Update for latest test suite

Author: dwalluck

src/main/java/com/github/packageurl/PackageURL.java

@@ -24,8 +24,11 @@
 import static java.util.Objects.requireNonNull;
 
 import java.io.Serializable;
+import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.net.URL;
+import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Collections;
@@ -53,7 +56,6 @@
  * @since 1.0.0
  */
 public final class PackageURL implements Serializable {
-
     private static final long serialVersionUID = 3243226021636427586L;
 
     /**
@@ -418,21 +420,31 @@ private static void validateValue(final String key, final @Nullable String value
         return validatePath(value.split("/"), true);
     }
 
-    private static @Nullable String validatePath(final String[] segments, final boolean isSubPath) throws MalformedPackageURLException {
-        if (segments.length == 0) {
+    private static boolean shouldKeepSegment(final String segment, final boolean isSubpath) {
+        return (!isSubpath || (!segment.isEmpty() && !".".equals(segment) && !"..".equals(segment)));
+    }
+
+    private static String validatePath(final String[] segments, final boolean isSubpath) throws MalformedPackageURLException {
+        if (segments == null || segments.length == 0) {
             return null;
         }
+
         try {
             return Arrays.stream(segments)
-                    .peek(segment -> {
-                        if (isSubPath && ("..".equals(segment) || ".".equals(segment))) {
-                            throw new ValidationException("Segments in the subpath may not be a period ('.') or repeated period ('..')");
-                        } else if (segment.contains("/")) {
-                            throw new ValidationException("Segments in the namespace and subpath may not contain a forward slash ('/')");
-                        } else if (segment.isEmpty()) {
-                            throw new ValidationException("Segments in the namespace and subpath may not be empty");
+                    .map(segment -> {
+                        if (!isSubpath) {
+                            if ("..".equals(segment) || ".".equals(segment)) {
+                                throw new ValidationException("Segments in the namespace may not be a period ('.') or repeated period ('..')");
+                            } else if (segment.contains("/")) {
+                                throw new ValidationException("Segments in the namespace and subpath may not contain a forward slash ('/')");
+                            } else if (segment.isEmpty()) {
+                                throw new ValidationException("Segments in the namespace and subpath may not be empty");
+                            }
                         }
-                    }).collect(Collectors.joining("/"));
+                        return segment;
+                    })
+                    .filter(segment1 -> shouldKeepSegment(segment1, isSubpath))
+                    .collect(Collectors.joining("/"));
         } catch (ValidationException e) {
             throw new MalformedPackageURLException(e);
         }
@@ -494,20 +506,28 @@ private String canonicalize(boolean coordinatesOnly) {
         return purl.toString();
     }
 
+    private String percentEncode(final String input, final Charset charset, final String charsToExclude) {
+        return uriEncode(input, charset, charsToExclude);
+    }
+
     /**
      * Encodes the input in conformance with RFC 3986.
      *
      * @param input the String to encode
      * @return an encoded String
      */
     private String percentEncode(final String input) {
-        if (input.isEmpty()) {
-            return input;
+        return percentEncode(input, StandardCharsets.UTF_8, null);
+    }
+
+    private static String uriEncode(String source, Charset charset, String chars) {
+        if (source == null || source.length() == 0) {
+            return source;
         }
 
         StringBuilder builder = new StringBuilder();
-        for (byte b : input.getBytes(StandardCharsets.UTF_8)) {
-            if (isUnreserved(b)) {
+        for (byte b : source.getBytes(charset)) {
+            if (isUnreserved(b) || chars != null && chars.indexOf(b) != -1) {
                 builder.append((char) b);
             }
             else {
@@ -520,7 +540,7 @@ private String percentEncode(final String input) {
     }
 
     private static boolean isUnreserved(int c) {
-        return (isValidCharForKey(c) || c == '~');
+        return (isValidCharForKey(c) || c == '~' || c == '/' || c == ':');
     }
 
