Secure API URL parsing

When parsing API endpoint URLs, implement rigorous input validation using precise regular expressions. This includes:

• Escaping special characters in domain literals (e.g., github\.com)
• Excluding URL separators (like /, ?, #) from username/password patterns
• Restricting allowed characters for security-sensitive components like API keys
• Minimizing unnecessary capture groups to improve clarity and performance

For example, instead of:

[[ "${API_URL}" =~ https://(([^:@]+)(:([^@]+))?@)?github.com/(.*)$ ]]

Use a more precise pattern:

[[ "${API_URL}" =~ https://(([^:@/?#]+)(:([^@/?#]+))?@)?github\.com/(.*)$ ]]

For API keys or tokens, consider restricting to known valid formats:

[[ "${API_TOKEN}" =~ ^[[:alnum:]_]+$ ]]

This approach prevents security vulnerabilities and ensures consistent API authentication handling across your application.