SONARPY-3887 Fix QG (#946)

joke1196 · sonartech · commit 50598adc8f86 · 2026-03-10T12:58:42.000Z
GitOrigin-RevId: 77b6559037e7b34eaadbfa82a7b6192ff2bf3dd2
diff --git a/python-checks/src/main/java/org/sonar/python/checks/hotspots/HardCodedCredentialsCheck.java b/python-checks/src/main/java/org/sonar/python/checks/hotspots/HardCodedCredentialsCheck.java
@@ -17,6 +17,8 @@
 package org.sonar.python.checks.hotspots;
 
 import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.Collection;
 import java.util.Collections;
@@ -270,12 +272,12 @@ private static boolean isURLWithCredentials(StringLiteral stringLiteral) {
       return false;
     }
     try {
-      URL url = new URL(stringLiteral.trimmedQuotesValue());
+      URL url = new URI(stringLiteral.trimmedQuotesValue()).toURL();
       String userInfo = url.getUserInfo();
       if (userInfo != null && userInfo.matches("\\S+:\\S+")) {
         return true;
       }
-    } catch (MalformedURLException e) {
+    } catch (URISyntaxException | MalformedURLException | IllegalArgumentException e) {
       return false;
     }
     return false;
