mirror of
https://github.com/yamadashy/repomix.git
synced 2026-02-07 20:26:47 +01:00
3a10a9f255
Replace substring matching with proper URL parsing to fix CodeQL security alert. Previously, the code used `includes()` for substring matching which could incorrectly identify malicious URLs like `https://evil.com/dev.azure.com/` as Azure DevOps URLs. Changes: - Extract Azure DevOps URL detection into a dedicated function - Use URL constructor to parse and validate the hostname - For SSH URLs, use `startsWith()` for exact prefix matching - For HTTP(S) URLs, check the hostname property exactly - Add security tests to ensure malicious URLs are not incorrectly identified This resolves the "Incomplete URL substring sanitization" alert from CodeQL.