resolves #4357 change internal uriish? to only detect a URI pattern at start of string (GHSL-2022-084) (PR #4358)

4 files changed, 21 insertions, 1 deletions

diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
index d13443a6..6b8b0088 100644
--- a/CHANGELOG.adoc
+++ b/CHANGELOG.adoc
@@ -60,6 +60,7 @@ Improvements::
 
 Bug Fixes::
 
+  * Change internal `uriish?` helper to only detect a URI pattern at start of a string; avoids misleading messages (#4357)
   * Prevent highlight.js warning when no language is set on source block; don't call `highlightBlock` if `data-lang` attribute is absent
   * Don't raise error if `Asciidoctor::Extensions.unregister` is called before groups are initialized (#4270)
   * If path is included both partially and fully, store it with true value (included fully) in includes table of document catalog
diff --git a/lib/asciidoctor/rx.rb b/lib/asciidoctor/rx.rb
index 5e73b13f..c212a871 100644
--- a/lib/asciidoctor/rx.rb
+++ b/lib/asciidoctor/rx.rb
@@ -717,7 +717,7 @@ module Asciidoctor
   #
   #   not c:/sample.adoc or c:\sample.adoc
   #
-  UriSniffRx = %r(^#{CG_ALPHA}[#{CC_ALNUM}.+-]+:/{0,2})
+  UriSniffRx = %r(\A#{CG_ALPHA}[#{CC_ALNUM}.+-]+:/{0,2})
 
   # Detects XML tags
   XmlSanitizeRx = /<[^>]+>/
diff --git a/test/helpers_test.rb b/test/helpers_test.rb
index df1f9bac..6c7d624e 100644
--- a/test/helpers_test.rb
+++ b/test/helpers_test.rb
@@ -51,6 +51,10 @@ context 'Helpers' do
       assert Asciidoctor::UriSniffRx !~ 'c:/sample.adoc'
       assert Asciidoctor::UriSniffRx !~ 'c:\\sample.adoc'
     end
+
+    test 'UriSniffRx should not detect URI that does not start on first line' do
+      assert Asciidoctor::UriSniffRx !~ %(text\nhttps://example.org)
+    end
   end
 
   context 'Type Resolution' do
diff --git a/test/reader_test.rb b/test/reader_test.rb
index 9f9153fe..718ad4fa 100644
--- a/test/reader_test.rb
+++ b/test/reader_test.rb
@@ -748,6 +748,21 @@ class ReaderTest < Minitest::Test
         end
       end
 
+      test 'include directive should not attempt to resolve target as remote if allow-uri-read is set and URL is not on first line' do
+        using_memory_logger do |logger|
+          input = <<~'EOS'
+          :target: not-a-file.adoc + \
+          http://example.org/team.adoc
+
+          include::{target}[]
+          EOS
+          doc = Asciidoctor.load input, safe: :safe, base_dir: fixturedir
+          lines = doc.blocks[0].lines
+          assert_equal [%(Unresolved directive in <stdin> - include::not-a-file.adoc +\nhttp://example.org/team.adoc[])], lines
+          assert_message logger, :ERROR, %(<stdin>: line 4: include file not found: #{fixture_path 'not-a-file.adoc'} +\nhttp://example.org/team.adoc), Hash
+        end
+      end
+
       test 'include directive should resolve file relative to current include' do
         input = 'include::fixtures/parent-include.adoc[]'
         pseudo_docfile = File.join DIRNAME, 'main.adoc'