-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incomplete percent encoding and decoding of package name #10
Comments
@matt-phylum Good catch. Would you be able to provide a PR? |
Is the name just not decoded at all? https://github.com/maennchen/purl/blob/main/lib/purl/parser.ex#L96-L100 |
@matt-phylum I assumed it should be done by But I haven't verified if that is actually the case. |
Currently none of the package types that are part of the docs seem to allow this. This library is able to run the complete & up-to-date test suite from the specification. I propose to wait until the format is decided and the test cases added. This way we're sure that everything is implemented correctly. |
I just saw package-url/purl-spec#273, waiting for that also works :) |
I don't think this is blocked by spec ambiguity. The character encoding section says "the '@' version separator must be encoded as %40 elsewhere," making The examples for |
package-url/purl-spec#254 proposes a new package type which sometimes uses PURLs like
pkg:brew/openssl%401.1@1.1.1w
. This implementation parses that PURL as having a nameopenssl%401.1
instead ofopenssl@1.1
. Serializing that PURL from its expected parts results in the invalid PURLpkg:brew/openssl@1.1@1.1.1w
.The text was updated successfully, but these errors were encountered: