Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for SPDX validation failure due to invalid CPE strings #45

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

KAWAHARA-souta
Copy link
Contributor

I've fixed an issue where an error occurs when generating SPDX SBOM for packages with '+' in their names, due to an invalid CPE string.

Also, I've fixed to escape special characters other than +. As spdx-tools does not support percent encoding, I'm using backslash escape encoding instead.

Note:
For this instance, we have adopted the '' escape method.
There is also the '%' escape method, and looking at the specifications for cpe and uri, it seemed that using that method would be better.
However, since spdx-tools is designed to only interpret the '' escape method, I've conformed to that approach.

This patch fixes:

I've fixed an issue where an error occurs when generating SPDX SBOM
for packages with '+' in their names, due to an invalid CPE string.

Also, I've fixed to escape special characters other than +.
As spdx-tools does not support percent encoding, I'm using backslash
escape encoding instead.

This patch fixes:
  - AlmaLinux#43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant