-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] ./ and ../ are not valid subpath prefix #67
Comments
Hmm seems like the current specification doesn't allow allow some of these subpaths, so I think it would also be a question whether it makes sense to have the first index be an exception due to convention or do a implicit translation of removing the I think the @pombredanne do you have any thoughts on this? We are seeing quite a bit of |
we are still running into some of these issues where |
Why not stripping a leading And reporting an error for Where did these PURLs come from BTW? If this is from https://github.com/microsoft/sbom-tool from reading through this and related issue then you may want to report a bug there to get the fix upstream? Can you provide some exmaple? Note that in general, I am not too keen on changing the spec based on the output of one tool in another spec. |
Yea agreed about the "../" values not making semantic sense for now.. i'm wondering if we can provide a build flag or alternate function that will parse legacy documents while things get eventually fixed? It is likely we'll still see a lot of these "bad PURLs" around for the near future? |
@lumjjb it could make sense to publish a simple doc with fixes to apply to well known problematic inputs. |
A bug was discovered after upgrading to
v0.1.2
where./
and../
are not valid prefixes as seen here: guacsec/guac#1545. It appears to be due to this logic:As per the SPDX spec, file paths are generally prefixed with
./
. If apurl
was to be constructed using the files read in from an SPDX SBOM, it would throw an error.The text was updated successfully, but these errors were encountered: