-
-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trailing zeros in fractional digits of timestamp fails validation. #353
Comments
The underlying problem here is that
However, for JSON schema, the format is actually RFC 3339 which is a constrained subset of ISO 8601.
If you agree, let me know and I'll try a PR. |
Thanks for binging this up and sorry for the slow response. So, I believe that the JSON we produce is actually correct and some tools don't support RFC3339 fully. I might be mistaken though. It seems as if we want to fix the validator instead? For reference, here's what I did:
This is version 0.25 |
I have started a discussion in the CycloneDX Slack and I'll see if there are any results. |
I opened an issue in the .NET library which is used by the CLI. I'm going to close this issue as our JSON documents do indeed seem to be valid. If you find any other validators that fail please let me know, I'm happy to reach out upstream and try to get them fixed as well. |
Thanks for looking into this @lfrancke. It's been long enough that I don't remember how deep I went into RFC 3339 looking at formatting rules. Entirely possible the validation is too strict. |
I looked into it again and technically we are doing something wrong I believe. |
To be more precice: JSON requires RFC 3339, XML ISO 8601, yay |
JSON Timestamps in cyclone-dx use the
date-time
format:The
date-time
format is described here:"date-time": Date and time together, for example, 2018-11-13T20:20:39+00:00
Using OWASP tools:
The BOM will validate using both tools if I remove the trailing zeros from the fractional digits in output manually:
E.g. going from:
2022-12-21T23:54:20.218381200Z
to
2022-12-21T23:54:20.2183812Z
The text was updated successfully, but these errors were encountered: