From 359b6e02d99ce1cbcfcc99a42962869bddb0b92c Mon Sep 17 00:00:00 2001
From: Oleksii Holub <1935960+Tyrrrz@users.noreply.github.com>
Date: Mon, 7 Oct 2024 17:55:17 +0300
Subject: [PATCH] PM-12102 | Fix LastPass importer not properly de-encrypting
 URLs (#11366)

* PM-12102 | Fix LastPass importer not properly de-encrypting URLs

* Reuse the original code for the unencrypted path

* Add some comments
---
 .../importers/lastpass/access/services/parser.ts | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/libs/importer/src/importers/lastpass/access/services/parser.ts b/libs/importer/src/importers/lastpass/access/services/parser.ts
index 19ef55bc73..31efadd6c0 100644
--- a/libs/importer/src/importers/lastpass/access/services/parser.ts
+++ b/libs/importer/src/importers/lastpass/access/services/parser.ts
@@ -22,7 +22,7 @@ export class Parser {
   /*
   May return null when the chunk does not represent an account.
   All secure notes are ACCTs but not all of them store account information.
-  
+
   TODO: Add a test for the folder case!
   TODO: Add a test case that covers secure note account!
   */
@@ -60,9 +60,17 @@ export class Parser {
 
       // 3: url
       step = 3;
-      let url = Utils.fromBufferToUtf8(
-        this.decodeHexLoose(Utils.fromBufferToUtf8(this.readItem(reader))),
-      );
+      const urlEncoded = this.readItem(reader);
+      let url =
+        urlEncoded.length > 0 && urlEncoded[0] === 33 // 33 = '!'
+          ? // URL is encrypted
+            await this.cryptoUtils.decryptAes256PlainWithDefault(
+              urlEncoded,
+              encryptionKey,
+              placeholder,
+            )
+          : // URL is not encrypted
+            Utils.fromBufferToUtf8(this.decodeHexLoose(Utils.fromBufferToUtf8(urlEncoded)));
 
       // Ignore "group" accounts. They have no credentials.
       if (url == "http://group") {