Merge pull request #116 from mroth/alert-autofix-1

Potential fix for code scanning alert no. 1: Incomplete regular expression for hostnames

Author: mroth

git.go

@@ -77,7 +77,7 @@ func _detectRemoteURL_LocalGit(path string) (string, error) {
 // 	 https://github.com/mroth/bump.git
 //   git@github.com:mroth/bump.git
 func parseGithubRemote(remoteURL string) (owner, repo string, ok bool) {
-	re := regexp.MustCompile(`^(?:https://|git@)github.com[:/](.*)/(.*?)(?:\.git$|$)`)
+	re := regexp.MustCompile(`^(?:https://|git@)github\.com[:/](.*)/(.*?)(?:\.git$|$)`)
 	matches := re.FindStringSubmatch(remoteURL)
 	if len(matches) < 3 {
 		return

git_test.go

@@ -31,6 +31,17 @@ func Test_parseGithubRemote(t *testing.T) {
 			wantRepo:  "bump",
 			wantOk:    true,
 		},
+		// negative cases: near-miss hostnames should not match
+		{
+			name:      "nearMiss_HTTPS_dotReplaced",
+			remoteURL: "https://githubXcom/mroth/bump.git",
+			wantOk:    false,
+		},
+		{
+			name:      "nearMiss_SSH_dotReplaced",
+			remoteURL: "git@githubXcom:mroth/bump.git",
+			wantOk:    false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {