From 72bd8378ba215a43682e9cf25660745055fe2d57 Mon Sep 17 00:00:00 2001 From: Philippe Verdy <1387035+verdy-p@users.noreply.github.com> Date: Sat, 17 Sep 2022 22:45:23 +0200 Subject: [PATCH 1/6] replace sub-delim \} by \) in regexp There's no closing brace but a closing parenthese in sub-delim characters. See RFC RFC3986 annex A --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 8f0af12..09dd861 100644 --- a/README.md +++ b/README.md @@ -232,22 +232,22 @@ userinfo: path: "Normal" URL path according to RFC3986 section 3.3. - REGEX: (/? | (/[a-zA-Z0-9-\._~%!\$&'\(\}\*\+,;=:@]+)+) + REGEX: (/? | (/[a-zA-Z0-9-\._~%!\$&'\(\)\*\+,;=:@]+)+) query: "Normal" URL query according to RFC3986 section 3.4. - REGEX: [a-zA-Z0-9-\._~%!\$&'\(\}\*\+,;=:@]+ + REGEX: [a-zA-Z0-9-\._~%!\$&'\(\)\*\+,;=:@]+ user: This value can be URL encoded. - REGEX: [a-zA-Z0-9-\._~%!\$&'\(\}\*\+,;=]+ + REGEX: [a-zA-Z0-9-\._~%!\$&'\(\)\*\+,;=]+ password: This value can be URL encoded. - REGEX: [a-zA-Z0-9-\._~%!\$&'\(\}\*\+,;=]+ + REGEX: [a-zA-Z0-9-\._~%!\$&'\(\)\*\+,;=]+ host: - REGEX: [a-zA-Z0-9-\._~%!\$&'\(\}\*\+,;=]+ + REGEX: [a-zA-Z0-9-\._~%!\$&'\(\)\*\+,;=]+ post: REGEX: [0-9]+ From 8e18e80359fda1c624d37a009dc4a879211d87d7 Mon Sep 17 00:00:00 2001 From: Philippe Verdy <1387035+verdy-p@users.noreply.github.com> Date: Sat, 17 Sep 2022 22:57:35 +0200 Subject: [PATCH 2/6] Replace \} by \) in SUB_DELIMS There's no closing brace but a closing parenthese in sub-delim characters. See RFC RFC3986 annex A. --- src/DsnParser.php | 42 +++++++++++++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/src/DsnParser.php b/src/DsnParser.php index 433964f..e5898ab 100644 --- a/src/DsnParser.php +++ b/src/DsnParser.php @@ -22,7 +22,7 @@ class DsnParser private const FUNCTION_REGEX = '#^([a-zA-Z0-9\+-]+):?\((.*)\)(?:\?(.*))?$#'; private const ARGUMENTS_REGEX = '#([^\s,]+\([^)]+\)(?:\?[^\s,]*)?|[^\s,]+)#'; private const UNRESERVED = 'a-zA-Z0-9-\._~'; - private const SUB_DELIMS = '!\$&\'\(\}\*\+,;='; + private const SUB_DELIMS = '!\$&\'\(\)\*\+,;='; /** * Parse A DSN thay may contain functions. If no function is present in the @@ -44,7 +44,9 @@ public static function parseFunc(string $dsn): DsnFunction } if (empty($arguments)) { - throw new SyntaxException($dsn, 'dsn' === $functionName ? 'The DSN is empty' : 'A function must have arguments, an empty string was provided.'); + throw new SyntaxException($dsn, 'dsn' === $functionName + ? 'The DSN is empty' + : 'A function must have arguments, an empty string was provided.'); } // explode arguments and respect function parentheses @@ -52,7 +54,10 @@ public static function parseFunc(string $dsn): DsnFunction $arguments = $matches[1]; } - return new DsnFunction($functionName, array_map(\Closure::fromCallable([self::class, 'parseArguments']), $arguments), $parameters); + return new DsnFunction( + $functionName, + array_map(\Closure::fromCallable([self::class, 'parseArguments']), $arguments), + $parameters); } /** @@ -113,8 +118,12 @@ private static function parseArguments(string $dsn) private static function getDsn(string $dsn): Dsn { // Find the scheme if it exists and trim the double slash. - if (!preg_match('#^(?:(?['.self::UNRESERVED.self::SUB_DELIMS.'