From e1e3c1c37ca051e9241cffdd6b5e1d7796032115 Mon Sep 17 00:00:00 2001
From: Arpit Jain <arpitjain099@gmail.com>
Date: Thu, 18 Jun 2026 21:57:29 +0900
Subject: [PATCH] fix: reject empty package names during validation

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
---
 .../spdx/validation/package_validator.py      |  3 +++
 .../spdx/validation/test_package_validator.py | 21 +++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/src/spdx_tools/spdx/validation/package_validator.py b/src/spdx_tools/spdx/validation/package_validator.py
index 25cd6147f..16a5d30bb 100644
--- a/src/spdx_tools/spdx/validation/package_validator.py
+++ b/src/spdx_tools/spdx/validation/package_validator.py
@@ -111,6 +111,9 @@ def validate_package(
             spdx_id=package.spdx_id, element_type=SpdxElementType.PACKAGE, full_element=package
         )
 
+    if not package.name.strip():
+        validation_messages.append(ValidationMessage("name is mandatory and must not be empty", context))
+
     download_location = package.download_location
     if isinstance(download_location, str):
         for message in validate_download_location(download_location):
diff --git a/tests/spdx/validation/test_package_validator.py b/tests/spdx/validation/test_package_validator.py
index d0516fff2..5beb37307 100644
--- a/tests/spdx/validation/test_package_validator.py
+++ b/tests/spdx/validation/test_package_validator.py
@@ -154,3 +154,24 @@ def test_v2_2mandatory_fields():
     expected = [ValidationMessage(f"{field} is mandatory in SPDX-2.2", context) for field in mandatory_fields]
 
     TestCase().assertCountEqual(validation_messages, expected)
+
+
+@pytest.mark.parametrize("name", ["", "   "])
+def test_package_name_must_not_be_empty(name):
+    package = package_fixture(name=name)
+
+    validation_messages: List[ValidationMessage] = validate_package_within_document(
+        package, "SPDX-2.3", document_fixture(relationships=[])
+    )
+
+    expected = ValidationMessage(
+        "name is mandatory and must not be empty",
+        ValidationContext(
+            spdx_id=package.spdx_id,
+            parent_id=DOCUMENT_SPDX_ID,
+            element_type=SpdxElementType.PACKAGE,
+            full_element=package,
+        ),
+    )
+
+    assert validation_messages == [expected]