Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Purl Encoding/Decoding bug #29

Open
thepl4n opened this issue Dec 5, 2023 · 0 comments
Open

Purl Encoding/Decoding bug #29

thepl4n opened this issue Dec 5, 2023 · 0 comments

Comments

@thepl4n
Copy link

thepl4n commented Dec 5, 2023

As per purl specification, purl URL should conform to the URL definitions or specifications of rfc3986. Current implementation uses WebUtility.UrlEncode() and WebUtility.UrlDecode() which does not follow rfc3986 specification.
Example - 

PackageURL purl = new PackageURL("docker", "ruby advisory db check");
Console.WriteLine(purl.ToString());
// This code produces the following output:
// pkg:docker/ruby+advisory+db+check

As here we can see the WebUtility.UrlEncode() encodes spaces as + but as per rfc3986 it should be encoded as %20. If we look other implementations of purl (JAVA, JS) those implementations encode spaces as %20. There's incompatibility with other implementations when they decode purl encoded by this dotnet implementation.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant