Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add missing purl types #43

Merged
merged 1 commit into from
Jun 22, 2023
Merged

feat: add missing purl types #43

merged 1 commit into from
Jun 22, 2023

Conversation

mcombuechen
Copy link
Collaborator

@mcombuechen mcombuechen commented Apr 3, 2023
edited
Loading

We are missing support for a few Package URL types in this lib, so I referenced the list of known purl types and added the ones that were not implemented yet.

This adds purl types alpm, apk, huggingface, mlflow, qpkg, pub and swid.

@alowayed alowayed mentioned this pull request Apr 3, 2023
Closed
alowayed
alowayed suggested changes Apr 3, 2023
View reviewed changes
Copy link

@alowayed alowayed left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update typeAdjustNamespace and typeAdjustName and add valid test cases for each type in test-suite-data.json.

Some example test cases are:

{
    "description": "valid alpm purl",
    "purl": "pkg:alpm/arch/pacman@6.0.1-1?arch=x86_64",
    "canonical_purl": "pkg:alpm/arch/pacman@6.0.1-1?arch=x86_64",
    "type": "alpm",
    "namespace": "arch",
    "name": "pacman",
    "version": "6.0.1-1",
    "qualifiers": {"arch": "x86_64"},
    "subpath": null,
    "is_invalid": false
  },
  {
    "description": "valid apk purl",
    "purl": "pkg:apk/alpine/curl@7.83.0-r0?arch=x86",
    "canonical_purl": "pkg:apk/alpine/curl@7.83.0-r0?arch=x86",
    "type": "apk",
    "namespace": "alpine",
    "name": "curl",
    "version": "7.83.0-r0",
    "qualifiers": {"arch": "x86_64"},
    "subpath": null,
    "is_invalid": false
  }

Will defer to owners for further feedback and approval. Thanks.

packageurl.go Show resolved Hide resolved
@mcombuechen
Copy link
Collaborator Author

Thanks for the feedback @alowayed, will add that and ping you once it's pushed.

@mcombuechen mcombuechen force-pushed the feat/add-missing-purl-types-20230403 branch 2 times, most recently from b5eb2e9 to f38fe96 Compare April 5, 2023 07:50
@mcombuechen
Copy link
Collaborator Author

@alowayed I decided to leave out missing types mlflow, pub and swid, since the sanitization logic for those types gets rather complex and would introduce too many changes. I'll try to add them in upcoming PRs. For now, keeping types alpm, apk, huggingface and qpkg.

Added test cases, please let me know what you think.

alowayed
alowayed approved these changes Apr 12, 2023
View reviewed changes
packageurl.go Outdated Show resolved Hide resolved
@Octogonapus Octogonapus mentioned this pull request Jun 8, 2023
Merged
@pombredanne
Copy link
Member

@mcombuechen This looks decent to me... can you please sync up with @shibumi too?
You both have maintainer rights now.

@mcombuechen mcombuechen force-pushed the feat/add-missing-purl-types-20230403 branch 3 times, most recently from 7cf9da0 to 77f3d6c Compare June 20, 2023 05:43
@mcombuechen
Copy link
Collaborator Author

A huggingface type was added meanwhile, removed that part of the code.

@mcombuechen
Copy link
Collaborator Author

Thanks @pombredanne and @alowayed, can you check again?

@mcombuechen
feat: add additional purl types
12c0d1c 
Added purl types alpm, apk, huggingface and qpkg.

Signed-off-by: Maximilian Combüchen <max.combuchen@snyk.io>
@mcombuechen mcombuechen force-pushed the feat/add-missing-purl-types-20230403 branch from 77f3d6c to 12c0d1c Compare June 20, 2023 07:30
@mcombuechen mcombuechen requested review from pombredanne and removed request for alowayed June 21, 2023 06:37
@mcombuechen
Copy link
Collaborator Author

Hey @shibumi would you be up for a review of this?

@shibumi
Copy link
Collaborator

shibumi commented Jun 22, 2023

@mcombuechen sure 👍 I'll take a look today.

@shibumi
Copy link
Collaborator

shibumi commented Jun 22, 2023

LGTM!

@shibumi shibumi merged commit b2db328 into package-url:master Jun 22, 2023
@mcombuechen mcombuechen deleted the feat/add-missing-purl-types-20230403 branch June 22, 2023 13:37
@Octogonapus Octogonapus mentioned this pull request Jun 22, 2023
Open
@micahhausler micahhausler mentioned this pull request Sep 13, 2023
Open
another-rex referenced this pull request in google/osv-scanner Oct 11, 2023
@renovate-bot
fix(deps): update osv-scanner minor (#578)
f7e61bd 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/google/go-cmp](https://togithub.com/google/go-cmp) |
require | minor | `v0.5.9` -> `v0.6.0` |
|
[github.com/jedib0t/go-pretty/v6](https://togithub.com/jedib0t/go-pretty)
| require | patch | `v6.4.7` -> `v6.4.8` |
|
[github.com/package-url/packageurl-go](https://togithub.com/package-url/packageurl-go)
| require | patch | `v0.1.1` -> `v0.1.2` |
| golang.org/x/exp | require | digest | `9212866` -> `7918f67` |
| golang.org/x/mod | require | minor | `v0.12.0` -> `v0.13.0` |
| golang.org/x/sync | require | minor | `v0.3.0` -> `v0.4.0` |
| golang.org/x/term | require | minor | `v0.12.0` -> `v0.13.0` |

---

### Release Notes

<details>
<summary>google/go-cmp (github.com/google/go-cmp)</summary>

### [`v0.6.0`](https://togithub.com/google/go-cmp/releases/tag/v0.6.0)

[Compare
Source](https://togithub.com/google/go-cmp/compare/v0.5.9...v0.6.0)

New API:

- ([#&#8203;340](https://togithub.com/google/go-cmp/issues/340)) Add
`cmpopts.EquateComparable`

Documentation changes:

- ([#&#8203;337](https://togithub.com/google/go-cmp/issues/337)) Use of
hotlinking of Go identifiers

Build changes:

- ([#&#8203;325](https://togithub.com/google/go-cmp/issues/325)) Remove
purego fallbacks

Testing changes:

- ([#&#8203;322](https://togithub.com/google/go-cmp/issues/322)) Run
tests for Go 1.20 version
- ([#&#8203;332](https://togithub.com/google/go-cmp/issues/332)) Pin
GitHub action versions
- ([#&#8203;327](https://togithub.com/google/go-cmp/issues/327)) set
workflow permission to read-only

</details>

<details>
<summary>jedib0t/go-pretty (github.com/jedib0t/go-pretty/v6)</summary>

###
[`v6.4.8`](https://togithub.com/jedib0t/go-pretty/releases/tag/v6.4.8)

[Compare
Source](https://togithub.com/jedib0t/go-pretty/compare/v6.4.7...v6.4.8)

### Features

-   **table**
- `RenderTSV()` to render table in TSV format
([#&#8203;277](https://togithub.com/jedib0t/go-pretty/issues/277)) //
thanks [@&#8203;rafiramadhana](https://togithub.com/rafiramadhana)

</details>

<details>
<summary>package-url/packageurl-go
(github.com/package-url/packageurl-go)</summary>

###
[`v0.1.2`](https://togithub.com/package-url/packageurl-go/releases/tag/v0.1.2)

[Compare
Source](https://togithub.com/package-url/packageurl-go/compare/v0.1.1...v0.1.2)

#### What's Changed

- Add Julia by [@&#8203;Octogonapus](https://togithub.com/Octogonapus)
in
[https://github.com/package-url/packageurl-go/pull/44](https://togithub.com/package-url/packageurl-go/pull/44)
- feat: add missing purl types by
[@&#8203;mcombuechen](https://togithub.com/mcombuechen) in
[https://github.com/package-url/packageurl-go/pull/43](https://togithub.com/package-url/packageurl-go/pull/43)
- Pull test data from upstream instead of maintaining a local copy by
[@&#8203;Octogonapus](https://togithub.com/Octogonapus) in
[https://github.com/package-url/packageurl-go/pull/49](https://togithub.com/package-url/packageurl-go/pull/49)
- Add simple fuzz test by
[@&#8203;imjasonh](https://togithub.com/imjasonh) in
[https://github.com/package-url/packageurl-go/pull/34](https://togithub.com/package-url/packageurl-go/pull/34)
- Test using supported Go versions by
[@&#8203;imjasonh](https://togithub.com/imjasonh) in
[https://github.com/package-url/packageurl-go/pull/50](https://togithub.com/package-url/packageurl-go/pull/50)
- Remove deprecated usage of ioutil by
[@&#8203;noqcks](https://togithub.com/noqcks) in
[https://github.com/package-url/packageurl-go/pull/40](https://togithub.com/package-url/packageurl-go/pull/40)
- fix: use url.URL to encode and decode PURLs by
[@&#8203;tommyknows](https://togithub.com/tommyknows) in
[https://github.com/package-url/packageurl-go/pull/52](https://togithub.com/package-url/packageurl-go/pull/52)
- fix: escape and unescape name by
[@&#8203;tommyknows](https://togithub.com/tommyknows) in
[https://github.com/package-url/packageurl-go/pull/55](https://togithub.com/package-url/packageurl-go/pull/55)
- fix: escape everything with modified QueryEscape by
[@&#8203;tommyknows](https://togithub.com/tommyknows) in
[https://github.com/package-url/packageurl-go/pull/58](https://togithub.com/package-url/packageurl-go/pull/58)
- Add `pub` and `bitnami` types by
[@&#8203;antgamdia](https://togithub.com/antgamdia) in
[https://github.com/package-url/packageurl-go/pull/60](https://togithub.com/package-url/packageurl-go/pull/60)
- Add known types and candidate types by
[@&#8203;antgamdia](https://togithub.com/antgamdia) in
[https://github.com/package-url/packageurl-go/pull/61](https://togithub.com/package-url/packageurl-go/pull/61)
- Add PackageURL.Normalize by
[@&#8203;wetterjames4](https://togithub.com/wetterjames4) in
[https://github.com/package-url/packageurl-go/pull/65](https://togithub.com/package-url/packageurl-go/pull/65)

#### New Contributors

- [@&#8203;mcombuechen](https://togithub.com/mcombuechen) made their
first contribution in
[https://github.com/package-url/packageurl-go/pull/43](https://togithub.com/package-url/packageurl-go/pull/43)
- [@&#8203;imjasonh](https://togithub.com/imjasonh) made their first
contribution in
[https://github.com/package-url/packageurl-go/pull/34](https://togithub.com/package-url/packageurl-go/pull/34)
- [@&#8203;noqcks](https://togithub.com/noqcks) made their first
contribution in
[https://github.com/package-url/packageurl-go/pull/40](https://togithub.com/package-url/packageurl-go/pull/40)
- [@&#8203;tommyknows](https://togithub.com/tommyknows) made their first
contribution in
[https://github.com/package-url/packageurl-go/pull/52](https://togithub.com/package-url/packageurl-go/pull/52)
- [@&#8203;antgamdia](https://togithub.com/antgamdia) made their first
contribution in
[https://github.com/package-url/packageurl-go/pull/60](https://togithub.com/package-url/packageurl-go/pull/60)
- [@&#8203;wetterjames4](https://togithub.com/wetterjames4) made their
first contribution in
[https://github.com/package-url/packageurl-go/pull/65](https://togithub.com/package-url/packageurl-go/pull/65)

**Full Changelog**:
package-url/packageurl-go@v0.1.1...v0.1.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjMiLCJ1cGRhdGVkSW5WZXIiOiIzNy44LjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shibumi shibumi shibumi approved these changes

@alowayed alowayed alowayed approved these changes

@pombredanne pombredanne Awaiting requested review from pombredanne

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mcombuechen @pombredanne @shibumi @alowayed