diff --git a/pkg/scanner/utils/utils.go b/pkg/scanner/utils/utils.go index 2d40872417cf..d4496a0b4570 100644 --- a/pkg/scanner/utils/utils.go +++ b/pkg/scanner/utils/utils.go @@ -40,6 +40,39 @@ func MatchVersions(currentVersion *semver.Version, rangeVersions []string) bool if valid { return true } + + // In this case, it can either be a patch version or a revision version (c.Metadata()) or just a general error. + if currentVersion.Metadata() != "" { + part := strings.Split(v, "+") + // We create a new constraint to use in case there is a revision in the current constraint. + c2 := c + conRev := 0 + if len(part) > 1 { + c2, err = semver.NewConstraint(part[0]) // Set new constraint to only version. + if err != nil { + c2 = c // Just reset and let it fail. + } + conRev, _ = strconv.Atoi(part[1]) + } + + curPatch := currentVersion.Patch() + curRev, _ := strconv.Atoi(currentVersion.Metadata()) + // In case the revision of current is other than the one of the constraint we either + or - on the patch val. + if curRev > conRev { + curPatch++ + } else if curRev < conRev { + curPatch-- + } + + v2, err := semver.NewVersion(fmt.Sprintf("%v.%v.%v", currentVersion.Major(), currentVersion.Minor(), curPatch)) + if err == nil { + valid, _ = c2.Validate(v2) + if valid { + return true + } + } + } + for _, m := range msgs { // re-validate after removing the patch version if strings.HasSuffix(m.Error(), "is a prerelease version and the constraint is only looking for release versions") { @@ -71,7 +104,7 @@ func FormatPatchVersion(version string) string { part := strings.Split(version, ".") if len(part) > 3 { if _, err := strconv.Atoi(part[2]); err == nil { - version = strings.Join(part[:3], ".") + "-" + strings.Join(part[3:], ".") + version = strings.Join(part[:3], ".") + "+" + strings.Join(part[3:], ".") } } else { for i := range part { diff --git a/pkg/scanner/utils/utils_test.go b/pkg/scanner/utils/utils_test.go index 406350f8e62b..038393e2cb1d 100644 --- a/pkg/scanner/utils/utils_test.go +++ b/pkg/scanner/utils/utils_test.go @@ -75,6 +75,41 @@ func TestMatchVersions(t *testing.T) { rangeVersion: []string{`>= 1.6.7.1`}, expectedCheck: true, }, + { + name: "expect none-revision to not care about revision number", + currentVersion: "1.2.3", + rangeVersion: []string{"<1.2.3.1"}, + expectedCheck: false, + }, + { + name: "expect ", + currentVersion: "1.2.3.4", + rangeVersion: []string{"<1.2.3.5", ">1.2.3.3"}, + expectedCheck: true, + }, + { + name: "expect revision to be higher than same minor but lower than higher minor", + currentVersion: "1.2.3.4", + rangeVersion: []string{">1.2.3", "<1.2.4"}, + expectedCheck: true, + }, + { + name: "expect revision to not be lower than none-revision", + currentVersion: "1.2.3.4", + rangeVersion: []string{"<1.2.3"}, + }, + { + name: "expect revision numbers to be tested", + currentVersion: "1.2.3.4", + rangeVersion: []string{">1.2.3.3", "<1.2.3.5"}, + expectedCheck: true, + }, + { + name: "expect revision to equal same revision", + currentVersion: "1.2.3.4", + rangeVersion: []string{"1.2.3.4"}, + expectedCheck: true, + }, { name: "expect prerelease suffixed in minor version to work", currentVersion: "4.1a", @@ -128,19 +163,19 @@ func TestFormatPatchVersio(t *testing.T) { expectedVersion: "1.2.3-beta.1", }, { - name: "patch with dots after integer patch version should append dash and join rest versions parts", + name: "patch with dots after integer patch version should append plus and join rest versions parts", currentVersion: "1.2.3.4", - expectedVersion: "1.2.3-4", + expectedVersion: "1.2.3+4", }, { - name: "patch with dots after integer patch version should append dash and join extra versions parts", + name: "patch with dots after integer patch version should append plus and join extra versions parts", currentVersion: "1.2.3.4.5", - expectedVersion: "1.2.3-4.5", + expectedVersion: "1.2.3+4.5", }, { name: "unchanged case", currentVersion: "1.2.3.4-5", - expectedVersion: "1.2.3-4-5", + expectedVersion: "1.2.3+4-5", }, { name: "prerelease suffixed in minor",