BUG: XML SWID tags fail to parse when hash attribute is present in File element

### What version of the package are you using?

Current

### Does this issue reproduce with the latest release?

Yes

### What OS and CPU architecture are you using (`go env`)?

GOARCH="amd64"
GOOS="darwin"

GOHOSTARCH="amd64"
GOHOSTOS="darwin"

### What did you do?

Tried parsing XML SWID tags generated using NIST's swid-tools and StrongSwan's swidGenerator using the FromXML method on swid.SoftwareIdentity.

### What did you expect to see?

I expected it to successfully parse.

### What did you see instead?

An error indicating bad format: expecting <hash-alg-string>:<hash-value>

An issue is that the codify invocation at https://github.com/veraison/swid/blob/main/hashentry.go#L216 is expecting <alg>:<value> but is being passed <value>. If the SWID tag is modified to include SHA256: in the value, for example, parsing is successful. 

Additionally, there appears to be intolerance of multiple hash attributes. Two samples (one with one hash attribute and one with two) are below. When the sample with two hash attrs was modified as described above to parse successfully then serialized as JSON, only the second attribute was emitted.

<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xml:lang="en-US" name="swidval" tagId="gov.nist.decima-swidval-0.5.0.1" tagVersion="1" version="0.5.0.1" versionScheme="multipartnumeric">
  <Entity name="National Institute of Standards and Technology" role="tagCreator" regid="nist.gov" />
  <Payload xmlns:SHA-256="http://www.w3.org/2001/04/xmlenc#sha256">
    <File location=".." name="NOTICE.txt" size="9842" SHA-256:hash="abab9565a2593aa037b0054d0a84dbf4d23795840f1321e9476fa7b8eb5d432b"/>
</Payload>
</SoftwareIdentity>

<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xml:lang="en-US" name="swidval" tagId="gov.nist.decima-swidval-0.5.0.1" tagVersion="1" version="0.5.0.1" versionScheme="multipartnumeric">
  <Entity name="National Institute of Standards and Technology" role="tagCreator" regid="nist.gov" />
  <Payload xmlns:SHA-256="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:SHA-512="http://www.w3.org/2001/04/xmlenc#sha512">
    <File location=".." name="NOTICE.txt" size="9842" SHA-256:hash="abab9565a2593aa037b0054d0a84dbf4d23795840f1321e9476fa7b8eb5d432b" SHA-512:hash="5787658e68139e4c0b46033930362a14fea58c5bcd3063440d49e9a268f5741a6cacafd3d0512228bb081394afb14a5c1e4dcce6ac0db50189a9160d737fe862" />
</Payload>
</SoftwareIdentity>


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BUG: XML SWID tags fail to parse when hash attribute is present in File element #37

What version of the package are you using?

Does this issue reproduce with the latest release?

What OS and CPU architecture are you using (`go env`)?

What did you do?

What did you expect to see?

What did you see instead?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

BUG: XML SWID tags fail to parse when hash attribute is present in File element #37

Description

What version of the package are you using?

Does this issue reproduce with the latest release?

What OS and CPU architecture are you using (go env)?

What did you do?

What did you expect to see?

What did you see instead?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

What OS and CPU architecture are you using (`go env`)?