Fix lint + url encoding for new use case of ecosystem + '/'

Chai Tadmor · Chai Tadmor · commit 7b2e02d4d117 · 2025-12-29T17:21:27.000+02:00
diff --git a/osv/ecosystems/_ecosystems_test.py b/osv/ecosystems/_ecosystems_test.py
@@ -71,19 +71,23 @@ def test_root_ecosystem(self):
     self.assertIsNotNone(root_alpine)
 
     # Alpine format: -rXXXXX
-    self.assertLess(root_alpine.sort_key('1.0.0-r10071'),
-                    root_alpine.sort_key('1.0.0-r10072'))
-    self.assertLess(root_alpine.sort_key('1.0.0-r10071'),
-                    root_alpine.sort_key('2.0.0-r10071'))
+    self.assertLess(
+        root_alpine.sort_key('1.0.0-r10071'),
+        root_alpine.sort_key('1.0.0-r10072'))
+    self.assertLess(
+        root_alpine.sort_key('1.0.0-r10071'),
+        root_alpine.sort_key('2.0.0-r10071'))
 
     # Python format: +root.io.X
     root_pypi = ecosystems.get('Root:PyPI')
     self.assertIsNotNone(root_pypi)
-    self.assertLess(root_pypi.sort_key('1.0.0+root.io.1'),
-                    root_pypi.sort_key('1.0.0+root.io.2'))
+    self.assertLess(
+        root_pypi.sort_key('1.0.0+root.io.1'),
+        root_pypi.sort_key('1.0.0+root.io.2'))
 
     # Other format: .root.io.X
     root_debian = ecosystems.get('Root:Debian:12')
     self.assertIsNotNone(root_debian)
-    self.assertLess(root_debian.sort_key('1.0.0.root.io.1'),
-                    root_debian.sort_key('1.0.0.root.io.2'))
+    self.assertLess(
+        root_debian.sort_key('1.0.0.root.io.1'),
+        root_debian.sort_key('1.0.0.root.io.2'))
diff --git a/osv/purl_helpers.py b/osv/purl_helpers.py
@@ -142,7 +142,11 @@ def package_to_purl(ecosystem: str, package_name: str) -> str | None:
                                           'BellSoft Hardened Containers'):
     suffix = '?arch=source'
 
-  return f'pkg:{purl_ecosystem}/{_url_encode(package_name)}{suffix}'
+  # Encode package name: preserve '/' only when no namespace is defined
+  safe_chars = '' if purl_namespace else '/'
+  encoded_name = quote(package_name, safe=safe_chars)
+
+  return f'pkg:{purl_ecosystem}/{encoded_name}{suffix}'
 
 
 def parse_purl(purl_str: str) -> ParsedPURL | None:
diff --git a/osv/purl_helpers_test.py b/osv/purl_helpers_test.py
@@ -291,11 +291,13 @@ def test_parse_purl(self):
         ('Rocky Linux', 'test-package', '1.2.3'),
         purl_helpers.parse_purl('pkg:rpm/rocky-linux/test-package@1.2.3'))
 
-    self.assertEqual(('Root', 'root-nginx', '1.0.0-r10071'),
-                     purl_helpers.parse_purl('pkg:generic/root/root-nginx@1.0.0-r10071'))
+    self.assertEqual(
+        ('Root', 'root-nginx', '1.0.0-r10071'),
+        purl_helpers.parse_purl('pkg:generic/root/root-nginx@1.0.0-r10071'))
 
-    self.assertEqual(('Root', '@root/lodash', '4.17.21'),
-                     purl_helpers.parse_purl('pkg:generic/root/%40root%2Flodash@4.17.21'))
+    self.assertEqual(
+        ('Root', '@root/lodash', '4.17.21'),
+        purl_helpers.parse_purl('pkg:generic/root/%40root%2Flodash@4.17.21'))
 
     self.assertEqual(('RubyGems', 'test-package', '1.2.3'),
                      purl_helpers.parse_purl('pkg:gem/test-package@1.2.3'))
