From 3c9d925531a890ca1c3730b626e0934ff98ba1cc Mon Sep 17 00:00:00 2001
From: Charlie Marsh <charlie.r.marsh@gmail.com>
Date: Thu, 18 Apr 2024 20:37:33 -0400
Subject: [PATCH] Avoid treating localhost URLs as local file paths (#3132)

## Summary

Closes https://github.com/astral-sh/uv/issues/3128.

## Test Plan

- `python -m http.server`
- `cargo run pip install
"http://localhost:8000/werkzeug-3.0.2-py3-none-any.whl"`
- `cargo run pip install
"http://localhost:8000/werkzeug-3.0.2-py3-none-any.whl"`
---
 crates/uv-installer/src/plan.rs          |  5 ++++-
 crates/uv-installer/src/site_packages.rs | 28 ++++++++++++++----------
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/crates/uv-installer/src/plan.rs b/crates/uv-installer/src/plan.rs
index 21970eafb..d06403c08 100644
--- a/crates/uv-installer/src/plan.rs
+++ b/crates/uv-installer/src/plan.rs
@@ -442,7 +442,10 @@ fn installed_satisfies_requirement(
             if let InstalledDist::Url(installed) = &distribution {
                 if &installed.url == url.raw() {
                     // If the requirement came from a local path, check freshness.
-                    if let Ok(archive) = url.to_file_path() {
+                    if let Some(archive) = (url.scheme() == "file")
+                        .then(|| url.to_file_path().ok())
+                        .flatten()
+                    {
                         if ArchiveTimestamp::up_to_date_with(
                             &archive,
                             ArchiveTarget::Install(distribution),
diff --git a/crates/uv-installer/src/site_packages.rs b/crates/uv-installer/src/site_packages.rs
index ab9ed93d7..1b3fb89ae 100644
--- a/crates/uv-installer/src/site_packages.rs
+++ b/crates/uv-installer/src/site_packages.rs
@@ -398,12 +398,14 @@ impl<'a> SitePackages<'a> {
                             }
 
                             // If the requirement came from a local path, check freshness.
-                            if let Ok(archive) = url.to_file_path() {
-                                if !ArchiveTimestamp::up_to_date_with(
-                                    &archive,
-                                    ArchiveTarget::Install(distribution),
-                                )? {
-                                    return Ok(false);
+                            if url.scheme() == "file" {
+                                if let Ok(archive) = url.to_file_path() {
+                                    if !ArchiveTimestamp::up_to_date_with(
+                                        &archive,
+                                        ArchiveTarget::Install(distribution),
+                                    )? {
+                                        return Ok(false);
+                                    }
                                 }
                             }
                         }
@@ -441,12 +443,14 @@ impl<'a> SitePackages<'a> {
                                 }
 
                                 // If the requirement came from a local path, check freshness.
-                                if let Ok(archive) = url.to_file_path() {
-                                    if !ArchiveTimestamp::up_to_date_with(
-                                        &archive,
-                                        ArchiveTarget::Install(distribution),
-                                    )? {
-                                        return Ok(false);
+                                if url.scheme() == "file" {
+                                    if let Ok(archive) = url.to_file_path() {
+                                        if !ArchiveTimestamp::up_to_date_with(
+                                            &archive,
+                                            ArchiveTarget::Install(distribution),
+                                        )? {
+                                            return Ok(false);
+                                        }
                                     }
                                 }
                             }