Restrict nuget version range allows incorrect ranges #3917
Conversation
|
@nkolev92 |
|
That seems like a bad range, but I'm not sure what you are to tell me by "some tests are failing". |
For example below test is now failing, because input is actually [2.3.1-RC+srv01-a5c5ff9, 2.3.1-RC+srv02-dbf5ec0) means [2.3.1-RC, 2.3.1-RC) ~ [a,a) is here. I believe [a,a) is illogical range. Something can't be exluding and including same thing |
|
I think that the test could be better. |
erdembayar
force-pushed
the
dev-eryondon-9145NuGetVersionRangeAllowsIncorrectRanges
branch
from
8bd1959
to
da47744
Compare
Removed only that case, it's illogical test input. |
erdembayar
changed the title
|
@nkolev92 |
|
|
|
@NuGet/nuget-client |
| [InlineData("[2.0.0)")] | ||
| [InlineData("(2.0.0]")] | ||
| [InlineData("[2.0.0, *)")] | ||
| public void VersionRange_LogicallyIncorrectRanges_Throws(string range) |
There was a problem hiding this comment.
The correct name according to the guide would be Parse_****_****
test/NuGet.Core.Tests/NuGet.Versioning.Test/VersionRangeTests.cs
Outdated
Show resolved
Hide resolved
Thank you for your review. I addressed your comments and made it more easy to reason. Please review again. |
| && minVersion >= maxVersion | ||
| && !(minVersion == maxVersion && isMinInclusive && isMaxInclusive)) // Exclude (9.0.0,9.0.0) since it's used as empty version range. | ||
| { | ||
| if (partsLength == 1) |
There was a problem hiding this comment.
This check can still be a lot simpler.
All comments aside, I'd expect return false covers all scenarios here and you don't need any of the parts checks.
There was a problem hiding this comment.
Ok. I addressed this one. Please check.
| // Illogical version range detection | ||
| if (minVersion != null && maxVersion != null | ||
| && minVersion >= maxVersion | ||
| && !(minVersion == maxVersion && isMinInclusive && isMaxInclusive)) // Exclude (9.0.0,9.0.0) since it's used as empty version range. | ||
| { | ||
| if (partsLength == 1) | ||
| { | ||
| var onePartValidation = isMinInclusive ^ isMaxInclusive; // (1.0.0] and [1.0.0) are invalid | ||
| onePartValidation |= !isMinInclusive && !isMaxInclusive; ; // or (1.0.0) is invalid | ||
| if (onePartValidation) | ||
| { | ||
| return false; | ||
| } | ||
| } | ||
| else | ||
| { | ||
| var manyPartsValidation = minVersion > maxVersion // If a > b then (a, b) range is invalid. But below 2 cases tests are a = b (equals). | ||
| | isMinInclusive // [1.0.0, 1.0.0) is invalid | ||
| | isMaxInclusive; // (1.0.0, 1.0.0] and [1.0.0, 1.0.0] are invalid | ||
| if (manyPartsValidation) | ||
| { | ||
| return false; | ||
| } | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
I think we can change the above logic as follows. Hope it covers all edge cases :)
- Add below logic after https://github.com/NuGet/NuGet.Client/blob/dev/src/NuGet.Core/NuGet.Versioning/VersionRangeFactory.cs#L187
//(1.0.0) , (1.0.0] and [1.0.0) invalid [1.0.0] is the only valid version number
if (parts.Length == 1
&& !(isMinInclusive && isMaxInclusive))
{
return false;
}- Add below logic after https://github.com/NuGet/NuGet.Client/blob/dev/src/NuGet.Core/NuGet.Versioning/VersionRangeFactory.cs#L235
if (minVersion != null && maxVersion != null)
{
int result = minVersion.CompareTo(maxVersion);
//minVersion is equal to maxVersion (1.0.0, 1.0.0], [1.0.0, 1.0.0)
if (result == 0
&& (isMinInclusive ^ isMaxInclusive))
return false;
//minVersion > maxVersion
if (result > 0)
return false;
}There was a problem hiding this comment.
Ok. Taken your suggestion. Please review again now.
erdembayar
force-pushed
the
dev-eryondon-9145NuGetVersionRangeAllowsIncorrectRanges
branch
from
59f5cc4
to
5e6a2ba
Compare
erdembayar
force-pushed
the
dev-eryondon-9145NuGetVersionRangeAllowsIncorrectRanges
branch
from
5e6a2ba
to
b34ad7b
Compare
|
Addressed PR review comments. Ready for review. |
| @@ -123,6 +123,7 @@ public static bool TryParse(string value, bool allowFloating, out VersionRange v | |||
| NuGetVersion minVersion = null; | |||
| NuGetVersion maxVersion = null; | |||
| FloatRange floatRange = null; | |||
| int partsLength = 0; | |||
There was a problem hiding this comment.
you probably don't need this here anymore. Everything is in the internal { }
|
@kartheekp-ms |
erdembayar
deleted the
dev-eryondon-9145NuGetVersionRangeAllowsIncorrectRanges
branch
Fixes: NuGet/Home#9145
Regression? Last working version:
Description
See: https://nugettoolsdev.azurewebsites.net/5.5.0-preview.2.6382/parse-version-range?versionRange=%5B10.0.0%2C+9.0.0%29
This range is empty and there's no reasonable scenario where it's necessary.
This has always been the case, all the way to 2.5 https://nugettoolsdev.azurewebsites.net/2.5.0/parse-version-range?versionRange=%5B10.0.0%2C+9.0.0%29.
Now we'll throw exception in above case. Also we consider [9.0.0, 9.0.0), (9.0.0, 9.0.0] as illogical now.
But we're not touch (9.0.0, 9.0.0) even though it's technically illogical range, it's used as empty range in many unit test cases, let's not overdo it.
PR Checklist
PR has a meaningful title
PR has a linked issue.
Described changes
Tests
Documentation