From dcb91992b51ab2e85aab0a9e0bc311da9dfe67c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Zaj=C4=85c?= Date: Mon, 25 Aug 2025 22:13:00 +0200 Subject: [PATCH] Maybe? --- lib/gitlab/ci/parsers/sbom/component.rb | 2 -- lib/sbom/package_url.rb | 7 ++++++- lib/sbom/package_url/argument_validator.rb | 5 ----- lib/sbom/package_url/decoder.rb | 6 ++++++ .../gitlab/ci/reports/sbom/component_spec.rb | 18 ++++++++++++++++++ 5 files changed, 30 insertions(+), 8 deletions(-) diff --git a/lib/gitlab/ci/parsers/sbom/component.rb b/lib/gitlab/ci/parsers/sbom/component.rb index 8d0d52c946c3cd..cf8f1ff4c95293 100644 --- a/lib/gitlab/ci/parsers/sbom/component.rb +++ b/lib/gitlab/ci/parsers/sbom/component.rb @@ -31,8 +31,6 @@ def parse attr_reader :data def purl - return unless data['purl'] - ::Sbom::PackageUrl.parse(data['purl']) end strong_memoize_attr :purl diff --git a/lib/sbom/package_url.rb b/lib/sbom/package_url.rb index d8f4e876b82ba8..ba85df265e6ab0 100644 --- a/lib/sbom/package_url.rb +++ b/lib/sbom/package_url.rb @@ -52,7 +52,12 @@ def scheme end # The package type or protocol, such as `"gem"`, `"npm"`, and `"github"`. - attr_reader :type + def type + return "not_provided" if @type.blank? + return "unknown" unless ::Enums::Sbom.purl_types.include?(@type.to_sym) + + @type + end # A name prefix, specific to the type of package. # For example, an npm scope, a Docker image owner, or a GitHub user. diff --git a/lib/sbom/package_url/argument_validator.rb b/lib/sbom/package_url/argument_validator.rb index da7612709503ef..f823feb65c498b 100644 --- a/lib/sbom/package_url/argument_validator.rb +++ b/lib/sbom/package_url/argument_validator.rb @@ -16,7 +16,6 @@ def initialize(package) end def validate! - validate_type validate_name validate_qualifiers validate_by_type @@ -36,10 +35,6 @@ def formatted_errors errors.join(', ') end - def validate_type - errors.push('Type is required') if type.blank? - end - def validate_name errors.push('Name is required') if name.blank? end diff --git a/lib/sbom/package_url/decoder.rb b/lib/sbom/package_url/decoder.rb index ceadc36660c65f..51a78713818990 100644 --- a/lib/sbom/package_url/decoder.rb +++ b/lib/sbom/package_url/decoder.rb @@ -35,6 +35,12 @@ def initialize(string) def decode! raise ArgumentError, "expected String but given #{@string.class}" unless @string.is_a?(::String) + if @string.blank? + return PackageUrl.new( + type: "not_provided" + ) + end + decode_subpath! decode_qualifiers! decode_scheme! diff --git a/spec/lib/gitlab/ci/reports/sbom/component_spec.rb b/spec/lib/gitlab/ci/reports/sbom/component_spec.rb index 1f706ba58b0e5d..dbf6f6b2d30533 100644 --- a/spec/lib/gitlab/ci/reports/sbom/component_spec.rb +++ b/spec/lib/gitlab/ci/reports/sbom/component_spec.rb @@ -62,6 +62,24 @@ subject { component.purl_type } it { is_expected.to eq(purl_type) } + + context 'when PURL was null in SBoM report' do + let(:purl_type) { nil } + + it { is_expected.to eq("not_provided") } + end + + context 'when PURL in SBoM report is unknown/unsupported' do + let(:purl_type) { "something we dont support" } + + it { is_expected.to eq("unknown") } + end + + context 'when PURL was blank in SBoM report' do + let(:purl_type) { "" } + + it { is_expected.to eq("not_provided") } + end end describe '#type' do -- GitLab