add pkg scheme to npm generic file PURLs

The pkg scheme is required for each component according to the PURL specification. Signed-off-by: Taylor Madore <tmadore@redhat.com>
containerbuildsystem · May 2, 2024 · 8166205 · 8166205
1 parent 55295a8
commit 8166205
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 39 deletions.
diff --git a/cachito/web/purl.py b/cachito/web/purl.py
@@ -66,7 +66,7 @@ def _to_purl_npm(package):
     has_authority = match.group("has_authority")
     if protocol == "file":
         qualifier = urllib.parse.quote(package.version, safe="")
-        return f"generic/{purl_name}?{qualifier}"
+        return f"pkg:generic/{purl_name}?{qualifier}"
     elif not has_authority:
         # github:namespace/name#ref or gitlab:ns1/ns2/name#ref
         match_forge = re.match(r"(?P<namespace>.+)/(?P<name>[^#/]+)#(?P<version>.+)$", suffix)

diff --git a/tests/integration/test_data/npm_packages.yaml b/tests/integration/test_data/npm_packages.yaml
@@ -782,22 +782,22 @@ workspaces:
   content_manifest:
   - purl: "pkg:github/cachito-testing/cachito-npm-workspaces@b4ec59868cb5667deb62930859762b107f23598c"
     dep_purls:
-      - "generic/bar?file%3Abar"
-      - "generic/eggs?file%3Aeggs-packages%2Feggs"
-      - "generic/foo?file%3Afoo"
-      - "generic/not-baz?file%3Abaz"
-      - "generic/spam?file%3Aspam-packages%2Fspam"
+      - "pkg:generic/bar?file%3Abar"
+      - "pkg:generic/eggs?file%3Aeggs-packages%2Feggs"
+      - "pkg:generic/foo?file%3Afoo"
+      - "pkg:generic/not-baz?file%3Abaz"
+      - "pkg:generic/spam?file%3Aspam-packages%2Fspam"
       - "pkg:npm/abbrev@2.0.0"
       - "pkg:npm/classnames@2.3.2"
       - "pkg:npm/colors@1.4.0"
       - "pkg:npm/dateformat@5.0.3"
       - "pkg:npm/uuid@9.0.0"
     source_purls:
-      - "generic/bar?file%3Abar"
-      - "generic/eggs?file%3Aeggs-packages%2Feggs"
-      - "generic/foo?file%3Afoo"
-      - "generic/not-baz?file%3Abaz"
-      - "generic/spam?file%3Aspam-packages%2Fspam"
+      - "pkg:generic/bar?file%3Abar"
+      - "pkg:generic/eggs?file%3Aeggs-packages%2Feggs"
+      - "pkg:generic/foo?file%3Afoo"
+      - "pkg:generic/not-baz?file%3Abaz"
+      - "pkg:generic/spam?file%3Aspam-packages%2Fspam"
       - "pkg:npm/abbrev@2.0.0"
       - "pkg:npm/classnames@2.3.2"
       - "pkg:npm/colors@1.4.0"
@@ -807,23 +807,23 @@ workspaces:
   - name: bar
     type: library
     version: file:bar
-    purl: generic/bar?file%3Abar
+    purl: pkg:generic/bar?file%3Abar
   - name: eggs
     type: library
     version: file:eggs-packages/eggs
-    purl: generic/eggs?file%3Aeggs-packages%2Feggs
+    purl: pkg:generic/eggs?file%3Aeggs-packages%2Feggs
   - name: foo
     type: library
     version: file:foo
-    purl: generic/foo?file%3Afoo
+    purl: pkg:generic/foo?file%3Afoo
   - name: not-baz
     type: library
     version: file:baz
-    purl: generic/not-baz?file%3Abaz
+    purl: pkg:generic/not-baz?file%3Abaz
   - name: spam
     type: library
     version: file:spam-packages/spam
-    purl: generic/spam?file%3Aspam-packages%2Fspam
+    purl: pkg:generic/spam?file%3Aspam-packages%2Fspam
   - name: npm_test
     type: library
     version: 1.1.0
@@ -914,23 +914,23 @@ multiple-dep-versions:
   content_manifest:
   - purl: "pkg:github/cachito-testing/cachito-npm-with-multiple-dep-versions@97070a9eb06bad62eb581890731221660ade9ea3"
     dep_purls:
-      - "generic/foo?file%3Afoo"
+      - "pkg:generic/foo?file%3Afoo"
       - "pkg:generic/is-positive?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2Fkevva%2Fis-positive.git%231187a61f2e18cf7c11c23d61a1bd52b9fa6a5fdf"
       - "pkg:generic/is-positive?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2Fkevva%2Fis-positive.git%2375dd3a181375162eda014984f2decc663199b09e"
     source_purls:
-      - "generic/foo?file%3Afoo"
       - "pkg:generic/cachito-npm-without-deps?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2Fcachito-testing%2Fcachito-npm-without-deps.git%232f0ce1d7b1f8b35572d919428b965285a69583f6"
+      - "pkg:generic/foo?file%3Afoo"
       - "pkg:generic/is-positive?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2Fkevva%2Fis-positive.git%231187a61f2e18cf7c11c23d61a1bd52b9fa6a5fdf"
       - "pkg:generic/is-positive?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2Fkevva%2Fis-positive.git%2375dd3a181375162eda014984f2decc663199b09e"
   sbom:
-  - name: foo
-    type: library
-    version: file:foo
-    purl: generic/foo?file%3Afoo
   - name: cachito-npm-without-deps
     type: library
     version: git+ssh://git@github.com/cachito-testing/cachito-npm-without-deps.git#2f0ce1d7b1f8b35572d919428b965285a69583f6
     purl: pkg:generic/cachito-npm-without-deps?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2Fcachito-testing%2Fcachito-npm-without-deps.git%232f0ce1d7b1f8b35572d919428b965285a69583f6
+  - name: foo
+    type: library
+    version: file:foo
+    purl: pkg:generic/foo?file%3Afoo
   - name: is-positive
     type: library
     version: git+ssh://git@github.com/kevva/is-positive.git#1187a61f2e18cf7c11c23d61a1bd52b9fa6a5fdf

