Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reject invalid Debian version values. #1971

Merged
merged 2 commits into from
Dec 4, 2022
Merged

Reject invalid Debian version values. #1971

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
76f014a
Reject invalid Debian version values.
jordansissel Dec 4, 2022
b940c54
Add test coverage for debian version field validation
jordansissel Dec 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 18 additions & 4 deletions lib/fpm/package/deb.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,15 @@ class FPM::Package::Deb < FPM::Package
# epoch - This is a single (generally small) unsigned integer
# upstream_version - must contain only alphanumerics 6 and the characters . + - ~
# debian_revision - only alphanumerics and the characters + . ~
RELATIONSHIP_FIELD_PATTERN = /^(?<name>[A-z0-9][A-z0-9_.-]+)(?: *\((?<relation>[<>=]+) *(?<version>(?:[0-9]+:)?[0-9A-Za-z+~.-]+(?:-[0-9A-Za-z+~.]+)?)\))?$/
VERSION_FIELD_PATTERN = /
(?:(?:[0-9]+):)? # The epoch, an unsigned int
(?:[A-Za-z0-9+~.-]+) # upstream version, probably should not contain dashes?
(?:-[A-Za-z0-9+~.]+)? # debian_revision
/x # Version field pattern
RELATIONSHIP_FIELD_PATTERN = /^
(?<name>[A-z0-9][A-z0-9_.-]+)
(?:\s*\((?<relation>[<>=]+)\s(?<version>#{VERSION_FIELD_PATTERN})\))?
$/x # Relationship field pattern

option "--ignore-iteration-in-dependencies", :flag,
"For '=' (equal) dependencies, allow iterations on the specified " \
Expand Down Expand Up @@ -293,9 +301,15 @@ def prefix
end # def prefix

def version
if @version.kind_of?(String) and @version.start_with?("v")
logger.warn("Drop leading v from package version '#{@version}'")
@version = @version.gsub(/^v/, "")
if @version.kind_of?(String)
if @version.start_with?("v") && @version.gsub(/^v/, "") =~ /^#{VERSION_FIELD_PATTERN}$/
logger.warn("Debian 'Version' field needs to start with a digit. I was provided '#{@version}' which seems like it just has a 'v' prefix to an otherwise-valid Debian version, I'll remove the 'v' for you.")
@version = @version.gsub(/^v/, "")
end

if @version !~ /^#{VERSION_FIELD_PATTERN}$/
raise FPM::InvalidPackageConfiguration, "The version looks invalid for Debian packages. Debian version field must contain only alphanumerics and . (period), + (plus), - (hyphen) or ~ (tilde). I have '#{@version}' which which isn't valid."
end
end

return @version
Expand Down
25 changes: 25 additions & 0 deletions spec/fpm/package/deb_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,31 @@
end
end

context "when validating the version field" do
[ "_", "1_2", "abc def", "%", "1^a"].each do |v|
it "should reject as invalid, '#{v}'" do
subject.version = v
insist { subject.version }.raises FPM::InvalidPackageConfiguration
end
end

[ "1", "1.2", "1.2.3", "20200101", "1~beta", "1whatever"].each do |v|
it "should accept '#{v}'" do
subject.version = v

# should not raise exception
insist { subject.version } == v
end

it "should remove a leading 'v' from v#{v} and still accept it" do
subject.version = "v#{v}"

# should not raise exception
insist { subject.version } == v
end
end
end

describe "#output" do
let(:original) { FPM::Package::Deb.new }
let(:input) { FPM::Package::Deb.new }
Expand Down