spec/lib/sbom/package_url/decoder_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

# frozen_string_literal: true

require 'fast_spec_helper'
require 'rspec-parameterized'

require_relative '../../../support/shared_contexts/lib/sbom/package_url_shared_contexts'

RSpec.describe Sbom::PackageUrl::Decoder do
  describe '#decode' do
    subject(:decode) { described_class.new(purl).decode! }

    include_context 'with valid purl examples'

    with_them do
      it do
        is_expected.to have_attributes(
          type: type,
          namespace: namespace,
          name: name,
          version: version,
          qualifiers: qualifiers,
          subpath: subpath
        )
      end
    end

    context 'when no argument is passed' do
      let(:purl) { nil }

      it 'raises an error' do
        expect { decode }.to raise_error(ArgumentError)
      end
    end

    context 'when an invalid package URL string is passed' do
      include_context 'with invalid purl examples'

      with_them do
        it 'raises an error' do
          expect { decode }.to raise_error(Sbom::PackageUrl::InvalidPackageUrl)
        end
      end
    end

    context 'when namespace or subpath contains an encoded slash' do
      where(:purl) do
        [
          'pkg:golang/google.org/golang/genproto#googleapis%2fapi%2fannotations',
          'pkg:golang/google.org%2fgolang/genproto#googleapis/api/annotations'
        ]
      end

      with_them do
        it { expect { decode }.to raise_error(Sbom::PackageUrl::InvalidPackageUrl) }
      end
    end

    context 'when name contains an encoded slash' do
      let(:purl) { 'pkg:golang/google.org/golang%2fgenproto#googleapis/api/annotations' }

      it do
        is_expected.to have_attributes(
          type: 'golang',
          namespace: 'google.org',
          name: 'golang/genproto',
          version: nil,
          qualifiers: nil,
          subpath: 'googleapis/api/annotations'
        )
      end
    end

    context 'with URL encoded segments' do
      let(:purl) do
        'pkg:golang/namespace%21/google.golang.org%20genproto@version%21?k=v%21#googleapis%20api%20annotations'
      end

      it 'decodes them' do
        is_expected.to have_attributes(
          type: 'golang',
          namespace: 'namespace!',
          name: 'google.golang.org genproto',
          version: 'version!',
          qualifiers: { 'k' => 'v!' },
          subpath: 'googleapis api annotations'
        )
      end
    end

    context 'when segments contain empty values' do
      let(:purl) { 'pkg:golang/google.golang.org//.././genproto#googleapis/..//./api/annotations' }

      it 'removes them from the segments' do
        is_expected.to have_attributes(
          type: 'golang',
          namespace: 'google.golang.org/../.', # . and .. are allowed in the namespace, but not the subpath
          name: 'genproto',
          version: nil,
          qualifiers: nil,
          subpath: 'googleapis/api/annotations'
        )
      end
    end

    context 'when qualifiers have no value' do
      let(:purl) { 'pkg:rpm/fedora/curl@7.50.3-1.fc25?arch=i386&distro=fedora-25&foo=&bar=' }

      it 'they are ignored' do
        is_expected.to have_attributes(
          type: 'rpm',
          namespace: 'fedora',
          name: 'curl',
          version: '7.50.3-1.fc25',
          qualifiers: { 'arch' => 'i386',
                        'distro' => 'fedora-25' },
          subpath: nil
        )
      end
    end
  end
end