From 1e6f9fabaa1c1b95d58d67f87cd8cc8d97b7b1d8 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Tue, 24 Oct 2023 13:10:04 -0400
Subject: [PATCH 01/22] feat: add outline for new Java comparator

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 grype/version/constraint.go           |  2 ++
 grype/version/format.go               |  7 +++++++
 grype/version/format_test.go          |  8 ++++++++
 grype/version/java_constraint.go      | 20 ++++++++++++++++++++
 grype/version/java_constraint_test.go |  1 +
 5 files changed, 38 insertions(+)
 create mode 100644 grype/version/java_constraint.go
 create mode 100644 grype/version/java_constraint_test.go

diff --git a/grype/version/constraint.go b/grype/version/constraint.go
index 773a472511a..07d87ab79ff 100644
--- a/grype/version/constraint.go
+++ b/grype/version/constraint.go
@@ -17,6 +17,8 @@ func GetConstraint(constStr string, format Format) (Constraint, error) {
 		return newSemanticConstraint(constStr)
 	case DebFormat:
 		return newDebConstraint(constStr)
+	case JavaFormat:
+		return newJavaConstraint()
 	case RpmFormat:
 		return newRpmConstraint(constStr)
 	case PythonFormat:
diff --git a/grype/version/format.go b/grype/version/format.go
index fb9821f76fa..16dce0d41fa 100644
--- a/grype/version/format.go
+++ b/grype/version/format.go
@@ -11,6 +11,7 @@ const (
 	SemanticFormat
 	ApkFormat
 	DebFormat
+	JavaFormat
 	RpmFormat
 	PythonFormat
 	KBFormat
@@ -25,6 +26,7 @@ var formatStr = []string{
 	"Semantic",
 	"Apk",
 	"Deb",
+	"Java",
 	"RPM",
 	"Python",
 	"KB",
@@ -36,6 +38,7 @@ var Formats = []Format{
 	SemanticFormat,
 	ApkFormat,
 	DebFormat,
+	JavaFormat,
 	RpmFormat,
 	PythonFormat,
 	KBFormat,
@@ -51,6 +54,8 @@ func ParseFormat(userStr string) Format {
 		return ApkFormat
 	case strings.ToLower(DebFormat.String()), "dpkg":
 		return DebFormat
+	case strings.ToLower(JavaFormat.String()), "java":
+		return JavaFormat
 	case strings.ToLower(RpmFormat.String()), "rpm":
 		return RpmFormat
 	case strings.ToLower(PythonFormat.String()), "python":
@@ -72,6 +77,8 @@ func FormatFromPkgType(t pkg.Type) Format {
 		format = ApkFormat
 	case pkg.DebPkg:
 		format = DebFormat
+	case pkg.JavaPkg:
+		format = JavaFormat
 	case pkg.RpmPkg:
 		format = RpmFormat
 	case pkg.GemPkg:
diff --git a/grype/version/format_test.go b/grype/version/format_test.go
index a05e6027e46..bfa0b923a6f 100644
--- a/grype/version/format_test.go
+++ b/grype/version/format_test.go
@@ -16,6 +16,10 @@ func TestParseFormat(t *testing.T) {
 			input:  "dpkg",
 			format: DebFormat,
 		},
+		{
+			input:  "java",
+			format: JavaFormat,
+		},
 		{
 			input:  "gem",
 			format: GemFormat,
@@ -54,6 +58,10 @@ func TestFormatFromPkgType(t *testing.T) {
 			pkgType: pkg.DebPkg,
 			format:  DebFormat,
 		},
+		{
+			pkgType: pkg.JavaPkg,
+			format:  JavaFormat,
+		},
 		{
 			pkgType: pkg.GemPkg,
 			format:  GemFormat,
diff --git a/grype/version/java_constraint.go b/grype/version/java_constraint.go
new file mode 100644
index 00000000000..6a302bcf8b6
--- /dev/null
+++ b/grype/version/java_constraint.go
@@ -0,0 +1,20 @@
+package version
+
+type javaConstraint struct {
+}
+
+func newJavaConstraint() (javaConstraint, error) {
+	return javaConstraint{}, nil
+}
+
+func (c javaConstraint) supported(format Format) bool {
+	return format == JavaFormat
+}
+
+func (c javaConstraint) Satisfied(version *Version) (satisfied bool, err error) {
+	return satisfied, err
+}
+
+func (c javaConstraint) String() string {
+	return ""
+}
diff --git a/grype/version/java_constraint_test.go b/grype/version/java_constraint_test.go
new file mode 100644
index 00000000000..f37d99d0c2f
--- /dev/null
+++ b/grype/version/java_constraint_test.go
@@ -0,0 +1 @@
+package version

From 3d96d24dcd2d0b2b9a4b8f4816e2924587c44694 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Tue, 24 Oct 2023 14:03:57 -0400
Subject: [PATCH 02/22] feat: add initial version comparator

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 go.mod                        |  1 +
 go.sum                        |  2 ++
 grype/version/java_version.go | 49 +++++++++++++++++++++++++++++++++++
 grype/version/version.go      |  5 ++++
 4 files changed, 57 insertions(+)
 create mode 100644 grype/version/java_version.go

diff --git a/go.mod b/go.mod
index c2c54cc05de..26d247ff335 100644
--- a/go.mod
+++ b/go.mod
@@ -161,6 +161,7 @@ require (
 	github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75 // indirect
diff --git a/go.sum b/go.sum
index a2b72ce4e7d..48d2f9198e7 100644
--- a/go.sum
+++ b/go.sum
@@ -707,6 +707,8 @@ github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc8
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 h1:AevUBW4cc99rAF8q8vmddIP8qd/0J5s/UyltGbp66dg=
+github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08/go.mod h1:JOkBRrE1HvgTyjk6diFtNGgr8XJMtIfiBzkL5krqzVk=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
diff --git a/grype/version/java_version.go b/grype/version/java_version.go
new file mode 100644
index 00000000000..b2c66bf72cd
--- /dev/null
+++ b/grype/version/java_version.go
@@ -0,0 +1,49 @@
+package version
+
+import (
+	"fmt"
+
+	mvnv "github.com/masahiro331/go-mvn-version"
+)
+
+type javaVersion struct {
+	version mvnv.Version
+}
+
+func newJavaVersion(raw string) (*javaVersion, error) {
+	ver, err := mvnv.NewVersion(raw)
+	if err != nil {
+		return nil, fmt.Errorf("could not generate new java version from: %s; %w", raw, err)
+	}
+
+	return &javaVersion{
+		version: ver,
+	}, nil
+}
+
+// Compare returns 0 if j == j2, -1 if j < j2, and +1 if j > j2.
+// If an error returns the int value is -1
+func (j *javaVersion) Compare(j2 *Version) (int, error) {
+	if j2.Format != JavaFormat {
+		return -1, fmt.Errorf("unable to compare java to given format: %s", j2.Format)
+	}
+	if j2.rich.javaVer == nil {
+		return -1, fmt.Errorf("given empty javaVersion object")
+	}
+
+	submittedVersion := j2.rich.javaVer.version
+	if j.version.Equal(submittedVersion) {
+		return 0, nil
+	}
+	if j.version.LessThan(submittedVersion) {
+		return -1, nil
+	}
+	if j.version.GreaterThan(submittedVersion) {
+		return 1, nil
+	}
+
+	return -1, fmt.Errorf(
+		"could not compare java versions: %v with %v",
+		submittedVersion.String(),
+		j.version.String())
+}
diff --git a/grype/version/version.go b/grype/version/version.go
index f2404bef69d..2ecbf59ebd9 100644
--- a/grype/version/version.go
+++ b/grype/version/version.go
@@ -18,6 +18,7 @@ type rich struct {
 	semVer        *semanticVersion
 	apkVer        *apkVersion
 	debVer        *debVersion
+	javaVer       *javaVersion
 	rpmVer        *rpmVersion
 	kbVer         *kbVersion
 	portVer       *portageVersion
@@ -62,6 +63,10 @@ func (v *Version) populate() error {
 		ver, err := newDebVersion(v.Raw)
 		v.rich.debVer = ver
 		return err
+	case JavaFormat:
+		ver, err := newJavaVersion(v.Raw)
+		v.rich.javaVer = ver
+		return err
 	case RpmFormat:
 		ver, err := newRpmVersion(v.Raw)
 		v.rich.rpmVer = &ver

