add support for encoded allowlist urls (#116)

* add support for encoded urls

* rm test

Author: vivekkhimani

pkg/allowlist.go

@@ -12,13 +12,16 @@ func (config AllowlistItem) Matches(method string, url *url.URL) bool {
 		return false
 	}
 
-	parsedUrl, _ := url.Parse(config.URL)
+	parsedUrl, err := url.Parse(config.URL)
+	if err != nil {
+		return false
+	}
 
 	if parsedUrl.Scheme != url.Scheme || parsedUrl.Host != url.Host {
 		return false
 	}
 
-	matcher := urlpath.New(parsedUrl.Path)
+	matcher := urlpath.New(parsedUrl.EscapedPath())
 	if _, matches := matcher.Match(url.EscapedPath()); matches {
 		return true
 	}

pkg/allowlist_test.go

@@ -118,3 +118,24 @@ func TestAllowlistPathMatch(t *testing.T) {
 	assertAllowlistMatch(t, allowlist, "GET", "https://foo.com/variable-path/bla%2Fbla/suffix", true)
 	assertAllowlistMatch(t, allowlist, "GET", "https://foo.com/variable-path/bla/bla/suffix", false)
 }
+
+func TestAllowlistEncodedPathMatch(t *testing.T) {
+	allowlist := &Allowlist{
+		AllowlistItem{
+			URL:     "https://gitlab.example.com/api/v4/projects/group%2Fproject/repository/files/*",
+			Methods: ParseHttpMethods([]string{"GET"}),
+		},
+		AllowlistItem{
+			URL:     "https://gitlab.example.com/api/v4/projects/:group%2F:project/repository/files/*",
+			Methods: ParseHttpMethods([]string{"GET"}),
+		},
+	}
+
+	// Test that encoded forward slashes in the path match correctly
+	assertAllowlistMatch(t, allowlist, "GET", "https://gitlab.example.com/api/v4/projects/group%2Fproject/repository/files/path/to/file", true)
+	assertAllowlistMatch(t, allowlist, "GET", "https://gitlab.example.com/api/v4/projects/group/project/repository/files/path/to/file", false)
+
+	// Test with variables containing encoded characters
+	assertAllowlistMatch(t, allowlist, "GET", "https://gitlab.example.com/api/v4/projects/test-group%2Ftest-project/repository/files/path/to/file", true)
+	assertAllowlistMatch(t, allowlist, "GET", "https://gitlab.example.com/api/v4/projects/test-group/test-project/repository/files/path/to/file", false)
+}