Do not crash when the name is None from purl (#82)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
AppThreat · Jan 3, 2024 · b53096f · b53096f
1 parent d9d6e35
commit b53096f
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "appthreat-vulnerability-db"
-version = "5.5.7"
+version = "5.5.8"
 description = "AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities."
 authors = [
     {name = "Team AppThreat", email = "cloud@appthreat.com"},

diff --git a/test/test_utils.py b/test/test_utils.py
@@ -693,3 +693,4 @@ def test_parse_purl():
         "qualifiers": None,
         "subpath": None,
     }
+    assert utils.parse_purl("pkg:gem/remote:@https:%2F%2Frubygems.org%2F") == {}
diff --git a/vdb/lib/db.py b/vdb/lib/db.py
@@ -219,6 +219,10 @@ def bulk_index_search(pkg_list):
                     # Fallback to using type as the vendor
                     vendor = pkg_type
             name = purl_obj.get("name")
+            # Handle invalid purl that could lead to name becoming None
+            # See #81
+            if not name:
+                name = pkg.get("name")
             version = purl_obj.get("version")
         else:
             vendor = pkg.get("vendor")