From 363ecc451ba5cff58cde15a133a3e08b62ed3e66 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Tue, 24 Oct 2023 17:01:58 -0400
Subject: [PATCH 03/22] feat: add boiler constraint implementation

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 go.mod                           |  6 ++--
 grype/version/apk_constraint.go  |  2 +-
 grype/version/constraint.go      |  2 +-
 grype/version/java_constraint.go | 60 +++++++++++++++++++++++++++++---
 4 files changed, 62 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 26d247ff335..bdb115b5f9a 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,10 @@ require (
 	modernc.org/sqlite v1.26.0 // indirect
 )
 
-require github.com/owenrumney/go-sarif v1.1.2-0.20231003122901-1000f5e05554
+require (
+	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08
+	github.com/owenrumney/go-sarif v1.1.2-0.20231003122901-1000f5e05554
+)
 
 require (
 	cloud.google.com/go v0.110.2 // indirect
@@ -161,7 +164,6 @@ require (
 	github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75 // indirect
diff --git a/grype/version/apk_constraint.go b/grype/version/apk_constraint.go
index 9a70ae84260..37e69cad077 100644
--- a/grype/version/apk_constraint.go
+++ b/grype/version/apk_constraint.go
@@ -10,7 +10,7 @@ type apkConstraint struct {
 
 func newApkConstraint(raw string) (apkConstraint, error) {
 	if raw == "" {
-		// empy constraints are always satisfied
+		// empty constraints are always satisfied
 		return apkConstraint{}, nil
 	}
 
diff --git a/grype/version/constraint.go b/grype/version/constraint.go
index 07d87ab79ff..d02406f50c6 100644
--- a/grype/version/constraint.go
+++ b/grype/version/constraint.go
@@ -18,7 +18,7 @@ func GetConstraint(constStr string, format Format) (Constraint, error) {
 	case DebFormat:
 		return newDebConstraint(constStr)
 	case JavaFormat:
-		return newJavaConstraint()
+		return newJavaConstraint(constStr)
 	case RpmFormat:
 		return newRpmConstraint(constStr)
 	case PythonFormat:
diff --git a/grype/version/java_constraint.go b/grype/version/java_constraint.go
index 6a302bcf8b6..98aa58dcb62 100644
--- a/grype/version/java_constraint.go
+++ b/grype/version/java_constraint.go
@@ -1,10 +1,36 @@
 package version
 
+import "fmt"
+
 type javaConstraint struct {
+	raw        string
+	expression constraintExpression
+}
+
+func newJavaConstraint(raw string) (javaConstraint, error) {
+	if raw == "" {
+		// empty constraints are always satisfied
+		return javaConstraint{}, nil
+	}
+
+	constraints, err := newConstraintExpression(raw, newJavaComparator)
+	if err != nil {
+		return javaConstraint{}, fmt.Errorf("unable to parse java constraint phrase: %w", err)
+	}
+
+	return javaConstraint{
+		raw:        raw,
+		expression: constraints,
+	}, nil
 }
 
-func newJavaConstraint() (javaConstraint, error) {
-	return javaConstraint{}, nil
+func newJavaComparator(unit constraintUnit) (Comparator, error) {
+	ver, err := newJavaVersion(unit.version)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse constraint version (%s): %w", unit.version, err)
+	}
+
+	return ver, nil
 }
 
 func (c javaConstraint) supported(format Format) bool {
@@ -12,9 +38,35 @@ func (c javaConstraint) supported(format Format) bool {
 }
 
 func (c javaConstraint) Satisfied(version *Version) (satisfied bool, err error) {
-	return satisfied, err
+	if c.raw == "" && version != nil {
+		// empty constraints are always satisfied
+		return true, nil
+	}
+
+	if version == nil {
+		if c.raw != "" {
+			// a non-empty constraint with no version given should always fail
+			return false, nil
+		}
+
+		return true, nil
+	}
+
+	if !c.supported(version.Format) {
+		return false, fmt.Errorf("(apk) unsupported format: %s", version.Format)
+	}
+
+	if version.rich.apkVer == nil {
+		return false, fmt.Errorf("no rich apk version given: %+v", version)
+	}
+
+	return c.expression.satisfied(version)
 }
 
 func (c javaConstraint) String() string {
-	return ""
+	if c.raw == "" {
+		return "none (java)"
+	}
+
+	return fmt.Sprintf("%s (java)", c.raw)
 }

From 4975438d3d42de3d6860829988bd014be03fa89a Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Tue, 24 Oct 2023 22:42:34 -0400
Subject: [PATCH 04/22] test: add version test cases

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 grype/version/java_version_test.go | 49 ++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 grype/version/java_version_test.go

diff --git a/grype/version/java_version_test.go b/grype/version/java_version_test.go
new file mode 100644
index 00000000000..2c362018120
--- /dev/null
+++ b/grype/version/java_version_test.go
@@ -0,0 +1,49 @@
+package version
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_javaVersion_Compare(t *testing.T) {
+	tests := []struct {
+		name    string
+		compare string
+		want    int
+	}{
+		{
+			name:    "1",
+			compare: "2",
+			want:    -1,
+		},
+		{
+			name:    "1.8.0_282",
+			compare: "1.8.0_282",
+			want:    0,
+		},
+		{
+			name:    "2.5",
+			compare: "2.0",
+			want:    1,
+		},
+		{
+			name:    "2.414.2-cb-5",
+			compare: "2.414.2",
+			want:    1,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			j, err := NewVersion(tt.name, JavaFormat)
+			assert.NoError(t, err)
+
+			j2, err := NewVersion(tt.compare, JavaFormat)
+			assert.NoError(t, err)
+
+			if got, _ := j.rich.javaVer.Compare(j2); got != tt.want {
+				t.Errorf("Compare() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

From 525a8151ecfda41ff0af58141ca13d3979e72bed Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Tue, 24 Oct 2023 23:05:54 -0400
Subject: [PATCH 05/22] test: add test cases for new comparator

