Description
In generator.py, the PURL generation uses .replace('/', '/') which is a no-op and produces invalid Package URLs.
Location
- File:
HF_files/aibom-generator/src/aibom-generator/generator.py
- Lines: 242, 246
Current Code
purl = f"pkg:huggingface/{model_id.replace('/', '/')}"The .replace('/', '/') does nothing - it replaces forward slashes with forward slashes.
Expected Behavior
PURLs should URL-encode the forward slash in model IDs:
purl = f"pkg:huggingface/{model_id.replace('/', '%2F')}"Impact
- Generated AIBOMs contain invalid PURL identifiers
- Tools consuming the AIBOM may fail to resolve package references
- Non-compliant with PURL specification
Note
Lines 232 and 249 correctly use %2F encoding, so this appears to be an inconsistency rather than a design choice.
Suggested Fix
Replace all occurrences of .replace('/', '/') with .replace('/', '%2F') for PURL generation.
Description
In
generator.py, the PURL generation uses.replace('/', '/')which is a no-op and produces invalid Package URLs.Location
HF_files/aibom-generator/src/aibom-generator/generator.pyCurrent Code
The
.replace('/', '/')does nothing - it replaces forward slashes with forward slashes.Expected Behavior
PURLs should URL-encode the forward slash in model IDs:
Impact
Note
Lines 232 and 249 correctly use
%2Fencoding, so this appears to be an inconsistency rather than a design choice.Suggested Fix
Replace all occurrences of
.replace('/', '/')with.replace('/', '%2F')for PURL generation.