From 58b2765fccd0d44677c83aa8fd41925bcd452018 Mon Sep 17 00:00:00 2001 From: Marcel Bochtler Date: Tue, 1 Dec 2020 11:00:27 +0100 Subject: [PATCH] Identifier: Use package manger type as fallback The PURL specification has the issue that types and providers are not separated [1]. ORT uses the package manager type as opposed to using the PURL type that e.g. Nexus IQ requires. If a package manager type cannot be mapped to a PURL type ORT should fallback to the package manager type instead of breaking the calling code by returning `null`. [1] https://github.com/package-url/purl-spec/issues/33 Signed-off-by: Marcel Bochtler --- advisor/src/main/kotlin/advisors/NexusIq.kt | 4 +-- model/src/main/kotlin/Identifier.kt | 37 +++++++++++---------- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/advisor/src/main/kotlin/advisors/NexusIq.kt b/advisor/src/main/kotlin/advisors/NexusIq.kt index cb6498a2820f9..f5772f993625f 100644 --- a/advisor/src/main/kotlin/advisors/NexusIq.kt +++ b/advisor/src/main/kotlin/advisors/NexusIq.kt @@ -78,8 +78,8 @@ class NexusIq( val packageUrl = buildString { append(pkg.purl) val purlType = pkg.id.getPurlType() - if (purlType == Identifier.PurlType.MAVEN) append("?type=jar") - if (purlType == Identifier.PurlType.PYPI) append("?extension=tar.gz") + if (purlType == Identifier.PurlType.MAVEN.toString()) append("?type=jar") + if (purlType == Identifier.PurlType.PYPI.toString()) append("?extension=tar.gz") } NexusIqService.Component(packageUrl) diff --git a/model/src/main/kotlin/Identifier.kt b/model/src/main/kotlin/Identifier.kt index 271ae664bd80a..d8b5da1bd8c4a 100644 --- a/model/src/main/kotlin/Identifier.kt +++ b/model/src/main/kotlin/Identifier.kt @@ -131,8 +131,7 @@ data class Identifier( fun toPurl() = "".takeIf { this == EMPTY } ?: buildString { append("pkg:") - val purlType = getPurlType()?.toString() ?: type.toLowerCase() - append(purlType) + append(getPurlType()) if (namespace.isNotEmpty()) { append('/') @@ -147,23 +146,25 @@ data class Identifier( } /** - * Map a package manager type as to a package url using the package type. - * Returns null when package manager cannot be mapped to a package type. + * Map a package manager type to the String representation of the respective [PurlType]. + * Falls back to the lower case package manager type if the [PurlType] cannot be determined unambiguously. + * + * E.g. PIP to [PurlType.PYPI] or Gradle to [PurlType.MAVEN]. */ - fun getPurlType() = when (type.toLowerCase()) { - "bower" -> PurlType.BOWER - "bundler" -> PurlType.GEM - "cargo" -> PurlType.CARGO - "carthage", "pub", "spdx", "stack" -> null - "composer" -> PurlType.COMPOSER - "conan" -> PurlType.CONAN - "dep", "glide", "godep", "gomod" -> PurlType.GOLANG - "dotnet", "nuget" -> PurlType.NUGET - "gradle", "maven", "sbt" -> PurlType.MAVEN - "npm", "yarn" -> PurlType.NPM - "pip", "pipenv" -> PurlType.PYPI - else -> null - } + fun getPurlType() = + when (val lowerType = type.toLowerCase()) { + "bower" -> PurlType.BOWER + "bundler" -> PurlType.GEM + "cargo" -> PurlType.CARGO + "composer" -> PurlType.COMPOSER + "conan" -> PurlType.CONAN + "dep", "glide", "godep", "gomod" -> PurlType.GOLANG + "dotnet", "nuget" -> PurlType.NUGET + "gradle", "maven", "sbt" -> PurlType.MAVEN + "npm", "yarn" -> PurlType.NPM + "pip", "pipenv" -> PurlType.PYPI + else -> lowerType + }.toString() enum class PurlType(private val value: String) { ALPINE("alpine"),