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 grype/version/java_constraint.go      |   4 +-
 grype/version/java_constraint_test.go | 102 ++++++++++++++++++++++++++
 2 files changed, 104 insertions(+), 2 deletions(-)

diff --git a/grype/version/java_constraint.go b/grype/version/java_constraint.go
index 98aa58dcb62..b3e4a0dd4e0 100644
--- a/grype/version/java_constraint.go
+++ b/grype/version/java_constraint.go
@@ -53,10 +53,10 @@ func (c javaConstraint) Satisfied(version *Version) (satisfied bool, err error)
 	}
 
 	if !c.supported(version.Format) {
-		return false, fmt.Errorf("(apk) unsupported format: %s", version.Format)
+		return false, fmt.Errorf("(java) unsupported format: %s", version.Format)
 	}
 
-	if version.rich.apkVer == nil {
+	if version.rich.javaVer == nil {
 		return false, fmt.Errorf("no rich apk version given: %+v", version)
 	}
 
diff --git a/grype/version/java_constraint_test.go b/grype/version/java_constraint_test.go
index f37d99d0c2f..1313cbc8fb7 100644
--- a/grype/version/java_constraint_test.go
+++ b/grype/version/java_constraint_test.go
@@ -1 +1,103 @@
 package version
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestVersionConstraintJava(t *testing.T) {
+	tests := []testCase{
+		{version: "1", constraint: "< 2.5", satisfied: true},
+		{version: "1.0", constraint: "< 1.1", satisfied: true},
+		{version: "1.1", constraint: "< 1.2", satisfied: true},
+		{version: "1.0.0", constraint: "< 1.1", satisfied: true},
+		{version: "1.0.1", constraint: "< 1.1", satisfied: true},
+		{version: "1.1", constraint: "> 1.2.0", satisfied: false},
+		{version: "1.0-alpha-1", constraint: "> 1.0", satisfied: false},
+		{version: "1.0-alpha-1", constraint: "> 1.0-alpha-2", satisfied: false},
+		{version: "1.0-alpha-1", constraint: "< 1.0-beta-1", satisfied: false},
+		{version: "1.0-beta-1", constraint: "< 1.0-SNAPSHOT", satisfied: false},
+		{version: "1.0-SNAPSHOT", constraint: "< 1.0", satisfied: false},
+		{version: "1.0-alpha-1-SNAPSHOT", constraint: "> 1.0-alpha-1", satisfied: false},
+		{version: "1.0", constraint: "< 1.0-1", satisfied: true},
+		{version: "1.0-1", constraint: "< 1.0-2", satisfied: true},
+		{version: "1.0.0", constraint: "< 1.0-1", satisfied: true},
+		{version: "2.0-1", constraint: "> 2.0.1", satisfied: false},
+		{version: "2.0.1-klm", constraint: "> 2.0.1-lmn", satisfied: false},
+		{version: "2.0.1", constraint: "< 2.0.1-xyz", satisfied: false},
+		{version: "2.0.1", constraint: "< 2.0.1-123", satisfied: false},
+		{version: "2.0.1-xyz", constraint: "< 2.0.1-123", satisfied: false},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			constraint, err := newJavaConstraint(test.constraint)
+
+			assert.NoError(t, err, "unexpected error from newJavaConstraint: %v", err)
+			test.assertVersionConstraint(t, JavaFormat, constraint)
+
+		})
+	}
+}
+
+func TestVersionEqualityJava(t *testing.T) {
+	tests := []testCase{
+		{version: "1", constraint: "1", satisfied: true},
+		{version: "1", constraint: "1.0", satisfied: true},
+		{version: "1", constraint: "1.0.0", satisfied: true},
+		{version: "1.0", constraint: "1.0.0", satisfied: true},
+		{version: "1", constraint: "1-0", satisfied: true},
+		{version: "1", constraint: "1.0-0", satisfied: true},
+		{version: "1.0", constraint: "1.0-0", satisfied: true},
+		{version: "1a", constraint: "1-a", satisfied: true},
+		{version: "1a", constraint: "1.0-a", satisfied: true},
+		{version: "1a", constraint: "1.0.0-a", satisfied: true},
+		{version: "1.0a", constraint: "1-a", satisfied: true},
+		{version: "1.0.0a", constraint: "1-a", satisfied: true},
+		{version: "1x", constraint: "1-x", satisfied: true},
+		{version: "1x", constraint: "1.0-x", satisfied: true},
+		{version: "1x", constraint: "1.0.0-x", satisfied: true},
+		{version: "1.0x", constraint: "1-x", satisfied: true},
+		{version: "1.0.0x", constraint: "1-x", satisfied: true},
+		{version: "1ga", constraint: "1", satisfied: true},
+		{version: "1release", constraint: "1", satisfied: true},
+		{version: "1final", constraint: "1", satisfied: true},
+		{version: "1cr", constraint: "1rc", satisfied: true},
+		{version: "1a1", constraint: "1-alpha-1", satisfied: true},
+		{version: "1b2", constraint: "1-beta-2", satisfied: true},
+		{version: "1m3", constraint: "1-milestone-3", satisfied: true},
+		{version: "1X", constraint: "1x", satisfied: true},
+		{version: "1A", constraint: "1a", satisfied: true},
+		{version: "1B", constraint: "1b", satisfied: true},
+		{version: "1M", constraint: "1m", satisfied: true},
+		{version: "1Ga", constraint: "1", satisfied: true},
+		{version: "1GA", constraint: "1", satisfied: true},
+		{version: "1RELEASE", constraint: "1", satisfied: true},
+		{version: "1release", constraint: "1", satisfied: true},
+		{version: "1RELeaSE", constraint: "1", satisfied: true},
+		{version: "1Final", constraint: "1", satisfied: true},
+		{version: "1FinaL", constraint: "1", satisfied: true},
+		{version: "1FINAL", constraint: "1", satisfied: true},
+		{version: "1Cr", constraint: "1Rc", satisfied: true},
+		{version: "1cR", constraint: "1rC", satisfied: true},
+		{version: "1m3", constraint: "1Milestone3", satisfied: true},
+		{version: "1m3", constraint: "1MileStone3", satisfied: true},
+		{version: "1m3", constraint: "1MILESTONE3", satisfied: true},
+		{version: "1", constraint: "01", satisfied: true},
+		{version: "1", constraint: "001", satisfied: true},
+		{version: "1.1", constraint: "1.01", satisfied: true},
+		{version: "1.1", constraint: "1.001", satisfied: true},
+		{version: "1-1", constraint: "1-01", satisfied: true},
+		{version: "1-1", constraint: "1-001", satisfied: true},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			constraint, err := newJavaConstraint(test.constraint)
+
+			assert.NoError(t, err, "unexpected error from newJavaConstraint: %v", err)
+			test.assertVersionConstraint(t, JavaFormat, constraint)
+		})
+	}
+}

From 9d936ac1da365705a0fce7d8401727d8375d00f2 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Tue, 24 Oct 2023 23:21:25 -0400
Subject: [PATCH 06/22] test: update tests with correct expectations

