From 817f3dbb5f734362cf61a395c88d3007705c3e82 Mon Sep 17 00:00:00 2001
From: Lamont Granquist <lamont@scriptkiddie.org>
Date: Fri, 12 Feb 2021 13:40:19 -0800
Subject: Fix automate compliance fetcher for profiles with at signs

This is largely copypasta directly out of the audit cookbook.

I've preserved the original backcompat in the cookbook because
it seems more important for this code to be correct than to try
to mess around deprecating code that isn't hurting anything.

Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
---
 lib/chef/compliance/fetcher/automate.rb       | 19 +++++++++++++++----
 spec/unit/compliance/fetcher/automate_spec.rb |  8 ++++++++
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/lib/chef/compliance/fetcher/automate.rb b/lib/chef/compliance/fetcher/automate.rb
index b254684280..64aff6833a 100644
--- a/lib/chef/compliance/fetcher/automate.rb
+++ b/lib/chef/compliance/fetcher/automate.rb
@@ -32,12 +32,12 @@ class Chef
             profile_fetch_url = target[:url]
           else
             # verifies that the target e.g base/ssh exists
-            base_path = "/compliance/profiles/#{uri.host}#{uri.path}"
-
+            profile = sanitize_profile_name(uri)
+            owner, id = profile.split("/")
             profile_path = if target.respond_to?(:key?) && target.key?(:version)
-                             "#{base_path}/version/#{target[:version]}/tar"
+                             "/compliance/profiles/#{owner}/#{id}/version/#{target[:version]}/tar"
                            else
-                             "#{base_path}/tar"
+                             "/compliance/profiles/#{owner}/#{id}/tar"
                            end
 
             url = URI(Chef::Config[:data_collector][:server_url])
@@ -60,6 +60,17 @@ class Chef
           nil
         end
 
+        # returns a parsed url for `admin/profile` or `compliance://admin/profile`
+        # TODO: remove in future, copied from inspec to support older versions of inspec
+        def self.sanitize_profile_name(profile)
+          uri = if URI(profile).scheme == "compliance"
+                  URI(profile)
+                else
+                  URI("compliance://#{profile}")
+                end
+          uri.to_s.sub(%r{^compliance:\/\/}, "")
+        end
+
         def to_s
           "#{ChefUtils::Dist::Automate::PRODUCT} for #{ChefUtils::Dist::Solo::PRODUCT} Fetcher"
         end
diff --git a/spec/unit/compliance/fetcher/automate_spec.rb b/spec/unit/compliance/fetcher/automate_spec.rb
index bc2125aaa7..f3554b8b0f 100644
--- a/spec/unit/compliance/fetcher/automate_spec.rb
+++ b/spec/unit/compliance/fetcher/automate_spec.rb
@@ -21,6 +21,14 @@ describe Chef::Compliance::Fetcher::Automate do
         expect(res.target).to eq(expected)
       end
 
+      it "should resolve a compliance URL with a @ in the namespace" do
+        res = Chef::Compliance::Fetcher::Automate.resolve("compliance://name@space/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/name@space/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
       it "raises an exception with no data collector token" do
         Chef::Config[:data_collector].delete(:token)
 
-- 
cgit v1.2.1