lgtm: fix Incomplete URL substring sanitization

author: Daniel Mensinger <daniel@mensinger-ka.de> 2019-12-04 17:39:35 +0100
committer: Jussi Pakkanen <jpakkane@gmail.com> 2019-12-05 00:22:10 +0200
commit: ef19e1ff2d6b0f791a3b4c4fcfdf5e284cd448cc (patch)
tree: cc3b1a05b5e437331bbe3aaa58cee7cd96fc45ec /mesonbuild
parent: b5cec1c632c4639875ef97cefa98ae30521212d0 (diff)
download: meson-ef19e1ff2d6b0f791a3b4c4fcfdf5e284cd448cc.zip
meson-ef19e1ff2d6b0f791a3b4c4fcfdf5e284cd448cc.tar.gz
meson-ef19e1ff2d6b0f791a3b4c4fcfdf5e284cd448cc.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/mesonbuild/wrap/wrap.py b/mesonbuild/wrap/wrap.py
index aa764b8..8d73d00 100644
--- a/mesonbuild/wrap/wrap.py
+++ b/mesonbuild/wrap/wrap.py
@@ -16,6 +16,7 @@ from .. import mlog
 import contextlib
 import urllib.request
 import urllib.error
+import urllib.parse
 import os
 import hashlib
 import shutil
@@ -310,7 +311,8 @@ class Resolver:
         blocksize = 10 * 1024
         h = hashlib.sha256()
         tmpfile = tempfile.NamedTemporaryFile(mode='wb', dir=self.cachedir, delete=False)
-        if url.startswith('https://wrapdb.mesonbuild.com'):
+        hostname = urllib.parse.urlparse(url).hostname
+        if hostname == 'wrapdb.mesonbuild.com' or hostname.endswith('.wrapdb.mesonbuild.com'):
             resp = open_wrapdburl(url)
         else:
             try:
author	Daniel Mensinger <daniel@mensinger-ka.de>	2019-12-04 17:39:35 +0100
committer	Jussi Pakkanen <jpakkane@gmail.com>	2019-12-05 00:22:10 +0200
commit	ef19e1ff2d6b0f791a3b4c4fcfdf5e284cd448cc (patch)
tree	cc3b1a05b5e437331bbe3aaa58cee7cd96fc45ec /mesonbuild
parent	b5cec1c632c4639875ef97cefa98ae30521212d0 (diff)
download	meson-ef19e1ff2d6b0f791a3b4c4fcfdf5e284cd448cc.zip meson-ef19e1ff2d6b0f791a3b4c4fcfdf5e284cd448cc.tar.gz meson-ef19e1ff2d6b0f791a3b4c4fcfdf5e284cd448cc.tar.bz2