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 grype/version/java_constraint_test.go | 16 ++++++++--------
 grype/version/java_version.go         |  6 +++---
 grype/version/java_version_test.go    |  6 +++---
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/grype/version/java_constraint_test.go b/grype/version/java_constraint_test.go
index 1313cbc8fb7..8218ffc4d8e 100644
--- a/grype/version/java_constraint_test.go
+++ b/grype/version/java_constraint_test.go
@@ -16,25 +16,25 @@ func TestVersionConstraintJava(t *testing.T) {
 		{version: "1.1", constraint: "> 1.2.0", satisfied: false},
 		{version: "1.0-alpha-1", constraint: "> 1.0", satisfied: false},
 		{version: "1.0-alpha-1", constraint: "> 1.0-alpha-2", satisfied: false},
-		{version: "1.0-alpha-1", constraint: "< 1.0-beta-1", satisfied: false},
-		{version: "1.0-beta-1", constraint: "< 1.0-SNAPSHOT", satisfied: false},
-		{version: "1.0-SNAPSHOT", constraint: "< 1.0", satisfied: false},
+		{version: "1.0-alpha-1", constraint: "< 1.0-beta-1", satisfied: true},
+		{version: "1.0-beta-1", constraint: "< 1.0-SNAPSHOT", satisfied: true},
+		{version: "1.0-SNAPSHOT", constraint: "< 1.0", satisfied: true},
 		{version: "1.0-alpha-1-SNAPSHOT", constraint: "> 1.0-alpha-1", satisfied: false},
 		{version: "1.0", constraint: "< 1.0-1", satisfied: true},
 		{version: "1.0-1", constraint: "< 1.0-2", satisfied: true},
 		{version: "1.0.0", constraint: "< 1.0-1", satisfied: true},
 		{version: "2.0-1", constraint: "> 2.0.1", satisfied: false},
 		{version: "2.0.1-klm", constraint: "> 2.0.1-lmn", satisfied: false},
-		{version: "2.0.1", constraint: "< 2.0.1-xyz", satisfied: false},
-		{version: "2.0.1", constraint: "< 2.0.1-123", satisfied: false},
-		{version: "2.0.1-xyz", constraint: "< 2.0.1-123", satisfied: false},
+		{version: "2.0.1", constraint: "< 2.0.1-xyz", satisfied: true},
+		{version: "2.0.1", constraint: "< 2.0.1-123", satisfied: true},
+		{version: "2.0.1-xyz", constraint: "< 2.0.1-123", satisfied: true},
 	}
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			constraint, err := newJavaConstraint(test.constraint)
 
-			assert.NoError(t, err, "unexpected error from newJavaConstraint: %v", err)
+			assert.NoError(t, err, "unexpected error from newJavaConstraint %s: %v", test.version, err)
 			test.assertVersionConstraint(t, JavaFormat, constraint)
 
 		})
@@ -96,7 +96,7 @@ func TestVersionEqualityJava(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			constraint, err := newJavaConstraint(test.constraint)
 
-			assert.NoError(t, err, "unexpected error from newJavaConstraint: %v", err)
+			assert.NoError(t, err, "unexpected error from newJavaConstraint %s: %v", test.version, err)
 			test.assertVersionConstraint(t, JavaFormat, constraint)
 		})
 	}
diff --git a/grype/version/java_version.go b/grype/version/java_version.go
index b2c66bf72cd..5715358dbb8 100644
--- a/grype/version/java_version.go
+++ b/grype/version/java_version.go
@@ -21,7 +21,7 @@ func newJavaVersion(raw string) (*javaVersion, error) {
 	}, nil
 }
 
-// Compare returns 0 if j == j2, -1 if j < j2, and +1 if j > j2.
+// Compare returns 0 if j == j2, 1 if j < j2, and -1 if j > j2.
 // If an error returns the int value is -1
 func (j *javaVersion) Compare(j2 *Version) (int, error) {
 	if j2.Format != JavaFormat {
@@ -36,10 +36,10 @@ func (j *javaVersion) Compare(j2 *Version) (int, error) {
 		return 0, nil
 	}
 	if j.version.LessThan(submittedVersion) {
-		return -1, nil
+		return 1, nil
 	}
 	if j.version.GreaterThan(submittedVersion) {
-		return 1, nil
+		return -1, nil
 	}
 
 	return -1, fmt.Errorf(
diff --git a/grype/version/java_version_test.go b/grype/version/java_version_test.go
index 2c362018120..306d7880676 100644
--- a/grype/version/java_version_test.go
+++ b/grype/version/java_version_test.go
@@ -15,7 +15,7 @@ func Test_javaVersion_Compare(t *testing.T) {
 		{
 			name:    "1",
 			compare: "2",
-			want:    -1,
+			want:    1,
 		},
 		{
 			name:    "1.8.0_282",
@@ -25,12 +25,12 @@ func Test_javaVersion_Compare(t *testing.T) {
 		{
 			name:    "2.5",
 			compare: "2.0",
-			want:    1,
+			want:    -1,
 		},
 		{
 			name:    "2.414.2-cb-5",
 			compare: "2.414.2",
-			want:    1,
+			want:    -1,
 		},
 	}
 	for _, tt := range tests {

From 0f94a697364050e276f64f89edcf53d3442c91e7 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Tue, 24 Oct 2023 23:35:08 -0400
Subject: [PATCH 07/22] chore: reorient compare logic to be consistent with
 other implementations

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 grype/version/java_constraint_test.go |  1 +
 grype/version/java_version.go         | 14 ++++++++------
 grype/version/java_version_test.go    |  8 ++++----
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/grype/version/java_constraint_test.go b/grype/version/java_constraint_test.go
index 8218ffc4d8e..0bfa61436f2 100644
--- a/grype/version/java_constraint_test.go
+++ b/grype/version/java_constraint_test.go
@@ -28,6 +28,7 @@ func TestVersionConstraintJava(t *testing.T) {
 		{version: "2.0.1", constraint: "< 2.0.1-xyz", satisfied: true},
 		{version: "2.0.1", constraint: "< 2.0.1-123", satisfied: true},
 		{version: "2.0.1-xyz", constraint: "< 2.0.1-123", satisfied: true},
+		{version: "2.414.2-cb-5", constraint: "> 2.414.2", satisfied: true},
 	}
 
 	for _, test := range tests {
diff --git a/grype/version/java_version.go b/grype/version/java_version.go
index 5715358dbb8..86f1382c6e3 100644
--- a/grype/version/java_version.go
+++ b/grype/version/java_version.go
@@ -7,6 +7,7 @@ import (
 )
 
 type javaVersion struct {
+	raw     string
 	version mvnv.Version
 }
 
@@ -17,11 +18,12 @@ func newJavaVersion(raw string) (*javaVersion, error) {
 	}
 
 	return &javaVersion{
+		raw:     raw,
 		version: ver,
 	}, nil
 }
 
-// Compare returns 0 if j == j2, 1 if j < j2, and -1 if j > j2.
+// Compare returns 0 if j2 == j, 1 if j2 > j, and -1 if j2 < j.
 // If an error returns the int value is -1
 func (j *javaVersion) Compare(j2 *Version) (int, error) {
 	if j2.Format != JavaFormat {
@@ -32,15 +34,15 @@ func (j *javaVersion) Compare(j2 *Version) (int, error) {
 	}
 
