Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slash character is not expected to be escaped by the specification #122

Open
aloubyansky opened this issue Mar 6, 2024 · 2 comments · May be fixed by #161
Open

Slash character is not expected to be escaped by the specification #122

aloubyansky opened this issue Mar 6, 2024 · 2 comments · May be fixed by #161

Comments

@aloubyansky
Copy link

This issue is created following package-url/purl-spec#293

Slash character in qualifiers appears to be escaped in the current implementation. For example the following code

//DEPS com.github.package-url:packageurl-java:1.5.0

import java.util.TreeMap;
import com.github.packageurl.PackageURL;

public class purl {
    public static void main(String[] args) throws Exception {

        final TreeMap<String, String> qualifiers = new TreeMap<>();
        qualifiers.put("type", "jar");
        qualifiers.put("repository_url", "https://maven.repository.redhat.com/ga/");
        var purl = new PackageURL(PackageURL.StandardTypes.MAVEN,
                    "org.apache.james",
                    "apache-mime4j-storage",
                    "0.8.9.redhat-00001",
                    qualifiers, null);
        System.out.println(purl);
    }
}

results in

pkg:maven/org.apache.james/[email protected]?repository_url=https%3A%2F%2Fmaven.repository.redhat.com%2Fga%2F&type=jar

while following the spec it should be

pkg:maven/org.apache.james/[email protected]?repository_url=https://maven.repository.redhat.com/ga/&type=jar
@dwalluck
Copy link
Contributor

dwalluck commented Feb 20, 2025
edited
Loading

Not necessarily, see package-url/purl-spec#39.

Converting ':' to "%3A" and '/' to "%2F" is perfectly valid and matches java.net.URLEncoder, but it's unfortunate that the "canonical" representation cannot be agreed on by the implementations.

dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Feb 20, 2025
@dwalluck
Don't encode ':' or '/' as part of the canonical representation
94379c9 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
@dwalluck dwalluck linked a pull request Feb 20, 2025 that will close this issue
Draft
@dwalluck
Copy link
Contributor

The current test suite does not encode these characters.

dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Mar 18, 2025
@dwalluck
Don't encode ':' or '/' as part of the canonical representation
21df2bf 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Mar 18, 2025
@dwalluck
fix: don't encode ':' or '/' as part of the canonical representation
7563aea 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Mar 18, 2025
@dwalluck
fix: don't encode ':' or '/' as part of the canonical representation
e42515b 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Mar 18, 2025
@dwalluck
fix: don't encode ':' or '/' as part of the canonical representation
447ba2a 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Mar 19, 2025
@dwalluck
fix: don't encode ':' or '/' as part of the canonical representation
81dfd23 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Mar 19, 2025
@dwalluck
fix: don't encode ':' or '/' as part of the canonical representation
7803217 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Mar 19, 2025
@dwalluck
fix: don't encode ':' or '/' as part of the canonical representation
b6482d2 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: don't encode ':' or '/' as part of the canonical representation dwalluck/packageurl-java
2 participants
@aloubyansky @dwalluck