From d63ce20c965a16fb506321c9f83a2068888cfe7b Mon Sep 17 00:00:00 2001 From: fafanoulele Date: Tue, 21 Jan 2025 16:15:26 +0100 Subject: [PATCH 1/6] Add Maven support for purl2url --- src/packageurl/contrib/purl2url.py | 33 ++++++++++++++++++++++++++++++ tests/contrib/test_purl2url.py | 6 ++++++ 2 files changed, 39 insertions(+) diff --git a/src/packageurl/contrib/purl2url.py b/src/packageurl/contrib/purl2url.py index a30780e..faec864 100644 --- a/src/packageurl/contrib/purl2url.py +++ b/src/packageurl/contrib/purl2url.py @@ -314,6 +314,22 @@ def build_cocoapods_repo_url(purl): return name and f"https://cocoapods.org/pods/{name}" +@repo_router.route("pkg:maven/.*") +def build_maven_repo_url(purl): + """ + Return a Maven repo URL from the `purl` string. + """ + purl_data = PackageURL.from_string(purl) + namespace = purl_data.namespace + name = purl_data.name + version = purl_data.version + + base_url = "https://repo1.maven.org/maven2" + + if namespace and name and version: + return f"{base_url}/{namespace.replace(".", "/")}/{name}/{version}" + + # Download URLs: @@ -365,6 +381,23 @@ def build_npm_download_url(purl): return f"{base_url}/{name}/-/{name}-{version}.tgz" +@download_router.route("pkg:maven/.*") +def build_maven_download_url(purl): + """ + Return a maven download URL from the `purl` string. + """ + purl_data = PackageURL.from_string(purl) + + namespace = purl_data.namespace + name = purl_data.name + version = purl_data.version + + base_url = "https://repo1.maven.org/maven2" + + if namespace and name and version: + return f"{base_url}/{namespace.replace(".", "/")}/{name}/{version}/{name}-{version}.jar" + + @download_router.route("pkg:hackage/.*") def build_hackage_download_url(purl): """ diff --git a/tests/contrib/test_purl2url.py b/tests/contrib/test_purl2url.py index 64ea924..eca1b8c 100644 --- a/tests/contrib/test_purl2url.py +++ b/tests/contrib/test_purl2url.py @@ -68,6 +68,7 @@ def test_purl2url_get_repo_url(): "pkg:golang/gopkg.in/ldap.v3@v3.1.0": "https://pkg.go.dev/gopkg.in/ldap.v3@v3.1.0", "pkg:cocoapods/AFNetworking@4.0.1": "https://cocoapods.org/pods/AFNetworking", "pkg:cocoapods/MapsIndoors@3.24.0": "https://cocoapods.org/pods/MapsIndoors", + "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2", } for purl, url in purls_url.items(): @@ -92,6 +93,7 @@ def test_purl2url_get_download_url(): "pkg:gitlab/tg1999/firebase@1a122122": "https://gitlab.com/tg1999/firebase/-/archive/1a122122/firebase-1a122122.tar.gz", "pkg:gitlab/tg1999/firebase@1a122122?version_prefix=v": "https://gitlab.com/tg1999/firebase/-/archive/v1a122122/firebase-v1a122122.tar.gz", "pkg:gitlab/hoppr/hoppr@v1.11.1-dev.2": "https://gitlab.com/hoppr/hoppr/-/archive/v1.11.1-dev.2/hoppr-v1.11.1-dev.2.tar.gz", + "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", # From `download_url` qualifier "pkg:github/yarnpkg/yarn@1.3.2?download_url=https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz&version_prefix=v": "https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz", "pkg:generic/lxc-master.tar.gz?download_url=https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz": "https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz", @@ -150,6 +152,10 @@ def test_purl2url_get_inferred_urls(): "pkg:cocoapods/AFNetworking@4.0.1": ["https://cocoapods.org/pods/AFNetworking"], "pkg:composer/psr/log@1.1.3": ["https://packagist.org/packages/psr/log#1.1.3"], "pkg:rubygems/package-name": ["https://rubygems.org/gems/package-name"], + "pkg:maven/org.apache.commons/commons-io@1.3.2": [ + "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2", + "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", + ], "pkg:bitbucket/birkenfeld": [], } From 442b1addf508c39e7301feb439c588e1307fe481 Mon Sep 17 00:00:00 2001 From: fafanoulele Date: Tue, 11 Feb 2025 13:39:16 +0100 Subject: [PATCH 2/6] Add Maven support for purl2url (make sure it works also on older Python versions) --- src/packageurl/contrib/purl2url.