Open matt-phylum opened 11 months ago
@matt-phylum I'm not sure what you mean by "is supposed to fail parsing because it has no name".
The purl seems a bit wrongly formatted because of the extra /
between name and version but it matches the purl spec: scheme:type/namespace/name@version
The behavior of packageurl-python
on this purl seems fine:
>>> from packageurl import PackageURL
>>> PackageURL.from_string("pkg:swift/github.com/Alamofire/@5.4.3")
PackageURL(type='swift', namespace='github.com', name='Alamofire', version='5.4.3', qualifiers={}, subpath=None)
>>> PackageURL.from_string("pkg:swift/github.com/Alamofire/@5.4.3").to_string()
'pkg:swift/github.com/Alamofire@5.4.3'
The PURL test suite says that packageurl-python is supposed to fail parsing this malformed PURL. Alamofire is incorrectly being parsed as the name when it's part of the namespace. PURLs that are interpreted differently across implementations cause interoperability issues.
The PURL test suite contains an invalid PURL
pkg:swift/github.com/Alamofire/@5.4.3
which is supposed to fail parsing because it has no name. packageurl-python parses the PURL as having namespacegithub.com
and nameAlamofire
.