Merge pull request #3351 from nexB/port-v31.2.5-hotfix

Port v31.2.5 hotfix

Author: pombredanne

CHANGELOG.rst

@@ -203,10 +203,20 @@ License detection:
 
   See https://github.com/nexB/scancode-toolkit/issues/3343
 
-v31.2.5 - 2023-04-21
+
+v31.2.6 - 2023-04-25
+----------------------------------
+
+This is a minor hotfix release.
+
+This fix a crash when parsing a .deb Dbeian package filename
+reported in https://github.com/nexB/scancode-toolkit/issues/3259
+
+
+v31.2.5 - 2023-01-09
 ----------------------------------
 
-This is a minor backport release.
+This is a minor fix backport release.
 
 This adds license rule changes and was requested here: 
 https://github.com/nexB/scancode-toolkit/issues/3310

src/packagedcode/debian.py

@@ -15,6 +15,7 @@
 from debian_inspector.debcon import get_paragraph_data_from_file
 from debian_inspector.debcon import get_paragraphs_data_from_file
 from debian_inspector.package import DebArchive
+from debian_inspector.version import Version as DebVersion
 from packageurl import PackageURL
 
 from packagedcode import models
@@ -516,7 +517,7 @@ def assign_package_to_resources(cls, package, resource, codebase, package_adder)
             return models.DatafileHandler.assign_package_to_resources(package, root, codebase, package_adder)
 
 
-def build_package_data_from_package_filename(filename, datasource_id, package_type,):
+def build_package_data_from_package_filename(filename, datasource_id, package_type):
     """
     Return a PackageData built from the filename of a Debian package archive.
     """
@@ -529,11 +530,15 @@ def build_package_data_from_package_filename(filename, datasource_id, package_ty
     else:
         qualifiers = {}
 
+    version = deb.version
+    if isinstance(version, DebVersion):
+        version = str(version)
+
     return models.PackageData(
         datasource_id=datasource_id,
         type=package_type,
         name=deb.name,
-        version=deb.version,
+        version=version,
         qualifiers=qualifiers,
     )
 

tests/packagedcode/test_debian.py

@@ -17,6 +17,8 @@
 from scancode.cli_test_utils import check_json_scan
 from scancode.cli_test_utils import run_scan_click
 from scancode_config import REGEN_TEST_FIXTURES
+from packagedcode.debian import build_package_data_from_package_filename
+from packagedcode.debian import DebianDebPackageHandler
 
 
 @skipIf(on_windows, 'These tests contain files that are not legit on Windows.')
@@ -146,3 +148,35 @@ def test_parse_debian_files_list_with_arch(self):
 
         expected_loc = self.get_test_loc('debian/files-md5sums/mokutil-amd64.md5sums.expected.json', must_exist=False)
         self.check_packages_data(results, expected_loc, must_exist=False, regen=REGEN_TEST_FIXTURES)
+
+    def test_build_package_data_from_package_filename_deb_does_not_crash_on_version(self):
+        filename = 'libapache2-mod-md_2.4.38-3+deb10u10_amd64.deb'
+        result = build_package_data_from_package_filename(
+            filename=filename,
+            datasource_id='debian_deb',
+            package_type='deb',
+        )
+        assert str(result.purl) == 'pkg:deb/[email protected]%2Bdeb10u10?architecture=amd64'
+
+    def test_build_package_data_from_package_filename_orig_sdoes_not_crash_on_version(self):
+        filename = 'abseil_0~20200923.3.orig.tar.gz'
+        result = build_package_data_from_package_filename(
+            filename=filename,
+            datasource_id='debian_deb',
+            package_type='deb',
+        )
+        assert str(result.purl) == 'pkg:deb/abseil@0~20200923.3'
+
+    def test_build_package_data_from_package_filename_debian_tar_sdoes_not_crash_on_version(self):
+        filename = 'abseil_20220623.1-1.debian.tar.xz'
+        result = build_package_data_from_package_filename(
+            filename=filename,
+            datasource_id='debian_deb',
+            package_type='deb',
+        )
+        assert str(result.purl) == 'pkg:deb/[email protected]'
+
+    def test_DebianDebPackageHandler_parse_does_not_crash_on_version(self):
+        location = 'foo/bar/libapache2-mod-md_2.4.38-3+deb10u10_amd64.deb'
+        result = list(DebianDebPackageHandler.parse(location))[0]
+        assert str(result.purl) == 'pkg:deb/[email protected]%2Bdeb10u10?architecture=amd64'