Merge pull request #382 from DependencyTrack/port-pr2980

Fix version distance policy being evaluated despite not being configured

src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java

@@ -64,7 +64,12 @@ public PolicyCondition.Subject supportedSubject() {
     @Override
     public List<PolicyConditionViolation> evaluate(final Policy policy, final Component component) {
         final var violations = new ArrayList<PolicyConditionViolation>();
-        if (component.getPurl() == null) {
+        if (component.getPurl() == null || component.getVersion() == null) {
+            return violations;
+        }
+
+        final List<PolicyCondition> conditions = super.extractSupportedConditions(policy);
+        if (conditions.isEmpty()) {
             return violations;
         }
 
@@ -83,9 +88,18 @@ public List<PolicyConditionViolation> evaluate(final Policy policy, final Compon
             return violations;
         }
 
-        final var versionDistance = VersionDistance.getVersionDistance(component.getVersion(),metaComponent.getLatestVersion());
+        final VersionDistance versionDistance;
+        try {
+            versionDistance = VersionDistance.getVersionDistance(component.getVersion(), metaComponent.getLatestVersion());
+        } catch (RuntimeException e) {
+            LOGGER.warn("""
+                    Failed to compute version distance for component %s (UUID: %s), \
+                    between component version %s and latest version %s; Skipping\
+                    """.formatted(component, component.getUuid(), component.getVersion(), metaComponent.getLatestVersion()), e);
+            return violations;
+        }
 
-        for (final PolicyCondition condition : super.extractSupportedConditions(policy)) {
+        for (final PolicyCondition condition : conditions) {
             if (isDirectDependency(component) && evaluate(condition, versionDistance)) {
                 violations.add(new PolicyConditionViolation(condition, component));
             }