fix: treat 1.0 and 1 as the same for excel users

* fixes intel#4467 If you edit a csv/spreadsheet in excel, it will modify values that "look like" integers to it, so the version 1.0 becomes 1, truncating the final ".0" from the version string. This adds an edge case in to the version compare function so it treats these truncated versions as the same (which was the behaviour in previous versions of cve-bin-tool). Signed-off-by: Terri Oda <[email protected]>
terriko · Oct 30, 2024 · 0397963 · 0397963
1 parent 85e2512
commit 0397963
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/cve_bin_tool/version_compare.py b/cve_bin_tool/version_compare.py
@@ -134,6 +134,15 @@ def version_compare(v1: str, v2: str):
             if v1_array[i] in pre_release_words:
                 return -1
 
+            # special edge case for folk editing version info in excel
+            # who may lose the trailing .0 in versions like 1.0
+            try:
+                if int(v1_array[i]) == 0 and len(v1_array) == len(v2_array) + 1:
+                    return 0
+
+            except ValueError:
+                return 1
+
             # Otherwise, v1 has more digits than v2 and the previous ones matched,
             # so it's probably later.  e.g. 1.2.3 amd 1.2.q are both > 1.2
             return 1
@@ -150,6 +159,15 @@ def version_compare(v1: str, v2: str):
         if v2_array[len(v1_array)] in pre_release_words:
             return 1
 
+        # special edge case for folk editing version info in excel
+        # who may lose the trailing .0 in versions like 1.0
+        try:
+            if int(v2_array[len(v1_array)]) == 0 and len(v2_array) == len(v1_array) + 1:
+                return 0
+
+        except ValueError:
+            return -1
+
         return -1
 
     return 0

diff --git a/test/test_version_compare.py b/test/test_version_compare.py
@@ -16,6 +16,12 @@ def test_eq(self):
         assert Version("4.4.A") == Version("4.4.a")
         assert Version("5.6   ") == Version("5.6")
         assert Version("f835f2caaa") == Version("f835f2caaa")
+        assert Version("42.0") == Version(
+            "42"
+        )  # edge case for folk editing versions in excel
+        assert Version("1") == Version(
+            "1.0"
+        )  # edge case for folk editing versions in excel
 
     def test_lt(self):
         """Make sure < works between versions, including some with unusual version schemes"""
@@ -75,3 +81,9 @@ def test_ne(self):
         """Test some != cases with hashes to make sure we aren't comparing the string 'HASH'"""
         assert Version("f835f2caab") != Version("f835f2caaa")
         assert Version("HASH") != Version("f835f2caaa")
+        assert Version("1") != Version(
+            "1.0.0"
+        )  # the edge case for excel only works on single .0
+        assert Version("4.2.0") != Version(
+            "4.2"
+        )  # the edge case for excel only works on single .0