From d546749970f2c4304eb3d43253b12af3af9933be Mon Sep 17 00:00:00 2001 From: nscuro Date: Sat, 22 Jun 2024 18:13:48 +0200 Subject: [PATCH] Fix BOM validation failing when URL contains encoded `[` and `]` characters Fixes #3831 Signed-off-by: nscuro --- pom.xml | 2 +- .../cyclonedx/CycloneDxValidatorTest.java | 23 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 53337bf5aa..717cbe0d05 100644 --- a/pom.xml +++ b/pom.xml @@ -93,7 +93,7 @@ 1.26.1 1.4.2 1.0.1 - 9.0.3 + 9.0.4 1.6.15 2.17.1 2.17.1 diff --git a/src/test/java/org/dependencytrack/parser/cyclonedx/CycloneDxValidatorTest.java b/src/test/java/org/dependencytrack/parser/cyclonedx/CycloneDxValidatorTest.java index 6312107a82..fc783623d0 100644 --- a/src/test/java/org/dependencytrack/parser/cyclonedx/CycloneDxValidatorTest.java +++ b/src/test/java/org/dependencytrack/parser/cyclonedx/CycloneDxValidatorTest.java @@ -218,4 +218,27 @@ public void testValidateWithValidBom(final Path bomFilePath) throws Exception { assertThatNoException().isThrownBy(() -> validator.validate(bomBytes)); } + @Test // https://github.com/DependencyTrack/dependency-track/issues/3831 + public void testValidateJsonWithUrlContainingEncodedBrackets() { + assertThatNoException() + .isThrownBy(() -> validator.validate(""" + { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "components": [ + { + "type": "library", + "name": "acme-library", + "externalReferences": [ + { + "type": "website", + "url": "https://example.com/foo?bar=%5Bbaz%5D" + } + ] + } + ] + } + """.getBytes())); + } + } \ No newline at end of file