Fix IllegalArgumentException when credentials contain $ or \

The withAuthentication() method uses String.replaceFirst() to inject
credentials into the repository URL. The credentials string is used
directly as the replacement argument, but in Java regex replacements
$ and \ are special characters (group references and escape sequences).

If a password contains $ (e.g. "pa$$word"), replaceFirst() throws
java.lang.IllegalArgumentException: Illegal group reference.

Fix: wrap credentials with Matcher.quoteReplacement() to escape any
regex-special characters before using them in the replacement string.

Made-with: Cursor

Author: rkoretskiy-cloudlinux

mavengem-wagon/src/main/java/org/torquebox/mojo/mavengem/wagon/MavenGemWagon.java

@@ -24,6 +24,7 @@
 import java.net.SocketAddress;
 import java.net.URL;
 import java.net.URLConnection;
+import java.util.regex.Matcher;
 
 public class MavenGemWagon extends StreamWagon {
 
@@ -115,7 +116,7 @@ private URL withAuthentication(String url)
             throws MalformedURLException {
         if (authenticationInfo != null && authenticationInfo.getUserName() != null) {
             String credentials = authenticationInfo.getUserName() + ":" + authenticationInfo.getPassword();
-            url = url.replaceFirst("^(https?://)(.*)$", "$1" + credentials + "@$2");
+            url = url.replaceFirst("^(https?://)(.*)", "$1" + Matcher.quoteReplacement(credentials) + "@$2");
         }
         return new URL(url);
     }