Skip to content

Commit

Permalink
fix(model): Correctly map Identifier namespaces to purl namespaces
Browse files Browse the repository at this point in the history
The purl specification treats everything before the last slash in the
string representation of package coordinates as the namespace, and the
remainder as the name [1]. Consequently, purl names can never contain
slashes, encoded or not.

Fixes #8567, fixes #9298.

[1]: package-url/purl-spec#176 (comment)

Signed-off-by: Sebastian Schuberth <[email protected]>
  • Loading branch information
sschuberth committed Oct 24, 2024
1 parent 76f10ab commit 34c44d7
Show file tree
Hide file tree
Showing 16 changed files with 128 additions and 125 deletions.
9 changes: 8 additions & 1 deletion model/src/main/kotlin/utils/PurlExtensions.kt
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,14 @@ fun Identifier.getPurlType() =
*/
@JvmOverloads
fun Identifier.toPurl(qualifiers: Map<String, String> = emptyMap(), subpath: String = "") =
if (this == Identifier.EMPTY) "" else createPurl(getPurlType(), namespace, name, version, qualifiers, subpath)
if (this == Identifier.EMPTY) {
""
} else {
val combined = "$namespace/$name"
val purlNamespace = combined.substringBeforeLast('/')
val purlName = combined.substringAfterLast('/')
createPurl(getPurlType(), purlNamespace, purlName, version, qualifiers, subpath)
}

fun Identifier.toPurl(extras: PurlExtras) = toPurl(extras.qualifiers, extras.subpath)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,11 +87,7 @@ class VulnerableCodeFunTest : WordSpec({
"Vulnerable Go packages" should {
"return findings for QUIC" {
val vc = VulnerableCodeFactory().create(PluginConfig())

// TODO: To work-around issue #9298, this hard-codes the `Identifier` to have a namespace although ORT
// produces Go `Identifier`s without namespaces. This way `toPurl()` produces purl conforming to the
// specification which does treat Go packages as if they had namespaces.
val id = Identifier("Go:github.com/quic-go:quic-go:0.40.0")
val id = Identifier("Go::github.com/quic-go/quic-go:0.40.0")
val pkg = Package.EMPTY.copy(id, purl = id.toPurl())

