Fix code scanning alert #29: Incomplete URL substring sanitization #5

art-tykh · 2024-09-19T13:28:06Z

Fixes https://github.com/MacPaw/fastlane/security/code-scanning/29

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…ation Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

nekrich · 2024-09-19T13:36:35Z

fastlane/lib/fastlane/setup/setup.rb

@@ -244,7 +244,7 @@ def setup_gemfile!

    def ensure_gemfile_valid!(update_gemfile_if_needed: false)
      gemfile_content = File.read(gemfile_path)
-      unless gemfile_content.include?("https://rubygems.org")
+      unless gemfile_content.lines.any? { |line| URI(line.strip).host == "rubygems.org" rescue false }


I doubt this will work since the line is not URL source 'https://rubygems.org' or source("https://rubygems.org"), plus the case difference.

Fix code scanning alert fastlane#29: Incomplete URL substring sanitiz…

921754f

…ation Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

art-tykh requested a review from nekrich September 19, 2024 13:31

nekrich reviewed Sep 19, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix code scanning alert #29: Incomplete URL substring sanitization #5

Fix code scanning alert #29: Incomplete URL substring sanitization #5

art-tykh commented Sep 19, 2024

nekrich Sep 19, 2024 •

edited

Loading

Fix code scanning alert #29: Incomplete URL substring sanitization #5

Are you sure you want to change the base?

Fix code scanning alert #29: Incomplete URL substring sanitization #5

Conversation

art-tykh commented Sep 19, 2024

nekrich Sep 19, 2024 • edited Loading

Choose a reason for hiding this comment

nekrich Sep 19, 2024 •

edited

Loading