KeePass returning unrelated credentials over keepasshttp

[eversins]

Hello, since the last AUR update, when I go on a random unknown site with a logon field, I get promoted to grant chromeIPass access to 7 account credentials.
It is always the same accounts but I see no pattern into why.

When on a site where I have credentials saved it works as expected. (although accounts on the same domain with different paths are also shown now)

Did something in the search/filtering from keepasshttp change?

Expected Behavior

Nothing at all should happen, its not the correct site for the credentials.

Current Behavior

Prompt opens to grant access to 7 unrelated accounts.

Debug Info

Version | 2.2.0.r94.gbe312bbe-1
KeePassXC - Version 2.2.0
Revision: be312bb

Libraries:

• Qt 5.9.1
• libgcrypt 1.8.1

Operating system: Manjaro Linux
CPU architecture: x86_64
Kernel: linux 4.13.4-1-MANJARO

Enabled extensions:

• KeePassHTTP
• Auto-Type
• YubiKey

[droidmonkey]

Recommend using the just released v2.2.1

[alexisju]

Same here with 2.2.1 (Snap on Mint). Maybe related to Firefox update (55.0.2 )?

I get KP prompts on any website containing any single fields. KP purpose credentials from entries without specific URL...

Very annoying.

[yan12125]

I got this issue on 2.2.1 (14e3d9d), too. This is a possible fix:

diff --git a/src/core/Entry.cpp b/src/core/Entry.cpp
index 238c2617..4278354a 100644
--- a/src/core/Entry.cpp
+++ b/src/core/Entry.cpp
@@ -796,7 +828,7 @@ QString Entry::resolveUrl(const QString& url) const
 {
 #ifdef WITH_XC_HTTP
     QString newUrl = url;
-    if (!url.contains("://")) {
+    if (!url.isEmpty() && !url.contains("://")) {
         // URL doesn't have a protocol, add https by default
         newUrl.prepend("https://");
     }

I haven't had time to create a minimal reproducer. Hopefully the fix explains itself.

[GuilloOme]

For me too, it's started with v2.2.1

You're right @yan12125, it's returns all entry with an empty url.

[droidmonkey]

This regression was introduced in 35c6df2.