fix(checkver): Harden github checkver

chawyehsu · chawyehsu · commit 2196ba04edb9 · 2026-04-24T12:21:57.000+08:00
Signed-off-by: Chawye Hsu &lt;su+git@chawyehsu.com&gt;
diff --git a/bin/checkver.ps1 b/bin/checkver.ps1
@@ -141,25 +141,44 @@ $Queue | ForEach-Object {
     $replace = ''
     $useGithubAPI = $false
 
-    # GitHub
-    if ($regex) {
-        $githubRegex = $regex
-    } else {
-        $githubRegex = '/releases/tag/(?:v|V)?([\d.]+)'
-    }
-    if ($json.checkver -eq 'github') {
-        if (!$json.homepage.StartsWith('https://github.com/')) {
-            error "$name checkver expects the homepage to be a github repository"
+    ## GitHub
+    #
+    # ```json
+    # "homepage": "<valid-repository-url>",
+    # "checkver": "github"
+    # ```
+    #
+    # or
+    #
+    # ```json
+    # "checkver": {
+    #     "github": "<valid-repository-url-or-repository-api-url>"
+    # }
+    # ```
+    if (($json.checkver -eq 'github') -or $json.checkver.github) {
+        $githubUrlPattern = '^https://((www\.)?github\.com/[\w.-]+/[\w.-]+/?|api\.github\.com/repos/[\w.-]+/[\w.-]+(/.*)?)$'
+        $regex = if ($regex) { $regex } else { '/releases/tag/(?:v|V)?([\d.]+)' }
+
+        $inputGithubUrl = $json.homepage
+        $fieldUsed = 'homepage'
+        if ($json.checkver.github) {
+            $inputGithubUrl = $json.checkver.github
+            $fieldUsed = 'checkver.github'
+        }
+
+        if ($inputGithubUrl -notmatch $githubUrlPattern) {
+            error "$name checkver expects $fieldUsed to be a valid GitHub repository URL"
+        }
+
+        $url = $inputGithubUrl.TrimEnd('/')
+        if ($url -notlike 'https://api.github.com*') {
+            $url = $url + '/releases/latest'
         }
-        $url = $json.homepage.TrimEnd('/') + '/releases/latest'
-        $regex = $githubRegex
-        $useGithubAPI = $true
-    }
 
-    if ($json.checkver.github) {
-        $url = $json.checkver.github.TrimEnd('/') + '/releases/latest'
-        $regex = $githubRegex
-        $useGithubAPI = $true
+        if ($GitHubToken) {
+            $url = $url -replace '//(www\.)?github.com/', '//api.github.com/repos/'
+            $useGithubAPI = $true
+        }
     }
 
     # SourceForge
@@ -216,10 +235,7 @@ $Queue | ForEach-Object {
 
     $reverse = $json.checkver.reverse -and $json.checkver.reverse -eq 'true'
 
-    if ($url -like '*api.github.com/*') { $useGithubAPI = $true }
-
-    if ($useGithubAPI -and ($null -ne $GitHubToken)) {
-        $url = $url -replace '//(www\.)?github.com/', '//api.github.com/repos/'
+    if ($useGithubAPI) {
         $wc.Headers.Add('Authorization', "token $GitHubToken")
     }
 
