CPE pattern #693
Assignees
Labels
csaf 2.1
csaf 2.1 work
editor-revision
already worked on in the editor revision
investigation needed
anything that needs some investigation
Comments
tschmidtb51
added
csaf 2.1
|
Regarding both parts, the TC needs to decide whether that is something for an errata. I think that heavily depends on the result of 2 as it might be an implementation specific problem. |
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
Mar 27, 2024
- addresses parts of oasis-tcs#693, oasis-tcs#710 - correct pattern to `^((CPE2.3)|(CPE2.2))$` - add additional `\\` to escape previously unescaped `/`
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
Mar 27, 2024
- addresses parts of oasis-tcs#693 - correct parsing of CPE 2.3 Dictionary (to also capture endings `">` instead of just `"/>`)
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
Mar 27, 2024
- addresses parts of oasis-tcs#693 - add new local test cases - adopt test script
This was referenced Mar 27, 2024
Merged
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
Mar 27, 2024
- addresses parts of oasis-tcs#693 - add conversion rule
This was referenced Mar 27, 2024
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 25, 2024
- addresses parts of oasis-tcs#693 - add FAQ regarding usage of the new pattern
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 25, 2024
- addresses parts of oasis-tcs#693 - add missing `\\` for overlooked `/` - adopt prose to reflect schema
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 25, 2024
- addresses parts of oasis-tcs#693 - add new local testcases
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 25, 2024
- addresses parts of oasis-tcs#693 - clarify that the pattern was changed in CSAF 2.1
This was referenced May 25, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current CPE regex seems to have some issues:
^(CPE2.3|CPE2.2)$, the pattern uses^(CPE2.3)|(CPE2.2)$. This allows values likeNOTAVALIDCPEcpe:/o:example:a:42::anyotherresp. (appended ones in CPE2.3)./as un-escaped character in JSON patterns.Regarding 1:
Regarding 2:
pythonandnodejs) haven't complained so far. So we need to find out whether an un-escaped/is valid in JSON patterns or just accepted. (This means reading the standard.)\\to escape/.The text was updated successfully, but these errors were encountered: