intel · terriko · Apr 16, 2024 · Apr 7, 2024 · Apr 9, 2024 · Apr 16, 2024
diff --git a/cve_bin_tool/parsers/dart.py b/cve_bin_tool/parsers/dart.py
@@ -1,6 +1,8 @@
 # Copyright (C) 2024 Intel Corporation
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+import re
+
 import yaml
 
 from cve_bin_tool.parsers import Parser
@@ -15,6 +17,29 @@ class DartParser(Parser):
 
     def __init__(self, cve_db, logger):
         super().__init__(cve_db, logger)
+        self.purl_pkg_type = "pub"
+
+    def generate_purl(self, product, version, vendor, qualifier={}, subpath=None):
+        """
+        Generates PURL after normalizing all components.
+        pubspec: https://dart.dev/tools/pub/pubspec#name
+        purl-spec for pub: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#pub
+        """
+        # Normalize product, version, and vendor for Dart packages
+        product = re.sub(r"[^a-zA-Z0-9_]", "", product).lower()
+        version = re.sub(r"[^a-z0-9.+-]", "", version)
+        vendor = "UNKNOWN"  # The vendor is not explicitly defined for pub packages
+        if not product or not version:
+            return None
+        purl = super().generate_purl(
+            product,
+            version,
+            vendor,
+            qualifier,
+            subpath,
+        )
+
+        return purl
 
     def run_checker(self, filename):
         """