microsoft · joscol · Mar 5, 2025 · Apr 30, 2025 · Apr 30, 2025 · Apr 30, 2025
@@ -12,6 +12,7 @@
 * BUG: Fix error `ERR997.NoValidAnalysisTargets` when scanning symbolic link files.
 * BUG: Fix `ERR999.UnhandledEngineException: System.IO.FileNotFoundException: Could not find file` when a file name or directory path contains URL-encoded characters.
 * BUG: Fix error `ERR997.NoValidAnalysisTargets` when ambiguous file/directory references are provided to `OrderedFileSpecifier`. Previously, the code required an explicit directory separator to be added to the end of a directory path. Now, the code inspects the file system and assumes that a reference to an existing directory was intended by the user (even without a trailing separator).
+* BUG: Fix `ArgumentException: Illegal characters in path` when analysis target URI contains characters that are illegal in the file system.
 * NEW: Allow null archive uri in `MultithreadedZipArchiveArtifactProvider` (which indicates that enumerated artifact paths should not include the base archive).
 * NEW: Update `LogTargetParseError(IAnalysisContext, Region, string, Exception)` to include optional exception argument to denote code location where parse error occurred.
 * NEW: `MultithreadedAnalyzeCommandBase.EnumerateArtifact` now supports scanning into compressed (OPC) files. Initial support file extensions are: `.apk`, `.appx`, `.appxbundle`, `.docx`, `.epub`, `.jar`, `.msix`, `.msixbundle`, `.odp`, `.ods`, `.odt`, `.onepkg`, `.oxps`, `.pkg`, `.pptx`, `.unitypackage`, `.vsdx`, `.xps`, `.xlsx`, `.zip`.

@@ -679,7 +679,26 @@ private async Task<bool> EnumerateArtifact(IEnumeratedArtifact artifact, TContex
                 return false;
             }
 
-            string extension = Path.GetExtension(filePath);
+            string extension;
+            int lastDotIndex = filePath.LastIndexOf('.');
+
+            if (lastDotIndex < 0)
+            {
+                extension = string.Empty;
+            }
+            else
+            {
+                int lastSeparatorIndex = filePath.LastIndexOf(Path.PathSeparator);
+                if (lastSeparatorIndex > lastDotIndex)
+                {
+                    extension = string.Empty;
+                }
+                else
+                {
+                    extension = filePath.Substring(lastDotIndex);
+                }
+            }
+
             if (artifact.Uri.IsAbsoluteUri &&
                 string.IsNullOrEmpty(artifact.Uri.Query) &&
                 globalContext.OpcFileExtensions.Contains(extension))

@@ -910,6 +910,31 @@ public void AnalyzeCommand_EncodedPaths()
             sarifLog.Runs[0].Results.Count.Should().Be(1);
         }
 
+        [Fact]
+        public void AnalyzeCommand_IllegalPathCharInURL()
+        {
+            var sarifOutput = new StringBuilder();
+            var command = new TestMultithreadedAnalyzeCommand();
+            using var writer = new StringWriter(sarifOutput);
+            var logger = new SarifLogger(writer,
+                                            run: new Run { Tool = command.Tool },
+                                            levels: BaseLogger.ErrorWarningNote,
+                                            kinds: BaseLogger.Fail);
+
+            var target = new EnumeratedArtifact(FileSystem.Instance) { Uri = new Uri("http://example.com/some<character>test/bad\"characters\"path.txt"), Contents = "fake content" };
+
+            var context = new TestAnalysisContext
+            {
+                TargetsProvider = new ArtifactProvider(new[] { target }),
+                FailureLevels = BaseLogger.ErrorWarningNote,
+                ResultKinds = BaseLogger.Fail,
+                Logger = logger,
+            };
+
+            int result = command.Run(options: null, ref context);
+            result.Should().Be(0);
+        }
+
         [Fact]
         [Trait(TestTraits.WindowsOnly, "true")]
         public void AnalyzeCommand_TracesInMemory()