Add Package URL parser (!102213) · Merge requests · GitLab.org / GitLab

Brian Williams requested to merge bwill/add-packageurl-parser into master Oct 26, 2022

What does this MR do and why?

Describe in detail what your merge request does and why.

Add a parser for Package URLs which is based on https://github.com/package-url/packageurl-ruby. package-url ruby does not have an active community and also uses pattern matching which is experimental in ruby 2. So, we will copy-paste the code and make modifications instead of including it as a gem dependency.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Run this code in the Rails console:

package = ::Sbom::PackageUrl.parse('pkg:golang/github.com/sirupsen/logrus@v1.4.2')
package.type
# => "golang"
package.namespace
# => "github.com/sirupsen"
package.name
# => "logrus"
package.version
# => "v1.4.2"
package.to_s
# => "pkg:golang/github.com/sirupsen/logrus@v1.4.2"

package = ::Sbom::PackageUrl.new(type: 'gem', name: 'rails', version: '6.1.6.1')
package.to_s
# => "pkg:gem/rails@6.1.6.1"

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 27, 2022 by Brian Williams

Add Package URL parser

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports