From d77ba6b8ef8ce7d1f3f2e701fcc4ee6548e635ea Mon Sep 17 00:00:00 2001 From: Peter Goldstein Date: Tue, 26 Jul 2022 14:55:23 -0400 Subject: [PATCH 1/4] Add GitHub Actions to Dependabot --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5ace4600 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From e3b04ebab73ad7e5c35bdf02d4ca84021be725e5 Mon Sep 17 00:00:00 2001 From: Adrien Rey-Jarthon Date: Sat, 2 Jul 2022 12:01:52 +0200 Subject: [PATCH 2/4] fix "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters --- lib/addressable/uri.rb | 12 +++--------- spec/addressable/uri_spec.rb | 5 +++++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/lib/addressable/uri.rb b/lib/addressable/uri.rb index 6e55cda9..3ded0e87 100644 --- a/lib/addressable/uri.rb +++ b/lib/addressable/uri.rb @@ -468,19 +468,13 @@ def self.unencode(uri, return_type=String, leave_encoded='') "Expected Class (String or Addressable::URI), " + "got #{return_type.inspect}" end - uri = uri.dup - # Seriously, only use UTF-8. I'm really not kidding! - uri.force_encoding("utf-8") - unless leave_encoded.empty? - leave_encoded = leave_encoded.dup.force_encoding("utf-8") - end - - result = uri.gsub(/%[0-9a-f]{2}/iu) do |sequence| + result = uri.gsub(/%[0-9a-f]{2}/i) do |sequence| c = sequence[1..3].to_i(16).chr - c.force_encoding("utf-8") + c.force_encoding(sequence.encoding) leave_encoded.include?(c) ? sequence : c end + result.force_encoding("utf-8") if return_type == String return result diff --git a/spec/addressable/uri_spec.rb b/spec/addressable/uri_spec.rb index 76edaad0..b8ca5213 100644 --- a/spec/addressable/uri_spec.rb +++ b/spec/addressable/uri_spec.rb @@ -5992,6 +5992,11 @@ def to_str expect(Addressable::URI.unencode_component("ski=%BA%DAɫ")).to eq("ski=\xBA\xDAɫ") end + it "should not fail with UTF-8 incompatible string" do + url = "/M%E9/\xE9?p=\xFC".b + expect(Addressable::URI.unencode_component(url)).to eq("/M\xE9/\xE9?p=\xFC") + end + it "should result in correct percent encoded sequence as a URI" do expect(Addressable::URI.unencode( "/path?g%C3%BCnther", ::Addressable::URI From f968b358fd30bcca1da3eb7a6cae80a6349f6b59 Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Fri, 29 Jul 2022 20:20:08 -0700 Subject: [PATCH 3/4] Enable CodeQL analysis --- .github/workflows/codeql-analysis.yml | 53 +++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..392e871b --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,53 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '41 19 * * 2' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'ruby' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 From 31c23e23666633b267a82f0900f1776df35e6543 Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Fri, 29 Jul 2022 20:21:33 -0700 Subject: [PATCH 4/4] Remove boilerplate --- .github/workflows/codeql-analysis.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 392e871b..7b2e23ed 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,14 +1,3 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# name: "CodeQL" on: