Special characters (tab, newline) in license URL #3122

scom-technology-operations · 2024-08-14T08:35:06Z

What happened:

We have created a CycloneDX-JSON of our Nexus installation with the last Syft version.
The UserAgentUtils library version 1.21 is found there as a dependency.
We have imported this CycloneDX-JSON into the latest version of Dependency-Track.
There we get the error message:

'$.components[9].licenses[0].license.url: does not match the iri-reference pattern must be a valid RFC 3987 IRI-reference'

What you expected to happen:

The license URL should be without special characters like newlines and tabs in the JSON field url.

Steps to reproduce the issue:

Download .jar file
https://repo1.maven.org/maven2/eu/bitwalker/UserAgentUtils/1.21/UserAgentUtils-1.21.jar
syft --output cyclonedx-json=file.json --verbose

Anything else we need to know?:

In the file /META-INF/maven/eu.bitwalker/UserAgentUtils/pom.xml the license field is defined as follows.

	<licenses>
		<license>
			<name>New BSD License</name>
			<url>
				http://user-agent-utils.googlecode.com/svn/trunk/UserAgentUtils/LICENSE.txt
			</url>
			<distribution>repo</distribution>
		</license>
	</licenses>

In the CycloneDX-JSON from Syft the license entry is displayed as follows.

      "licenses": [
        {
          "license": {
            "name": "New BSD License",
            "url": "\n\t\t\t\thttp://user-agent-utils.googlecode.com/svn/trunk/UserAgentUtils/LICENSE.txt\n\t\t\t"
          }
        }
      ],

Environment:

Output of syft version:

Application: syft
Version: 1.11.0
BuildDate: 2024-08-09T17:52:25Z
GitCommit: 19cc664
GitDescription: v1.11.0
Platform: linux/amd64
GoVersion: go1.22.5
Compiler: gc

OS (cat /etc/os-release):

NAME="AlmaLinux"
VERSION="9.4 (Seafoam Ocelot)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.4"
PLATFORM_ID="platform:el9"
PRETTY_NAME="AlmaLinux 9.4 (Seafoam Ocelot)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:9::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-9"
ALMALINUX_MANTISBT_PROJECT_VERSION="9.4"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.4"
SUPPORT_END=2032-06-01

Dependency-Track

Version: 4.11.6

The text was updated successfully, but these errors were encountered:

spiffcs · 2024-08-14T14:06:13Z

Thanks for the easy reproduce and bug report @scom-technology-operations! I've picked this up and will get a fix added for our next release.

escalate · 2024-09-16T15:21:03Z

Hey everybody,
are here any news about the release?
Best regards
Felix

scom-technology-operations added the bug Something isn't working label Aug 14, 2024

anchoretoolsops added this to OSS Aug 14, 2024

spiffcs moved this to Ready in OSS Aug 14, 2024

spiffcs self-assigned this Aug 14, 2024

wagoodman added the license relating to software licensing label Sep 20, 2024

willmurphyscode moved this from Ready to In Review in OSS Oct 8, 2024

spiffcs linked a pull request Nov 17, 2024 that will close this issue

3122 valid license url characters #3449

Open

4 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Special characters (tab, newline) in license URL #3122

Special characters (tab, newline) in license URL #3122

scom-technology-operations commented Aug 14, 2024 •

edited

Loading

spiffcs commented Aug 14, 2024

escalate commented Sep 16, 2024

Special characters (tab, newline) in license URL #3122

Special characters (tab, newline) in license URL #3122

Comments

scom-technology-operations commented Aug 14, 2024 • edited Loading

spiffcs commented Aug 14, 2024

escalate commented Sep 16, 2024

scom-technology-operations commented Aug 14, 2024 •

edited

Loading