feat: added PURL generation to PhpParser (#4016)

Co-authored-by: Joydeep Tripathy <[email protected]>

Author: joydeep049

cve_bin_tool/parsers/php.py

@@ -1,17 +1,45 @@
-# Copyright (C) 2022 Intel Corporation
+# Copyright (C) 2024 Intel Corporation
 # SPDX-License-Identifier: GPL-3.0-or-later
-
+"""Python script containing all functionalities related to parsing of php's composer.lock files."""
 import json
+import re
 
 from cve_bin_tool.parsers import Parser
 
 
 class PhpParser(Parser):
+    """
+    Parser for Php Composer.lock files.
+    This parser is designed to parse Php Composer.lock and
+    generate PURLs (Package URLs) for the listed packages.
+    """
+
     def __init__(self, cve_db, logger):
+        """Initialize the PhpParser."""
         super().__init__(cve_db, logger)
+        self.purl_pkg_type = "composer"
+
+    def generate_purl(self, product, version, vendor, qualifier={}, subpath=None):
+        """Generates PURL after normalizing all components."""
+        vendor = re.sub(r"[^a-zA-Z0-9._-]", "", vendor).lower()
+        product = re.sub(r"[^a-zA-Z0-9._-]", "", product).lower()
+        version = re.sub(r"[^a-zA-Z0-9.+-]", "", version)
+
+        if not vendor or not product or not version:
+            return None
+
+        purl = super().generate_purl(
+            product,
+            version,
+            vendor,
+            qualifier,
+            subpath,
+        )
+
+        return purl
 
     def run_checker(self, filename):
-        """Process package.lock file and extract product and dependency details"""
+        """Process composer.lock file and extract product and dependency details"""
         self.filename = filename
         with open(self.filename) as fh:
             data = json.load(fh)