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/packageurl/contrib/purl2url.py b/src/packageurl/contrib/purl2url.py index faec864..8722949 100644 --- a/src/packageurl/contrib/purl2url.py +++ b/src/packageurl/contrib/purl2url.py @@ -327,7 +327,8 @@ def build_maven_repo_url(purl): base_url = "https://repo1.maven.org/maven2" if namespace and name and version: - return f"{base_url}/{namespace.replace(".", "/")}/{name}/{version}" + maven_namespace = namespace.replace(".", "/") + return f"{base_url}/{maven_namespace}/{name}/{version}" # Download URLs: @@ -395,7 +396,8 @@ def build_maven_download_url(purl): base_url = "https://repo1.maven.org/maven2" if namespace and name and version: - return f"{base_url}/{namespace.replace(".", "/")}/{name}/{version}/{name}-{version}.jar" + maven_namespace = namespace.replace(".", "/") + return f"{base_url}/{maven_namespace}/{name}/{version}/{name}-{version}.jar" @download_router.route("pkg:hackage/.*") From 81cf99509f676318f61fee4cad1707ccda34149f Mon Sep 17 00:00:00 2001 From: fafanoulele Date: Mon, 17 Feb 2025 16:11:13 +0100 Subject: [PATCH 3/6] Add Maven support for purl2url: Set default Maven repository URL to https://repo.maven.apache.org/maven2 --- src/packageurl/contrib/purl2url.py | 5 +++-- tests/contrib/test_purl2url.py | 8 ++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/packageurl/contrib/purl2url.py b/src/packageurl/contrib/purl2url.py index 8722949..d1740fe 100644 --- a/src/packageurl/contrib/purl2url.py +++ b/src/packageurl/contrib/purl2url.py @@ -28,6 +28,7 @@ from packageurl.contrib.route import NoRouteAvailable from packageurl.contrib.route import Router +default_maven_repository = "https://repo.maven.apache.org/maven2" def get_repo_download_url_by_package_type( type, namespace, name, version, archive_extension="tar.gz" @@ -324,7 +325,7 @@ def build_maven_repo_url(purl): name = purl_data.name version = purl_data.version - base_url = "https://repo1.maven.org/maven2" + base_url = default_maven_repository if namespace and name and version: maven_namespace = namespace.replace(".", "/") @@ -393,7 +394,7 @@ def build_maven_download_url(purl): name = purl_data.name version = purl_data.version - base_url = "https://repo1.maven.org/maven2" + base_url = default_maven_repository if namespace and name and version: maven_namespace = namespace.replace(".", "/") diff --git a/tests/contrib/test_purl2url.py b/tests/contrib/test_purl2url.py index eca1b8c..2a7ef9a 100644 --- a/tests/contrib/test_purl2url.py +++ b/tests/contrib/test_purl2url.py @@ -68,7 +68,7 @@ def test_purl2url_get_repo_url(): "pkg:golang/gopkg.in/ldap.v3@v3.1.0": "https://pkg.go.dev/gopkg.in/ldap.v3@v3.1.0", "pkg:cocoapods/AFNetworking@4.0.1": "https://cocoapods.org/pods/AFNetworking", "pkg:cocoapods/MapsIndoors@3.24.0": "https://cocoapods.org/pods/MapsIndoors", - "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2", + "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2", } for purl, url in purls_url.items(): @@ -93,7 +93,7 @@ def test_purl2url_get_download_url(): "pkg:gitlab/tg1999/firebase@1a122122": "https://gitlab.com/tg1999/firebase/-/archive/1a122122/firebase-1a122122.tar.gz", "pkg:gitlab/tg1999/firebase@1a122122?version_prefix=v": "https://gitlab.com/tg1999/firebase/-/archive/v1a122122/firebase-v1a122122.tar.gz", "pkg:gitlab/hoppr/hoppr@v1.11.1-dev.2": "https://gitlab.com/hoppr/hoppr/-/archive/v1.11.1-dev.2/hoppr-v1.11.1-dev.2.tar.gz", - "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", + "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", # From `download_url` qualifier "pkg:github/yarnpkg/yarn@1.3.2?download_url=https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz&version_prefix=v": "https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz", "pkg:generic/lxc-master.tar.gz?download_url=https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz": "https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz", @@ -153,8 +153,8 @@ def test_purl2url_get_inferred_urls(): "pkg:composer/psr/log@1.1.3": ["https://packagist.org/packages/psr/log#1.1.3"], "pkg:rubygems/package-name": ["https://rubygems.org/gems/package-name"], "pkg:maven/org.apache.commons/commons-io@1.3.2": [ - "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2", - "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", + "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2", + "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", ], "pkg:bitbucket/birkenfeld": [], } From 2bc0cb9d72ad92ebbf2505f124308c949f75ea08 Mon Sep 17 00:00:00 2001 From: fafanoulele Date: Mon, 17 Feb 2025 16:21:11 +0100 Subject: [PATCH 4/6] Add Maven support for purl2url: Add support of repository_url --- src/packageurl/contrib/purl2url.py | 6 ++++++ tests/contrib/test_purl2url.py | 1 + 2 files changed, 7 insertions(+) diff --git a/src/packageurl/contrib/purl2url.py b/src/packageurl/contrib/purl2url.py index d1740fe..110c12c 100644 --- a/src/packageurl/contrib/purl2url.py +++ b/src/packageurl/contrib/purl2url.py @@ -327,6 +327,9 @@ def build_maven_repo_url(purl): base_url = default_maven_repository + if purl_data.qualifiers and "repository_url" in purl_data.qualifiers: + base_url = purl_data.qualifiers["repository_url"] + if namespace and name and version: maven_namespace = namespace.replace(".", "/") return f"{base_url}/{maven_namespace}/{name}/{version}" @@ -396,6 +399,9 @@ def build_maven_download_url(purl): base_url = default_maven_repository + if purl_data.qualifiers and "repository_url" in purl_data.qualifiers: + base_url = purl_data.qualifiers["repository_url"] + if namespace and name and version: maven_namespace = namespace.replace(".", "/") return f"{base_url}/{maven_namespace}/{name}/{version}/{name}-{version}.jar" diff --git a/tests/contrib/test_purl2url.py b/tests/contrib/test_purl2url.py index 2a7ef9a..7e24e10 100644 --- a/tests/contrib/test_purl2url.py +++ b/tests/contrib/test_purl2url.py @@ -94,6 +94,7 @@ def test_purl2url_get_download_url(): "pkg:gitlab/tg1999/firebase@1a122122?version_prefix=v": "https://gitlab.com/tg1999/firebase/-/archive/v1a122122/firebase-v1a122122.tar.gz", "pkg:gitlab/hoppr/hoppr@v1.11.1-dev.2": "https://gitlab.com/hoppr/hoppr/-/archive/v1.11.1-dev.2/hoppr-v1.11.1-dev.2.tar.gz", "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", + "pkg:maven/org.apache.commons/commons-io@1.3.2?repository_url=https://repo1.maven.org/maven2": "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", # From `download_url` qualifier "pkg:github/yarnpkg/yarn@1.3.2?download_url=https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz&version_prefix=v": "https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz", "pkg:generic/lxc-master.tar.gz?download_url=https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz": "https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz", From 6e1c23325cafb4670a687231ccfaece7d88ea8c0 Mon Sep 17 00:00:00 2001 From: fafanoulele Date: Mon, 17 Feb 2025 16:36:54 +0100 Subject: [PATCH 5/6] Add Maven support for purl2url: Add support of type as artifact type --- src/packageurl/contrib/purl2url.py | 6 +++++- tests/contrib/test_purl2url.py | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/packageurl/contrib/purl2url.py b/src/packageurl/contrib/purl2url.py index 110c12c..45526ac 100644 --- a/src/packageurl/contrib/purl2url.py +++ b/src/packageurl/contrib/purl2url.py @@ -402,9 +402,13 @@ def build_maven_download_url(purl): if purl_data.qualifiers and "repository_url" in purl_data.qualifiers: base_url = purl_data.qualifiers["repository_url"] + maven_type = "jar" # default to jar + if purl_data.qualifiers and "type" in purl_data.qualifiers: + maven_type = purl_data.qualifiers["type"] + if namespace and name and version: maven_namespace = namespace.replace(".", "/") - return f"{base_url}/{maven_namespace}/{name}/{version}/{name}-{version}.jar" + return f"{base_url}/{maven_namespace}/{name}/{version}/{name}-{version}.