semver_dialects 1.6.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6cc2bd801dde6d272799f9d459e65dd035a8b2ae65e66a635d6ae423d7667a9f
-  data.tar.gz: bc3692ba314609875927812115cca95199a88af38eb6b69a652dc69f22183099
+  metadata.gz: 4bf47952cc234d33748963e58c0705c505099123cc31c3add7ae0327ae71602a
+  data.tar.gz: f98d8ae7b8132c48c3e532829dcd681ab05fa5c75114ff640704ee9c3b08ee35
 SHA512:
-  metadata.gz: 6417b415513cbc8a0c579303630ac62971cba025d4ee5b8a47fe3d819e538344dfb69f645dc852c188a1afee2cc753c9ffc9454b59454e152fb7060aa1f9b711
-  data.tar.gz: 8ec38eb372ff41181bd336d7724008296a18cca71d461c2484df2b86dee7e554540f76182f0f40496b4ddba0be0e6fcba4511df6ba897ad41e7a1f7d870f2d9a
+  metadata.gz: f679d527db82d52b690e0e055c3313f45f0b27ecd79e72f98a0ed0f0b79a7d3345cc322eb4d02ca2522bcaa6ddf1de319d2c09cd876e85cdc739249a77664410
+  data.tar.gz: 6a82935c5c66b18d7a61fa99df1ff176976b5d48b72297289b14c4123e628e15b0462cd8fa2a5cb0f21448c34e7fb5818879d1c157d554470be5de0781854f15

data/lib/semver_dialects/semantic_version/semantic_version.rb

@@ -5,7 +5,21 @@ require_relative '../../utils.rb'
 class SemanticVersion
   attr_reader :version_string, :prefix_delimiter, :prefix_segments, :suffix_segments, :segments
 
+  # String to build a regexp that matches a version.
+  #
+  # A version might start with a leading "v", then it must have a digit,
+  # then it might have any sequence made of alphanumerical characters,
+  # underscores, dots, dashes, and wildcards.
+  VERSION_PATTERN = "v?[0-9][a-zA-Z0-9_.*+-]*"
+
+  # Regexp for a string that only contains a single version string.
+  VERSION_ONLY_REGEXP = Regexp.new("\\A#{VERSION_PATTERN}\\z").freeze
+
   def initialize(version_string, segments = nil)
+    unless VERSION_ONLY_REGEXP.match version_string
+      raise SemverDialects::InvalidVersionError, version_string
+    end
+
     @version_string = version_string
     @prefix_segments = []
     @suffix_segments = []

data/lib/semver_dialects/semantic_version/version_parser.rb

@@ -2,6 +2,9 @@ require_relative "version_cut"
 require_relative "version_interval"
 
 module VersionParser
+  # A constraint is made of an operator followed by a version string.
+  CONSTRAINT_REGEXP = Regexp.new("(?<op>[><=]+) *(?<version>#{SemanticVersion::VERSION_PATTERN})").freeze
+
   def self.parse(versionstring)
     if (versionstring == "=*")
       # special case = All Versions
@@ -10,9 +13,9 @@ module VersionParser
 
     version_items = versionstring.split(" ")
     interval = VersionInterval.new(IntervalType::LEFT_OPEN | IntervalType::RIGHT_OPEN, BelowAll.new(), AboveAll.new())
-    version_items.each do
-      |version_item|
-      matches = version_item.match /(?<op>[><=]+) *(?<version>[a-zA-Z0-9\-_\.\*]+)/
+    version_items.each do |version_item|
+      matches = version_item.match CONSTRAINT_REGEXP
+      raise SemverDialects::InvalidConstraintError, versionstring if matches.nil?
       version_string = matches[:version]
       case matches[:op]
       when ">="

data/lib/semver_dialects/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SemverDialects
-  VERSION = '1.6.1'
+  VERSION = '2.0.0'
 end

