[bug] ./ and ../ are not valid subpath prefix #67
Comments
|
Hmm seems like the current specification doesn't allow allow some of these subpaths, so I think it would also be a question whether it makes sense to have the first index be an exception due to convention or do a implicit translation of removing the I think the @pombredanne do you have any thoughts on this? We are seeing quite a bit of |
|
we are still running into some of these issues where |
|
Why not stripping a leading And reporting an error for Where did these PURLs come from BTW? If this is from https://github.com/microsoft/sbom-tool from reading through this and related issue then you may want to report a bug there to get the fix upstream? Can you provide some exmaple? Note that in general, I am not too keen on changing the spec based on the output of one tool in another spec. |
|
Yea agreed about the "../" values not making semantic sense for now.. i'm wondering if we can provide a build flag or alternate function that will parse legacy documents while things get eventually fixed? It is likely we'll still see a lot of these "bad PURLs" around for the near future? |
|
@lumjjb it could make sense to publish a simple doc with fixes to apply to well known problematic inputs. |
A bug was discovered after upgrading to
v0.1.2where./and../are not valid prefixes as seen here: guacsec/guac#1545. It appears to be due to this logic:As per the SPDX spec, file paths are generally prefixed with
./. If apurlwas to be constructed using the files read in from an SPDX SBOM, it would throw an error.The text was updated successfully, but these errors were encountered: