Generate affected_versions from affected_range
Generate affected_versions
from affected_range
.
This MR was automatically generated by the sanitisation function incorporated in the advisory database curation tool.
I would like to outline how the translation process works internally; I am using on of the implemented test-cases as an example: tc_version_parser.rb
The tool includes a version parser that parses the version string notations used by various package managers mvn
, npm
, etc. Parsing is basically a two step process:
- Translate version string into a normalised form by means of a
VersionTranslator
(see tc_version_parser.rb#L72 as an example) - Parse version string and create a
VersionInterval
. This interval is a common representation of up to two semantic versions (for lower and upper bounds).
From the VersionInterval
, it is also possible to generate version strings in different formats for the various package types such as npm
, mvn
, PyPI
, etc (see version_interval.rb#L57 as an example how to generate a mvn
version string).
Moreover, the VersionInterval
also allows to generate a version description in natural language (see version_interval.rb#L43). This is the functionality which was used to generate the content of the affected_version
field from the affected_range
field.
You can find a corresponding test case here.
MR related to Advisory DB inconsistencies.