Enables purls in jam update-dependencies

Author: Sophie Wigmore

cargo/config.go

@@ -48,6 +48,7 @@ type ConfigMetadata struct {
 
 type ConfigMetadataDependency struct {
 	CPE             string     `toml:"cpe"              json:"cpe,omitempty"`
+	PURL            string     `toml:"purl"              json:"purl,omitempty"`
 	DeprecationDate *time.Time `toml:"deprecation_date" json:"deprecation_date,omitempty"`
 	ID              string     `toml:"id"               json:"id,omitempty"`
 	Licenses        []string   `toml:"licenses"         json:"licenses,omitempty"`

cargo/config_test.go

@@ -63,6 +63,7 @@ func testConfig(t *testing.T, context spec.G, it spec.S) {
 					Dependencies: []cargo.ConfigMetadataDependency{
 						{
 							CPE:             "some-cpe",
+							PURL:            "some-purl",
 							DeprecationDate: &deprecationDate,
 							ID:              "some-dependency",
 							Licenses:        []string{"fancy-license", "fancy-license-2"},
@@ -124,6 +125,7 @@ api = "0.2"
 
 [[metadata.dependencies]]
   cpe = "some-cpe"
+  purl = "some-purl"
   deprecation_date = "2020-06-01T00:00:00Z"
   id = "some-dependency"
 	licenses = ["fancy-license", "fancy-license-2"]
@@ -223,6 +225,7 @@ api = "0.2"
 
 [[metadata.dependencies]]
   cpe = "some-cpe"
+  purl = "some-purl"
   id = "some-dependency"
 	licenses = ["fancy-license", "fancy-license-2"]
   name = "Some Dependency"
@@ -291,6 +294,7 @@ api = "0.2"
 					Dependencies: []cargo.ConfigMetadataDependency{
 						{
 							CPE:          "some-cpe",
+							PURL:         "some-purl",
 							ID:           "some-dependency",
 							Licenses:     []string{"fancy-license", "fancy-license-2"},
 							Name:         "Some Dependency",

cargo/jam/internal/dependency.go

@@ -27,6 +27,7 @@ type Dependency struct {
 	CreatedAt    string   `json:"created_at,omitempty"`
 	ModifedAt    string   `json:"modified_at,omitempty"`
 	CPE          string   `json:"cpe,omitempty"`
+	PURL         string   `json:"purl,omitempty"`
 	Licenses     []string `json:"licenses,omitempty"`
 }
 
@@ -129,6 +130,7 @@ func convertToCargoDependency(dependency Dependency, dependencyName string) carg
 	}
 
 	cargoDependency.CPE = dependency.CPE
+	cargoDependency.PURL = dependency.PURL
 	cargoDependency.ID = dependency.ID
 	cargoDependency.Name = dependencyName
 	cargoDependency.SHA256 = dependency.SHA256

cargo/jam/internal/dependency_test.go

@@ -38,6 +38,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 				CreatedAt: "sometime",
 				ModifedAt: "another-time",
 				CPE:       "cpe-notation",
+				PURL:      "some-purl",
 				Licenses: []string{
 					"fancy-license",
 					"fancy-license-2",
@@ -59,6 +60,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 				CreatedAt: "sometime",
 				ModifedAt: "another-time",
 				CPE:       "cpe-notation",
+				PURL:      "some-purl",
 				Licenses: []string{
 					"fancy-license",
 					"fancy-license-2",
@@ -80,6 +82,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 				CreatedAt: "sometime",
 				ModifedAt: "another-time",
 				CPE:       "cpe-notation",
+				PURL:      "some-purl",
 				Licenses: []string{
 					"fancy-license",
 					"fancy-license-2",
@@ -101,6 +104,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 				CreatedAt: "sometime",
 				ModifedAt: "another-time",
 				CPE:       "cpe-notation",
+				PURL:      "some-purl",
 				Licenses: []string{
 					"fancy-license",
 					"fancy-license-2",
@@ -122,6 +126,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 				CreatedAt: "sometime",
 				ModifedAt: "another-time",
 				CPE:       "cpe-notation",
+				PURL:      "some-purl",
 				Licenses: []string{
 					"fancy-license",
 					"fancy-license-2",
@@ -162,6 +167,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
     "created_at": "sometime",
     "modified_at": "another-time",
 		"cpe": "cpe-notation",
+		"purl": "some-purl",
 		"deprecation_date": "",
 		"licenses": ["fancy-license", "fancy-license-2"]
   },
@@ -180,6 +186,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
     "created_at": "sometime",
     "modified_at": "another-time",
 		"cpe": "cpe-notation",
+		"purl": "some-purl",
 		"licenses": ["fancy-license", "fancy-license-2"]
   },
   {
@@ -197,6 +204,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
     "created_at": "sometime",
     "modified_at": "another-time",
 		"cpe": "cpe-notation",
+		"purl": "some-purl",
 		"licenses": ["fancy-license", "fancy-license-2"]
   },
   {
@@ -214,6 +222,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
     "created_at": "sometime",
     "modified_at": "another-time",
 		"cpe": "cpe-notation",
+		"purl": "some-purl",
 		"licenses": ["fancy-license", "fancy-license-2"]
   },
   {
@@ -231,6 +240,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
     "created_at": "sometime",
     "modified_at": "another-time",
 		"cpe": "cpe-notation",
+		"purl": "some-purl",
 		"licenses": ["fancy-license", "fancy-license-2"]
   }
 ]`)
@@ -302,6 +312,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 				Expect(dependencies).To(Equal([]cargo.ConfigMetadataDependency{
 					{
 						CPE:          "cpe-notation",
+						PURL:         "some-purl",
 						ID:           "some-dep",
 						Licenses:     []string{"fancy-license", "fancy-license-2"},
 						Version:      "1.0.0",
@@ -313,6 +324,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 					},
 					{
 						CPE:          "cpe-notation",
+						PURL:         "some-purl",
 						ID:           "some-dep",
 						Licenses:     []string{"fancy-license", "fancy-license-2"},
 						Version:      "1.1.2",
@@ -324,6 +336,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 					},
 					{
 						CPE:          "cpe-notation",
+						PURL:         "some-purl",
 						ID:           "some-dep",
 						Licenses:     []string{"fancy-license", "fancy-license-2"},
 						Version:      "1.5.6",
@@ -375,6 +388,7 @@ func testDependency(t *testing.T, context spec.G, it spec.S) {
 							CreatedAt: "sometime",
 							ModifedAt: "another-time",
 							CPE:       "cpe-notation",
+							PURL:      "some-purl",
 							Licenses:  []string{"fancy-license", "fancy-license-2"},
 						},
 					}

