The CPAN urls with :: doesn't pass syntax check in Python lib

[oej]

The python lib fails to parse the CPAN URLs with two "::" in the name.

DEBUG: Not a valid PURL: pkg:cpan/LWP::UserAgent
ERROR: Invalid purl 'pkg:cpan/LWP::UserAgent' cannot contain a "user:pass@host:port" URL Authority component: ''.

Either the CPAN spec is wrong or the python library ;-)

[sjn]

The CPAN spec is right – it has two way to specify dependency (just as other tooling used for interacting with CPAN does):

1. Modules, which MAY contain :: as namespace delimiters, and MUST NOT contain a - in it's name
2. Distributions, which MUST NOT contain :: in it's name, and which MAY contain - as namespace delimiters

I'd say it's the python library which doesn't follow the spec. 🐍

[matt-phylum]

This test should be added to the test suite:

{
  "description": "valid cpan purl",
  "purl": "pkg:cpan/LWP%3A%3AUserAgent",
  "canonical_purl": "pkg:cpan/LWP::UserAgent",
  "type": "cpan",
  "namespace": null,
  "name": "LWP::UserAgent",
  "version": null,
  "qualifiers": null,
  "subpath": null,
  "is_invalid": false
}

The following implementations fail it:

• anchore/packageurl-go, maennchen/purl: unnecessarily escaped name is incorrectly decoded
• package-url/packageurl-go, package-url/packageurl-java, package-url/packageurl-js, package-url/packageurl-ruby: non-canonical formatting
• package-url/packageurl-python: error while parsing canonical form

[giterlizzi]

Hi, The #325 PR contains new proposed tests for CPAN.

[oej]

Opened package-url/packageurl-python#165