 	submittedVersion := j2.rich.javaVer.version
-	if j.version.Equal(submittedVersion) {
+	if submittedVersion.Equal(j.version) {
 		return 0, nil
 	}
-	if j.version.LessThan(submittedVersion) {
-		return 1, nil
-	}
-	if j.version.GreaterThan(submittedVersion) {
+	if submittedVersion.LessThan(j.version) {
 		return -1, nil
 	}
+	if submittedVersion.GreaterThan(j.version) {
+		return 1, nil
+	}
 
 	return -1, fmt.Errorf(
 		"could not compare java versions: %v with %v",
diff --git a/grype/version/java_version_test.go b/grype/version/java_version_test.go
index 306d7880676..c5a07ff15ab 100644
--- a/grype/version/java_version_test.go
+++ b/grype/version/java_version_test.go
@@ -15,7 +15,7 @@ func Test_javaVersion_Compare(t *testing.T) {
 		{
 			name:    "1",
 			compare: "2",
-			want:    1,
+			want:    -1,
 		},
 		{
 			name:    "1.8.0_282",
@@ -25,12 +25,12 @@ func Test_javaVersion_Compare(t *testing.T) {
 		{
 			name:    "2.5",
 			compare: "2.0",
-			want:    -1,
+			want:    1,
 		},
 		{
 			name:    "2.414.2-cb-5",
 			compare: "2.414.2",
-			want:    -1,
+			want:    1,
 		},
 	}
 	for _, tt := range tests {
@@ -41,7 +41,7 @@ func Test_javaVersion_Compare(t *testing.T) {
 			j2, err := NewVersion(tt.compare, JavaFormat)
 			assert.NoError(t, err)
 
-			if got, _ := j.rich.javaVer.Compare(j2); got != tt.want {
+			if got, _ := j2.rich.javaVer.Compare(j); got != tt.want {
 				t.Errorf("Compare() = %v, want %v", got, tt.want)
 			}
 		})

From 4d54c0ac80a43aacc43d00f61616df2d4ffa672a Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Wed, 25 Oct 2023 11:08:24 -0400
Subject: [PATCH 08/22] fix: reorient name scheme around maven spec

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 grype/version/constraint.go                   |  4 +-
 grype/version/format.go                       | 12 ++--
 grype/version/format_test.go                  |  6 +-
 grype/version/java_constraint.go              | 72 -------------------
 grype/version/maven_constraint.go             | 72 +++++++++++++++++++
 ...raint_test.go => maven_constraint_test.go} | 12 ++--
 .../{java_version.go => maven_version.go}     | 16 ++---
 ..._version_test.go => maven_version_test.go} |  6 +-
 grype/version/version.go                      |  8 +--
 9 files changed, 104 insertions(+), 104 deletions(-)
 delete mode 100644 grype/version/java_constraint.go
 create mode 100644 grype/version/maven_constraint.go
 rename grype/version/{java_constraint_test.go => maven_constraint_test.go} (91%)
 rename grype/version/{java_version.go => maven_version.go} (71%)
 rename grype/version/{java_version_test.go => maven_version_test.go} (80%)

diff --git a/grype/version/constraint.go b/grype/version/constraint.go
index d02406f50c6..97470a22bac 100644
--- a/grype/version/constraint.go
+++ b/grype/version/constraint.go
@@ -17,8 +17,8 @@ func GetConstraint(constStr string, format Format) (Constraint, error) {
 		return newSemanticConstraint(constStr)
 	case DebFormat:
 		return newDebConstraint(constStr)
-	case JavaFormat:
-		return newJavaConstraint(constStr)
+	case MavenFormat:
+		return newMavenConstraint(constStr)
 	case RpmFormat:
 		return newRpmConstraint(constStr)
 	case PythonFormat:
diff --git a/grype/version/format.go b/grype/version/format.go
index 16dce0d41fa..34506a55b36 100644
--- a/grype/version/format.go
+++ b/grype/version/format.go
@@ -11,7 +11,7 @@ const (
 	SemanticFormat
 	ApkFormat
 	DebFormat
-	JavaFormat
+	MavenFormat
 	RpmFormat
 	PythonFormat
 	KBFormat
@@ -26,7 +26,7 @@ var formatStr = []string{
 	"Semantic",
 	"Apk",
 	"Deb",
-	"Java",
+	"Maven",
 	"RPM",
 	"Python",
 	"KB",
@@ -38,7 +38,7 @@ var Formats = []Format{
 	SemanticFormat,
 	ApkFormat,
 	DebFormat,
-	JavaFormat,
+	MavenFormat,
 	RpmFormat,
 	PythonFormat,
 	KBFormat,
@@ -54,8 +54,8 @@ func ParseFormat(userStr string) Format {
 		return ApkFormat
 	case strings.ToLower(DebFormat.String()), "dpkg":
 		return DebFormat
-	case strings.ToLower(JavaFormat.String()), "java":
-		return JavaFormat
+	case strings.ToLower(MavenFormat.String()), "maven":
+		return MavenFormat
 	case strings.ToLower(RpmFormat.String()), "rpm":
 		return RpmFormat
 	case strings.ToLower(PythonFormat.String()), "python":
@@ -78,7 +78,7 @@ func FormatFromPkgType(t pkg.Type) Format {
 	case pkg.DebPkg:
 		format = DebFormat
 	case pkg.JavaPkg:
-		format = JavaFormat
+		format = MavenFormat
 	case pkg.RpmPkg:
 		format = RpmFormat
 	case pkg.GemPkg:
diff --git a/grype/version/format_test.go b/grype/version/format_test.go
index bfa0b923a6f..ecc5647ba64 100644
--- a/grype/version/format_test.go
+++ b/grype/version/format_test.go
@@ -17,8 +17,8 @@ func TestParseFormat(t *testing.T) {
 			format: DebFormat,
 		},
 		{
-			input:  "java",
-			format: JavaFormat,
+			input:  "maven",
+			format: MavenFormat,
 		},
 		{
 			input:  "gem",
@@ -60,7 +60,7 @@ func TestFormatFromPkgType(t *testing.T) {
 		},
 		{
 			pkgType: pkg.JavaPkg,
-			format:  JavaFormat,
+			format:  MavenFormat,
 		},
 		{
 			pkgType: pkg.GemPkg,
diff --git a/grype/version/java_constraint.go b/grype/version/java_constraint.go
deleted file mode 100644
index b3e4a0dd4e0..00000000000
--- a/grype/version/java_constraint.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package version
-
-import "fmt"
-
-type javaConstraint struct {
-	raw        string
-	expression constraintExpression
-}
-
-func newJavaConstraint(raw string) (javaConstraint, error) {
-	if raw == "" {
-		// empty constraints are always satisfied
-		return javaConstraint{}, nil
-	}
-
-	constraints, err := newConstraintExpression(raw, newJavaComparator)
-	if err != nil {
-		return javaConstraint{}, fmt.Errorf("unable to parse java constraint phrase: %w", err)
-	}
-
-	return javaConstraint{
-		raw:        raw,
-		expression: constraints,
-	}, nil
-}
-
-func newJavaComparator(unit constraintUnit) (Comparator, error) {
-	ver, err := newJavaVersion(unit.version)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse constraint version (%s): %w", unit.version, err)
-	}
-
-	return ver, nil
-}
-
-func (c javaConstraint) supported(format Format) bool {
-	return format == JavaFormat
-}
-
-func (c javaConstraint) Satisfied(version *Version) (satisfied bool, err error) {
-	if c.raw == "" && version != nil {
-		// empty constraints are always satisfied
-		return true, nil
-	}
-
-	if version == nil {
-		if c.raw != "" {
-			// a non-empty constraint with no version given should always fail
-			return false, nil
-		}
-
-		return true, nil
-	}
-
-	if !c.supported(version.Format) {
-		return false, fmt.Errorf("(java) unsupported format: %s", version.Format)
-	}
-
-	if version.rich.javaVer == nil {
-		return false, fmt.Errorf("no rich apk version given: %+v", version)
-	}
-
-	return c.expression.satisfied(version)
-}
-
-func (c javaConstraint) String() string {
-	if c.raw == "" {
-		return "none (java)"
-	}
-
-	return fmt.Sprintf("%s (java)", c.raw)
-}
diff --git a/grype/version/maven_constraint.go b/grype/version/maven_constraint.go
new file mode 100644
index 00000000000..8a191d673e5
--- /dev/null
+++ b/grype/version/maven_constraint.go
@@ -0,0 +1,72 @@
+package version
+
+import "fmt"
+
+type mavenConstraint struct {
+	raw        string
+	expression constraintExpression
+}
+
+func newMavenConstraint(raw string) (mavenConstraint, error) {
+	if raw == "" {
+		// empty constraints are always satisfied
+		return mavenConstraint{}, nil
+	}
+
+	constraints, err := newConstraintExpression(raw, newMavenComparator)
+	if err != nil {
+		return mavenConstraint{}, fmt.Errorf("unable to parse maven constraint phrase: %w", err)
+	}
+
+	return mavenConstraint{
+		raw:        raw,
+		expression: constraints,
+	}, nil
+}
+
+func newMavenComparator(unit constraintUnit) (Comparator, error) {
+	ver, err := newMavenVersion(unit.version)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse constraint version (%s): %w", unit.version, err)
+	}
+
+	return ver, nil
+}
+
+func (c mavenConstraint) supported(format Format) bool {
+	return format == MavenFormat
+}
+
+func (c mavenConstraint) Satisfied(version *Version) (satisfied bool, err error) {
+	if c.raw == "" && version != nil {
+		// empty constraints are always satisfied
+		return true, nil
+	}
+
+	if version == nil {
+		if c.raw != "" {
+			// a non-empty constraint with no version given should always fail
+			return false, nil
+		}
+
+		return true, nil
+	}
+
+	if !c.supported(version.Format) {
+		return false, fmt.Errorf("(maven) unsupported format: %s", version.Format)
+	}
+
+	if version.rich.mavenVer == nil {
+		return false, fmt.Errorf("no rich apk version given: %+v", version)
+	}
+
+	return c.expression.satisfied(version)
+}
+
+func (c mavenConstraint) String() string {
+	if c.raw == "" {
+		return "none (maven)"
+	}
+
+	return fmt.Sprintf("%s (maven)", c.raw)
+}
diff --git a/grype/version/java_constraint_test.go b/grype/version/maven_constraint_test.go
similarity index 91%
rename from grype/version/java_constraint_test.go
rename to grype/version/maven_constraint_test.go
index 0bfa61436f2..0bb359e1f15 100644
--- a/grype/version/java_constraint_test.go
+++ b/grype/version/maven_constraint_test.go
@@ -33,10 +33,10 @@ func TestVersionConstraintJava(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			constraint, err := newJavaConstraint(test.constraint)
+			constraint, err := newMavenConstraint(test.constraint)
 
