@@ -173,7 +173,7 @@ def build_maven_purl(uri):
173
173
# https://rubygems.org/downloads/jwt-0.1.8.gem
174
174
rubygems_pattern = (
175
175
r"^https?://rubygems.org/downloads/"
176
- r"(?P<name>.+-? )-(?P<version>.*? )"
176
+ r"(?P<name>.+)-(?P<version>.+ )"
177
177
r"(\.gem)$"
178
178
)
179
179
@@ -185,7 +185,7 @@ def build_rubygems_purl(uri):
185
185
186
186
# https://pypi.python.org/packages/source/p/python-openid/python-openid-2.2.5.zip
187
187
pypi_pattern = (
188
- r"(?P<name>.+-? )-(?P<version>.*? )"
188
+ r"(?P<name>.+)-(?P<version>.+ )"
189
189
r"\.(zip|tar.gz|tar.bz2)$"
190
190
)
191
191
@@ -210,7 +210,8 @@ def build_pypi_purl(uri):
210
210
# https://www.nuget.org/api/v2/package/Newtonsoft.Json/11.0.1
211
211
nuget_pattern1 = (
212
212
r"^https?://.*nuget.org/(api/v2/)?packages?/"
213
- r"(?P<name>.+-?)/(?P<version>.*?)$"
213
+ r"(?P<name>.+)/"
214
+ r"(?P<version>.+)$"
214
215
)
215
216
216
217
@@ -222,8 +223,9 @@ def build_nuget_purl(uri):
222
223
# https://api.nuget.org/v3-flatcontainer/newtonsoft.json/10.0.1/newtonsoft.json.10.0.1.nupkg
223
224
nuget_pattern2 = (
224
225
r"^https?://api.nuget.org/v3-flatcontainer/"
225
- r"(?P<name>.+-?)/(?P<version>.*?)/"
226
- r".*nupkg$"
226
+ r"(?P<name>.+)/"
227
+ r"(?P<version>.+)/"
228
+ r".*(nupkg)$" # ends with "nupkg"
227
229
)
228
230
229
231
@@ -235,8 +237,11 @@ def build_nuget_purl(uri):
235
237
# http://master.dl.sourceforge.net/project/libpng/zlib/1.2.3/zlib-1.2.3.tar.bz2
236
238
sourceforge_pattern = (
237
239
r"^https?://.*sourceforge.net/project/"
238
- r"(?P<namespace>.+-?)/(?P<name>.+-?)/(?P<version>[\.0-9]*?)/"
239
- r"(?P=name)-(?P=version).*$"
240
+ r"(?P<namespace>([^/]+))/" # do not allow more "/" segments
241
+ r"(?P<name>.+)/"
242
+ r"(?P<version>[0-9\.]+)/" # version restricted to digits and dots
243
+ r"(?P=name)-(?P=version).*" # {name}-{version} repeated in the filename
244
+ r"[^/]$" # not ending with "/"
240
245
)
241
246
242
247
0 commit comments