From 32db3bcc8945408979fab1247abf3d95d1151f66 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 24 Jun 2026 13:47:32 -0700 Subject: [PATCH] Check for invalid object URIs Fixes #78 Signed-off-by: Gary O'Neall --- src/main/java/org/spdx/core/CoreModelObject.java | 7 +++++++ src/test/java/org/spdx/core/TestCoreModelObject.java | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/src/main/java/org/spdx/core/CoreModelObject.java b/src/main/java/org/spdx/core/CoreModelObject.java index e691abd..44bd918 100644 --- a/src/main/java/org/spdx/core/CoreModelObject.java +++ b/src/main/java/org/spdx/core/CoreModelObject.java @@ -5,6 +5,8 @@ */ package org.spdx.core; +import java.net.URI; +import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -127,6 +129,11 @@ protected CoreModelObject(IModelStore modelStore, String objectUri, @Nullable IM if (!ModelRegistry.getModelRegistry().containsSpecVersion(specVersion)) { throw new InvalidSPDXAnalysisException("Unknown spec version "+specVersion); } + try { + URI uri = new URI(objectUri); + } catch (URISyntaxException e) { + throw new InvalidSPDXAnalysisException("Invalid objectUri: "+objectUri, e); + } this.modelStore = modelStore; this.copyManager = copyManager; this.objectUri = objectUri; diff --git a/src/test/java/org/spdx/core/TestCoreModelObject.java b/src/test/java/org/spdx/core/TestCoreModelObject.java index bd2c6c3..f3b524e 100644 --- a/src/test/java/org/spdx/core/TestCoreModelObject.java +++ b/src/test/java/org/spdx/core/TestCoreModelObject.java @@ -392,4 +392,14 @@ public void testGetId() throws InvalidSPDXAnalysisException { assertEquals(OBJECT_URI, noPrefix.getId()); } + @Test + public void testInvalidObjectUri() { + try { + CoreModelObject prefix = new MockModelType(modelStore, "this is invalid", copyManager, true, "3.0.0"); + fail("Invalid object URI did not throw an exception"); + } catch (InvalidSPDXAnalysisException e) { + // expected + } + } + }