From 4322faab58095909d4e41679ada7f4011c8524f4 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 24 Oct 2024 12:25:35 +0200 Subject: [PATCH] fix: encode double-quot in URL Signed-off-by: Jan Kowalleck --- cyclonedx/model/__init__.py | 1 + tests/_data/models.py | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.1.xml.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.json.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.xml.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.json.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.xml.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.json.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.xml.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.json.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.xml.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.json.bin | 2 +- tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.xml.bin | 2 +- 13 files changed, 13 insertions(+), 12 deletions(-) diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py index 3ac988db..09af9ff1 100644 --- a/cyclonedx/model/__init__.py +++ b/cyclonedx/model/__init__.py @@ -689,6 +689,7 @@ class XsUri(serializable.helpers.BaseHelper): __SPEC_REPLACEMENTS = ( (' ', '%20'), + ('"', '%22'), ('[', '%5B'), (']', '%5D'), ('<', '%3C'), diff --git a/tests/_data/models.py b/tests/_data/models.py index ab1805eb..b700d8f4 100644 --- a/tests/_data/models.py +++ b/tests/_data/models.py @@ -1213,7 +1213,7 @@ def get_bom_for_issue_497_urls() -> Bom: ExternalReference( type=ExternalReferenceType.OTHER, comment='control characters', - url=XsUri('https://acme.org/?foo=sp ace&bar[23]=42<=1<2>=3>2&cb={lol}') + url=XsUri('https://acme.org/?foo=sp ace&bar[23]=42<=1<2>=3>2&cb={lol}&dq=a"test"') ), ExternalReference( type=ExternalReferenceType.OTHER, diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.1.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.1.xml.bin index d006b51e..94a261bb 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.1.xml.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.1.xml.bin @@ -14,7 +14,7 @@ pre-encoded - https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D + https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&dq=a%22test%22 control characters diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.json.bin index aa874e99..896338b1 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.json.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.json.bin @@ -16,7 +16,7 @@ { "comment": "control characters", "type": "other", - "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D" + "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D&dq=a%22test%22" } ], "name": "dummy", diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.xml.bin index edf73273..579357bf 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.xml.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.xml.bin @@ -17,7 +17,7 @@ pre-encoded - https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D + https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&dq=a%22test%22 control characters diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.json.bin index 625c6a9e..cc1e5e31 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.json.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.json.bin @@ -16,7 +16,7 @@ { "comment": "control characters", "type": "other", - "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D" + "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D&dq=a%22test%22" } ], "name": "dummy", diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.xml.bin index e6af9f05..766fa5db 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.xml.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.xml.bin @@ -17,7 +17,7 @@ pre-encoded - https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D + https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&dq=a%22test%22 control characters diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.json.bin index 09ad3d10..d88fa560 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.json.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.json.bin @@ -16,7 +16,7 @@ { "comment": "control characters", "type": "other", - "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D" + "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D&dq=a%22test%22" } ], "name": "dummy", diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.xml.bin index 264d4286..95fa3583 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.xml.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.xml.bin @@ -16,7 +16,7 @@ pre-encoded - https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D + https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&dq=a%22test%22 control characters diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.json.bin index aa21468f..b272848d 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.json.bin @@ -16,7 +16,7 @@ { "comment": "control characters", "type": "other", - "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D" + "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D&dq=a%22test%22" } ], "name": "dummy", diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.xml.bin index 62049bdc..21431d6b 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.xml.bin @@ -16,7 +16,7 @@ pre-encoded - https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D + https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&dq=a%22test%22 control characters diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.json.bin index b07192c6..f49acded 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.json.bin @@ -16,7 +16,7 @@ { "comment": "control characters", "type": "other", - "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D" + "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D&dq=a%22test%22" } ], "name": "dummy", diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.xml.bin index b780c8cf..34133ffe 100644 --- a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.xml.bin @@ -16,7 +16,7 @@ pre-encoded - https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D + https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&dq=a%22test%22 control characters