diff --git a/cve_bin_tool/version_compare.py b/cve_bin_tool/version_compare.py index 11716ac202..b719272fc6 100644 --- a/cve_bin_tool/version_compare.py +++ b/cve_bin_tool/version_compare.py @@ -134,6 +134,15 @@ def version_compare(v1: str, v2: str): if v1_array[i] in pre_release_words: return -1 + # special edge case for folk editing version info in excel + # who may lose the trailing .0 in versions like 1.0 + try: + if int(v1_array[i]) == 0 and len(v1_array) == len(v2_array) + 1: + return 0 + + except ValueError: + return 1 + # Otherwise, v1 has more digits than v2 and the previous ones matched, # so it's probably later. e.g. 1.2.3 amd 1.2.q are both > 1.2 return 1 @@ -150,6 +159,15 @@ def version_compare(v1: str, v2: str): if v2_array[len(v1_array)] in pre_release_words: return 1 + # special edge case for folk editing version info in excel + # who may lose the trailing .0 in versions like 1.0 + try: + if int(v2_array[len(v1_array)]) == 0 and len(v2_array) == len(v1_array) + 1: + return 0 + + except ValueError: + return -1 + return -1 return 0 diff --git a/test/test_version_compare.py b/test/test_version_compare.py index c826c4dc7e..b6af209905 100644 --- a/test/test_version_compare.py +++ b/test/test_version_compare.py @@ -16,6 +16,12 @@ def test_eq(self): assert Version("4.4.A") == Version("4.4.a") assert Version("5.6 ") == Version("5.6") assert Version("f835f2caaa") == Version("f835f2caaa") + assert Version("42.0") == Version( + "42" + ) # edge case for folk editing versions in excel + assert Version("1") == Version( + "1.0" + ) # edge case for folk editing versions in excel def test_lt(self): """Make sure < works between versions, including some with unusual version schemes""" @@ -75,3 +81,6 @@ def test_ne(self): """Test some != cases with hashes to make sure we aren't comparing the string 'HASH'""" assert Version("f835f2caab") != Version("f835f2caaa") assert Version("HASH") != Version("f835f2caaa") + assert Version("1") != Version( + "1.0.0" + ) # the edge case for excel only works on single .0