cargo/jam/update_dependencies_test.go

@@ -56,6 +56,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
     "source": "some-source",
     "source_sha256": "some-source-sha",
 		"cpe": "node-cpe",
+		"purl": "some-purl",
 		"licenses": ["MIT", "MIT-2"]
 	},
   {
@@ -71,6 +72,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
     "source": "some-source",
     "source_sha256": "some-source-sha",
 		"cpe": "node-cpe",
+		"purl": "some-purl",
 		"licenses": ["MIT", "MIT-2"]
 	},
   {
@@ -86,6 +88,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
     "source": "some-source",
     "source_sha256": "some-source-sha",
 		"cpe": "node-cpe",
+		"purl": "some-purl",
 		"licenses": ["MIT", "MIT-2"]
 	},
   {
@@ -101,6 +104,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
     "source": "some-source",
     "source_sha256": "some-source-sha",
 		"cpe": "node-cpe",
+		"purl": "some-purl",
 		"licenses": ["MIT", "MIT-2"]
 	}]`)
 				}
@@ -131,6 +135,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
 
 					[[metadata.dependencies]]
 					  cpe = "node-cpe"
+					  purl = "some-purl"
 						id = "node"
 						name = "Node Engine"
 						sha256 = "some-sha"
@@ -142,6 +147,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
 
 					[[metadata.dependencies]]
 					  cpe = "node-cpe"
+					  purl = "some-purl"
 						id = "node"
 						name = "Node Engine"
 						sha256 = "some-sha"
@@ -153,6 +159,7 @@ func testUpdateDependencies(t *testing.T, context spec.G, it spec.S) {
 
 					[[metadata.dependencies]]
 					  cpe = "node-cpe"
+					  purl = "some-purl"
 						id = "node"
 						name = "Node Engine"
 						sha256 = "some-sha"
@@ -212,6 +219,7 @@ api = "0.2"
 
 [[metadata.dependencies]]
 	cpe = "node-cpe"
+	purl = "some-purl"
 	id = "node"
 	licenses = ["MIT", "MIT-2"]
 	name = "Node Engine"
@@ -224,6 +232,7 @@ api = "0.2"
 
 [[metadata.dependencies]]
 	cpe = "node-cpe"
+	purl = "some-purl"
 	id = "node"
 	licenses = ["MIT", "MIT-2"]
 	name = "Node Engine"
@@ -236,6 +245,7 @@ api = "0.2"
 
 [[metadata.dependencies]]
 	cpe = "node-cpe"
+	purl = "some-purl"
 	id = "node"
 	licenses = ["MIT", "MIT-2"]
 	name = "Node Engine"
@@ -276,6 +286,7 @@ api = "0.2"
 
 				[[metadata.dependencies]]
 	        cpe = "node-cpe"
+					purl = "some-purl"
 					id = "node"
 					licenses = ["MIT", "MIT-2"]
 					name = "Node Engine"
@@ -330,6 +341,7 @@ api = "0.2"
 
 [[metadata.dependencies]]
 	cpe = "node-cpe"
+	purl = "some-purl"
 	id = "node"
 	licenses = ["MIT", "MIT-2"]
 	name = "Node Engine"
@@ -366,6 +378,7 @@ api = "0.2"
 
 				[[metadata.dependencies]]
 	        cpe = "node-cpe"
+					purl = "some-purl"
 					id = "node"
 					name = "Node Engine"
 					licenses = ["MIT", "MIT-2"]
@@ -420,6 +433,7 @@ api = "0.2"
 
 [[metadata.dependencies]]
 	cpe = "node-cpe"
+	purl = "some-purl"
 	id = "node"
 	licenses = ["MIT", "MIT-2"]
 	name = "Node Engine"
@@ -510,6 +524,7 @@ api = "0.2"
 
 					[[metadata.dependencies]]
 	          cpe = "non-existent-cpe"
+						purl = "non-existent-purl"
 						id = "non-existent"
 					  licenses = ["MIT", "MIT-2"]
 						sha256 = "some-sha"