-			assert.NoError(t, err, "unexpected error from newJavaConstraint %s: %v", test.version, err)
-			test.assertVersionConstraint(t, JavaFormat, constraint)
+			assert.NoError(t, err, "unexpected error from newMavenConstraint %s: %v", test.version, err)
+			test.assertVersionConstraint(t, MavenFormat, constraint)
 
 		})
 	}
@@ -95,10 +95,10 @@ func TestVersionEqualityJava(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			constraint, err := newJavaConstraint(test.constraint)
+			constraint, err := newMavenConstraint(test.constraint)
 
-			assert.NoError(t, err, "unexpected error from newJavaConstraint %s: %v", test.version, err)
-			test.assertVersionConstraint(t, JavaFormat, constraint)
+			assert.NoError(t, err, "unexpected error from newMavenConstraint %s: %v", test.version, err)
+			test.assertVersionConstraint(t, MavenFormat, constraint)
 		})
 	}
 }
diff --git a/grype/version/java_version.go b/grype/version/maven_version.go
similarity index 71%
rename from grype/version/java_version.go
rename to grype/version/maven_version.go
index 86f1382c6e3..29f1eb0759f 100644
--- a/grype/version/java_version.go
+++ b/grype/version/maven_version.go
@@ -6,18 +6,18 @@ import (
 	mvnv "github.com/masahiro331/go-mvn-version"
 )
 
-type javaVersion struct {
+type mavenVersion struct {
 	raw     string
 	version mvnv.Version
 }
 
-func newJavaVersion(raw string) (*javaVersion, error) {
+func newMavenVersion(raw string) (*mavenVersion, error) {
 	ver, err := mvnv.NewVersion(raw)
 	if err != nil {
 		return nil, fmt.Errorf("could not generate new java version from: %s; %w", raw, err)
 	}
 
-	return &javaVersion{
+	return &mavenVersion{
 		raw:     raw,
 		version: ver,
 	}, nil
@@ -25,15 +25,15 @@ func newJavaVersion(raw string) (*javaVersion, error) {
 
 // Compare returns 0 if j2 == j, 1 if j2 > j, and -1 if j2 < j.
 // If an error returns the int value is -1
-func (j *javaVersion) Compare(j2 *Version) (int, error) {
-	if j2.Format != JavaFormat {
+func (j *mavenVersion) Compare(j2 *Version) (int, error) {
+	if j2.Format != MavenFormat {
 		return -1, fmt.Errorf("unable to compare java to given format: %s", j2.Format)
 	}
-	if j2.rich.javaVer == nil {
-		return -1, fmt.Errorf("given empty javaVersion object")
+	if j2.rich.mavenVer == nil {
+		return -1, fmt.Errorf("given empty mavenVersion object")
 	}
 
-	submittedVersion := j2.rich.javaVer.version
+	submittedVersion := j2.rich.mavenVer.version
 	if submittedVersion.Equal(j.version) {
 		return 0, nil
 	}
diff --git a/grype/version/java_version_test.go b/grype/version/maven_version_test.go
similarity index 80%
rename from grype/version/java_version_test.go
rename to grype/version/maven_version_test.go
index c5a07ff15ab..4b5143d7498 100644
--- a/grype/version/java_version_test.go
+++ b/grype/version/maven_version_test.go
@@ -35,13 +35,13 @@ func Test_javaVersion_Compare(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			j, err := NewVersion(tt.name, JavaFormat)
+			j, err := NewVersion(tt.name, MavenFormat)
 			assert.NoError(t, err)
 