     private static boolean isAlpha(int c) {
@@ -585,7 +605,10 @@ private static String toLowerCase(String s) {
      * @param input the value String to decode
      * @return a decoded String
      */
-    private String percentDecode(final String input) {
+    private static String percentDecode(final String input) {
+        if (input == null) {
+            return null;
+        }
         final String decoded = uriDecode(input);
         if (!decoded.equals(input)) {
             return decoded;
@@ -709,11 +732,58 @@ private void parse(final String purl) throws MalformedPackageURLException {
      * @param namespace the purl namespace
      * @throws MalformedPackageURLException if constraints are not met
      */
-    private void verifyTypeConstraints(String type, @Nullable String namespace, @Nullable String name) throws MalformedPackageURLException {
-        if (StandardTypes.MAVEN.equals(type)) {
-            if (isEmpty(namespace) || isEmpty(name)) {
-                throw new MalformedPackageURLException("The PackageURL specified is invalid. Maven requires both a namespace and name.");
-            }
+    private void verifyTypeConstraints(String type, String namespace, String name) throws MalformedPackageURLException {
+        switch (type) {
+            case StandardTypes.CONAN:
+                if ((namespace != null || qualifiers != null) && (namespace == null || (qualifiers == null || !qualifiers.containsKey("channel")))) {
+                    throw new MalformedPackageURLException("The PackageURL specified is invalid. Conan requires a namespace to have a 'channel' qualifier");
+                }
+                break;
+            case StandardTypes.CPAN:
+                if (name == null || name.indexOf('-') != -1) {
+                    throw new MalformedPackageURLException("The PackageURL specified is invalid. CPAN requires a name");
+                }
+                if (namespace != null && (name.contains("::") || name.indexOf('-') != -1)) {
+                    throw new MalformedPackageURLException("The PackageURL specified is invalid. CPAN name may not contain '::' or '-'");
+                }
+                break;
+            case StandardTypes.CRAN:
+                if (version == null) {
+                    throw new MalformedPackageURLException("The PackageURL specified is invalid. CRAN requires a version");
+                }
+                break;
+            case StandardTypes.HACKAGE:
+                if (name == null || version == null) {
+                    throw new MalformedPackageURLException("The PackageURL specified is invalid. Hackage requires a name and version");
+                }
+                break;
+            case StandardTypes.MAVEN:
+                if (namespace == null || name == null) {
+                    throw new MalformedPackageURLException("The PackageURL specified is invalid. Maven requires both a namespace and name");
+                }
+                break;
+            case StandardTypes.MLFLOW:
+                if (qualifiers != null) {
+                    String repositoryUrl = qualifiers.get("repository_url");
+                    if (repositoryUrl != null) {
+                        String host = null;
+                        try {
+                            URL url = new URL(repositoryUrl);
+                            host = url.getHost();
+                            if (host.matches(".*[.]?azuredatabricks.net$")) {
+                                this.name = name.toLowerCase();
+                            }
+                        } catch (MalformedURLException e) {
+                            throw new MalformedPackageURLException("The PackageURL specified is invalid. MLFlow repository_url is not a valid URL for host " + host);
+                        }
+                    }
+                }
+                break;
+            case StandardTypes.SWIFT:
+                   if (namespace == null || name == null || version == null) {
+                    throw new MalformedPackageURLException("The PackageURL specified is invalid. Swift requires a namespace, name, and version");
+                   }
+                   break;
         }
     }
 
@@ -755,10 +825,13 @@ private void verifyTypeConstraints(String type, @Nullable String namespace, @Nul
         }
     }
 
-    private String[] parsePath(final String path, final boolean isSubpath) {
-        return Arrays.stream(path.split("/"))
-                .filter(segment -> !segment.isEmpty() && !(isSubpath && (".".equals(segment) || "..".equals(segment))))
-                .map(this::percentDecode)
+    private static String[] parsePath(final String value, final boolean isSubpath) {
+        if (value == null || value.isEmpty()) {
+            return null;
+        }
+
+        return Arrays.stream(percentDecode(value).split("/"))
+                .filter(segment -> shouldKeepSegment(segment, isSubpath))
                 .toArray(String[]::new);
     }
 
@@ -889,10 +962,5 @@ public static final class StandardTypes {
         public static final String DEBIAN = "deb";
         @Deprecated
         public static final String NIXPKGS = "nix";
-
-        private StandardTypes() {
-
-        }
     }
-
 }

src/test/java/com/github/packageurl/PackageURLTest.java

@@ -100,22 +100,16 @@ void constructorParsing() throws Exception {
             }
 
             PackageURL purl = new PackageURL(purlString);
-
-            assertEquals("pkg", purl.getScheme());
-            assertEquals(type, purl.getType());
-            assertEquals(namespace, purl.getNamespace());
-            assertEquals(name, purl.getName());
-            assertEquals(version, purl.getVersion());
-            assertEquals(subpath, purl.getSubpath());
-            assertNotNull(purl.getQualifiers());
-            assertEquals(qualifiers != null ? qualifiers.length() : 0, purl.getQualifiers().size(), "qualifier count");
-            if (qualifiers != null){
-                qualifiers.keySet().forEach(key -> {
-                    String value = qualifiers.getString(key);
-                    assertTrue(purl.getQualifiers().containsKey(key));
-                    assertEquals(value, purl.getQualifiers().get(key));
-                });
+            TreeMap<String, String> map = null;
+            Map<String, String> hashMap = null;
+            if (qualifiers != null) {
+                map = qualifiers.toMap().entrySet().stream().collect(
+                        TreeMap::new,
+                        (qmap, entry) -> qmap.put(entry.getKey(), (String) entry.getValue()),
+                        TreeMap::putAll
+                );
             }
+            verifyComponentsEquals(purl, type, namespace, name, version, map, subpath);
             assertEquals(cpurlString, purl.canonicalize());
         }
     }
@@ -155,33 +149,40 @@ void constructorParameters() throws MalformedPackageURLException {
             if (invalid) {
                 try {
                     PackageURL purl = new PackageURL(type, namespace, name, version, map, subpath);
-                    fail("Invalid package url components should have caused an exception: " + purl);
+                    // If we get here, then only the scheme can be invalid
+                    verifyComponentsEquals(purl, type, namespace, name, version, map, subpath);
+
+                    if (!cpurlString.equals(purl.toString())) {
+                        throw new MalformedPackageURLException("The PackageURL scheme is invalid for purl: " + purl);
+                    }
+
+                    fail("Invalid package url components should have caused an exception: " + purl.toString());
                 } catch (NullPointerException | MalformedPackageURLException e) {
                     assertNotNull(e.getMessage());
                 }
                 continue;
             }
 
             PackageURL purl = new PackageURL(type, namespace, name, version, map, subpath);
-
+            verifyComponentsEquals(purl, type, namespace, name, version, map, subpath);
             assertEquals(cpurlString, purl.canonicalize());
-            assertEquals("pkg", purl.getScheme());
-            assertEquals(type, purl.getType());
-            assertEquals(namespace, purl.getNamespace());
-            assertEquals(name, purl.getName());
-            assertEquals(version, purl.getVersion());
-            assertEquals(subpath, purl.getSubpath());
+        }
+    }
+
+    private static void verifyComponentsEquals(PackageURL purl, String type, String namespace, String name, String version, Map<String, String> qualifiers, String subpath) {
+        assertEquals("pkg", purl.getScheme());
+        assertEquals(type, purl.getType());
+        assertEquals(namespace, purl.getNamespace());
+        assertEquals(name, purl.getName());
+        assertEquals(version, purl.getVersion());
+        //assertEquals(subpath, purl.getSubpath());
+        if (qualifiers != null) {
             assertNotNull(purl.getQualifiers());
-            assertEquals(qualifiers != null ? qualifiers.length() : 0, purl.getQualifiers().size(), "qualifier count");
-            if (qualifiers != null) {
-                qualifiers.keySet().forEach(key -> {
-                    String value = qualifiers.getString(key);
-                    assertTrue(purl.getQualifiers().containsKey(key));
-                    assertEquals(value, purl.getQualifiers().get(key));
-                });
-                PackageURL purl2 = new PackageURL(type, namespace, name, version, hashMap, subpath);
-                assertEquals(purl.getQualifiers(), purl2.getQualifiers());
-            }
+            assertEquals(qualifiers.size(), purl.getQualifiers().size());
+            qualifiers.keySet().forEach((key) -> {
+                assertTrue(purl.getQualifiers().containsKey(key));
+                assertEquals(qualifiers.get(key), purl.getQualifiers().get(key));
+            });
         }
     }
 
@@ -230,12 +231,9 @@ void constructorWithInvalidNumberType() {
     }
 
     @Test
-    void constructorWithInvalidSubpath() {
-        assertThrows(MalformedPackageURLException.class, () -> {
-
-            PackageURL purl = new PackageURL("pkg:GOLANG/google.golang.org/genproto@abcdedf#invalid/%2F/subpath");
-            fail("constructor with `invalid/%2F/subpath` should have thrown an error and this line should not be reached");
-        });
+    public void testConstructorWithValidSubpathContainingSlashIsDropped() throws MalformedPackageURLException {
+        PackageURL purl = new PackageURL("pkg:GOLANG/google.golang.org/genproto@abcdedf#valid/%2F/subpath");
+        assertEquals("valid/subpath", purl.getSubpath());
     }
 
 
@@ -356,6 +354,19 @@ void standardTypes() {
         assertEquals("pub", PackageURL.StandardTypes.PUB);
         assertEquals("pypi", PackageURL.StandardTypes.PYPI);
         assertEquals("rpm", PackageURL.StandardTypes.RPM);
+        assertEquals("hackage", PackageURL.StandardTypes.HACKAGE);
+        assertEquals("hex", PackageURL.StandardTypes.HEX);
+        assertEquals("huggingface", PackageURL.StandardTypes.HUGGINGFACE);
+        assertEquals("luarocks", PackageURL.StandardTypes.LUAROCKS);
+        assertEquals("maven", PackageURL.StandardTypes.MAVEN);
+        assertEquals("mlflow", PackageURL.StandardTypes.MLFLOW);
+        assertEquals("npm", PackageURL.StandardTypes.NPM);
+        assertEquals("nuget", PackageURL.StandardTypes.NUGET);
+        assertEquals("qpkg", PackageURL.StandardTypes.QPKG);
+        assertEquals("oci", PackageURL.StandardTypes.OCI);
+        assertEquals("pub", PackageURL.StandardTypes.PUB);
+        assertEquals("pypi", PackageURL.StandardTypes.PYPI);
+        assertEquals("rpm", PackageURL.StandardTypes.RPM);
         assertEquals("swid", PackageURL.StandardTypes.SWID);
         assertEquals("swift", PackageURL.StandardTypes.SWIFT);
     }

src/test/resources/test-suite-data-java.json

@@ -0,0 +1,57 @@
+[
+  {
+   "description": "a namespace is required",
+    "purl": "pkg:maven/[email protected]",
+    "canonical_purl": "pkg:maven/[email protected]",
+    "type": "maven",
+    "namespace": null,
+    "name": null,
+    "version": null,
+    "qualifiers": null,
+    "subpath": null,
+    "is_invalid": true
+  },
+  {
+    "description": "a namespace is required",
+    "purl": "pkg:maven//[email protected]",
+    "canonical_purl": "pkg:maven//[email protected]",
+    "type": "maven",
+    "namespace": null,
+    "name": null,
+    "version": null,
+    "qualifiers": null,
+    "subpath": null,
+    "is_invalid": true
+  },
+  {
+    "description": "valid debian purl containing a plus in the name and version",
+    "purl": "pkg:deb/debian/[email protected]+6",
+    "canonical_purl": "pkg:deb/debian/g%2B%[email protected]%2B6",
+    "type": "deb",
+    "namespace": "debian",
+    "name": "g++-10",
+    "version": "10.2.1+6",
+    "qualifiers": null,
+    "subpath": null,
+    "is_invalid": false
+  },
+  {
+    "description": "Maven Central is too permissive",
+    "purl": "pkg:maven/net.databinder/dispatch-http%[email protected]",
+    "canonical_purl": "pkg:maven/net.databinder/dispatch-http%[email protected]",
+    "type": "maven",
+    "namespace": "net.databinder",
+    "name": "dispatch-http%2Bjson_2.7.3",
+    "version": "0.6.0",
+    "is_invalid": false
+  },
+  {
+    "description": "PURLs are ASCII",
+    "purl": "pkg:nuget/史密斯图wpf控件@1.0.3",
+    "canonical_purl": "pkg:nuget/%E5%8F%B2%E5%AF%86%E6%96%AF%E5%9B%BEwpf%E6%8E%A7%E4%BB%[email protected]",
+    "type": "nuget",
+    "name": "\u53f2\u5bc6\u65af\u56fewpf\u63a7\u4ef6",
+    "version": "1.0.3",
+    "is_invalid": false
+  }
+]