From 7c5ebfc4bafcf2d6902f7df1d9f27f9615766dca Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Tue, 10 Dec 2024 06:37:48 -0500 Subject: [PATCH 1/4] test: unencoded subpath cannot contain . or .. supercedes #52 Signed-off-by: Jeremy Long --- test-suite-data.json | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/test-suite-data.json b/test-suite-data.json index 689741a9..c7e7696a 100644 --- a/test-suite-data.json +++ b/test-suite-data.json @@ -47,6 +47,30 @@ "subpath": "googleapis/api/annotations", "is_invalid": false }, + { + "description": "invalid subpath - unencoded subpath cannot contain ..", + "purl": "pkg:GOLANG/google.golang.org/genproto@abcdedf#/googleapis/%2E%2E/api/annotations/", + "canonical_purl": "pkg:golang/google.golang.org/genproto@abcdedf#googleapis/api/annotations", + "type": "golang", + "namespace": "google.golang.org", + "name": "genproto", + "version": "abcdedf", + "qualifiers": null, + "subpath": "googleapis/../api/annotations", + "is_invalid": true + }, + { + "description": "invalid subpath - unencoded subpath cannot contain .", + "purl": "pkg:GOLANG/google.golang.org/genproto@abcdedf#/googleapis/%2E/api/annotations/", + "canonical_purl": "pkg:golang/google.golang.org/genproto@abcdedf#googleapis/api/annotations", + "type": "golang", + "namespace": "google.golang.org", + "name": "genproto", + "version": "abcdedf", + "qualifiers": null, + "subpath": "googleapis/./api/annotations", + "is_invalid": true + }, { "description": "bitbucket namespace and name should be lowercased", "purl": "pkg:bitbucket/birKenfeld/pyGments-main@244fd47e07d1014f0aed9c", From e228898acdbb8cc01b29984ebbf4b69b59756ddc Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 13 Feb 2025 14:49:49 +0100 Subject: [PATCH 2/4] escape '..' --- test-suite-data.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-suite-data.json b/test-suite-data.json index c7e7696a..01caa26b 100644 --- a/test-suite-data.json +++ b/test-suite-data.json @@ -48,7 +48,7 @@ "is_invalid": false }, { - "description": "invalid subpath - unencoded subpath cannot contain ..", + "description": "invalid subpath - unencoded subpath cannot contain '..'", "purl": "pkg:GOLANG/google.golang.org/genproto@abcdedf#/googleapis/%2E%2E/api/annotations/", "canonical_purl": "pkg:golang/google.golang.org/genproto@abcdedf#googleapis/api/annotations", "type": "golang", From f47c2cba8023df5a8865bcb7edb4a219acd464ac Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 13 Feb 2025 14:50:10 +0100 Subject: [PATCH 3/4] escape '.' --- test-suite-data.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-suite-data.json b/test-suite-data.json index 01caa26b..967cc285 100644 --- a/test-suite-data.json +++ b/test-suite-data.json @@ -60,7 +60,7 @@ "is_invalid": true }, { - "description": "invalid subpath - unencoded subpath cannot contain .", + "description": "invalid subpath - unencoded subpath cannot contain '.'", "purl": "pkg:GOLANG/google.golang.org/genproto@abcdedf#/googleapis/%2E/api/annotations/", "canonical_purl": "pkg:golang/google.golang.org/genproto@abcdedf#googleapis/api/annotations", "type": "golang", From 304eee2ea8e5f2e6a77df54be845e7b269497aec Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 13 Feb 2025 16:25:39 +0100 Subject: [PATCH 4/4] Apply suggestions from code review --- test-suite-data.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test-suite-data.json b/test-suite-data.json index 967cc285..a9a71e5a 100644 --- a/test-suite-data.json +++ b/test-suite-data.json @@ -57,7 +57,7 @@ "version": "abcdedf", "qualifiers": null, "subpath": "googleapis/../api/annotations", - "is_invalid": true + "is_invalid": false }, { "description": "invalid subpath - unencoded subpath cannot contain '.'", @@ -69,7 +69,7 @@ "version": "abcdedf", "qualifiers": null, "subpath": "googleapis/./api/annotations", - "is_invalid": true + "is_invalid": false }, { "description": "bitbucket namespace and name should be lowercased",