From 14342047add0292efba985c19fdc6da998a2e27c Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Tue, 8 Nov 2022 19:10:25 -0600 Subject: [PATCH] Allow local package identifiers for PyPI packages (#21690) (#21726) Backport (#21690) Fixes #21683 Co-authored-by: Lunny Xiao Co-authored-by: KN4CK3R --- integrations/api_packages_pypi_test.go | 4 ++-- routers/api/packages/pypi/pypi.go | 11 +++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/integrations/api_packages_pypi_test.go b/integrations/api_packages_pypi_test.go index 5d610df39da9..cbb42020737a 100644 --- a/integrations/api_packages_pypi_test.go +++ b/integrations/api_packages_pypi_test.go @@ -28,7 +28,7 @@ func TestPackagePyPI(t *testing.T) { user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User) packageName := "test-package" - packageVersion := "1.0.1" + packageVersion := "1.0.1+r1234" packageAuthor := "KN4CK3R" packageDescription := "Test Description" @@ -163,7 +163,7 @@ func TestPackagePyPI(t *testing.T) { nodes := htmlDoc.doc.Find("a").Nodes assert.Len(t, nodes, 2) - hrefMatcher := regexp.MustCompile(fmt.Sprintf(`%s/files/%s/%s/test\..+#sha256-%s`, root, packageName, packageVersion, hashSHA256)) + hrefMatcher := regexp.MustCompile(fmt.Sprintf(`%s/files/%s/%s/test\..+#sha256-%s`, root, regexp.QuoteMeta(packageName), regexp.QuoteMeta(packageVersion), hashSHA256)) for _, a := range nodes { for _, att := range a.Attr { diff --git a/routers/api/packages/pypi/pypi.go b/routers/api/packages/pypi/pypi.go index bb2208e01e86..558ddd06f01e 100644 --- a/routers/api/packages/pypi/pypi.go +++ b/routers/api/packages/pypi/pypi.go @@ -26,8 +26,15 @@ import ( var normalizer = strings.NewReplacer(".", "-", "_", "-") var nameMatcher = regexp.MustCompile(`\A[a-zA-Z0-9\.\-_]+\z`) -// https://www.python.org/dev/peps/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions -var versionMatcher = regexp.MustCompile(`^([1-9][0-9]*!)?(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))*((a|b|rc)(0|[1-9][0-9]*))?(\.post(0|[1-9][0-9]*))?(\.dev(0|[1-9][0-9]*))?$`) +// https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions +var versionMatcher = regexp.MustCompile(`\Av?` + + `(?:[0-9]+!)?` + // epoch + `[0-9]+(?:\.[0-9]+)*` + // release segment + `(?:[-_\.]?(?:a|b|c|rc|alpha|beta|pre|preview)[-_\.]?[0-9]*)?` + // pre-release + `(?:-[0-9]+|[-_\.]?(?:post|rev|r)[-_\.]?[0-9]*)?` + // post release + `(?:[-_\.]?dev[-_\.]?[0-9]*)?` + // dev release + `(?:\+[a-z0-9]+(?:[-_\.][a-z0-9]+)*)?` + // local version + `\z`) func apiError(ctx *context.Context, status int, obj interface{}) { helper.LogAndProcessError(ctx, status, obj, func(message string) {