val findings = vc.retrievePackageFindings(setOf(pkg))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,7 @@ packages:
revision: "v2.0.1"
path: ""
- id: "Pod::MaterialComponents/AnimationTiming:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FAnimationTiming@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/AnimationTiming@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -379,7 +379,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Availability:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FAvailability@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Availability@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -410,7 +410,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Buttons:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FButtons@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Buttons@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -441,7 +441,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Elevation:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FElevation@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Elevation@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -472,7 +472,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Ink:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FInk@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Ink@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -503,7 +503,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Palettes:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FPalettes@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Palettes@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -534,7 +534,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Ripple:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FRipple@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Ripple@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -565,7 +565,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Shadow:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FShadow@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Shadow@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -596,7 +596,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/ShadowElevations:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FShadowElevations@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/ShadowElevations@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -627,7 +627,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/ShadowLayer:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FShadowLayer@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/ShadowLayer@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -658,7 +658,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/ShapeLibrary:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FShapeLibrary@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/ShapeLibrary@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -689,7 +689,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Shapes:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FShapes@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Shapes@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -720,7 +720,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/TextFields:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FTextFields@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/TextFields@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -751,7 +751,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/Typography:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2FTypography@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/Typography@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -782,7 +782,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/private/Application:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2Fprivate%2FApplication@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/private/Application@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -813,7 +813,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/private/Color:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2Fprivate%2FColor@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/private/Color@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -844,7 +844,7 @@ packages:
revision: "v124.2.0"
path: ""
- id: "Pod::MaterialComponents/private/Math:124.2.0"
purl: "pkg:cocoapods/MaterialComponents%2Fprivate%2FMath@124.2.0"
purl: "pkg:cocoapods/MaterialComponents/private/Math@124.2.0"
declared_licenses:
- "Apache 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -931,7 +931,7 @@ packages:
revision: "3.3.3"
path: ""
- id: "Pod::PhoneNumberKit/PhoneNumberKitCore:3.3.3"
purl: "pkg:cocoapods/PhoneNumberKit%2FPhoneNumberKitCore@3.3.3"
purl: "pkg:cocoapods/PhoneNumberKit/PhoneNumberKitCore@3.3.3"
declared_licenses:
- "MIT"
declared_licenses_processed:
Expand Down Expand Up @@ -959,7 +959,7 @@ packages:
revision: "3.3.3"
path: ""
- id: "Pod::PhoneNumberKit/UIKit:3.3.3"
purl: "pkg:cocoapods/PhoneNumberKit%2FUIKit@3.3.3"
purl: "pkg:cocoapods/PhoneNumberKit/UIKit@3.3.3"
declared_licenses:
- "MIT"
declared_licenses_processed:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ packages:
revision: "3.2.1"
path: ""
- id: "Pod::AFNetworking/NSURLSession:3.2.1"
purl: "pkg:cocoapods/AFNetworking%2FNSURLSession@3.2.1"
purl: "pkg:cocoapods/AFNetworking/NSURLSession@3.2.1"
declared_licenses:
- "MIT"
declared_licenses_processed:
Expand Down Expand Up @@ -89,7 +89,7 @@ packages:
revision: "3.2.1"
path: ""
- id: "Pod::AFNetworking/Reachability:3.2.1"
purl: "pkg:cocoapods/AFNetworking%2FReachability@3.2.1"
purl: "pkg:cocoapods/AFNetworking/Reachability@3.2.1"
declared_licenses:
- "MIT"
declared_licenses_processed:
Expand Down Expand Up @@ -117,7 +117,7 @@ packages:
revision: "3.2.1"
path: ""
- id: "Pod::AFNetworking/Security:3.2.1"
purl: "pkg:cocoapods/AFNetworking%2FSecurity@3.2.1"
purl: "pkg:cocoapods/AFNetworking/Security@3.2.1"
declared_licenses:
- "MIT"
declared_licenses_processed:
Expand Down Expand Up @@ -145,7 +145,7 @@ packages:
revision: "3.2.1"
path: ""
- id: "Pod::AFNetworking/Serialization:3.2.1"
purl: "pkg:cocoapods/AFNetworking%2FSerialization@3.2.1"
purl: "pkg:cocoapods/AFNetworking/Serialization@3.2.1"
declared_licenses:
- "MIT"
declared_licenses_processed:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ packages:
revision: "v0.27.3"
path: ""
- id: "Pod::RestKit/Core:0.27.3"
purl: "pkg:cocoapods/RestKit%2FCore@0.27.3"
purl: "pkg:cocoapods/RestKit/Core@0.27.3"
declared_licenses:
- "Apache License, Version 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -181,7 +181,7 @@ packages:
revision: "v0.27.3"
path: ""
- id: "Pod::RestKit/CoreData:0.27.3"
purl: "pkg:cocoapods/RestKit%2FCoreData@0.27.3"
purl: "pkg:cocoapods/RestKit/CoreData@0.27.3"
declared_licenses:
- "Apache License, Version 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -212,7 +212,7 @@ packages:
revision: "v0.27.3"
path: ""
- id: "Pod::RestKit/Network:0.27.3"
purl: "pkg:cocoapods/RestKit%2FNetwork@0.27.3"
purl: "pkg:cocoapods/RestKit/Network@0.27.3"
declared_licenses:
- "Apache License, Version 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -243,7 +243,7 @@ packages:
revision: "v0.27.3"
path: ""
- id: "Pod::RestKit/ObjectMapping:0.27.3"
purl: "pkg:cocoapods/RestKit%2FObjectMapping@0.27.3"
purl: "pkg:cocoapods/RestKit/ObjectMapping@0.27.3"
declared_licenses:
- "Apache License, Version 2.0"
declared_licenses_processed:
Expand Down Expand Up @@ -274,7 +274,7 @@ packages:
revision: "v0.27.3"
path: ""
- id: "Pod::RestKit/Support:0.27.3"
purl: "pkg:cocoapods/RestKit%2FSupport@0.27.3"
purl: "pkg:cocoapods/RestKit/Support@0.27.3"
declared_licenses:
- "Apache License, Version 2.0"
declared_licenses_processed:
Expand Down
Loading

0 comments on commit 34c44d7

Please sign in to comment.