This issue is related to spdx/spdx-java-model-2_X#33 and has identical behaviour and an identical fix.
The regex that validates PackageDownloadLocation tags rejects git URLs with underscores in the repository name:
|
git_pattern = "(git\\+git@[a-zA-Z0-9\\.\\-]+:[a-zA-Z0-9/\\\\.@\\-]+)" |
Example of a line from an SBOM that doesn't validate (because of the underscore in the repo name) but should:
PackageDownloadLocation: git+git@github.com:zephyrproject-rtos/CMSIS_6@06d952b6713a2ca41c9224a62075e4059402a151-off
Proposed fix:
- git_pattern = "(git\\+git@[a-zA-Z0-9\\.\\-]+:[a-zA-Z0-9/\\\\.@\\-]+)"
+ git_pattern = "(git\\+git@[a-zA-Z0-9\\.\\-]+:[a-zA-Z0-9/\\\\.@\\-_]+)"
This issue is related to spdx/spdx-java-model-2_X#33 and has identical behaviour and an identical fix.
The regex that validates
PackageDownloadLocationtags rejects git URLs with underscores in the repository name:tools-python/src/spdx_tools/spdx/validation/uri_validators.py
Line 18 in b7f9a3d
Example of a line from an SBOM that doesn't validate (because of the underscore in the repo name) but should:
Proposed fix: