fix: treat 1.0 and 1 as the same for excel users (#4543)

* fix: treat 1.0 and 1 as the same for excel users * fixes #4467 If you edit a csv/spreadsheet in excel, it will modify values that "look like" integers to it, so the version 1.0 becomes 1, truncating the final ".0" from the version string. This adds an edge case in to the version compare function so it treats these truncated versions as the same (which was the behaviour in previous versions of cve-bin-tool). Signed-off-by: Terri Oda <terri.oda@intel.com>
intel · Dec 18, 2024 · fc85cc8 · fc85cc8
1 parent 7153e9e
commit fc85cc8
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/cve_bin_tool/version_compare.py b/cve_bin_tool/version_compare.py
@@ -134,6 +134,15 @@ def version_compare(v1: str, v2: str):
             if v1_array[i] in pre_release_words:
                 return -1
 
+            # special edge case for folk editing version info in excel
+            # who may lose the trailing .0 in versions like 1.0
+            try:
+                if int(v1_array[i]) == 0 and len(v1_array) == len(v2_array) + 1:
+                    return 0
+
+            except ValueError:
+                return 1
+
             # Otherwise, v1 has more digits than v2 and the previous ones matched,
             # so it's probably later.  e.g. 1.2.3 amd 1.2.q are both > 1.2
             return 1
@@ -150,6 +159,15 @@ def version_compare(v1: str, v2: str):
         if v2_array[len(v1_array)] in pre_release_words:
             return 1
 
+        # special edge case for folk editing version info in excel
+        # who may lose the trailing .0 in versions like 1.0
+        try:
+            if int(v2_array[len(v1_array)]) == 0 and len(v2_array) == len(v1_array) + 1:
+                return 0
+
+        except ValueError:
+            return -1
+
         return -1
 
     return 0

diff --git a/test/test_version_compare.py b/test/test_version_compare.py
@@ -16,6 +16,12 @@ def test_eq(self):
         assert Version("4.4.A") == Version("4.4.a")
         assert Version("5.6   ") == Version("5.6")
         assert Version("f835f2caaa") == Version("f835f2caaa")
+        assert Version("42.0") == Version(
+            "42"
+        )  # edge case for folk editing versions in excel
+        assert Version("1") == Version(
+            "1.0"
+        )  # edge case for folk editing versions in excel
 
     def test_lt(self):
         """Make sure < works between versions, including some with unusual version schemes"""
@@ -75,3 +81,6 @@ def test_ne(self):
         """Test some != cases with hashes to make sure we aren't comparing the string 'HASH'"""
         assert Version("f835f2caab") != Version("f835f2caaa")
         assert Version("HASH") != Version("f835f2caaa")
+        assert Version("1") != Version(
+            "1.0.0"
+        )  # the edge case for excel only works on single .0