public Info(OSSVulnerability v, FeedType feedType, string packageName, IEnumerable <string> versions)
{
this.v = v;
this.FeedType = feedType;
this.PackageName = packageName;
this.PackageVersions = VulnerabilityPackageVersionRange.Multiple(versions.Select(VulnerabilityPackageVersionRange.Single));
}
private static VulnerabilityPackageVersionRange ParseVersions(IReadOnlyList <string> versions)
{
if (versions == null || versions.Count == 0 || (versions.Count == 1 && string.IsNullOrWhiteSpace(versions[0])))
{
return(VulnerabilityPackageVersionRange.Any);
}
if (versions.Count == 1)
{
return(ParseVersion(versions[0]) ?? VulnerabilityPackageVersionRange.Any);
}
return(VulnerabilityPackageVersionRange.Multiple(
from v in versions
let p = ParseVersion(v)
where p != null
select p.Value
));
}
private static VulnerabilityPackageVersionRange?ParseVersion(string version)
{
if (string.IsNullOrWhiteSpace(version))
{
return(null);
}
var parts = version.Trim().Split(new[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
if (parts.Length == 1)
{
var match = VersionRegex.Match(parts[0]);
if (!match.Success)
{
return(null);
}
var op = match.Groups[1].Value;
if (string.IsNullOrEmpty(op))
{
return(VulnerabilityPackageVersionRange.Single(parts[0]));
}
var ver = match.Groups[2].Value;
switch (op)
{
case "<":
return(VulnerabilityPackageVersionRange.Maximum(ver, true));
case "<=":
return(VulnerabilityPackageVersionRange.Maximum(ver, false));
case ">":
return(VulnerabilityPackageVersionRange.Minimum(ver, true));
case ">=":
return(VulnerabilityPackageVersionRange.Maximum(ver, false));
default:
return(null);
}
}
else if (parts.Length == 2)
{
var match1 = VersionRegex.Match(parts[0]);
if (!match1.Success)
{
return(null);
}
var op1 = match1.Groups[1].Value;
var match2 = VersionRegex.Match(parts[1]);
if (!match2.Success)
{
return(null);
}
var op2 = match2.Groups[1].Value;
if (op1 != ">" && op1 != ">=" && op2 != "<" && op2 != "<=")
{
Swap(ref op1, ref op2);
Swap(ref match1, ref match2);
}
if ((op1 != ">" && op1 != ">=") || (op2 != "<" && op2 != "<="))
{
return(null);
}
return(VulnerabilityPackageVersionRange.Range(match1.Groups[2].Value, op1 == ">", match2.Groups[2].Value, op2 == "<"));
}
else
{
return(null);
}
}
