Skip to content

Commit 1723c49

Browse files
pombredannepombredanne
committed
Add extra validation to qualifiers
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
1 parent 31e320d commit 1723c49

File tree

2 files changed

+12
-1
lines changed

2 files changed

+12
-1
lines changed

src/packageurl.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,10 @@ def normalize_qualifiers(qualifiers, encode=True): # NOQA
165165
qualifiers = qualifiers.decode('utf-8')
166166
# decode string to list of tuples
167167
qualifiers = qualifiers.split('&')
168+
if not all('=' in kv for kv in qualifiers):
169+
raise ValueError(
170+
'Invalid qualifier. '
171+
'Must be a string of key=value pairs:{}'.format(repr(qualifiers)))
168172
qualifiers = [kv.partition('=') for kv in qualifiers]
169173
qualifiers = [(k, v) for k, _, v in qualifiers]
170174
elif isinstance(qualifiers, dict):

test_purl.py

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -199,7 +199,6 @@ def test_create_PackageURL_from_qualifiers_dict(self):
199199
subpath)
200200
assert canonical_purl == purl.to_string()
201201

202-
203202
def test_normalize_encode_can_take_unicode_with_non_ascii_with_slash(self):
204203
uncd = u'núcleo/núcleo'
205204
normal = normalize(
@@ -244,3 +243,11 @@ def test_normalize_encode_always_reencodes(self):
244243
u'n%25c3%25bacleo/n%25c3%25bacleo'
245244
)
246245
assert expected == normal
246+
247+
def test_qualifiers_must_be_key_value_pairs(self):
248+
purl = 'pkg:maven/org.apache.xmlgraphics/batik-anim@1.9.1?this+is+not+a+key_value'
249+
try:
250+
PackageURL.from_string(purl)
251+
self.fail('Failed to raise exception for invalid qualifiers')
252+
except ValueError as ve:
253+
assert 'Invalid qualifier. Must be a string of key=value pairs' in str(ve)

0 commit comments

Comments
 (0)