-			j2, err := NewVersion(tt.compare, JavaFormat)
+			j2, err := NewVersion(tt.compare, MavenFormat)
 			assert.NoError(t, err)
 
-			if got, _ := j2.rich.javaVer.Compare(j); got != tt.want {
+			if got, _ := j2.rich.mavenVer.Compare(j); got != tt.want {
 				t.Errorf("Compare() = %v, want %v", got, tt.want)
 			}
 		})
diff --git a/grype/version/version.go b/grype/version/version.go
index 2ecbf59ebd9..4f9f7cf394c 100644
--- a/grype/version/version.go
+++ b/grype/version/version.go
@@ -18,7 +18,7 @@ type rich struct {
 	semVer        *semanticVersion
 	apkVer        *apkVersion
 	debVer        *debVersion
-	javaVer       *javaVersion
+	mavenVer      *mavenVersion
 	rpmVer        *rpmVersion
 	kbVer         *kbVersion
 	portVer       *portageVersion
@@ -63,9 +63,9 @@ func (v *Version) populate() error {
 		ver, err := newDebVersion(v.Raw)
 		v.rich.debVer = ver
 		return err
-	case JavaFormat:
-		ver, err := newJavaVersion(v.Raw)
-		v.rich.javaVer = ver
+	case MavenFormat:
+		ver, err := newMavenVersion(v.Raw)
+		v.rich.mavenVer = ver
 		return err
 	case RpmFormat:
 		ver, err := newRpmVersion(v.Raw)

From ad906d4e11aad71f68b404060c9f29a37df61fe0 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Wed, 25 Oct 2023 13:38:25 -0400
Subject: [PATCH 09/22] feat: update fuzzy constraint to test against request
 version first

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 grype/version/fuzzy_constraint.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/grype/version/fuzzy_constraint.go b/grype/version/fuzzy_constraint.go
index 77d788332cf..ca333b7bf30 100644
--- a/grype/version/fuzzy_constraint.go
+++ b/grype/version/fuzzy_constraint.go
@@ -79,6 +79,19 @@ func (f *fuzzyConstraint) Satisfied(verObj *Version) (bool, error) {
 
 	version := verObj.Raw
 
+	// rebuild temp constraint based off of ver obj
+	if verObj.Format != UnknownFormat {
+		newConstaint, err := GetConstraint(f.rawPhrase, verObj.Format)
+		// check if constraint is not fuzzyConstraint
+		_, ok := newConstaint.(*fuzzyConstraint)
+		if err == nil && !ok {
+			satisfied, err := newConstaint.Satisfied(verObj)
+			if err == nil {
+				return satisfied, nil
+			}
+		}
+	}
+
 	// attempt semver first, then fallback to fuzzy part matching...
 	if f.semanticConstraint != nil {
 		if pseudoSemverPattern.Match([]byte(version)) {

From c26935037c8fec543199515a3fd88e19644966fb Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Thu, 26 Oct 2023 13:56:53 -0400
Subject: [PATCH 10/22] chore: update to newer test db with new labels and new
 yardstick

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 test/quality/Makefile                   | 2 +-
 test/quality/requirements.txt           | 2 +-
 test/quality/vulnerability-match-labels | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/quality/Makefile b/test/quality/Makefile
index fb81557bbe4..3c6de30e035 100644
--- a/test/quality/Makefile
+++ b/test/quality/Makefile
@@ -8,7 +8,7 @@ VULNERABILITY_LABELS = ./vulnerability-labels
 RESULT_SET = pr_vs_latest_via_sbom
 
 # update periodically with values from "grype db list"
-TEST_DB_URL = https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v5_2023-08-24T01:23:40Z_fd07204627d474f68f90.tar.gz
+TEST_DB_URL = https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v5_2023-10-25T01:27:28Z_fd5a911f9285633c57e3.tar.gz
 TEST_DB = db.tar.gz
 LISTING_FILE = https://toolbox-data.anchore.io/grype/databases/listing.json
 
diff --git a/test/quality/requirements.txt b/test/quality/requirements.txt
index 63d706f57b5..4772f04224e 100644
--- a/test/quality/requirements.txt
+++ b/test/quality/requirements.txt
@@ -1,3 +1,3 @@
-git+https://github.com/anchore/yardstick@v0.8.0
+git+https://github.com/anchore/yardstick@v0.9.0
 # ../../../yardstick
 tabulate==0.9.0
diff --git a/test/quality/vulnerability-match-labels b/test/quality/vulnerability-match-labels
index 3e6c878d144..e8c7c4e2bea 160000
--- a/test/quality/vulnerability-match-labels
+++ b/test/quality/vulnerability-match-labels
@@ -1 +1 @@
-Subproject commit 3e6c878d144f95aab8bbb398ad0e7c717d6c3c31
+Subproject commit e8c7c4e2beac2f97949be4866b286234d82b385d

From 9d12d7a3f186ff24a9152ab7db90e0f41c6f8d51 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Thu, 26 Oct 2023 14:15:42 -0400
Subject: [PATCH 11/22] chore: try 3.11.6 which works locally

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 test/quality/.python-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/quality/.python-version b/test/quality/.python-version
index 1281604a491..375f5cabfe6 100644
--- a/test/quality/.python-version
+++ b/test/quality/.python-version
@@ -1 +1 @@
-3.10.7
+3.11.6

From 748a4c259c7303450642e7e3211b66c6720e747d Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Thu, 26 Oct 2023 14:21:07 -0400
Subject: [PATCH 12/22] chore: bump python to 3.11 for quality gate

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 .github/actions/bootstrap/action.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
index 3fada0a417b..fcdbb22bbe6 100644
--- a/.github/actions/bootstrap/action.yaml
+++ b/.github/actions/bootstrap/action.yaml
@@ -8,7 +8,7 @@ inputs:
   python-version:
     description: "Python version to install"
     required: true
-    default: "3.10"
+    default: "3.11"
   cache-key-prefix:
     description: "Prefix all cache keys with this value"
     required: true

From 532cfbd1311bd50e607e342b87c1df3c6abfb2c6 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Thu, 26 Oct 2023 17:08:45 -0400
Subject: [PATCH 13/22] chore: reset pipeline version changes

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 .github/actions/bootstrap/action.yaml | 2 +-
 test/quality/.python-version          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
index fcdbb22bbe6..3fada0a417b 100644
--- a/.github/actions/bootstrap/action.yaml
+++ b/.github/actions/bootstrap/action.yaml
@@ -8,7 +8,7 @@ inputs:
   python-version:
     description: "Python version to install"
     required: true
-    default: "3.11"
+    default: "3.10"
   cache-key-prefix:
     description: "Prefix all cache keys with this value"
     required: true
diff --git a/test/quality/.python-version b/test/quality/.python-version
index 375f5cabfe6..1281604a491 100644
--- a/test/quality/.python-version
+++ b/test/quality/.python-version
@@ -1 +1 @@
-3.11.6
+3.10.7

From b5511c678f5a67a155d2a45b9c339eb814516272 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Fri, 27 Oct 2023 09:43:55 -0400
Subject: [PATCH 14/22] chore: bump yardstick version to bug fix

