BUG: Package mapping to PurlDB fails despite exact match existing #383
Description
Describe the bug
DejaCode v5.4.0 fails to map packages to their corresponding PurlDB entries, despite these entries in PurlDB existing and even having an exact match for the same PURL. This manifests itself with the PurlDB tab being greyed-out for the package and "Improve Packages from PurlDB" not finding any data to import.
For instance the packages pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.3?type=jar has two related entries in the PurlDB one for pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.3?classifier=sources&type=jar and one for pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.3?type=jar. The latter should be an exact match.
These issues may be related to changes made for #307
To Reproduce
Steps to reproduce the behavior:
- Import an SBOM, we tested this with maven packages
- Run
load_sbomandpopulate_purldbpipeline in ScanCode.io - Manually verify in DejaCode that entries for the package exist in PurlDB
- Check that the PurlDB tab is greyed-out for the package anyway
Expected behavior
DejaCode should be able to establish a mapping between packages and PurlDB entries, especially if an exakt match with qualifiers exists. If there is some conflict regarding multiple entries with different qualifiers existing and potentially applying, then such a conflict needs to be resolved
Screenshots
Context (OS, Browser, Device, etc.):
n.a.