refactor(api): refactor purl API query code (#2900)

Converted PURL queries to package queries in `do_query()` to remove
unnecessary code. Querying the Datastore directly with PURLs gives the
same results as querying by package name, so we can simplify things by
treating PURLs like regular package queries after extracting the
`package/ecosystem/version`.

This will also resolve issue #2842 by rewriting the PURL-to-ecosystem
logic. For most ecosystems, we can get the name from `purl.type`, but
for Linux distributions, we need to use `purl.namespace`.

docker/worker/pyproject.toml

@@ -12,6 +12,7 @@ google-cloud-ndb = "==2.3.2"
 google-cloud-storage = "==2.18.2"
 PyYAML = "==6.0.2"
 redis = "==5.2.0"
+packageurl-python = "==0.16.0"
 pygit2 = "==1.16.0"
 requests = "==2.32.3"
 jsonschema = "==4.23.0"

gcp/api/integration_tests.py

@@ -422,7 +422,10 @@ def test_query_unknown_purl_invalid_semver(self):
         }),
         timeout=_TIMEOUT)
 
-    self.assert_results_equal({}, response.json())
+    self.assert_results_equal({
+        'code': 3,
+        'message': 'Invalid PURL.'
+    }, response.json())
 
   def test_query_semver_no_vulns(self):
     """Test queries by SemVer with no vulnerabilities."""
@@ -911,7 +914,7 @@ def test_all_possible_queries(self):
         }
     }, {}]
 
-    pkg_version = [{'package': {'version': '0.8.5'}}, {}]
+    pkg_version = [{'version': '0.8.5'}, {}]
 
     commit = [{'commit': 'd374094d8c49b6b7d288f307e11217ec5a502391'}, {}]
 

gcp/api/pyproject.toml

@@ -7,7 +7,6 @@ python = "^3.11"
 
 google-cloud-ndb = "==2.3.2"
 google-cloud-logging = "==3.11.3"
-packageurl-python = "==0.16.0"
 packaging = "==20.9"
 requests = "==2.32.3"
 grpcio = "==1.64.1"