Skip to content

Commit

Permalink
feat: add rpm package verification (project-copacetic#632)
Browse files Browse the repository at this point in the history
Signed-off-by: Miaha <[email protected]>
  • Loading branch information
MiahaCybersec authored May 22, 2024
1 parent 6d04228 commit c9a5fb7
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 2 deletions.
19 changes: 17 additions & 2 deletions pkg/pkgmgr/rpm.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"path/filepath"
"sort"
"strings"
"unicode"

"github.com/hashicorp/go-multierror"
rpmVer "github.com/knqyf263/go-rpm-version"
Expand Down Expand Up @@ -81,8 +82,22 @@ func (st rpmDBType) String() string {

// Depending on go-rpm-version lib for RPM version comparison rules.
func isValidRPMVersion(v string) bool { // nolint:revive
// TODO: Verify if there are format correctness check that need to be added given lack of support in rpmVer lib
return true
err := isValidVersion(v)
return err == nil
}

func isValidVersion(ver string) error {
if !unicode.IsDigit(rune(ver[0])) {
return errors.New("upstream_version must start with digit")
}

allowedSymbols := ".-+~:_"
for _, s := range ver {
if !unicode.IsDigit(s) && !unicode.IsLetter(s) && !strings.ContainsRune(allowedSymbols, s) {
return fmt.Errorf("upstream_version %s includes invalid character %q", ver, s)
}
}
return nil
}

func isLessThanRPMVersion(v1, v2 string) bool {
Expand Down
58 changes: 58 additions & 0 deletions pkg/pkgmgr/rpm_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -358,3 +358,61 @@ func Test_rpmManager_GetPackageType(t *testing.T) {
})
}
}

func TestIsValidVersion(t *testing.T) {
tests := []struct {
testName string
pkgVersion string
expectedErr string
}{
{
testName: "Valid version, numbers and dot",
pkgVersion: "1.2.3.4",
expectedErr: "",
},
{
testName: "Valid version, with hyphen",
pkgVersion: "1.2.3-beta",
expectedErr: "",
},
{
testName: "Valid version, with underscore",
pkgVersion: "2_0_0",
expectedErr: "",
},
{
testName: "Valid version, with tilde",
pkgVersion: "3.0.1~rc1",
expectedErr: "",
},
{
testName: "Valid version, with colon",
pkgVersion: "2:9.0.1314-1.amzn2.0.1",
expectedErr: "",
},
{
testName: "Invalid version, starts with letter",
pkgVersion: "a1.2.3",
expectedErr: "upstream_version must start with digit",
},
{
testName: "Invalid version, has spaces",
pkgVersion: "1.2.3 with fix",
expectedErr: "upstream_version 1.2.3 with fix includes invalid character ' '",
},
{
testName: "Invalid version, has special character",
pkgVersion: "1.2.3@",
expectedErr: "upstream_version 1.2.3@ includes invalid character '@'",
},
}

for _, tt := range tests {
t.Run(tt.testName, func(t *testing.T) {
err := isValidVersion(tt.pkgVersion)
if (err != nil && err.Error() != tt.expectedErr) || (err == nil && tt.expectedErr != "") {
t.Errorf("isValidPackage(%q) error = %v, want %v", tt.pkgVersion, err, tt.expectedErr)
}
})
}
}

0 comments on commit c9a5fb7

Please sign in to comment.