search

buildpacks / libcnb

A non-opinionated language binding for the Cloud Native Buildpack Buildpack and Extension specifications
Apache License 2.0
32 stars 13 forks source link

improve SBOM validation #272

Closed sagnik3788 closed 2 weeks ago

sagnik3788 commented 5 months ago

Resolves #126

dmikusa commented 5 months ago

Can you add a test case here that proves this change fixes the issue?

The idea would be to do something like change sbom-formats = ["application/vnd.cyclonedx+json"] to sbom-formats = ["application/vnd.cyclonedx+json;charset=us-ascii"]. I don't know if that's valid, but I'm pretty sure that will fail using the current methods. Because it will detect the media type as one of these options (https://github.com/buildpacks/libcnb/blob/main/layer.go#L96-L101), which don't match exactly.

dmikusa commented 2 months ago

Hi @sagnik3788, just wanted to follow up and see how things are going. Did you see my previous note? Are you still interested in submitting a code change here? Thanks!

dmikusa commented 2 weeks ago

Closing as we need some test coverage to be able to merge this. @sagnik3788 if you want to pick this back up feel free to send a new PR. Thanks