cdxgen icon indicating copy to clipboard operation
cdxgen copied to clipboard
verified publisher icon CycloneDX

[cargo]: Incorrect version number parsing in cargo.toml

Open Code-Agitator opened this issue 11 months ago • 2 comments

Case

[dependencies]
serde_json = { version = "1.0.128" }

Issue Description

In the provided cargo.toml file, the version number for the dependency serde_json is specified as 1.0.128 }

Code-Agitator avatar Jan 23 '25 06:01 Code-Agitator

We introduced a toml library quite late to the project, so there is a lot of code that is parsing the toml files manually.

https://github.com/CycloneDX/cdxgen/blob/cd77efae086446ff4a3b92cf35b88de2be828d36/lib/helpers/utils.js#L7465

I think it is a good idea to refactor all cargo parsing methods to use toml library. Would you be interested in contributing a PR?

prabhu avatar Jan 23 '25 06:01 prabhu

@prabhu Thank you for the invitation, this is indeed a good idea. I will try to complete it, and if I can do it well, I will submit a PR.

Code-Agitator avatar Jan 23 '25 09:01 Code-Agitator