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 test/quality/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/quality/requirements.txt b/test/quality/requirements.txt
index 4772f04224e..8f8a9a2d7fe 100644
--- a/test/quality/requirements.txt
+++ b/test/quality/requirements.txt
@@ -1,3 +1,3 @@
-git+https://github.com/anchore/yardstick@v0.9.0
+git+https://github.com/anchore/yardstick@v0.9.1
 # ../../../yardstick
 tabulate==0.9.0

From 294ca8a468a9067efeedd37b3ed6d0ae7c463441 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Fri, 27 Oct 2023 11:32:53 -0400
Subject: [PATCH 15/22] chore: update submodule for vml with latest YS

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 test/quality/vulnerability-match-labels | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/quality/vulnerability-match-labels b/test/quality/vulnerability-match-labels
index e8c7c4e2bea..06f4b4032fe 160000
--- a/test/quality/vulnerability-match-labels
+++ b/test/quality/vulnerability-match-labels
@@ -1 +1 @@
-Subproject commit e8c7c4e2beac2f97949be4866b286234d82b385d
+Subproject commit 06f4b4032fe3c51a18b1551e89114dc32ba13545

From 188a3dbddc7c6cf2eb4806802fee4aaaa2a4820a Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Fri, 27 Oct 2023 11:51:20 -0400
Subject: [PATCH 16/22] chore: check if local grype can be used

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 test/quality/.yardstick.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/quality/.yardstick.yaml b/test/quality/.yardstick.yaml
index dfae62e6f4d..65674ff78f0 100644
--- a/test/quality/.yardstick.yaml
+++ b/test/quality/.yardstick.yaml
@@ -103,9 +103,9 @@ result-sets:
           # By pinning the DB the grype code itself becomes the independent variable under test (and not the
           # every-changing DB). That being said, we should be updating this DB periodically to ensure what we
           # are testing with is not too stale.
-          version: git:current-commit+import-db=db.tar.gz
+          # version: git:current-commit+import-db=db.tar.gz
           # for local build of grype, use for example:
-          # version: path:../../
+          version: path:../../+import-db=db.tar.gz
           takes: SBOM
 
         - name: grype

From c0a8d88ff5f34555b1469d2f409b23bcfdc1844b Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Fri, 27 Oct 2023 12:12:43 -0400
Subject: [PATCH 17/22] chore: try busying penv cache

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 .github/actions/bootstrap/action.yaml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
index 3fada0a417b..a0d11095fb9 100644
--- a/.github/actions/bootstrap/action.yaml
+++ b/.github/actions/bootstrap/action.yaml
@@ -12,7 +12,7 @@ inputs:
   cache-key-prefix:
     description: "Prefix all cache keys with this value"
     required: true
-    default: "831180ac25"
+    default: "831180ac26"
   build-cache-key-prefix:
     description: "Prefix build cache key with this value"
     required: true
@@ -40,9 +40,7 @@ runs:
         path: |
           test/quality/venv
           test/quality/vulnerability-match-labels/venv
-        key: ${{ runner.os }}-python-${{ inputs.python-version }}-${{ hashFiles('**/test/quality/**/requirements.txt') }}
-        restore-keys: |
-          ${{ runner.os }}-python-${{ env.python-version }}-
+        key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-python-${{ inputs.python-version }}-${{ hashFiles('**/test/quality/**/requirements.txt') }}
 
     - name: Restore tool cache
       id: tool-cache

From a905c4fce95592e9d39ef7883e7c247da8ef8a8d Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Fri, 27 Oct 2023 12:16:07 -0400
Subject: [PATCH 18/22] troubleshoot with tmate

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---
 .github/workflows/validations.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml
index 6e5560912c8..da2f41c7b2d 100644
--- a/.github/workflows/validations.yaml
+++ b/.github/workflows/validations.yaml
@@ -49,6 +49,12 @@ jobs:
       - name: Bootstrap environment
         uses: ./.github/actions/bootstrap
 
+      - name: Setup tmate session
+        uses: mxschmitt/action-tmate@v3
+        timeout-minutes: 60
+        with:
+          limit-access-to-actor: true
+
       - name: Run quality tests
         run: make quality
         env:

From ba3cf482bfe91865827c17513c4827182b979d61 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Fri, 27 Oct 2023 12:32:06 -0400
Subject: [PATCH 19/22] chore: change labels back to not update init

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 test/quality/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/quality/Makefile b/test/quality/Makefile
index 3c6de30e035..50826872da7 100644
--- a/test/quality/Makefile
+++ b/test/quality/Makefile
@@ -65,7 +65,7 @@ $(YARDSTICK_RESULT_DIR):
 	mkdir -p $(YARDSTICK_RESULT_DIR)
 
 $(VULNERABILITY_LABELS)/Makefile:
-	git submodule update --init
+	git submodule update vulnerability-match-labels
 
 .PHONY: clear-results
 clear-results: venv ## Clear all existing yardstick results

From 38eb80ffde3228c23bda406cafad44e6382e91a1 Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Fri, 27 Oct 2023 12:40:32 -0400
Subject: [PATCH 20/22] remove tmate troubleshooting action

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---
 .github/workflows/validations.yaml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml
index da2f41c7b2d..6e5560912c8 100644
--- a/.github/workflows/validations.yaml
+++ b/.github/workflows/validations.yaml
@@ -49,12 +49,6 @@ jobs:
       - name: Bootstrap environment
         uses: ./.github/actions/bootstrap
 
-      - name: Setup tmate session
-        uses: mxschmitt/action-tmate@v3
-        timeout-minutes: 60
-        with:
-          limit-access-to-actor: true
-
       - name: Run quality tests
         run: make quality
         env:

From 74c0d0dbdabe1a04a7929c55a0721c04f916d369 Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Fri, 27 Oct 2023 12:42:43 -0400
Subject: [PATCH 21/22] use grype config for quality testing

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---
 .github/workflows/validations.yaml | 1 -
 test/quality/.grype.yaml           | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 test/quality/.grype.yaml

diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml
index 6e5560912c8..6e936951b76 100644
--- a/.github/workflows/validations.yaml
+++ b/.github/workflows/validations.yaml
@@ -53,7 +53,6 @@ jobs:
         run: make quality
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GRYPE_BY_CVE: "true"
 
   Integration-Test:
     # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
diff --git a/test/quality/.grype.yaml b/test/quality/.grype.yaml
new file mode 100644
index 00000000000..3fda70abb9c
--- /dev/null
+++ b/test/quality/.grype.yaml
@@ -0,0 +1 @@
+by-cve: true

From a0063672e78cea8fe4a9194c1a23d7d45b536271 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Fri, 27 Oct 2023 14:01:23 -0400
Subject: [PATCH 22/22] chore: bump label for by-cve

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 test/quality/vulnerability-match-labels | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/quality/vulnerability-match-labels b/test/quality/vulnerability-match-labels
index 06f4b4032fe..78ee717268d 160000
--- a/test/quality/vulnerability-match-labels
+++ b/test/quality/vulnerability-match-labels
@@ -1 +1 @@
-Subproject commit 06f4b4032fe3c51a18b1551e89114dc32ba13545
+Subproject commit 78ee717268d80fa4f59772213af434da3dceefcd