git/config file (#331)

Resolves #261 The `configparser` module by default assumes that '%' characters indicate the presence of a variable and will try to parse a config value accordingly. Switching to "raw" mode prevents this behavior. ## Testing Manually tested by changing my `.git/config` file to set the origin URL to include `%20`, and was able to replicate the failure detailed in the ticket.
slalombuild · Nov 10, 2023 · af842fb · af842fb
1 parent 6498f95
commit af842fb
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -289,6 +289,7 @@ A special thanks to everyone that has contributed to seCureLI so far:
 - Korey Earl
 - Martin Gallegos
 - Ryan Graue
+- Tyler Durkota
 - Jordan Hill
 - Kira Hollerman
 - Myung Kim

diff --git a/secureli/utilities/git_meta.py b/secureli/utilities/git_meta.py
@@ -15,7 +15,7 @@ def origin_url() -> str:
     git_config_parser = configparser.ConfigParser()
     git_config_parser.read(".git/config")
     return (
-        git_config_parser['remote "origin"'].get("url", "UNKNOWN")
+        git_config_parser['remote "origin"'].get("url", "UNKNOWN", raw=True)
         if git_config_parser.has_section('remote "origin"')
         else "UNKNOWN"
     )

diff --git a/tests/utilities/test_git_meta.py b/tests/utilities/test_git_meta.py
@@ -6,6 +6,8 @@
 
 from secureli.utilities.git_meta import git_user_email, origin_url, current_branch_name
 
+mock_git_origin_url = r"git@github.com:my-org/repo%20with%20spaces.git"
+
 
 @pytest.fixture()
 def mock_subprocess(mocker: MockerFixture) -> MagicMock:
@@ -36,6 +38,17 @@ def mock_open_git_head(mocker: MockerFixture) -> MagicMock:
     return mock_open_git_head
 
 
+@pytest.fixture()
+def mock_open_git_origin(mocker: MockerFixture) -> MagicMock:
+    mock_open_git_config = mocker.mock_open(
+        read_data='[remote "origin"]'
+        f"\n    url = {mock_git_origin_url}"
+        "\n    fetch = +refs/heads/*:refs/remotes/origin/*"
+    )
+    mocker.patch("builtins.open", mock_open_git_config)
+    return mock_open_git_config
+
+
 @pytest.fixture()
 def mock_open_io_error(mocker: MockerFixture) -> MagicMock:
     mock_open_io_error = mocker.patch("builtins.open")
@@ -71,3 +84,7 @@ def test_current_branch_name_yields_unknown_due_to_io_error(
     result = current_branch_name()
 
     assert result == "UNKNOWN"
+
+
+def test_configparser_can_read_origin_url_with_percent(mock_open_git_origin: MagicMock):
+    assert origin_url() == mock_git_origin_url