From 50a6b908eed594d2879f7c8c6fa23b7c58d8e090 Mon Sep 17 00:00:00 2001
From: Michael J Klein <michaeljklein@users.noreply.github.com>
Date: Wed, 21 Aug 2024 11:30:09 -0400
Subject: [PATCH] chore: sanitize url's to only allow github (#5776)

# Description

## Problem\*

Resolves https://github.com/noir-lang/noir/issues/5737

## Summary\*



## Additional Context



## Documentation\*

Check one:
- [x] No documentation needed.
- [ ] Documentation included in this PR.
- [ ] **[For Experimental Features]** Documentation to be submitted in a
separate PR.

# PR Checklist\*

- [x] I have tested the changes locally.
- [x] I have formatted the changes with [Prettier](https://prettier.io/)
and/or `cargo fmt` on default settings.
---
 .../wasm/src/noir/dependencies/github-dependency-resolver.ts   | 3 ++-
 .../wasm/test/dependencies/github-dependency-resolver.test.ts  | 2 ++
 compiler/wasm/test/fixtures/with-deps/src/main.nr              | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/compiler/wasm/src/noir/dependencies/github-dependency-resolver.ts b/compiler/wasm/src/noir/dependencies/github-dependency-resolver.ts
index 39ad0d802fb..1fd37248e78 100644
--- a/compiler/wasm/src/noir/dependencies/github-dependency-resolver.ts
+++ b/compiler/wasm/src/noir/dependencies/github-dependency-resolver.ts
@@ -45,7 +45,8 @@ export class GithubDependencyResolver implements DependencyResolver {
   }
 
   async #fetchZipFromGithub(dependency: Pick<GitDependencyConfig, 'git' | 'tag'>): Promise<string> {
-    if (!dependency.git.startsWith('https://github.com')) {
+    const git_host = new URL(dependency.git);
+    if (git_host !== null && git_host.host != 'github.com') {
       throw new Error('Only github dependencies are supported');
     }
 
diff --git a/compiler/wasm/test/dependencies/github-dependency-resolver.test.ts b/compiler/wasm/test/dependencies/github-dependency-resolver.test.ts
index 505b2269cd2..684a19beb24 100644
--- a/compiler/wasm/test/dependencies/github-dependency-resolver.test.ts
+++ b/compiler/wasm/test/dependencies/github-dependency-resolver.test.ts
@@ -124,6 +124,8 @@ describe('GithubDependencyResolver', () => {
     { git: 'https://github.com/', tag: 'v1' },
     { git: 'https://github.com/foo', tag: 'v1' },
     { git: 'https://example.com', tag: 'v1' },
+    { git: 'https://github.aaakk.us.kg.otherdomain.com', tag: 'v1' },
+    { git: 'https://github.aaakk.us.kg.otherdomain.com/example/repo', tag: 'v1' },
   ]).it('throws if the Github URL is invalid %j', (dep) => {
     expect(() => resolveGithubCodeArchive(dep, 'zip')).to.throw();
   });
diff --git a/compiler/wasm/test/fixtures/with-deps/src/main.nr b/compiler/wasm/test/fixtures/with-deps/src/main.nr
index fe9e7f9ca77..c66f302365a 100644
--- a/compiler/wasm/test/fixtures/with-deps/src/main.nr
+++ b/compiler/wasm/test/fixtures/with-deps/src/main.nr
@@ -1,4 +1,4 @@
 use lib_a::divide;
 fn main(x: u64, y: pub u64) {
-    divide(x, y);
+    let _ = divide(x, y);
 }