From a7ff31fbfe2c2893ee974b29b2a4a6cea5bd3e78 Mon Sep 17 00:00:00 2001
From: hi-rustin <rustin.liu@gmail.com>
Date: Mon, 11 Dec 2023 10:08:38 +0800
Subject: [PATCH 1/5] test: add a case for parsing empty names

Signed-off-by: hi-rustin <rustin.liu@gmail.com>
---
 src/cargo/util_schemas/core/package_id_spec.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/cargo/util_schemas/core/package_id_spec.rs b/src/cargo/util_schemas/core/package_id_spec.rs
index cc3f70ff852b..37f2f9a962f7 100644
--- a/src/cargo/util_schemas/core/package_id_spec.rs
+++ b/src/cargo/util_schemas/core/package_id_spec.rs
@@ -597,5 +597,6 @@ mod tests {
             "sparse+https://github.com/rust-lang/cargo#0.52.0?branch=dev"
         )
         .is_err());
+        assert!(PackageIdSpec::parse("@1.2.3").is_ok());
     }
 }

From b1642b51a5ee48e31302737da096eabb1e8ac03f Mon Sep 17 00:00:00 2001
From: hi-rustin <rustin.liu@gmail.com>
Date: Mon, 11 Dec 2023 10:09:35 +0800
Subject: [PATCH 2/5] fix: validate if name is empty

Signed-off-by: hi-rustin <rustin.liu@gmail.com>
---
 src/cargo/util_schemas/core/package_id_spec.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cargo/util_schemas/core/package_id_spec.rs b/src/cargo/util_schemas/core/package_id_spec.rs
index 37f2f9a962f7..86cc01f11da9 100644
--- a/src/cargo/util_schemas/core/package_id_spec.rs
+++ b/src/cargo/util_schemas/core/package_id_spec.rs
@@ -98,6 +98,9 @@ impl PackageIdSpec {
             Some(version) => Some(version.parse::<PartialVersion>()?),
             None => None,
         };
+        if name.is_empty() {
+            bail!("package ID specification must have a name: `{spec}`");
+        }
         validate_package_name(name, "pkgid", "")?;
         Ok(PackageIdSpec {
             name: String::from(name),
@@ -597,6 +600,6 @@ mod tests {
             "sparse+https://github.com/rust-lang/cargo#0.52.0?branch=dev"
         )
         .is_err());
-        assert!(PackageIdSpec::parse("@1.2.3").is_ok());
+        assert!(PackageIdSpec::parse("@1.2.3").is_err());
     }
 }

From 442636b9499f9e292e42aeb152651865a26492c5 Mon Sep 17 00:00:00 2001
From: hi-rustin <rustin.liu@gmail.com>
Date: Mon, 11 Dec 2023 10:10:21 +0800
Subject: [PATCH 3/5] test: add a case for parsing URL spec without name

Signed-off-by: hi-rustin <rustin.liu@gmail.com>
---
 src/cargo/util_schemas/core/package_id_spec.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/cargo/util_schemas/core/package_id_spec.rs b/src/cargo/util_schemas/core/package_id_spec.rs
index 86cc01f11da9..4e6d9e59475a 100644
--- a/src/cargo/util_schemas/core/package_id_spec.rs
+++ b/src/cargo/util_schemas/core/package_id_spec.rs
@@ -601,5 +601,6 @@ mod tests {
         )
         .is_err());
         assert!(PackageIdSpec::parse("@1.2.3").is_err());
+        assert!(PackageIdSpec::parse("registry+https://github.com").is_ok());
     }
 }

From 4dc1178281f84e97168e0628ad1418b0a7e6a74f Mon Sep 17 00:00:00 2001
From: hi-rustin <rustin.liu@gmail.com>
Date: Mon, 11 Dec 2023 10:10:54 +0800
Subject: [PATCH 4/5] test: add a case for bad package URLs starting with
 numbers

Signed-off-by: hi-rustin <rustin.liu@gmail.com>
---
 src/cargo/util_schemas/core/package_id_spec.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/cargo/util_schemas/core/package_id_spec.rs b/src/cargo/util_schemas/core/package_id_spec.rs
index 4e6d9e59475a..60f0a671c435 100644
--- a/src/cargo/util_schemas/core/package_id_spec.rs
+++ b/src/cargo/util_schemas/core/package_id_spec.rs
@@ -602,5 +602,6 @@ mod tests {
         .is_err());
         assert!(PackageIdSpec::parse("@1.2.3").is_err());
         assert!(PackageIdSpec::parse("registry+https://github.com").is_ok());
+        assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_ok())
     }
 }

From 1248522eb220e5b88990aabfcfea4af5bb7cb2de Mon Sep 17 00:00:00 2001
From: hi-rustin <rustin.liu@gmail.com>
Date: Mon, 11 Dec 2023 10:11:29 +0800
Subject: [PATCH 5/5] fix: validate package name from URL

Signed-off-by: hi-rustin <rustin.liu@gmail.com>
---
 src/cargo/util_schemas/core/package_id_spec.rs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/cargo/util_schemas/core/package_id_spec.rs b/src/cargo/util_schemas/core/package_id_spec.rs
index 60f0a671c435..ac33a2bc1fcd 100644
--- a/src/cargo/util_schemas/core/package_id_spec.rs
+++ b/src/cargo/util_schemas/core/package_id_spec.rs
@@ -197,6 +197,10 @@ impl PackageIdSpec {
                 None => (String::from(path_name), None),
             }
         };
+        if name.is_empty() {
+            bail!("package ID specification must have a name: `{url}`");
+        }
+        validate_package_name(name.as_str(), "pkgid", "")?;
         Ok(PackageIdSpec {
             name,
             version,
@@ -601,7 +605,7 @@ mod tests {
         )
         .is_err());
         assert!(PackageIdSpec::parse("@1.2.3").is_err());
-        assert!(PackageIdSpec::parse("registry+https://github.com").is_ok());
-        assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_ok())
+        assert!(PackageIdSpec::parse("registry+https://github.com").is_err());
+        assert!(PackageIdSpec::parse("https://crates.io/1foo#1.2.3").is_err())
     }
 }