{maven_type}" @download_router.route("pkg:hackage/.*") diff --git a/tests/contrib/test_purl2url.py b/tests/contrib/test_purl2url.py index 7e24e10..a87a6a0 100644 --- a/tests/contrib/test_purl2url.py +++ b/tests/contrib/test_purl2url.py @@ -95,6 +95,7 @@ def test_purl2url_get_download_url(): "pkg:gitlab/hoppr/hoppr@v1.11.1-dev.2": "https://gitlab.com/hoppr/hoppr/-/archive/v1.11.1-dev.2/hoppr-v1.11.1-dev.2.tar.gz", "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", "pkg:maven/org.apache.commons/commons-io@1.3.2?repository_url=https://repo1.maven.org/maven2": "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", + "pkg:maven/org.apache.commons/commons-io@1.3.2?type=pom": "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.pom", # From `download_url` qualifier "pkg:github/yarnpkg/yarn@1.3.2?download_url=https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz&version_prefix=v": "https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz", "pkg:generic/lxc-master.tar.gz?download_url=https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz": "https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz", From 69e638795e6e27aa0577f5157811296563199d00 Mon Sep 17 00:00:00 2001 From: fafanoulele Date: Mon, 17 Feb 2025 16:40:38 +0100 Subject: [PATCH 6/6] Add Maven support for purl2url: Add support of classifier as classifier --- src/packageurl/contrib/purl2url.py | 6 ++++++ tests/contrib/test_purl2url.py | 1 + 2 files changed, 7 insertions(+) diff --git a/src/packageurl/contrib/purl2url.py b/src/packageurl/contrib/purl2url.py index 45526ac..1cdf682 100644 --- a/src/packageurl/contrib/purl2url.py +++ b/src/packageurl/contrib/purl2url.py @@ -406,8 +406,14 @@ def build_maven_download_url(purl): if purl_data.qualifiers and "type" in purl_data.qualifiers: maven_type = purl_data.qualifiers["type"] + classifier = None + if purl_data.qualifiers and "classifier" in purl_data.qualifiers: + classifier = purl_data.qualifiers["classifier"] + if namespace and name and version: maven_namespace = namespace.replace(".", "/") + if classifier: + return f"{base_url}/{maven_namespace}/{name}/{version}/{name}-{version}-{classifier}.{maven_type}" return f"{base_url}/{maven_namespace}/{name}/{version}/{name}-{version}.{maven_type}" diff --git a/tests/contrib/test_purl2url.py b/tests/contrib/test_purl2url.py index a87a6a0..f72758a 100644 --- a/tests/contrib/test_purl2url.py +++ b/tests/contrib/test_purl2url.py @@ -96,6 +96,7 @@ def test_purl2url_get_download_url(): "pkg:maven/org.apache.commons/commons-io@1.3.2": "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", "pkg:maven/org.apache.commons/commons-io@1.3.2?repository_url=https://repo1.maven.org/maven2": "https://repo1.maven.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.jar", "pkg:maven/org.apache.commons/commons-io@1.3.2?type=pom": "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.pom", + "pkg:maven/org.apache.commons/commons-io@1.3.2?classifier=arbitrary": "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2-arbitrary.jar", # From `download_url` qualifier "pkg:github/yarnpkg/yarn@1.3.2?download_url=https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz&version_prefix=v": "https://github.com/yarnpkg/yarn/releases/download/v1.3.2/yarn-v1.3.2.tar.gz", "pkg:generic/lxc-master.tar.gz?download_url=https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz": "https://salsa.debian.org/lxc-team/lxc/-/archive/master/lxc-master.tar.gz",