From a78cad84499df46745bbfe3cc10d885b50177a77 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Tue, 22 Aug 2023 16:35:23 -0400 Subject: [PATCH] Try to match if the part after @ is a valid ref (reject treating URL parts as refs). (#5856) * Try to match ref only if the part after @ is a valid ref (reject treating URL parts as refs). --- news/5849.bugfix.rst | 1 + pipenv/utils/dependencies.py | 5 +++-- pipenv/utils/requirements.py | 8 +++++--- 3 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 news/5849.bugfix.rst diff --git a/news/5849.bugfix.rst b/news/5849.bugfix.rst new file mode 100644 index 0000000000..7d462892ba --- /dev/null +++ b/news/5849.bugfix.rst @@ -0,0 +1 @@ +More gracefully handle @ symbols in vcs URLs to address recent regression with vcs URLs. diff --git a/pipenv/utils/dependencies.py b/pipenv/utils/dependencies.py index 095ec399c2..06f394377e 100644 --- a/pipenv/utils/dependencies.py +++ b/pipenv/utils/dependencies.py @@ -981,8 +981,9 @@ def install_req_from_pipfile(name, pipfile): "ssh://" not in vcs_url and "@" in vcs_url ): vcs_url_parts = vcs_url.rsplit("@", 1) - vcs_url = vcs_url_parts[0] - fallback_ref = vcs_url_parts[1] + if re.match(r"^[\w\.]+$", vcs_url_parts[1]): + vcs_url = vcs_url_parts[0] + fallback_ref = vcs_url_parts[1] req_str = f"{vcs_url}@{_pipfile.get('ref', fallback_ref)}{extras_str}" if not req_str.startswith(f"{vcs}+"): req_str = f"{vcs}+{req_str}" diff --git a/pipenv/utils/requirements.py b/pipenv/utils/requirements.py index 0168049c45..316f9714b3 100644 --- a/pipenv/utils/requirements.py +++ b/pipenv/utils/requirements.py @@ -160,9 +160,11 @@ def requirement_from_lockfile( "ssh://" not in url and "@" in url ): url_parts = url.rsplit("@", 1) - url = url_parts[0] - if not ref: - ref = url_parts[1] + # Check if the second part matches the criteria to be a ref (vcs URLs would likely have a /) + if re.match(r"^[\w\.]+$", url_parts[1]): + url = url_parts[0] + if not ref: + ref = url_parts[1] extras = ( "[{}]".format(",".join(package_info.get("extras", [])))