KeePassHTTP: Invalid URLs in title/URL leads to false positives

[yan12125]

Expected Behavior

The KeePassHTTP plugin returns matched entries only

Current Behavior

When the title or URL field in an entry contains an invalid URL, the entry is returned

Possible Solution

Reject invalid URLs in Service::matchUrlScheme() (untested)

Steps to Reproduce (for bugs)

1. Create an entry with title https://example.com foobar. Note that there's a space before foobar
2. Check matched entries from KeePassHTTP in browsers

Context

This is a following up of #1017

Debug Info

KeePassXC - Version 2.2.4
Revision: ad8fca2

Libraries:

• Qt 5.10.0
• libgcrypt 1.8.2

Operating system: Arch Linux
CPU architecture: x86_64
Kernel: linux 4.14.9-1-ARCH

Enabled extensions:

• KeePassHTTP
• Auto-Type
• YubiKey
• SSH Agent

[yan12125]

Here's a good news: the new browser plugin does not have this issue.

[rugk]

Which version?

[rugk]

v1.0.9 is still affected here.

[yan12125]

@rugk: Sorry if my comment was misleading. I was referring to @varjolintu's keepassxc-browser work. That plugin requires the latest git version of KeePassXC. AFAIK It's going to be included in KeePassXC 2.4.0, which is still on its way.

UPDATE: Removal of KeePassHTTP is postponed to 2.4 (#1752)

[rugk]

BTW it always seems to request that one entry (bad password) for all password fields, where it does not recognize/find a different passwords. Almost seems like this is a simple array iteration issue or so where it chooses [0] if it cannot find an entry…