From ca1ccf28e31ac3051a759b45961942481b7fd223 Mon Sep 17 00:00:00 2001 From: Justin Perez Date: Fri, 2 Jun 2023 18:40:10 +0000 Subject: [PATCH] fix: escape colons in qualifer values --- src/PackageUrl.cs | 2 +- tests/TestAssets/test-suite-data.json | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/PackageUrl.cs b/src/PackageUrl.cs index b86abf9..b65de4f 100644 --- a/src/PackageUrl.cs +++ b/src/PackageUrl.cs @@ -160,7 +160,7 @@ public override string ToString() purl.Append("?"); foreach (var pair in Qualifiers) { - string encodedValue = WebUtility.UrlEncode(pair.Value).Replace(EncodedSlash, "/"); + string encodedValue = WebUtility.UrlEncode(pair.Value).Replace(EncodedSlash, "/").Replace(EncodedColon, ":"); purl.Append(pair.Key.ToLower()); purl.Append('='); purl.Append(encodedValue); diff --git a/tests/TestAssets/test-suite-data.json b/tests/TestAssets/test-suite-data.json index ab7f709..d402fc8 100644 --- a/tests/TestAssets/test-suite-data.json +++ b/tests/TestAssets/test-suite-data.json @@ -302,6 +302,20 @@ "subpath": null, "is_invalid": false }, + { + "description": "colons and slashes aren't escaped in qualifer values", + "purl": "pkg:cocoapods/MapsIndoors@3.24.0?repository_url=https://contoso.com", + "canonical_purl": "pkg:cocoapods/MapsIndoors@3.24.0?repository_url=https://contoso.com", + "type": "cocoapods", + "namespace": null, + "name": "MapsIndoors", + "version": "3.24.0", + "qualifiers": { + "repository_url": "https://contoso.com" + }, + "subpath": null, + "is_invalid": false + }, { "description": "cocoapods names are case sensitive", "purl": "pkg:cocoapods/MapsIndoors@3.24.0",