Raise version parsing error
What does this MR do?
-
Add version validation to
SemanticVersion.new
.Raise
InvalidVersionError
if the string doesn't match the regexp. -
Add validation to
VersionParser.parse
.Raise
InvalidConstraintError
if the string doesn't match the regexp. -
Add package type validation to
SemverDialects.translate_version
.Raise
UnsupportedPackageTypeError
if package type isn't known.
These errors are propagated by SemverDialects.version_sat?
.
- It raises
InvalidVersionError
if the supplied version is invalid. - It raises
InvalidConstraintError
is invalid. In particular, this error is raised if the constraint contains invalid versions.
GitLab's Continuous Vulnerability Scanning can leverage these new errors to recover or fail during scans.
-
InvalidVersionError
is specific to the dependency being scanned. It's recovered and the scan moves on to the next dependency. -
InvalidConstraintError
is triggered by the security advisory itself. It is NOT recovered.
What are the relevant issue numbers?
Version parsing errors not recovered during adv... (gitlab-org/gitlab#435452 - closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for this project, if necessary -
Tests added for this feature/bug -
Conforms to the code review guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau