Encoding URI parts in PURL, removed unneeded code

aegilops · aegilops · commit 810fda3dccf5 · 2025-12-09T17:20:45.000Z
diff --git a/src/malwareAdvisories.ts b/src/malwareAdvisories.ts
@@ -181,13 +181,13 @@ export class MalwareAdvisorySync {
       request: agent ? { agent } : undefined
     });
 
-    this.cachePath = path.join(this.opts.cacheDir, CACHE_FILENAME);
+    this.cachePath = this.opts.cacheDir ? path.join(this.opts.cacheDir, CACHE_FILENAME) : undefined;
     this.cache = this.loadCache();
   }
 
   private loadCache(): MalwareAdvisoryCacheFile {
     if (!this.cachePath) {
-      console.warn("No cache path defined; cannot load malware advisory cache.");
+      console.debug("No cache path defined; cannot load malware advisory cache.");
       return { schemaVersion: 1, lastSync: new Date(0).toISOString(), advisories: [] };
     }
     try {
diff --git a/src/malwareMatcher.ts b/src/malwareMatcher.ts
@@ -173,13 +173,12 @@ export function matchMalware(advisories: MalwareAdvisoryNode[], sboms: Repositor
       const branchName = diff.head;
       for (const change of diff.changes) {
         if (change.changeType !== 'added' && change.changeType !== 'updated') continue;
-        let p: string | undefined = (change as { purl?: string }).purl;
-        if (!p && change.packageURL && change.packageURL.startsWith('pkg:')) p = change.packageURL;
+        let p = change.packageURL;
         if (!p && change.ecosystem && change.name && change.version) {
           if (ecosystemsWithNamespace.has(change.ecosystem) && change.namespace) {
-            p = `pkg:${change.ecosystem}/${change.namespace}/${change.name}${change.version ? '@' + change.version : ''}`;
+            p = `pkg:${change.ecosystem}/${encodeURIComponent(change.namespace)}/${encodeURIComponent(change.name)}${change.version ? '@' + change.version : ''}`;
           } else {
-            p = `pkg:${change.ecosystem}/${change.name}${change.version ? '@' + change.version : ''}`;
+            p = `pkg:${change.ecosystem}/${encodeURIComponent(change.name)}${change.version ? '@' + change.version : ''}`;
           }
         }
         if (!p) continue;

Original file line number	Diff line number	Diff line change
`@@ -181,13 +181,13 @@ export class MalwareAdvisorySync {`
`181`	`181`	`request: agent ? { agent } : undefined`
`182`	`182`	`});`
`183`	`183`
`184`		`- this.cachePath = path.join(this.opts.cacheDir, CACHE_FILENAME);`
	`184`	`+ this.cachePath = this.opts.cacheDir ? path.join(this.opts.cacheDir, CACHE_FILENAME) : undefined;`
`185`	`185`	`this.cache = this.loadCache();`
`186`	`186`	`}`
`187`	`187`
`188`	`188`	`private loadCache(): MalwareAdvisoryCacheFile {`
`189`	`189`	`if (!this.cachePath) {`
`190`		`- console.warn("No cache path defined; cannot load malware advisory cache.");`
	`190`	`+ console.debug("No cache path defined; cannot load malware advisory cache.");`
`191`	`191`	`return { schemaVersion: 1, lastSync: new Date(0).toISOString(), advisories: [] };`
`192`	`192`	`}`
`193`	`193`	`try {`