Review suggestions:

- Compiling regex Patterns to save computational effort - Documenation Co-authored-by: Niklas <[email protected]> Signed-off-by: Walter de Boer <[email protected]>
DependencyTrack · Feb 28, 2023 · def80dd · def80dd
1 parent 0b520af
commit def80dd
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 15 deletions.
diff --git a/docs/_docs/analysis-types/outdated-components.md b/docs/_docs/analysis-types/outdated-components.md
@@ -29,8 +29,7 @@ components ecosystem. Refer to [Repositories]({{ site.baseurl }}{% link _docs/da
 further information.
 
 ### Stable releases
-In some repositories, for example NPM, the latest release should always denote a stable release. In others, such as Maven, the latest version might be a a stable release or an unstable version. In NPM as wel as Maven repositories the latest version does not need to be the highest version. It's just the latest published to the repository.
+In some repositories, for example NPM, the latest release should always denote a stable release. In others, such as Maven, the latest version might be a stable release or an unstable version. In NPM as well as Maven repositories, the latest version does not need to be the highest version. It's just the latest published to the repository.
 
-For some repositories Dependency track tries to find the highest stable release instead of just the latest version. Refer to [Repositories]({{ site.baseurl }}{% link _docs/datasources/repositories.md %}) for 
-further information.
+For some repositories, Dependency-Track tries to find the highest stable release instead of just the latest version. Refer to [Repositories]({{ site.baseurl }}{% link _docs/datasources/repositories.md %}) for further information.
 
diff --git a/docs/_docs/datasources/repositories.md b/docs/_docs/datasources/repositories.md
@@ -60,11 +60,9 @@ Refer to [Datasource Routing]({{ site.baseurl }}{% link _docs/datasources/routin
 for information on Package URL and the various ways it is used throughout Dependency-Track.
 
 #### Highest stable release
-Dependency Track identifies outdated components by looking for newer versions of the component. Preferably this should be
-a higher version, but usualy repositories report the newest version of a component which might not be the highest version. Also 
-some repositories report unstable versions as the latest version.
+Dependency-Track identifies outdated components by looking for newer versions of the component. Preferably this should be a higher version, but usualy repositories report the newest version of a component which might not be the highest version. Also some repositories report unstable versions as the latest version.
 
-Dependency Track tries find the highest stable release by parsing the list of versions and ignoring labels like alpha, beta, or snapshot. When no stable release exists, the highest unstable version is reported. This feature is suported for all default repositories:
+Dependency-Track tries find the highest stable release by parsing the list of versions and ignoring labels like alpha, beta, or snapshot. When no stable release exists, the highest unstable version is reported. This feature is suported for all default repositories:
   * Cargo
   * Composer
   * Gem

diff --git a/src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java b/src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java
@@ -49,9 +49,9 @@
  */
 public abstract class AbstractMetaAnalyzer implements IMetaAnalyzer {
 
-    protected static final String VERSIONS_PATTERN = "(\\d+(\\.\\d+)*)(.*)";     
-    protected static final String SEMVER_PRE_RELEASE_PATTERN = "(?i)(-[0-9a-z]).*"; // ignore case
-    protected static final String UNSTABLE_LABELS_PATTERN = "(?i)[_\\.](dev|atlassian|preview|next|canary|snapshot|a|alpha|b|beta|rc|cr|m|mr|ea).*"; // ignore case
+    protected static final Pattern VERSIONS_PATTERN = Pattern.compile("(\\d+(\\.\\d+)*)(.*)");     
+    protected static final Pattern SEMVER_PRE_RELEASE_PATTERN = Pattern.compile("(?i)(-[0-9a-z]).*"); // ignore case
+    protected static final Pattern UNSTABLE_LABELS_PATTERN = Pattern.compile("(?i)[_\\.](dev|atlassian|preview|next|canary|snapshot|a|alpha|b|beta|rc|cr|m|mr|ea).*"); // ignore case
 
 
     protected String baseUrl;
@@ -142,11 +142,10 @@ protected static String highestVersion(String v1string, String v2string) {
      * @return true if the version string denotes a stable version
      */
     protected static boolean isStableVersion(String version) {
-        Pattern pattern = Pattern.compile(VERSIONS_PATTERN);
-        Matcher matcher = pattern.matcher(stripLeadingV(version));
-        if (matcher.matches()) {
-            String label = matcher.group(3);        
-            return !label.matches(SEMVER_PRE_RELEASE_PATTERN) && !label.matches(UNSTABLE_LABELS_PATTERN);
+        Matcher version_matcher = VERSIONS_PATTERN.matcher(stripLeadingV(version));
+        if (version_matcher.matches()) {
+            String label = version_matcher.group(3);
+            return !SEMVER_PRE_RELEASE_PATTERN.matcher(label).matches() && !UNSTABLE_LABELS_PATTERN.matcher(label).matches();
         } else {
             return false;
         }