Added PURL validation to prevent qualifiers with keys and no value

Author: jdaigneau5

src/controller/cve.controller/cve.middleware.js

@@ -219,11 +219,17 @@ function purlValidateHelper (affected) {
       throw new Error('The PURL version component is currently not supported by the CVE schema: ' + purlStr)
     }
 
-    // Check for versions within qualifiers
+    // Handle qualifier cases
     if (purlObj.qualifiers !== undefined) {
+      // Check for versions within qualifiers
       if (Object.keys(purlObj.qualifiers).includes('vers')) {
         throw new Error('PURL versions are currently not supported by the CVE schema: ' + purlStr)
       }
+
+      // Check for qualifier with key but no value
+      if ((Array.from(parsedPurlArray[4].values()).includes(''))) {
+        throw new Error('Qualifier keys must have a value: ' + purlStr)
+      }
     }
 
     // PackageURL does not properly prevent encoded ':', so check for that here