%]+:[0-9]+(?:[/?].*)?)|(?[a-zA-Z0-9\+-\.]+):(?://)?(?.*))$#', $dsn, $matches)) { - throw new SyntaxException($dsn, 'A DSN must contain a scheme [a-zA-Z0-9\+-\.]+ and a colon.'); + if (!preg_match( + '#^(?:(?[' . self::UNRESERVED . self::SUB_DELIMS . + '%]+:[0-9]+(?:[/?].*)?)|(?[a-zA-Z0-9\+-\.]+):(?://)?(?.*))$#', + $dsn, $matches)) { + throw new SyntaxException($dsn, + 'A DSN must contain a scheme [a-zA-Z0-9\+-\.]+ and a colon.'); } $scheme = null; $dsn = $matches['alt']; @@ -128,8 +137,13 @@ private static function getDsn(string $dsn): Dsn } // Parse user info - if (!preg_match('#^(?:(['.self::UNRESERVED.self::SUB_DELIMS.'%]+)?(?::(['.self::UNRESERVED.self::SUB_DELIMS.'%]*))?@)?([^\s@]+)$#', $dsn, $matches)) { - throw new SyntaxException($dsn, 'The provided DSN is not valid. Maybe you need to url-encode the user/password?'); + if (!preg_match( + '#^(?:([' . self::UNRESERVED . self::SUB_DELIMS . + '%]+)?(?::([' . self::UNRESERVED . self::SUB_DELIMS . + '%]*))?@)?([^\s@]+)$#', + $dsn, $matches)) { + throw new SyntaxException($dsn, + 'The provided DSN is not valid. Maybe you need to url-encode the user/password?'); } $authentication = [ @@ -146,12 +160,22 @@ private static function getDsn(string $dsn): Dsn if ('/' === $matches[3][0]) { $parts = self::explodeUrl($matches[3], $dsn); - return new Path($scheme, $parts['path'], self::getQuery($parts), $authentication); + return new Path( + $scheme, + $parts['path'], + self::getQuery($parts), + $authentication); } $parts = self::explodeUrl('http://'.$matches[3], $dsn); - return new Url($scheme, $parts['host'], $parts['port'] ?? null, $parts['path'] ?? null, self::getQuery($parts), $authentication); + return new Url( + $scheme, + $parts['host'], + $parts['port'] ?? null, + $parts['path'] ?? null, + self::getQuery($parts), + $authentication); } /** From 400d436160da824987baaff142112c9140301a6d Mon Sep 17 00:00:00 2001 From: Philippe Verdy <1387035+verdy-p@users.noreply.github.com> Date: Sat, 17 Sep 2022 23:31:11 +0200 Subject: [PATCH 3/6] composer-normalize --- composer.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/composer.json b/composer.json index f70f9ac..7384a99 100644 --- a/composer.json +++ b/composer.json @@ -1,32 +1,27 @@ { "name": "nyholm/dsn", - "type": "library", "description": "Parse your DSN strings in a powerful and flexible way", + "license": "MIT", + "type": "library", "keywords": [ "dsn", "parser", "dsn parser", "database" ], - "homepage": "http://tnyholm.se", - "license": "MIT", "authors": [ { "name": "Tobias Nyholm", "email": "tobias.nyholm@gmail.com" } ], + "homepage": "http://tnyholm.se", "require": { "php": ">=7.1" }, "require-dev": { "symfony/phpunit-bridge": "^5.1" }, - "extra": { - "branch-alias": { - "dev-master": "2.0-dev" - } - }, "autoload": { "psr-4": { "Nyholm\\Dsn\\": "src/" @@ -36,5 +31,10 @@ "psr-4": { "Nyholm\\Dsn\\Test\\": "tests/" } + }, + "extra": { + "branch-alias": { + "dev-master": "2.0-dev" + } } } From bed99b60b3120fec2ff63dd3475d1feae82f0230 Mon Sep 17 00:00:00 2001 From: Philippe Verdy <1387035+verdy-p@users.noreply.github.com> Date: Sat, 17 Sep 2022 23:37:11 +0200 Subject: [PATCH 4/6] PHP-CS-Fixer, avoid warnings --- src/DsnParser.php | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/src/DsnParser.php b/src/DsnParser.php index e5898ab..8444b61 100644 --- a/src/DsnParser.php +++ b/src/DsnParser.php @@ -44,9 +44,7 @@ public static function parseFunc(string $dsn): DsnFunction } if (empty($arguments)) { - throw new SyntaxException($dsn, 'dsn' === $functionName - ? 