Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

purl containing a query parameter repository_url with own (encoded) query parameters not handled correctly? #43

Closed
Festus1248 opened this issue Apr 14, 2023 · 4 comments
Closed

purl containing a query parameter repository_url with own (encoded) query parameters not handled correctly? #43

Festus1248 opened this issue Apr 14, 2023 · 4 comments

Comments

@Festus1248
Copy link

Hi there,

...maybe this is just misunderstanding from my side, but when I create a purl object for a purl like this
pkg:oci/azure-cli@sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b?repository_url=index.docker.io%2Fbitnami%2Fazure-cli\u0026arch=amd64
it seems that the (encoded) query parameter from the query parameter repository_url is handled as separate query parameter of the purl and not of the repository_url.
The result is:

PackageURL {
      type: 'oci',
      name: 'azure-cli',
      namespace: null,
      version: 'sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b',
      qualifiers: {
        repository_url: 'index.docker.io/bitnami/azure-cli',
        arch: 'amd64'
      },
      subpath: null
    }

My expectation would have been:

PackageURL {
      type: 'oci',
      name: 'azure-cli',
      namespace: null,
      version: 'sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b',
      qualifiers: {
        repository_url: 'index.docker.io/bitnami/azure-cli&arch=amd64'
      },
      subpath: null
    }

Is my expectation wrong or is this a bug?
@Festus1248
Copy link
Author

Hi there,

...small correction from my side: The example I provided above is - in reference to the purl specification not a correct purl, since the value of the qualifier repository_url is not percent encoded.

But if you try with a correct purl like pkg:oci/azure-cli@sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b?repository_url=index.docker.io%2Fbitnam%2Fazure-cli%26arch%3Damd64 and you transform this into a packageURL Object and back to string (with toString() ), then the result differs from the input. See the following test, which fails:

`import { PackageURL } from 'packageurl-js';

const purl =
'pkg:oci/azure-cli@sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b?repository_url=index.docker.io%2Fbitnam%2Fazure-cli%26arch%3Damd64';

expect(PackageURL.fromString(purl).toString()).toBe(purl);
`
After the toString() method, the qualifier value contains '/', which is not percent-encoded.

Sorry for the confusion!

@jdalton
Copy link
Collaborator

jdalton commented May 17, 2024

Related to package-url/purl-spec#39

@jdalton
Copy link
Collaborator

jdalton commented Aug 14, 2024
edited
Loading

This is handled in #73 by using URLSearchParams to encode and then turning + into %20 for better portability. I sided with the Rust implementation.

Also leveraging standard URLSearchParams. Deferring to standard encoders like URLSearchParams and encodeURIComponent for base encoding and then applying tweaks allows for less chances of mistakes (I trust standard implementations over myself).

@jdalton
Copy link
Collaborator

jdalton commented Aug 16, 2024

Closed by #73

@jdalton jdalton closed this as completed Aug 16, 2024
@jdalton jdalton mentioned this issue Aug 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdalton @Festus1248