From e4bb855c4edda8143e3a3e14b42afe7c19ba1742 Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Wed, 29 Nov 2023 17:02:01 -0800 Subject: [PATCH] fix: improve version_compare logic Coverity was warning about unreachable code because I forgot to put in an if statement. Signed-off-by: Terri Oda --- cve_bin_tool/version_compare.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/cve_bin_tool/version_compare.py b/cve_bin_tool/version_compare.py index 8ca605f711..ba1da7ae23 100644 --- a/cve_bin_tool/version_compare.py +++ b/cve_bin_tool/version_compare.py @@ -140,10 +140,14 @@ def version_compare(v1: str, v2: str): # Honestly it's hard to guess if .dev3 is going to be more or less than .rc4 # unless you know the project, so hopefully people don't expect that kind of range # matching - v1_newstring = re.sub("([a-zA-Z]+)([0-9]+)", r"\1.\2", v1_array[i]) - v2_newstring = re.sub("([a-zA-Z]+)([0-9]+)", r"\1.\2", v2_array[i]) - print(f"`{v1_newstring}` and `{v2_newstring}`") - return version_compare(v1_newstring, v2_newstring) + letter_number = re.compile("^[a-zA-Z]+[0-9]+$") + if re.match(letter_number, v1_array[i]) and re.match( + letter_number, v2_array[i] + ): + v1_newstring = re.sub("([a-zA-Z]+)([0-9]+)", r"\1.\2", v1_array[i]) + v2_newstring = re.sub("([a-zA-Z]+)([0-9]+)", r"\1.\2", v2_array[i]) + # print(f"`{v1_newstring}` and `{v2_newstring}`") + return version_compare(v1_newstring, v2_newstring) # And if all else fails, just compare the strings if v1_array[i] > v2_array[i]: