feat: added PURL generation to JavascriptParser (intel#3987)

Co-authored-by: Joydeep Tripathy <113792434+crazytrain328@users.noreply.github.com> Co-authored-by: Terri Oda <terri.oda@intel.com>
ffontaine · Apr 3, 2024 · bd631ab · bd631ab
1 parent da495bd
commit bd631ab
Showing 1 changed file with 23 additions and 1 deletion.
diff --git a/cve_bin_tool/parsers/javascript.py b/cve_bin_tool/parsers/javascript.py
@@ -1,7 +1,9 @@
-# Copyright (C) 2022 Intel Corporation
+# Copyright (C) 2024 Intel Corporation
 # SPDX-License-Identifier: GPL-3.0-or-later
+"""Python script containing all functionalities related to parsing of javascript's package-lock.json files."""
 
 import json
+import re
 
 from cve_bin_tool.parsers import Parser
 
@@ -11,6 +13,26 @@ class JavascriptParser(Parser):
 
     def __init__(self, cve_db, logger):
         super().__init__(cve_db, logger)
+        self.purl_pkg_type = "npm"
+
+    def generate_purl(self, product, version, vendor, qualifier={}, subpath=None):
+        """Generates PURL after normalizing all components."""
+        product = re.sub(r"[^a-zA-Z0-9._-]", "", product).lower()
+        version = re.sub(r"[^a-zA-Z0-9.+\-]", "", version)
+        vendor = "UNKNOWN"  # Typically, the vendor is not explicitly defined for npm packages
+
+        if not product or not version:
+            return None
+
+        purl = super().generate_purl(
+            product,
+            version,
+            vendor,
+            qualifier,
+            subpath,
+        )
+
+        return purl
 
     def get_package_name(self, name):
         """Returns npm package name by decomposing string"""