diff --git a/pkg/purl/purl.go b/pkg/purl/purl.go index 2ed01b84898..9a4617b3b5a 100644 --- a/pkg/purl/purl.go +++ b/pkg/purl/purl.go @@ -194,7 +194,7 @@ func NewPackageURL(t string, metadata types.Metadata, pkg ftypes.Package) (Packa namespace, name = parseComposer(name) case packageurl.TypeGolang: namespace, name = parseGolang(name) - if (name == "") { + if name == "" { return PackageURL{PackageURL: *packageurl.NewPackageURL("", "", "", "", nil, "")}, nil } case packageurl.TypeNPM: @@ -313,6 +313,7 @@ func parseMaven(pkgName string) (string, string) { // ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#golang func parseGolang(pkgName string) (string, string) { + // The PURL will be skipped when the package name is a local path, since it can't identify a software package. if strings.HasPrefix(pkgName, "./") || strings.HasPrefix(pkgName, "../") { return "", "" } @@ -414,9 +415,6 @@ func parseQualifier(pkg ftypes.Package) packageurl.Qualifiers { func parsePkgName(name string) (string, string) { var namespace string - if len(name) > 0 && name[len(name)-1] == '/' { - name = name[:len(name)-1] - } index := strings.LastIndex(name, "/") if index != -1 { namespace = name[:index] diff --git a/pkg/sbom/spdx/marshal.go b/pkg/sbom/spdx/marshal.go index fafac8feab1..e9793c80663 100644 --- a/pkg/sbom/spdx/marshal.go +++ b/pkg/sbom/spdx/marshal.go @@ -321,11 +321,13 @@ func (m *Marshaler) pkgToSpdxPackage(t, pkgDownloadLocation string, class types. pkgSrcInfo = fmt.Sprintf("%s: %s %s", SourcePackagePrefix, pkg.SrcName, utils.FormatSrcVersion(pkg)) } - var pkgExtRefs []*spdx.PackageExternalReference packageURL, err := purl.NewPackageURL(t, metadata, pkg) if err != nil { return spdx.Package{}, xerrors.Errorf("failed to parse purl (%s): %w", pkg.Name, err) - } else if packageURL.Type != "" { + } + + var pkgExtRefs []*spdx.PackageExternalReference + if packageURL.Type != "" { pkgExtRefs = []*spdx.PackageExternalReference{purlExternalReference(packageURL.String())} }