urlencoded symbols (%2F) in purl (only with type=go, USE_GOSUM=1)
Closed this issue · 3 comments
CaMoPeZzz commented
How to reproduce
cdxgen --version
11.0.3
USE_GOSUM=1 cdxgen -t go .
Reproduced with any go.sum file, for example
k8s.io/api v0.26.1 h1:r0UMaq1vSDcx6gEVjtXPMKyOC9GKKurZoki2r1PhKZE=
k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg=
k8s.io/apiextensions-apiserver v0.26.1 h1:1EguIr5qxKQahMmF37JUnbP9gfuP79DXG/yzqRCHFBA=
k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM=
Result BOM
{
"group": "",
"name": "k8s.io/api",
"version": "v0.26.1",
"hashes": [
{
"alg": "SHA-256",
"content": "c5dfc604d811d1fef4efe0133723e6435a322928277735e28fcd45cd61ac7a38"
}
],
"purl": "pkg:golang/k8s.io%2Fapi@v0.26.1",
"type": "library",
"bom-ref": "pkg:golang/k8s.io/api@v0.26.1"
},
{
"group": "",
"name": "k8s.io/apiextensions-apiserver",
"version": "v0.26.1",
"hashes": [
{
"alg": "SHA-256",
"content": "029b633925c31ae1342480b1fc49b5e4f6a83bb6ee2f04ecd1d1a57881e2c523"
}
],
"purl": "pkg:golang/k8s.io%2Fapiextensions-apiserver@v0.26.1",
"type": "library",
"bom-ref": "pkg:golang/k8s.io/apiextensions-apiserver@v0.26.1"
},
prabhu commented
Thank you for sharing this ticket with the PR. Are you planning to add the license and hash capabilities as well to complete it?
CaMoPeZzz commented
The functionality of licenses and hashes is not affected, It works as it did before. License block is included in getGoPkgComponent.