diff --git a/tests/integration/test_data/yarn_packages.yaml b/tests/integration/test_data/yarn_packages.yaml
@@ -573,22 +573,22 @@ workspaces:
   content_manifest:
   - purl: "pkg:github/cachito-testing/cachito-yarn-workspaces@85e43d6b682d0e6420a6e4bcaf3072798d5254de"
     dep_purls:
-      - "generic/bar?file%3Abar"
-      - "generic/eggs?file%3Aeggs-packages%2Feggs"
-      - "generic/foo?file%3Afoo"
-      - "generic/not-baz?file%3Abaz"
-      - "generic/spam?file%3Aspam-packages%2Fspam"
+      - "pkg:generic/bar?file%3Abar"
+      - "pkg:generic/eggs?file%3Aeggs-packages%2Feggs"
+      - "pkg:generic/foo?file%3Afoo"
+      - "pkg:generic/not-baz?file%3Abaz"
+      - "pkg:generic/spam?file%3Aspam-packages%2Fspam"
       - "pkg:npm/abbrev@2.0.0"
       - "pkg:npm/classnames@2.3.2"
       - "pkg:npm/colors@1.4.0"
       - "pkg:npm/dateformat@5.0.3"
       - "pkg:npm/uuid@9.0.0"
     source_purls:
-      - "generic/bar?file%3Abar"
-      - "generic/eggs?file%3Aeggs-packages%2Feggs"
-      - "generic/foo?file%3Afoo"
-      - "generic/not-baz?file%3Abaz"
-      - "generic/spam?file%3Aspam-packages%2Fspam"
+      - "pkg:generic/bar?file%3Abar"
+      - "pkg:generic/eggs?file%3Aeggs-packages%2Feggs"
+      - "pkg:generic/foo?file%3Afoo"
+      - "pkg:generic/not-baz?file%3Abaz"
+      - "pkg:generic/spam?file%3Aspam-packages%2Fspam"
       - "pkg:npm/abbrev@2.0.0"
       - "pkg:npm/classnames@2.3.2"
       - "pkg:npm/colors@1.4.0"
@@ -598,23 +598,23 @@ workspaces:
   - name: bar
     type: library
     version: file:bar
-    purl: generic/bar?file%3Abar
+    purl: pkg:generic/bar?file%3Abar
   - name: eggs
     type: library
     version: file:eggs-packages/eggs
-    purl: generic/eggs?file%3Aeggs-packages%2Feggs
+    purl: pkg:generic/eggs?file%3Aeggs-packages%2Feggs
   - name: foo
     type: library
     version: file:foo
-    purl: generic/foo?file%3Afoo
+    purl: pkg:generic/foo?file%3Afoo
   - name: not-baz
     type: library
     version: file:baz
-    purl: generic/not-baz?file%3Abaz
+    purl: pkg:generic/not-baz?file%3Abaz
   - name: spam
     type: library
     version: file:spam-packages/spam
-    purl: generic/spam?file%3Aspam-packages%2Fspam
+    purl: pkg:generic/spam?file%3Aspam-packages%2Fspam
   - name: npm_test
     type: library
     version: 1.1.0

diff --git a/tests/test_content_manifest.py b/tests/test_content_manifest.py
@@ -1566,7 +1566,7 @@ def test_set_go_package_sources(mock_warning, app, pkg_name, gomod_data, warn, d
         ],
         [
             {"name": "fromfile", "type": "npm", "version": "file:client-default"},
-            "generic/fromfile?file%3Aclient-default",
+            "pkg:generic/fromfile?file%3Aclient-default",
             None,
             True,
             True,
@@ -1698,7 +1698,7 @@ def test_set_go_package_sources(mock_warning, app, pkg_name, gomod_data, warn, d
         ],
         [
             {"name": "fromfile", "type": "yarn", "version": "file:client-default"},
-            "generic/fromfile?file%3Aclient-default",
+            "pkg:generic/fromfile?file%3Aclient-default",
             None,
             True,
             True,