fix(bom map): avoid crash on special chars in attachment names

If an existing attachment contains a special character like "%", the BOM writer crashed as this is not allowed in CycloneDX external reference URLs. Fixes #70
sw360 · Jun 26, 2024 · ed7e632 · ed7e632
1 parent e3f6a70
commit ed7e632
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/capycli/bom/map_bom.py b/capycli/bom/map_bom.py
@@ -12,6 +12,7 @@
 import pathlib
 import re
 import sys
+import urllib
 from enum import Enum
 from typing import Any, Dict, List, Optional, Tuple
 
@@ -682,6 +683,7 @@ def update_bom_item(self, component: Optional[Component], match: Dict[str, Any])
 
         value_match = match.get("SourceFile", "")
         if value_match:
+            value_match = urllib.parse.quote(value_match)
             ext_ref_src_file = CycloneDxSupport.get_ext_ref(
                 component,
                 ExternalReferenceType.DISTRIBUTION,
@@ -697,6 +699,7 @@ def update_bom_item(self, component: Optional[Component], match: Dict[str, Any])
 
         value_match = match.get("BinaryFile", "")
         if value_match:
+            value_match = urllib.parse.quote(value_match)
             ext_ref_bin_file = CycloneDxSupport.get_ext_ref(
                 component,
                 ExternalReferenceType.DISTRIBUTION,

diff --git a/tests/test_bom_map2.py b/tests/test_bom_map2.py
@@ -2491,8 +2491,8 @@ def test_update_bom_item(self) -> None:
         match["Language"] = "C#"
         match["ComponentId"] = "123"
         match["SourceUrl"] = "http://123"
-        match["SourceFile"] = "123.zip"
-        match["BinaryFile"] = "123.dll"
+        match["SourceFile"] = "123%1.zip"
+        match["BinaryFile"] = "123%.dll"
         match["ProjectSite"] = "http://somewhere"
         match["Sw360Id"] = "007"
         match["ComponentId"] = "0815"
@@ -2501,8 +2501,8 @@ def test_update_bom_item(self) -> None:
         self.assertEqual("2", updated.version)
         self.assertEqual("C#", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_LANGUAGE))
         self.assertEqual("http://123", str(CycloneDxSupport.get_ext_ref_source_url(updated)))
-        self.assertEqual("123.zip", str(CycloneDxSupport.get_ext_ref_source_file(updated)))
-        self.assertEqual("123.dll", str(CycloneDxSupport.get_ext_ref_binary_file(updated)))
+        self.assertEqual("123%251.zip", str(CycloneDxSupport.get_ext_ref_source_file(updated)))
+        self.assertEqual("123%25.dll", str(CycloneDxSupport.get_ext_ref_binary_file(updated)))
         self.assertEqual("http://somewhere", str(CycloneDxSupport.get_ext_ref_website(updated)))
         self.assertEqual("007", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_SW360ID))
 
@@ -2548,8 +2548,8 @@ def test_update_bom_item(self) -> None:
         self.assertEqual("2", updated.version)
         self.assertEqual("C#", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_LANGUAGE))
         self.assertEqual("http://123", str(CycloneDxSupport.get_ext_ref_source_url(updated)))
-        self.assertEqual("123.zip", str(CycloneDxSupport.get_ext_ref_source_file(updated)))
-        self.assertEqual("123.dll", str(CycloneDxSupport.get_ext_ref_binary_file(updated)))
+        self.assertEqual("123%251.zip", str(CycloneDxSupport.get_ext_ref_source_file(updated)))
+        self.assertEqual("123%25.dll", str(CycloneDxSupport.get_ext_ref_binary_file(updated)))
         self.assertEqual("http://somewhere", str(CycloneDxSupport.get_ext_ref_website(updated)))
         self.assertEqual("007", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_SW360ID))
         self.assertEqual("0815", CycloneDxSupport.get_property_value(updated, CycloneDxSupport.CDX_PROP_COMPONENT_ID))