Add validation to maven package version

be3579b3 · Bola Ahmed Buari · Peter Leitzen · 5b99e6e5 · be3579b3 · be3579b3
Commit be3579b3 authored Jun 18, 2020 by Bola Ahmed Buari Committed by Peter Leitzen Jun 18, 2020
6 changed files
--- a/doc/user/packages/maven_repository/index.md
+++ b/doc/user/packages/maven_repository/index.md
@@ -821,6 +821,16 @@ user's home location (in this case the user is `root` since it runs in a
 Docker container), and Maven will use the configured CI
 [environment variables](../../../ci/variables/README.md#predefined-environment-variables).
+### Version validation
+The version string is validated using the following regex.
+```ruby
+\A(\.?[\w\+-]+\.?)+\z
+```
+You can play around with the regex and try your version strings on [this regular expression editor](https://rubular.com/r/rrLQqUXjfKEoL6).
 ## Troubleshooting
 ### Useful Maven command line options

--- a/ee/app/models/packages/package.rb
+++ b/ee/app/models/packages/package.rb
@@ -36,6 +36,7 @@ class Packages::Package < ApplicationRecord
  validates :version, format: { with: Gitlab::Regex.semver_regex }, if: -> { npm? || nuget? }
  validates :name, format: { with: Gitlab::Regex.conan_recipe_component_regex }, if: :conan?
  validates :version, format: { with: Gitlab::Regex.conan_recipe_component_regex }, if: :conan?
+  validates :version, format: { with: Gitlab::Regex.maven_version_regex }, if: -> { version? && maven? }
  enum package_type: { maven: 1, npm: 2, conan: 3, nuget: 4, pypi: 5, composer: 6 }

--- a/ee/changelogs/unreleased/32925-add-validation-to-maven-package-version.yml
+++ b/ee/changelogs/unreleased/32925-add-validation-to-maven-package-version.yml
+---
+title: Add validation to maven package version
+merge_request: 32925
+author: Bola Ahmed Buari
+type: added
--- a/ee/spec/models/packages/package_spec.rb
+++ b/ee/spec/models/packages/package_spec.rb
@@ -141,6 +141,34 @@ RSpec.describe Packages::Package, type: :model do
        it { is_expected.not_to allow_value('%2e%2e%2f1.2.3').for(:version) }
      end
+      context 'maven package' do
+        subject { create(:maven_package) }
+        it { is_expected.to allow_value('0').for(:version) }
+        it { is_expected.to allow_value('1').for(:version) }
+        it { is_expected.to allow_value('10').for(:version) }
+        it { is_expected.to allow_value('1.0').for(:version) }
+        it { is_expected.to allow_value('1.3.350.v20200505-1744').for(:version) }
+        it { is_expected.to allow_value('1.1-beta-2').for(:version) }
+        it { is_expected.to allow_value('1.2-SNAPSHOT').for(:version) }
+        it { is_expected.to allow_value('12.1.2-2-1').for(:version) }
+        it { is_expected.to allow_value('1.2.3..beta').for(:version) }
+        it { is_expected.to allow_value('1.2.3-beta').for(:version) }
+        it { is_expected.to allow_value('10.2.3-beta').for(:version) }
+        it { is_expected.to allow_value('2.0.0.v200706041905-7C78EK9E_EkMNfNOd2d8qq').for(:version) }
+        it { is_expected.to allow_value('1.2-alpha-1-20050205.060708-1').for(:version) }
+        it { is_expected.to allow_value('703220b4e2cea9592caeb9f3013f6b1e5335c293').for(:version) }
+        it { is_expected.to allow_value('RELEASE').for(:version) }
+        it { is_expected.not_to allow_value('..1.2.3').for(:version) }
+        it { is_expected.not_to allow_value('  1.2.3').for(:version) }
+        it { is_expected.not_to allow_value("1.2.3  \r\t").for(:version) }
+        it { is_expected.not_to allow_value("\r\t 1.2.3").for(:version) }
+        it { is_expected.not_to allow_value('1.2.3-4/../../').for(:version) }
+        it { is_expected.not_to allow_value('1.2.3-4%2e%2e%').for(:version) }
+        it { is_expected.not_to allow_value('../../../../../1.2.3').for(:version) }
+        it { is_expected.not_to allow_value('%2e%2e%2f1.2.3').for(:version) }
+      end
      it_behaves_like 'validating version to be SemVer compliant for', :npm_package
      it_behaves_like 'validating version to be SemVer compliant for', :nuget_package
    end

--- a/lib/gitlab/regex.rb
+++ b/lib/gitlab/regex.rb
@@ -43,6 +43,10 @@ module Gitlab
        @maven_app_name_regex ||= /\A[\w\-\.]+\z/.freeze
      end
+      def maven_version_regex
+        @maven_version_regex ||= /\A(\.?[\w\+-]+\.?)+\z/.freeze
+      end
      def maven_app_group_regex
        maven_app_name_regex
      end

--- a/spec/lib/gitlab/regex_spec.rb
+++ b/spec/lib/gitlab/regex_spec.rb
@@ -262,6 +262,39 @@ describe Gitlab::Regex do
    it { is_expected.not_to match('!!()()') }
  end
+  describe '.maven_version_regex' do
+    subject { described_class.maven_version_regex }
+    it { is_expected.to match('0')}
+    it { is_expected.to match('1') }
+    it { is_expected.to match('03') }
+    it { is_expected.to match('2.0') }
+    it { is_expected.to match('01.2') }
+    it { is_expected.to match('10.2.3-beta')}
+    it { is_expected.to match('1.2-SNAPSHOT') }
+    it { is_expected.to match('20') }
+    it { is_expected.to match('20.3') }
+    it { is_expected.to match('1.2.1') }
+    it { is_expected.to match('1.4.2-12') }
+    it { is_expected.to match('1.2-beta-2') }
+    it { is_expected.to match('12.1.2-2-1') }
+    it { is_expected.to match('1.1-beta-2') }
+    it { is_expected.to match('1.3.350.v20200505-1744') }
+    it { is_expected.to match('2.0.0.v200706041905-7C78EK9E_EkMNfNOd2d8qq') }
+    it { is_expected.to match('1.2-alpha-1-20050205.060708-1') }
+    it { is_expected.to match('703220b4e2cea9592caeb9f3013f6b1e5335c293') }
+    it { is_expected.to match('RELEASE') }
+    it { is_expected.not_to match('..1.2.3') }
+    it { is_expected.not_to match('  1.2.3') }
+    it { is_expected.not_to match("1.2.3  \r\t") }
+    it { is_expected.not_to match("\r\t 1.2.3") }
+    it { is_expected.not_to match('1./2.3') }
+    it { is_expected.not_to match('1.2.3-4/../../') }
+    it { is_expected.not_to match('1.2.3-4%2e%2e%') }
+    it { is_expected.not_to match('../../../../../1.2.3') }
+    it { is_expected.not_to match('%2e%2e%2f1.2.3') }
+  end
  describe '.semver_regex' do
    subject { described_class.semver_regex }