From 1248522eb220e5b88990aabfcfea4af5bb7cb2de Mon Sep 17 00:00:00 2001
From: hi-rustin <rustin.liu@gmail.com>
Date: Mon, 11 Dec 2023 10:11:29 +0800
Subject: [PATCH] fix: validate package name from URL

Signed-off-by: hi-rustin <rustin.liu@gmail.com>
---
 src/cargo/util_schemas/core/package_id_spec.rs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/cargo/util_schemas/core/package_id_spec.rs b/src/cargo/util_schemas/core/package_id_spec.rs
index 60f0a671c43..ac33a2bc1fc 100644
--- a/src/cargo/util_schemas/core/package_id_spec.rs
+++ b/src/cargo/util_schemas/core/package_id_spec.rs
@@ -197,6 +197,10 @@ impl PackageIdSpec {
                 None => (String::from(path_name), None),
             }
         };
+        if name.is_empty() {
+            bail!("package ID specification must have a name: `{url}`");
+        }
+        validate_package_name(name.as_str(), "pkgid", "")?;
         Ok(PackageIdSpec {
             name,
             version,
@@ -601,7 +605,7 @@ mod tests {
         )
         .is_err());
         assert!(PackageIdSpec::parse("@1.2.3").is_err());
-        assert!(PackageIdSpec::parse("registry+https://github.com").is_ok());
-        assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_ok())
+        assert!(PackageIdSpec::parse("registry+https://github.com").is_err());
+        assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_err())
     }
 }