packageurl-java icon indicating copy to clipboard operation
packageurl-java copied to clipboard
verified publisher icon package-url

Inconsistent colon encoding

Open conn4575 opened this issue 3 years ago • 1 comments

There are inconsistencies with colon encoding in different languages. For the following input:

type:docker
name:cassandra
version: sha256:244fd47e07d1004f0aed9c

output:

java implementation: pkg:docker/cassandra@sha256%3A244fd47e07d1004f0aed9c
go implementation: pkg:docker/cassandra@sha256:244fd47e07d1004f0aed9c
python implementation: pkg:docker/cassandra@sha256:244fd47e07d1004f0aed9c

As we can see, the colon : will be encoded as %3A in java implementaion, but not in other languages. According to the specification of purl

the '#', '?', '@' and ':' characters must NOT be encoded when used as separators. They may need to be encoded elsewhere the ':' scheme and type separator does not need to and must NOT be encoded. It is unambiguous unencoded everywhere

I think : must NOT be encoded.

conn4575 avatar Feb 09 '23 02:02 conn4575