Comments (8)
lwlwudi
commented on May 29, 2024
like this pkg:generic/SuSE%20Linux%20Enterprise%20Server%2012%20SP5:[email protected]%2Bgit20140911.61c1681-38.13.1.x86_64
from packageurl-python.
lwlwudi
commented on May 29, 2024
It seems to have been translated in the Java package.
from packageurl-python.
lwlwudi
commented on May 29, 2024
Is it a colon that doesn't need to be translated anywhere?
from packageurl-python.
shiqi0715
commented on May 29, 2024
It seems there is a unnecessary step for encoding, it is against spec, is it a bug?
def quote(s):
"""
Return a percent-encoded unicode string, except for colon :, given an `s`
byte or unicode string.
"""
if isinstance(s, unicode):
s = s.encode('utf-8')
quoted = _percent_quote(s)
if not isinstance(quoted, unicode):
quoted = quoted.decode('utf-8')
quoted = quoted.replace('%3A', ':') # there is unnecessary by spec
return quotedfrom packageurl-python.
matt-phylum
commented on May 29, 2024
This is not a bug. The spec does not say to escape ':', and the test suite gives examples of not escaping ':'.
from packageurl-python.
houdini91
commented on May 29, 2024
What about a use case where the is url with port as part of the name..
For example
pkg:container/index.myregstry.io:5000/my-image@v1
Would you expect the ':' to be encoded when going in to toString func?
I was thinking it should not be encoded but it seems to fail on urlparse check.
It seems to recognize the 'index.myregistry.io' as a url scheme and fail with a a bit misleading error.
packageurl-python/src/packageurl/__init__.py
Line 507 in 0d33368
If you prefer I can open a seperate issue.
I can prepare a pr depending on the discussion.
from packageurl-python.
houdini91
commented on May 29, 2024
Ok after taking previous advice I see you expect Such a purl to be
pkg:docker/my_image@sha256:244fd47e07d1004f0aed9c?repository_url=index.my-regstory.io:500
Did I understand correctly, can you elaborate on this logic or point me the the related spec, I tried it with the golang library and i did not see this limitation .
from packageurl-python.
matt-phylum
commented on May 29, 2024
The spec says "the ':' scheme and type separator does not need to and must NOT be encoded. It is unambiguous unencoded elsewhere," meaning it does not need to be encoded here. However:
- Some PURL implementations use generic escaping methods which escape more characters than necessary. This should be okay when parsed using an parser that correctly implements the spec, but can cause problems when supposedly canonical PURLs are compared as strings and they aren't really canonical. Because of this, I'd recommend to compare PURLs using the URL algorithm where you parse and then reserialize both PURLs using whatever PURL implementation you're using to get a consistent representation.
- The way PURL encodes qualifiers is very similar to x-www-form-urlencoded, which encodes more characters and has special rules about '+' characters. The PURL spec does not mention x-www-form-urlencoded anywhere, but some implementations use x-www-form-urlencoded anyway, leading to unnecessary escaping and incorrect serialization and parsing of some PURLs. (package-url/purl-spec#261)
from packageurl-python.
Related Issues (20)
- get_repo_url and get_download_url give no result HOT 7
- Confusing code formatting requirements HOT 3
- Promote version 0.11 from 0.11.0rc1 HOT 3
- Add 'gem' route for purl2url HOT 1
- Return empty purl fields in purl_to_lookups
- Fails to return the version if dependencies are specified HOT 1
- Normalize for qualifiers HOT 5
- Add support for RPM distros in url2purl and purl2ulrl HOT 1
- Add support for bitbucket and gitlab in purl2url to get download URLs HOT 1
- purl.fyi: Convert all purl to URLs seamlessly HOT 1
- no proper release in GitHub for version 0.11.2 HOT 1
- Should PyPI Purl Versions have `_` replaced with `-` (like Name) HOT 1
- Incorrect parsing for PURLs without names HOT 2
- Provide support for Gitlab versioning HOT 1
- Parsing regression for Golang in 0.12.0 release HOT 1
- Improve support for SourceForge URLs HOT 1
- May be vulnerable to `npmjs.evil.com`, `evilpython.org`, `evilsourceforge.net` and more HOT 1
- Add support for additional packages in purl2url HOT 10
- Adding type hints HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from packageurl-python.