Add Package URL parser
What does this MR do and why?
Describe in detail what your merge request does and why.
Related to: #375796 (closed)
Add a parser for Package URLs which is based on https://github.com/package-url/packageurl-ruby. package-url ruby does not have an active community and also uses pattern matching which is experimental in ruby 2. So, we will copy-paste the code and make modifications instead of including it as a gem dependency.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Run this code in the Rails console:
package = ::Sbom::PackageUrl.parse('pkg:golang/github.com/sirupsen/logrus@v1.4.2')
package.type
# => "golang"
package.namespace
# => "github.com/sirupsen"
package.name
# => "logrus"
package.version
# => "v1.4.2"
package.to_s
# => "pkg:golang/github.com/sirupsen/logrus@v1.4.2"
package = ::Sbom::PackageUrl.new(type: 'gem', name: 'rails', version: '6.1.6.1')
package.to_s
# => "pkg:gem/rails@6.1.6.1"
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Brian Williams