Package search does not handle Package "name@version"

[mjherzog]

Using the current (22.12.06) VCIO v31.0.0, I am not able to Package Search on name@version. Some examples:

• Search on "pkg:pypi/jinja2@2.11.3" returns one record
  Search on "pypi/jinja2@2.11.3" returns none
  Search on "jinja2@2.11.3" returns none
• Search on "pkg:rpm/redhat/expat@2.1.0-14" returns one record
  Search on "pkg:rpm/redhat/expat@2.1.0" returns none
  Search on "rpm/redhat/expat@2.1.0-14" returns none
  Search on "expat@2.1.0-14" returns none

The documentation for the Package Search currently says: "Search for vulnerable packages by Package URL (aka. purl) such as pkg:maven/org.apache.logging.log4j/log4j@2.0 or purl prefix fragment such as pkg:alpine or by package name." I interpreted these to be examples not a list of 3 specific options.

There are two aspects to my use case:

1. I would like to enter name@version without entering the "pkg:" or "pkg/type/' prefix for ease of use
2. In some cases I would like to look up the same package name@version across different package types - e.g. alpine, deb and redhat.

We need to either enhance Package Search to handle more types of purl "fragments" or update the documentation to specify the syntax options.

[TG1999]

The issue got closed automatically by the merge of the PR, I am reopening this. This has been fixed now in the latest release please try the latest release and let us know.