From 3ed33feef951e12127178de908853d51afdd90a1 Mon Sep 17 00:00:00 2001 From: Roman Koretskiy Date: Fri, 27 Mar 2026 21:21:31 +0400 Subject: [PATCH] Fix IllegalArgumentException when credentials contain $ or \ The withAuthentication() method uses String.replaceFirst() to inject credentials into the repository URL. The credentials string is used directly as the replacement argument, but in Java regex replacements $ and \ are special characters (group references and escape sequences). If a password contains $ (e.g. "pa$$word"), replaceFirst() throws java.lang.IllegalArgumentException: Illegal group reference. Fix: wrap credentials with Matcher.quoteReplacement() to escape any regex-special characters before using them in the replacement string. Made-with: Cursor --- .../java/org/torquebox/mojo/mavengem/wagon/MavenGemWagon.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mavengem-wagon/src/main/java/org/torquebox/mojo/mavengem/wagon/MavenGemWagon.java b/mavengem-wagon/src/main/java/org/torquebox/mojo/mavengem/wagon/MavenGemWagon.java index 427156b..c725419 100644 --- a/mavengem-wagon/src/main/java/org/torquebox/mojo/mavengem/wagon/MavenGemWagon.java +++ b/mavengem-wagon/src/main/java/org/torquebox/mojo/mavengem/wagon/MavenGemWagon.java @@ -24,6 +24,7 @@ import java.net.SocketAddress; import java.net.URL; import java.net.URLConnection; +import java.util.regex.Matcher; public class MavenGemWagon extends StreamWagon { @@ -115,7 +116,7 @@ private URL withAuthentication(String url) throws MalformedURLException { if (authenticationInfo != null && authenticationInfo.getUserName() != null) { String credentials = authenticationInfo.getUserName() + ":" + authenticationInfo.getPassword(); - url = url.replaceFirst("^(https?://)(.*)$", "$1" + credentials + "@$2"); + url = url.replaceFirst("^(https?://)(.*)$", "$1" + Matcher.quoteReplacement(credentials) + "@$2"); } return new URL(url); }