fix: encode quotation mark in URL (#724)

jkowalleck · web-flow · commit a7c7c97c37ee · 2024-10-24T12:53:44.000+02:00
Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt;
diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py
@@ -689,6 +689,8 @@ class XsUri(serializable.helpers.BaseHelper):
 
     __SPEC_REPLACEMENTS = (
         (' ', '%20'),
+        ('"', '%22'),
+        ("'", '%27'),
         ('[', '%5B'),
         (']', '%5D'),
         ('<', '%3C'),
diff --git a/tests/_data/models.py b/tests/_data/models.py
@@ -1213,7 +1213,14 @@ def get_bom_for_issue_497_urls() -> Bom:
             ExternalReference(
                 type=ExternalReferenceType.OTHER,
                 comment='control characters',
-                url=XsUri('https://acme.org/?foo=sp ace&bar[23]=42&lt=1<2&gt=3>2&cb={lol}')
+                url=XsUri('https://acme.org/?'
+                          'foo=sp ace&'
+                          'bar[23]=42&'
+                          'lt=1<2&'
+                          'gt=3>2&'
+                          'cb={lol}&'
+                          'quote="test"is\'test\''
+                          )
             ),
             ExternalReference(
                 type=ExternalReferenceType.OTHER,
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.1.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.1.xml.bin
@@ -14,7 +14,7 @@
           <comment>pre-encoded</comment>
         </reference>
         <reference type="other">
-          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D</url>
+          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D&amp;quote=%22test%22is%27test%27</url>
           <comment>control characters</comment>
         </reference>
       </externalReferences>
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.json.bin
@@ -16,7 +16,7 @@
         {
           "comment": "control characters",
           "type": "other",
-          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D"
+          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27"
         }
       ],
       "name": "dummy",
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.xml.bin
@@ -17,7 +17,7 @@
           <comment>pre-encoded</comment>
         </reference>
         <reference type="other">
-          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D</url>
+          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D&amp;quote=%22test%22is%27test%27</url>
           <comment>control characters</comment>
         </reference>
       </externalReferences>
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.json.bin
@@ -16,7 +16,7 @@
         {
           "comment": "control characters",
           "type": "other",
-          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D"
+          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27"
         }
       ],
       "name": "dummy",
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.xml.bin
@@ -17,7 +17,7 @@
           <comment>pre-encoded</comment>
         </reference>
         <reference type="other">
-          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D</url>
+          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D&amp;quote=%22test%22is%27test%27</url>
           <comment>control characters</comment>
         </reference>
       </externalReferences>
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.json.bin
@@ -16,7 +16,7 @@
         {
           "comment": "control characters",
           "type": "other",
-          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D"
+          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27"
         }
       ],
       "name": "dummy",
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.xml.bin
@@ -16,7 +16,7 @@
           <comment>pre-encoded</comment>
         </reference>
         <reference type="other">
-          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D</url>
+          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D&amp;quote=%22test%22is%27test%27</url>
           <comment>control characters</comment>
         </reference>
       </externalReferences>
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.json.bin
@@ -16,7 +16,7 @@
         {
           "comment": "control characters",
           "type": "other",
-          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D"
+          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27"
         }
       ],
       "name": "dummy",
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.xml.bin
@@ -16,7 +16,7 @@
           <comment>pre-encoded</comment>
         </reference>
         <reference type="other">
-          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D</url>
+          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D&amp;quote=%22test%22is%27test%27</url>
           <comment>control characters</comment>
         </reference>
       </externalReferences>
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.json.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.json.bin
@@ -16,7 +16,7 @@
         {
           "comment": "control characters",
           "type": "other",
-          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D"
+          "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27"
         }
       ],
       "name": "dummy",
diff --git a/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.xml.bin b/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.xml.bin
@@ -16,7 +16,7 @@
           <comment>pre-encoded</comment>
         </reference>
         <reference type="other">
-          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D</url>
+          <url>https://acme.org/?foo=sp%20ace&amp;bar%5B23%5D=42&amp;lt=1%3C2&amp;gt=3%3E2&amp;cb=%7Blol%7D&amp;quote=%22test%22is%27test%27</url>
           <comment>control characters</comment>
         </reference>
       </externalReferences>

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`	`{`
`17`	`17`	`"comment": "control characters",`
`18`	`18`	`"type": "other",`
`19`		`- "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D"`
	`19`	`+ "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27"`
`20`	`20`	`}`
`21`	`21`	`],`
`22`	`22`	`"name": "dummy",`