From ba28dfdf489ef4ce01200242187298c3e44bc0fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Prpi=C4=8D?= Date: Tue, 24 Sep 2024 11:43:03 +0200 Subject: [PATCH] Fix unescaped colons in version string of container image purls --- ...ment-operator-container-1.1.2-25.spdx.json | 8 ++++---- ...perator-container-1.1.2-25_amd64.spdx.json | 2 +- ...perator-container-1.1.2-25_arm64.spdx.json | 2 +- ...rator-container-1.1.2-25_ppc64le.spdx.json | 2 +- .../build/remove_release_data.py | 3 ++- ...micro-container-9.4-6.1716471860.spdx.json | 20 +++++++++---------- ...container-9.4-6.1716471860_amd64.spdx.json | 4 ++-- ...container-9.4-6.1716471860_arm64.spdx.json | 4 ++-- ...ntainer-9.4-6.1716471860_ppc64le.spdx.json | 4 ++-- ...container-9.4-6.1716471860_s390x.spdx.json | 4 ++-- 10 files changed, 27 insertions(+), 26 deletions(-) diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25.spdx.json index c625f7d..03a1918 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25.spdx.json @@ -22,7 +22,7 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256:d845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98" + "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256%3Ad845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98" } ], "checksums": [ @@ -43,7 +43,7 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256:d845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=amd64" + "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256%3Ad845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=amd64" } ], "checksums": [ @@ -64,7 +64,7 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256:d845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=arm64" + "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256%3Ad845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=arm64" } ], "checksums": [ @@ -85,7 +85,7 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256:d845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=ppc64le" + "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256%3Ad845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=ppc64le" } ], "checksums": [ diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json index ee07c16..422c2c9 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json @@ -22,7 +22,7 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256:d845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=amd64" + "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256%3Ad845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=amd64" } ], "checksums": [ diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json index c0e58f1..4dedecc 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json @@ -22,7 +22,7 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256:d845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=arm64" + "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256%3Ad845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=arm64" } ], "checksums": [ diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json index 8f89bcc..f505a8d 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json @@ -22,7 +22,7 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256:d845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=ppc64le" + "referenceLocator": "pkg:oci/kernel-module-management-rhel9-operator@sha256%3Ad845f0bd93dad56c92c47e8c116a11a0cc5924c0b99aed912b4f8b54178efa98?arch=ppc64le" } ], "checksums": [ diff --git a/sbom/examples/container_image/build/remove_release_data.py b/sbom/examples/container_image/build/remove_release_data.py index 9f9f17b..cb27f3f 100644 --- a/sbom/examples/container_image/build/remove_release_data.py +++ b/sbom/examples/container_image/build/remove_release_data.py @@ -16,7 +16,8 @@ if purl.type == "oci": purl.qualifiers.pop("tag", None) purl.qualifiers.pop("repository_url", None) - purl_ref["referenceLocator"] = purl.to_string() + # Escape colon because: https://github.com/package-url/packageurl-python/issues/152 + purl_ref["referenceLocator"] = purl.to_string().replace("sha256:", "sha256%3A") with open(f"{sbom_name}.spdx.json", "w") as fp: diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860.spdx.json index bbfa06d..f6b7d8b 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860.spdx.json @@ -22,12 +22,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d" } ], "checksums": [ @@ -48,12 +48,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=ppc64le" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=ppc64le" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=ppc64le" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=ppc64le" } ], "checksums": [ @@ -74,12 +74,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=s390x" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=s390x" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=s390x" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=s390x" } ], "checksums": [ @@ -100,12 +100,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=arm64" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=arm64" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=arm64" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=arm64" } ], "checksums": [ @@ -126,12 +126,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=amd64" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=amd64" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=amd64" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=amd64" } ], "checksums": [ diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json index 4a77538..9c863e4 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json @@ -22,12 +22,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=amd64" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=amd64" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=amd64" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=amd64" } ], "checksums": [ diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json index 0d41a14..2ccef85 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json @@ -22,12 +22,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=arm64" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=arm64" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=arm64" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=arm64" } ], "checksums": [ diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json index f34739b..5cb1ad0 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json @@ -22,12 +22,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=ppc64le" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=ppc64le" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=ppc64le" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=ppc64le" } ], "checksums": [ diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json index 470aa48..3530283 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json @@ -22,12 +22,12 @@ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=s390x" + "referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=s390x" }, { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", - "referenceLocator": "pkg:oci/ubi9-micro@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=s390x" + "referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?arch=s390x" } ], "checksums": [