Identifier: Use package manger type as fallback

The PURL specification has the issue that types and providers are not separated [1]. ORT uses the package manager type as opposed to using the PURL type that e.g. Nexus IQ requires. If a package manager type cannot be mapped to a PURL type ORT should fallback to the package manager type instead of breaking the calling code by returning `null`. [1] package-url/purl-spec#33 Signed-off-by: Marcel Bochtler <marcel.bochtler@bosch.io>
boschglobal · Dec 1, 2020 · e85e0bb · e85e0bb
1 parent e3398fe
commit e85e0bb
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 21 deletions.
diff --git a/advisor/src/main/kotlin/advisors/NexusIq.kt b/advisor/src/main/kotlin/advisors/NexusIq.kt
@@ -77,9 +77,10 @@ class NexusIq(
             val components = packages.map { pkg ->
                 val packageUrl = buildString {
                     append(pkg.purl)
-                    val purlType = pkg.id.getPurlType()
-                    if (purlType == Identifier.PurlType.MAVEN) append("?type=jar")
-                    if (purlType == Identifier.PurlType.PYPI) append("?extension=tar.gz")
+                    when (pkg.id.getPurlType()) {
+                        Identifier.PurlType.MAVEN.toString() -> append("?type=jar")
+                        Identifier.PurlType.PYPI.toString() -> append("?extension=tar.gz")
+                    }
                 }
 
                 NexusIqService.Component(packageUrl)

diff --git a/model/src/main/kotlin/Identifier.kt b/model/src/main/kotlin/Identifier.kt
@@ -131,8 +131,7 @@ data class Identifier(
     fun toPurl() = "".takeIf { this == EMPTY }
         ?: buildString {
             append("pkg:")
-            val purlType = getPurlType()?.toString() ?: type.toLowerCase()
-            append(purlType)
+            append(getPurlType())
 
             if (namespace.isNotEmpty()) {
                 append('/')
@@ -147,23 +146,25 @@ data class Identifier(
         }
 
     /**
-     * Map a package manager type as to a package url using the package type.
-     * Returns null when package manager cannot be mapped to a package type.
+     * Map a package manager type to the String representation of the respective [PurlType].
+     * Falls back to the lower case package manager type if the [PurlType] cannot be determined unambiguously.
+     *
+     * E.g. PIP to [PurlType.PYPI] or Gradle to [PurlType.MAVEN].
      */
-    fun getPurlType() = when (type.toLowerCase()) {
-        "bower" -> PurlType.BOWER
-        "bundler" -> PurlType.GEM
-        "cargo" -> PurlType.CARGO
-        "carthage", "pub", "spdx", "stack" -> null
-        "composer" -> PurlType.COMPOSER
-        "conan" -> PurlType.CONAN
-        "dep", "glide", "godep", "gomod" -> PurlType.GOLANG
-        "dotnet", "nuget" -> PurlType.NUGET
-        "gradle", "maven", "sbt" -> PurlType.MAVEN
-        "npm", "yarn" -> PurlType.NPM
-        "pip", "pipenv" -> PurlType.PYPI
-        else -> null
-    }
+    fun getPurlType() =
+        when (val lowerType = type.toLowerCase()) {
+            "bower" -> PurlType.BOWER
+            "bundler" -> PurlType.GEM
+            "cargo" -> PurlType.CARGO
+            "composer" -> PurlType.COMPOSER
+            "conan" -> PurlType.CONAN
+            "dep", "glide", "godep", "gomod" -> PurlType.GOLANG
+            "dotnet", "nuget" -> PurlType.NUGET
+            "gradle", "maven", "sbt" -> PurlType.MAVEN
+            "npm", "yarn" -> PurlType.NPM
+            "pip", "pipenv" -> PurlType.PYPI
+            else -> lowerType
+        }.toString()
 
     enum class PurlType(private val value: String) {
         ALPINE("alpine"),