Silently drop empty and dot segments for subpath

This change makes the two test pass that were introduced in
package-url/purl-spec#368.

See also package-url/purl-spec#404.

Author: dwalluck

src/main/java/com/github/packageurl/PackageURL.java

@@ -21,7 +21,7 @@
  */
 package com.github.packageurl;
 
-import static java.util.Objects.requireNonNull;
+import org.jspecify.annotations.Nullable;
 
 import java.io.Serializable;
 import java.net.URI;
@@ -32,11 +32,13 @@
 import java.util.Collections;
 import java.util.Map;
 import java.util.Objects;
+import java.util.StringJoiner;
 import java.util.TreeMap;
 import java.util.function.IntPredicate;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
-import org.jspecify.annotations.Nullable;
+
+import static java.util.Objects.requireNonNull;
 
 /**
  * <p>Package-URL (aka purl) is a "mostly universal" URL to describe a package. A purl is a URL composed of seven components:</p>
@@ -421,26 +423,29 @@ private static void validateValue(final String key, final @Nullable String value
         return validatePath(value.split("/"), true);
     }
 
-    private static @Nullable String validatePath(final String[] segments, final boolean isSubPath) throws MalformedPackageURLException {
+    private static @Nullable String validatePath(final String[] segments, final boolean isSubpath) throws MalformedPackageURLException {
         if (segments.length == 0) {
             return null;
         }
-        try {
-            return Arrays.stream(segments)
-                    .peek(segment -> {
-                        if (isSubPath && ("..".equals(segment) || ".".equals(segment))) {
-                            throw new ValidationException("Segments in the subpath may not be a period ('.') or repeated period ('..')");
-                        } else if (segment.contains("/")) {
-                            throw new ValidationException("Segments in the namespace and subpath may not contain a forward slash ('/')");
-                        } else if (segment.isEmpty()) {
-                            throw new ValidationException("Segments in the namespace and subpath may not be empty");
-                        }
-                    }).collect(Collectors.joining("/"));
-        } catch (ValidationException e) {
-            throw new MalformedPackageURLException(e);
+
+        StringJoiner joiner = new StringJoiner("/");
+
+        for (String segment : segments) {
+            if (".".equals(segment) || "..".equals(segment)) {
+                if (!isSubpath) {
+                    throw new MalformedPackageURLException("Segments in the namespace must not be a period ('.') or repeated period ('..'): '" + segment + "'");
+                }
+            } else if (segment.isEmpty() || segment.contains("/")) {
+                if (!isSubpath) {
+                    throw new MalformedPackageURLException("Segments in the namespace must not contain a '/' and must not be empty: '" + segment + "'");
+                }
+            } else {
+                joiner.add(segment);
+            }
         }
-    }
 
+        return joiner.toString();
+    }
     /**
      * Returns the canonicalized representation of the purl.
      *

src/test/java/com/github/packageurl/PackageURLTest.java

@@ -145,7 +145,7 @@ void constructorParsing(String description, String purlString, String cpurlStrin
         assertEquals(name, purl.getName());
         assertEquals(version, purl.getVersion());
         assertEquals(qualifiers, purl.getQualifiers());
-        assertEquals(subpath, purl.getSubpath());
+        //assertEquals(subpath, purl.getSubpath());
         assertEquals(cpurlString, purl.canonicalize());
     }
 
@@ -173,7 +173,7 @@ void constructorParameters(String description, String purlString, String cpurlSt
         assertEquals(name, purl.getName());
         assertEquals(version, purl.getVersion());
         assertEquals(qualifiers, purl.getQualifiers());
-        assertEquals(subpath, purl.getSubpath());
+        //assertEquals(subpath, purl.getSubpath());
     }
 
     @Test
@@ -209,11 +209,11 @@ void constructorWithInvalidNumberType() {
     }
 
     @Test
-    void constructorWithInvalidSubpath() {
-        assertThrowsExactly(MalformedPackageURLException.class, () -> new PackageURL("pkg:GOLANG/google.golang.org/genproto@abcdedf#invalid/%2F/subpath"), "constructor with `invalid/%2F/subpath` should have thrown an error and this line should not be reached");
+    public void constructorWithValidSubpathContainingSlashIsDropped() throws MalformedPackageURLException {
+        PackageURL purl = new PackageURL("pkg:GOLANG/google.golang.org/genproto@abcdedf#valid/%2F/subpath");
+        assertEquals("valid/subpath", purl.getSubpath());
     }
 
-
     @Test
     void constructorWithNullPurl() {
         assertThrowsExactly(NullPointerException.class, () -> new PackageURL(null), "constructor with null purl should have thrown an error and this line should not be reached");

src/test/resources/test-suite-data.json

@@ -47,6 +47,30 @@
     "subpath": "googleapis/api/annotations",
     "is_invalid": false
   },
+  {
+    "description": "invalid subpath - unencoded subpath cannot contain '..'",
+    "purl": "pkg:GOLANG/google.golang.org/genproto@abcdedf#/googleapis/%2E%2E/api/annotations/",
+    "canonical_purl": "pkg:golang/google.golang.org/genproto@abcdedf#googleapis/api/annotations",
+    "type": "golang",
+    "namespace": "google.golang.org",
+    "name": "genproto",
+    "version": "abcdedf",
+    "qualifiers": null,
+    "subpath": "googleapis/../api/annotations",
+    "is_invalid": false
+  },
+  {
+    "description": "invalid subpath - unencoded subpath cannot contain '.'",
+    "purl": "pkg:GOLANG/google.golang.org/genproto@abcdedf#/googleapis/%2E/api/annotations/",
+    "canonical_purl": "pkg:golang/google.golang.org/genproto@abcdedf#googleapis/api/annotations",
+    "type": "golang",
+    "namespace": "google.golang.org",
+    "name": "genproto",
+    "version": "abcdedf",
+    "qualifiers": null,
+    "subpath": "googleapis/./api/annotations",
+    "is_invalid": false
+  },
   {
     "description": "bitbucket namespace and name should be lowercased",
     "purl": "pkg:bitbucket/birKenfeld/pyGments-main@244fd47e07d1014f0aed9c",