cyclonedx-core-java icon indicating copy to clipboard operation
cyclonedx-core-java copied to clipboard
verified publisher icon CycloneDX

externalReferences serialization not well formed

Open Bananeweizen opened this issue 2 years ago • 0 comments

The code at https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/java/org/cyclonedx/util/ExternalReferenceSerializer.java#L56 produces XML output for external references (website, version control, issue tracker...) as a single line of concatenated XML. Everything else in the XML files is well-formed.

Example BOM excerpt:

      </licenses>
      <purl>pkg:maven/commons-io/[email protected]?type=jar</purl>
      <externalReferences><reference type="website"><url>https://commons.apache.org/proper/commons-io/</url></reference><reference type="build-system"><url>https://builds.apache.org/</url></reference><reference type="distribution"><url>https://repository.apache.org/service/local/staging/deploy/maven2</url></reference><reference type="issue-tracker"><url>https://issues.apache.org/jira/browse/IO</url></reference><reference type="mailing-list"><url>https://mail-archives.apache.org/mod_mbox/commons-user/</url></reference><reference type="vcs"><url>https://gitbox.apache.org/repos/asf?p=commons-io.git</url></reference></externalReferences>
    </component>

Bananeweizen avatar Mar 03 '23 21:03 Bananeweizen