Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Url Encoded Component names are not searchable #2330

Closed
JSurf opened this issue Feb 26, 2024 · 5 comments · Fixed by #2385
Closed

Url Encoded Component names are not searchable #2330

JSurf opened this issue Feb 26, 2024 · 5 comments · Fixed by #2385
Labels
bug Something isn't working

Comments

@JSurf
Copy link
Contributor

JSurf commented Feb 26, 2024

Description

Related Issues, Pull Requests:

#2115
#2043
#2042

Came across an issue with components containig "/" in the name which now cannot be searched. Same will be true for other special chars

Seems the mentioned merge request ( #2043 ) allows searching without encoding but now breaks encoded search strings due to the poor parsing of the query string. There is possibly a better solution to support unencoded parameters.

The new "parseQueryString" method looks very unsafe and could possibly break in many possible ways and also could also be a security risk ?

The "official" SW360 client implementation DOES urlencode the parameters and is now broken for package names with special chars.

How to reproduce

Use OSS Review toolkit and use the "upload-result-to-sw360" goal which uses the sw360 client library https://central.sonatype.com/artifact/org.eclipse.sw360/client
https://oss-review-toolkit.org/ort/docs/guides/sw360-integration
This breaks when components already exist on SW360

Another code snippet to test this:
Result: An empty array is printed
Expected: Details of the "org.apache.logging.log4j/log4j-core" should be printed

		SW360ConnectionFactory factory = new SW360ConnectionFactory();
		SW360Connection c = factory.newConnection(config);
		ComponentSearchParams searchParams = ComponentSearchParams.builder()
		        .withName("org.apache.logging.log4j/log4j-core")
		        .build();
		System.out.println(c.getComponentAdapter().search(searchParams));

Screenshots

If applicable, add screenshots to help explain your problem.

Versions

  • Last commit id on master:
  • Operating System (lsb_release -a):

Logs

Any logs (if any) generated in

SW360 logs

Logs generated under /var/log/sw360/sw360.log

Tomcat logs

Logs generated under /var/log/tomcat/error.log
@JSurf JSurf added the bug Something isn't working label Feb 26, 2024
@ag4ums
Copy link
Contributor

ag4ums commented Feb 26, 2024

@JSurf thanks for creating the issue, are you facing the same issue while searching releases as well?

@JSurf
Copy link
Contributor Author

JSurf commented Feb 27, 2024

Yes,
System.out.println(c.getReleaseAdapter().getSparseReleaseByNameAndVersion("org.apache.logging.log4j/log4j-core", "2.22.1"));
also gives an empty result

@ag4ums
Copy link
Contributor

ag4ums commented Feb 27, 2024

@JSurf, you also mentioned that the client you are using is also broken due to the changes, could you point out the client.

@JSurf
Copy link
Contributor Author

JSurf commented Feb 27, 2024

Client Code is here:
https://github.com/eclipse-sw360/sw360/tree/main/clients/client

@eldrin30 eldrin30 mentioned this issue Mar 14, 2024
Closed
@ag4ums
Copy link
Contributor

ag4ums commented Mar 15, 2024

@JSurf , can you please check if this PR #2359 is working fine for you?

@rudra-superrr rudra-superrr mentioned this issue Mar 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(rest): url decoding. siemens/sw360
2 participants
@JSurf @ag4ums