github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/language/golang/purl/purl.go

github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/language/golang/purl/purl.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package purl converts Go package details into a Go PackageURL.
    16  package purl
    17  
    18  import (
    19  	"strings"
    20  
    21  	"github.com/google/osv-scalibr/purl"
    22  )
    23  
    24  // MakePackageURL returns a package URL following the purl Golang spec:
    25  //   - There is no default package repository: this is implied in the namespace using the go get
    26  //     command conventions.
    27  //   - The namespace and name must be lowercased.
    28  //
    29  // See: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#golang
    30  func MakePackageURL(name string, version string) *purl.PackageURL {
    31  	name = strings.ToLower(name)
    32  	namespace := ""
    33  	nameParts := strings.Split(name, "/")
    34  	if len(nameParts) > 1 {
    35  		name = nameParts[len(nameParts)-1]
    36  		namespace = strings.Join(nameParts[:len(nameParts)-1], "/")
    37  	}
    38  	return &purl.PackageURL{
    39  		Type:      purl.TypeGolang,
    40  		Name:      name,
    41  		Namespace: namespace,
    42  		Version:   version,
    43  	}
    44  }