From d6802a0fcaa04fca830ea6f313d348961db958a6 Mon Sep 17 00:00:00 2001 From: Joydeep Tripathy <113792434+crazytrain328@users.noreply.github.com> Date: Sat, 30 Mar 2024 22:28:49 +0530 Subject: [PATCH 1/2] feat: PURL generation for PerlParser --- cve_bin_tool/parsers/perl.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/cve_bin_tool/parsers/perl.py b/cve_bin_tool/parsers/perl.py index a3b08566d9..c70ad03d61 100644 --- a/cve_bin_tool/parsers/perl.py +++ b/cve_bin_tool/parsers/perl.py @@ -1,14 +1,40 @@ # Copyright (C) 2022 Intel Corporation # SPDX-License-Identifier: GPL-3.0-or-later +"""Python script containing all functionalities related to parsing of perl's cpan files.""" +import re from cve_bin_tool.parsers import Parser class PerlParser(Parser): + """Parser for perl's cpan files""" + def __init__(self, cve_db, logger): super().__init__(cve_db, logger) + self.purl_pkg_type = "cpan" + + def generate_purl(self, product, version, vendor, qualifier={}, subpath=None): + """Generates PURL after normalizing all components.""" + # Normalize product, version, and vendor for Perl packages + product = re.sub(r"[^a-zA-Z0-9._-]", "", product).lower() + version = re.sub(r"[^a-zA-Z0-9.+-]", "", version) + vendor = "UNKNOWN" # Typically, the vendor is not explicitly defined for CPAN packages + + if not product or not version: + return None + + purl = super().generate_purl( + product, + version, + vendor, + qualifier, + subpath, + ) + + return purl def run_checker(self, filename): + """Process cpan file and extract dependency details""" self.filename = filename with open(self.filename) as fh: data = fh.readlines() From 9ea356936cb9563f5ad9932b90ca399a7820814a Mon Sep 17 00:00:00 2001 From: Joydeep Tripathy <113792434+crazytrain328@users.noreply.github.com> Date: Sun, 31 Mar 2024 10:19:49 +0530 Subject: [PATCH 2/2] empty: empty commit Signed-off-by: Joydeep Tripathy <113792434+crazytrain328@users.noreply.github.com>