Google Git
Sign in
go/mod/refs/tags/v0.4.1^!/.
commit
6ce8bb3f08e0e47592fe93e007071d86dcf214bb
[log]
author
Tom Zierbock <tomzierbock@gmail.com>
Tue Dec 22 19:19:47 2020 +0100
committer
Jay Conrod <jayconrod@google.com>
Thu Jan 14 18:10:11 2021 +0000
tree
b8784b71df17a91cca4512b35432bf969160e428
parent
bc388b264a244501debfb9caea700c6dcaff10e2 [diff]
cmd/go: validating version format in mod edit

Version strings set by -retract and -exclude are not canonicalized
by go mod commands. This change adds validation to go mod edit to
prevent invalid version strings from being added to the go.mod file.

For golang/go#43280

Change-Id: I3708b7a09111a56effac1fe1165122772e3f2d75
Reviewed-on: https://go-review.googlesource.com/c/mod/+/279394
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Trust: Michael Matloob <matloob@golang.org>

diff --git a/modfile/rule.go b/modfile/rule.go
index 83398dd..c6a189d 100644
--- a/modfile/rule.go
+++ b/modfile/rule.go

@@ -832,7 +832,16 @@
 	return nil
 }
 
+// AddExclude adds a exclude statement to the mod file. Errors if the provided
+// version is not a canonical version string
 func (f *File) AddExclude(path, vers string) error {
+	if !isCanonicalVersion(vers) {
+		return &module.InvalidVersionError{
+			Version: vers,
+			Err:     errors.New("must be of the form v1.2.3"),
+		}
+	}
+
 	var hint *Line
 	for _, x := range f.Exclude {
 		if x.Mod.Path == path && x.Mod.Version == vers {
@@ -904,7 +913,22 @@
 	return nil
 }
 
+// AddRetract adds a retract statement to the mod file. Errors if the provided
+// version interval does not consist of canonical version strings
 func (f *File) AddRetract(vi VersionInterval, rationale string) error {
+	if !isCanonicalVersion(vi.High) {
+		return &module.InvalidVersionError{
+			Version: vi.High,
+			Err:     errors.New("must be of the form v1.2.3"),
+		}
+	}
+	if !isCanonicalVersion(vi.Low) {
+		return &module.InvalidVersionError{
+			Version: vi.Low,
+			Err:     errors.New("must be of the form v1.2.3"),
+		}
+	}
+
 	r := &Retract{
 		VersionInterval: vi,
 	}
@@ -1061,3 +1085,9 @@
 	}
 	return semver.Compare(vii.High, vij.High) > 0
 }
+
+// isCanonicalVersion tests if the provided version string represents a valid
+// canonical version.
+func isCanonicalVersion(vers string) bool {
+	return vers != "" && semver.Canonical(vers) == vers
+}

diff --git a/modfile/rule_test.go b/modfile/rule_test.go
index fbf144d..03123ed 100644
--- a/modfile/rule_test.go
+++ b/modfile/rule_test.go

@@ -568,6 +568,48 @@
 	},
 }
 
+var addRetractValidateVersionTests = []struct {
+	dsc, low, high string
+}{
+	{
+		"blank_version",
+		"",
+		"",
+	},
+	{
+		"missing_prefix",
+		"1.0.0",
+		"1.0.0",
+	},
+	{
+		"non_canonical",
+		"v1.2",
+		"v1.2",
+	},
+	{
+		"invalid_range",
+		"v1.2.3",
+		"v1.3",
+	},
+}
+
+var addExcludeValidateVersionTests = []struct {
+	dsc, ver string
+}{
+	{
+		"blank_version",
+		"",
+	},
+	{
+		"missing_prefix",
+		"1.0.0",
+	},
+	{
+		"non_canonical",
+		"v1.2",
+	},
+}
+
 func TestAddRequire(t *testing.T) {
 	for _, tt := range addRequireTests {
 		t.Run(tt.desc, func(t *testing.T) {
@@ -699,3 +741,31 @@
 
 	return f
 }
+
+func TestAddRetractValidateVersion(t *testing.T) {
+	for _, tt := range addRetractValidateVersionTests {
+		t.Run(tt.dsc, func(t *testing.T) {
+			f, err := Parse("in", []byte("module m"), nil)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if err = f.AddRetract(VersionInterval{Low: tt.low, High: tt.high}, ""); err == nil {
+				t.Fatal("expected AddRetract to complain about version format")
+			}
+		})
+	}
+}
+
+func TestAddExcludeValidateVersion(t *testing.T) {
+	for _, tt := range addExcludeValidateVersionTests {
+		t.Run(tt.dsc, func(t *testing.T) {
+			f, err := Parse("in", []byte("module m"), nil)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if err = f.AddExclude("aa", tt.ver); err == nil {
+				t.Fatal("expected AddExclude to complain about version format")
+			}
+		})
+	}
+}