data/lib/semver_dialects.rb

@@ -14,6 +14,36 @@ module SemverDialects
     end
   end
 
+  class UnsupportedPackageTypeError < Error
+    def initialize(pkgType)
+      @pkgType = pkgType
+    end
+
+    def message
+      "unsupported package type '#{@pkgType}'"
+    end
+  end
+
+  class InvalidVersionError < Error
+    def initialize(raw_version)
+      @raw_version = raw_version
+    end
+
+    def message
+      "invalid version '#{@raw_version}'"
+    end
+  end
+
+  class InvalidConstraintError < Error
+    def initialize(raw_constraint)
+      @raw_constraint = raw_constraint
+    end
+
+    def message
+      "invalid constraint '#{@raw_constraint}'"
+    end
+  end
+
   # A utiltity module that helps with version matching
   module VersionChecker
     def self.version_translate(typ, version_string)
@@ -35,26 +65,32 @@ module SemverDialects
       when 'packagist'
         VersionTranslator.translate_packagist(version_string)
       else
-        raise SemverDialects::Error, "unsupported package type '#{typ}'"
+        raise UnsupportedPackageTypeError, typ
       end
     end
 
+    # Determines if a version of a given package type satisfies a constraint.
+    #
+    # On normal execution, this method might raise the following exceptions:
+    #
+    # - UnsupportedPackageTypeError if the package type is not supported
+    # - InvalidVersionError if the version is invalid
+    # - InvalidConstraintError if the constraint is invalid or contains invalid versions
+    #
     def self.version_sat?(typ, raw_ver, raw_constraint)
       # os package versions are handled very differently from application package versions
       return os_pkg_version_sat?(typ, raw_ver, raw_constraint) if os_purl_type?(typ)
 
-      version_constraint = version_translate(typ, raw_constraint)
-      raise SemverDialects::Error, 'malformed constraint' if version_constraint.nil? || version_constraint.empty?
-
-      version = VersionParser.parse('=' + raw_ver)
-      raise SemverDialects::Error, 'malformed constraint' if version.nil? || version.empty?
+      # build an interval that only contains the version
+      version = VersionCut.new(raw_ver)
+      version_as_interval = VersionInterval.new(IntervalType::LEFT_CLOSED | IntervalType::RIGHT_CLOSED, version, version)
 
       constraint = VersionRange.new
-      version_constraint.each do |version_interval_str|
+      version_translate(typ, raw_constraint).each do |version_interval_str|
         constraint << VersionParser.parse(version_interval_str)
       end
 
-      constraint.overlaps_with?(version)
+      constraint.overlaps_with?(version_as_interval)
     end
 
     def self.os_purl_type?(typ)
@@ -65,7 +101,7 @@ module SemverDialects
       if typ == 'deb'
         # we only support the less than operator, because that's the only one currently output
         # by the advisory exporter for operating system packages.
-        raise SemverDialects::Error, 'malformed constraint' unless raw_constraint[0] == '<'
+        raise SemverDialects::InvalidConstraintError, raw_constraint unless raw_constraint[0] == '<'
 
         v1 = DebVersion.new(raw_ver)
         v2 = DebVersion.new(raw_constraint[1..-1])

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: semver_dialects
 version: !ruby/object:Gem::Version
-  version: 1.6.1
+  version: 2.0.0
 platform: ruby
 authors:
 - Julian Thome
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-26 00:00:00.000000000 Z
+date: 2024-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pastel
@@ -74,14 +74,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.9
+        version: '2.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.9
+        version: '2.4'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -152,8 +152,8 @@ licenses:
 metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://rubygems.org/gems/semver_dialects
-  source_code_uri: https://gitlab.com/gitlab-org/vulnerability-research/foss/semver_dialects
-  changelog_uri: https://gitlab.com/gitlab-org/vulnerability-research/foss/semver_dialects/-/blob/master/CHANGELOG.md
+  source_code_uri: https://gitlab.com/gitlab-org/ruby/gems/semver_dialects
+  changelog_uri: https://gitlab.com/gitlab-org/ruby/gems/semver_dialects/-/blob/master/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths: