Specifying UTF-8 for SPDX and CycloneDX documents.

src/main/java/org/owasp/dependencytrack/parser/spdx/rdf/SpdxDocumentParser.java

@@ -39,6 +39,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -65,7 +66,7 @@ public SpdxDocumentParser(QueryManager qm) {
     }
 
     public List<Component> parse(byte[] spdx) throws ParseException {
-        final String spdxString = new String(spdx);
+        final String spdxString = new String(spdx, StandardCharsets.UTF_8);
         try (ByteArrayInputStream inputStream = new ByteArrayInputStream(spdx)) {
             if (spdxString.contains("<rdf:RDF") && spdxString.contains("http://www.w3.org/1999/02/22-rdf-syntax-ns")) {
                 return parse(inputStream, DocumentType.RDF);

src/main/java/org/owasp/dependencytrack/tasks/BomUploadProcessingTask.java

@@ -30,6 +30,8 @@
 import org.owasp.dependencytrack.parser.dependencycheck.resolver.ComponentResolver;
 import org.owasp.dependencytrack.parser.spdx.rdf.SpdxDocumentParser;
 import org.owasp.dependencytrack.persistence.QueryManager;
+
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -62,7 +64,7 @@ public void inform(Event e) {
                 final List<Component> existingProjectDependencies = new ArrayList<>();
                 qm.getAllDependencies(project).forEach(item -> existingProjectDependencies.add(item.getComponent()));
 
-                final String bomString = new String(bomBytes);
+                final String bomString = new String(bomBytes, StandardCharsets.UTF_8);
                 if (bomString.startsWith("<?xml") && bomString.contains("<bom") && bomString.contains("http://cyclonedx.org/schema/bom")) {
                     final CycloneDxParser parser = new CycloneDxParser(qm);
                     components = parser.convert(parser.parse(bomBytes));