Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent colon encoding #92

Open
conn4575 opened this issue Feb 9, 2023 · 1 comment · May be fixed by #161
Open

Inconsistent colon encoding #92

conn4575 opened this issue Feb 9, 2023 · 1 comment · May be fixed by #161

Comments

@conn4575
Copy link

conn4575 commented Feb 9, 2023
edited
Loading

There are inconsistencies with colon encoding in different languages.
For the following input:

type:docker
name:cassandra
version: sha256:244fd47e07d1004f0aed9c

output:

java implementation: pkg:docker/cassandra@sha256%3A244fd47e07d1004f0aed9c
go implementation: pkg:docker/cassandra@sha256:244fd47e07d1004f0aed9c
python implementation: pkg:docker/cassandra@sha256:244fd47e07d1004f0aed9c

As we can see, the colon : will be encoded as %3A in java implementaion, but not in other languages.
According to the specification of purl

the '#', '?', '@' and ':' characters must NOT be encoded when used as separators. They may need to be encoded elsewhere
the ':' scheme and type separator does not need to and must NOT be encoded. It is unambiguous unencoded everywhere

I think : must NOT be encoded.
@dwalluck
Copy link

Not necessarily, see package-url/purl-spec#39.

Converting ':' to "%3A" is perfectly valid and matches java.net.URLEncoder, but it's unfortunate that the "canonical" representation cannot be agreed on by the implementations.

dwalluck added a commit to dwalluck/packageurl-java that referenced this issue Feb 20, 2025
@dwalluck
Don't encode ':' or '/' as part of the canonical representation
94379c9 
This makes the Java canonical representation match the majority of
other implementations.

Fixes package-url#122
Fixes package-url#92
@dwalluck dwalluck linked a pull request Feb 20, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't encode ':' or '/' as part of the canonical representation dwalluck/packageurl-java
2 participants
@dwalluck @conn4575