Comments (7)
david-a-wheeler
commented on May 23, 2024
Hmmm.
In the general case the URL pathname can be case-sensitive, so it's best to treat it that way. Git is also normally case-sensitive (depending on the underlying filesystem). Some specific systems have pathnames that are case-insensitive, but there's no obvious way to determine which is which. We support arbitrary repos, not just GitHub and GitLab.
It's true that the domain name is not case sensitive when it's ASCII, per IETF RFC 4343. E.g., "I" and "i" are considered the same (apologies to those who speak Turkish).
Handling this in the general case is hard. Here's one idea:
- Do a case-sensitive search. If that works, use it.
- If that fails, but a case-insensitive search finds a result, use that.
What do you think?
from best-practices-badge.
TonyLHansen
commented on May 23, 2024
wouldn't URI.parse allow you to grab the path separately from the fqdn?
from best-practices-badge.
spencerschrock
commented on May 23, 2024
Handling this in the general case is hard. Here's one idea:
- Do a case-sensitive search. If that works, use it.
- If that fails, but a case-insensitive search finds a result, use that.
To clarify, is this your proposal for scorecard or for the best practices API?
from best-practices-badge.
david-a-wheeler
commented on May 23, 2024
wouldn't URI.parse allow you to grab the path separately from the fqdn?
Yes, it's definitely possible. The problem is "what to do with the information". Whether or not the path is case-sensitive depends on the details of the specific system being queried. It can even change over time for a given system being queried. I think "case-sensitive first, then case-insensitive" covers all cases and is simpler to implement.
To clarify, is this your proposal for scorecard or for the best practices API?
I'm thinking of this as a proposal for the best practices badge, as this is an issue against the best practice badge.
This might make sense to do this in Scorecard as well, but I think that should be a different issue in that case.
from best-practices-badge.
spencerschrock
commented on May 23, 2024
It can even change over time for a given system being queried. I think "case-sensitive first, then case-insensitive" covers all cases and is simpler to implement.
I think the only case this doesn't cover is a false match. Consider a host where path is case sensitive, and there are two projects, but only one is in the best practices dataset:
- foo.com/x/y (not in the dataset)
- foo.com/X/Y (in the dataset)
A request for foo.com/X/Y would successfully case match and return the intended project. A request for foo.com/x/y would miss the exact match and return the wrong project during the case insensitivity.
from best-practices-badge.
david-a-wheeler
commented on May 23, 2024
@spencerschrock - you're right, this approach does risk a false match. I think the risk is low, but it does give pause. I can't think of another approach though, so I think we end up with two possibilities:
- Close this unchanged.
- Make the change proposed (case-sensitive then case-insensitive).
Anyone have a third way?
from best-practices-badge.
TonyLHansen
commented on May 23, 2024
I say: accept the risk and go with case-sensitive then case-insensitive.
from best-practices-badge.
Related Issues (20)
- phantomjs appears to be abandonware HOT 13
- Ruby Sass has reached end-of-life and should no longer be used. HOT 2
- Post-install message from webdrivers: HOT 1
- API delivering outdated information. HOT 3
- Badge is not updating in a timely way HOT 6
- Transfer OpenSSF Best Practices Badge ownership of kubeflow HOT 4
- some references to best practices.coreinfrastructure.org still in best-practices-badge-intro.ppt
- install-badge-dev-env should use git clone https:// instead of git clone git:// HOT 1
- "Ruby Sass has reached end-of-life and should no longer be used." message seen from install-badge-dev-env
- JSON query returns ambiguous information for repeated criteria between badge levels
- dev install. rake complains about docs/testing.md HOT 2
- Transfer OpenSSF Best Practices Badge ownership of l3afd HOT 1
- CI Help: Graphics Card in GitHub Action Docker Container
- Rename `native-link` to `nativelink` HOT 1
- Question between upstream repo and personal fork for badge APP HOT 2
- Question for CI as github action project HOT 4
- OW2 OMM links broken HOT 1
- Change top button colors to increase contrast HOT 29
- Add ability to generate Markdown "todo" list for GitHub/GitLab issues, Kanban boards, etc. HOT 26
- Should {N/A justification} etc. be translated, really? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from best-practices-badge.