'The DSN is empty' - : 'A function must have arguments, an empty string was provided.'); + throw new SyntaxException($dsn, 'dsn' === $functionName ? 'The DSN is empty' : 'A function must have arguments, an empty string was provided.'); } // explode arguments and respect function parentheses @@ -119,11 +117,9 @@ private static function getDsn(string $dsn): Dsn { // Find the scheme if it exists and trim the double slash. if (!preg_match( - '#^(?:(?[' . self::UNRESERVED . self::SUB_DELIMS . - '%]+:[0-9]+(?:[/?].*)?)|(?[a-zA-Z0-9\+-\.]+):(?://)?(?.*))$#', + '#^(?:(?['.self::UNRESERVED.self::SUB_DELIMS.'%]+:[0-9]+(?:[/?].*)?)|(?[a-zA-Z0-9\+-\.]+):(?://)?(?.*))$#', $dsn, $matches)) { - throw new SyntaxException($dsn, - 'A DSN must contain a scheme [a-zA-Z0-9\+-\.]+ and a colon.'); + throw new SyntaxException($dsn, 'A DSN must contain a scheme [a-zA-Z0-9\+-\.]+ and a colon.'); } $scheme = null; $dsn = $matches['alt']; @@ -138,12 +134,9 @@ private static function getDsn(string $dsn): Dsn // Parse user info if (!preg_match( - '#^(?:([' . self::UNRESERVED . self::SUB_DELIMS . - '%]+)?(?::([' . self::UNRESERVED . self::SUB_DELIMS . - '%]*))?@)?([^\s@]+)$#', + '#^(?:(['.self::UNRESERVED.self::SUB_DELIMS.'%]+)?(?::([' . self::UNRESERVED . self::SUB_DELIMS.'%]*))?@)?([^\s@]+)$#', $dsn, $matches)) { - throw new SyntaxException($dsn, - 'The provided DSN is not valid. Maybe you need to url-encode the user/password?'); + throw new SyntaxException($dsn, 'The provided DSN is not valid. Maybe you need to url-encode the user/password?'); } $authentication = [ From 941e1a17a6a2a12e9c21f0b1caba002ed78dd477 Mon Sep 17 00:00:00 2001 From: Philippe Verdy <1387035+verdy-p@users.noreply.github.com> Date: Sat, 17 Sep 2022 23:38:53 +0200 Subject: [PATCH 5/6] Update DsnParser.php --- src/DsnParser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/DsnParser.php b/src/DsnParser.php index 8444b61..2c7f051 100644 --- a/src/DsnParser.php +++ b/src/DsnParser.php @@ -134,7 +134,7 @@ private static function getDsn(string $dsn): Dsn // Parse user info if (!preg_match( - '#^(?:(['.self::UNRESERVED.self::SUB_DELIMS.'%]+)?(?::([' . self::UNRESERVED . self::SUB_DELIMS.'%]*))?@)?([^\s@]+)$#', + '#^(?:(['.self::UNRESERVED.self::SUB_DELIMS.'%]+)?(?::(['.self::UNRESERVED.self::SUB_DELIMS.'%]*))?@)?([^\s@]+)$#', $dsn, $matches)) { throw new SyntaxException($dsn, 'The provided DSN is not valid. Maybe you need to url-encode the user/password?'); } From 479e5c7ec8ffcf7244df9705129caed5d763f176 Mon Sep 17 00:00:00 2001 From: Philippe Verdy <1387035+verdy-p@users.noreply.github.com> Date: Sun, 18 Sep 2022 00:46:43 +0200 Subject: [PATCH 6/6] Create dependency-review.yml --- .github/workflows/dependency-review.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..fe461b4 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,20 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v2