From fc85cc8e4e24df8fa699d9baba3dfcb98f0631ae Mon Sep 17 00:00:00 2001
From: Terri Oda <terri.oda@intel.com>
Date: Wed, 18 Dec 2024 10:36:03 -0800
Subject: [PATCH] fix: treat 1.0 and 1 as the same for excel users (#4543)

* fix: treat 1.0 and 1 as the same for excel users

* fixes #4467

If you edit a csv/spreadsheet in excel, it will modify values that "look
like" integers to it, so the version 1.0 becomes 1, truncating the final
".0" from the version string.    This adds an edge case in to the
version compare function so it treats these truncated versions as the
same (which was the behaviour in previous versions of cve-bin-tool).

Signed-off-by: Terri Oda <terri.oda@intel.com>
---
 cve_bin_tool/version_compare.py | 18 ++++++++++++++++++
 test/test_version_compare.py    |  9 +++++++++
 2 files changed, 27 insertions(+)

diff --git a/cve_bin_tool/version_compare.py b/cve_bin_tool/version_compare.py
index 11716ac202..b719272fc6 100644
--- a/cve_bin_tool/version_compare.py
+++ b/cve_bin_tool/version_compare.py
@@ -134,6 +134,15 @@ def version_compare(v1: str, v2: str):
             if v1_array[i] in pre_release_words:
                 return -1
 
+            # special edge case for folk editing version info in excel
+            # who may lose the trailing .0 in versions like 1.0
+            try:
+                if int(v1_array[i]) == 0 and len(v1_array) == len(v2_array) + 1:
+                    return 0
+
+            except ValueError:
+                return 1
+
             # Otherwise, v1 has more digits than v2 and the previous ones matched,
             # so it's probably later.  e.g. 1.2.3 amd 1.2.q are both > 1.2
             return 1
@@ -150,6 +159,15 @@ def version_compare(v1: str, v2: str):
         if v2_array[len(v1_array)] in pre_release_words:
             return 1
 
+        # special edge case for folk editing version info in excel
+        # who may lose the trailing .0 in versions like 1.0
+        try:
+            if int(v2_array[len(v1_array)]) == 0 and len(v2_array) == len(v1_array) + 1:
+                return 0
+
+        except ValueError:
+            return -1
+
         return -1
 
     return 0
diff --git a/test/test_version_compare.py b/test/test_version_compare.py
index c826c4dc7e..b6af209905 100644
--- a/test/test_version_compare.py
+++ b/test/test_version_compare.py
@@ -16,6 +16,12 @@ def test_eq(self):
         assert Version("4.4.A") == Version("4.4.a")
         assert Version("5.6   ") == Version("5.6")
         assert Version("f835f2caaa") == Version("f835f2caaa")
+        assert Version("42.0") == Version(
+            "42"
+        )  # edge case for folk editing versions in excel
+        assert Version("1") == Version(
+            "1.0"
+        )  # edge case for folk editing versions in excel
 
     def test_lt(self):
         """Make sure < works between versions, including some with unusual version schemes"""
@@ -75,3 +81,6 @@ def test_ne(self):
         """Test some != cases with hashes to make sure we aren't comparing the string 'HASH'"""
         assert Version("f835f2caab") != Version("f835f2caaa")
         assert Version("HASH") != Version("f835f2caaa")
+        assert Version("1") != Version(
+            "1.0.0"
+        )  # the edge case for excel only works on single .0