From 7d69dae16684b33aee33d4b3d5869242546a9de0 Mon Sep 17 00:00:00 2001
From: Andrea Jemmett <1787979+acidghost@users.noreply.github.com>
Date: Mon, 6 Jan 2025 12:49:59 +0100
Subject: [PATCH] fix: ecosystems validate external references urls (#97)

* fix: ecosystems validate urls

* fix: rename arg to ref and use url pkg name
---
 lib/ecosystems/enrich_cyclonedx.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/ecosystems/enrich_cyclonedx.go b/lib/ecosystems/enrich_cyclonedx.go
index 04eb3bf..f1247db 100644
--- a/lib/ecosystems/enrich_cyclonedx.go
+++ b/lib/ecosystems/enrich_cyclonedx.go
@@ -17,6 +17,7 @@
 package ecosystems
 
 import (
+	"net/url"
 	"strings"
 	"time"
 
@@ -65,12 +66,15 @@ func enrichCDXLicense(comp *cdx.Component, data *packages.Version) {
 	}
 }
 
-func enrichExternalReference(comp *cdx.Component, url *string, refType cdx.ExternalReferenceType) {
-	if url == nil {
+func enrichExternalReference(comp *cdx.Component, ref *string, refType cdx.ExternalReferenceType) {
+	if ref == nil {
+		return
+	}
+	if _, err := url.Parse(*ref); err != nil {
 		return
 	}
 	ext := cdx.ExternalReference{
-		URL:  *url,
+		URL:  *ref,
 		Type: refType,
 	}
 	if comp.ExternalReferences == nil {