throw error in parse_purl

hogo6002 · hogo6002 · commit fb0b5d4905f7 · 2024-11-27T16:33:28.000+11:00
diff --git a/gcp/api/server.py b/gcp/api/server.py
@@ -382,8 +382,6 @@ def query_info(query) -> tuple[str, str | None, str | None]:
   if query.package.purl:
     try:
       purl = purl_helpers.parse_purl(query.package.purl)  # can raise ValueError
-      if not purl:
-        raise ValueError('purl is invalid.')
       if query.package.ecosystem or query.package.name:
         raise ValueError('purl and name/ecosystem cannot both be specified')
       if purl.version and query.version:
@@ -725,15 +723,15 @@ def do_query(query: osv_service_v1_pb2.Query,
     version = query.version
 
   # convert purl to package names
-  purl = purl_helpers.parse_purl(purl_str)
-
-  if purl_str and not purl:
-    context.service_context.abort(
-        grpc.StatusCode.INVALID_ARGUMENT,
-        'Invalid PURL.',
-    )
+  if purl_str:
+    try:
+      purl = purl_helpers.parse_purl(purl_str)
+    except ValueError:
+      context.service_context.abort(
+          grpc.StatusCode.INVALID_ARGUMENT,
+          'Invalid PURL.',
+      )
 
-  if purl:
     if package_name:  # Purls already include the package name
       context.service_context.abort(
           grpc.StatusCode.INVALID_ARGUMENT,
diff --git a/osv/purl_helpers.py b/osv/purl_helpers.py
@@ -83,23 +83,26 @@ def parse_purl(purl_str: str) -> Purl | None:
 
   try:
     purl = PackageURL.from_string(purl_str)
-  except ValueError:  # Catch potential parsing errors
-    return None
+  except ValueError as e:  # Catch potential parsing errors
+    raise e
+
+  package = purl.name
+  version = purl.version
 
   match purl:
     case PackageURL(type='bitnami'):
       ecosystem = 'Bitnami'
     case PackageURL(type='cargo'):
       ecosystem = 'crates.io'
-    case PackageURL(
-        type='golang', namespace=namespace, name=name, version=version):
-      # OSV uses the combined purl.namespace and purl.name for Go package names
+    case PackageURL(type='golang', namespace=namespace, name=name):
+      # Go uses the combined purl.namespace and purl.name for Go package names
       # Example:
       #   pkg:golang/github.com/cri-o/cri-o
       #   -> namespace: github.com/cri-o
       #   -> name: cri-o
       #   -> package name in OSV: github.com/cri-o/cri-o
-      return Purl('Go', namespace + '/' + name, version)
+      ecosystem = 'Go'
+      package = namespace + '/' + name
     case PackageURL(type='hackage'):
       ecosystem = 'Hackage'
     case PackageURL(type='hex'):
@@ -144,9 +147,6 @@ def parse_purl(purl_str: str) -> Purl | None:
       ecosystem = 'Wolfi'
 
     case _:
-      return None
-
-  package = purl.name
-  version = purl.version
+      raise ValueError('Invalid ecosystem.')
 
   return Purl(ecosystem, package, version)
diff --git a/osv/purl_helpers_test.py b/osv/purl_helpers_test.py
@@ -139,10 +139,11 @@ def test_parse_purl(self):
         ('Wolfi', 'test-package', '1.2.3'),
         purl_helpers.parse_purl('pkg:apk/wolfi/test-package@1.2.3'))
 
-    self.assertEqual(None, purl_helpers.parse_purl('pkg:bad/ubuntu/pygments'))
+    with self.assertRaises(ValueError):
+      purl_helpers.parse_purl('pkg:bad/ubuntu/pygments')
 
-    self.assertEqual(
-        None, purl_helpers.parse_purl('purl:apk/wolfi/test-package@1.2.3'))
+    with self.assertRaises(ValueError):
+      purl_helpers.parse_purl('purl:apk/wolfi/test-package@1.2.3')
 
     self.assertEqual(
         'Alpine',
