#1617: fix CVE generation #1624: tolerant versionrange parsing (#1625)

Author: hohwille

cli/src/main/java/com/devonfw/tools/ide/json/VersionRangeDeserializer.java

@@ -19,7 +19,7 @@ public VersionRange deserialize(JsonParser p, DeserializationContext context) th
 
     JsonToken token = p.getCurrentToken();
     if (token == JsonToken.VALUE_STRING) {
-      return VersionRange.of(p.getValueAsString());
+      return VersionRange.of(p.getValueAsString(), true);
     } else {
       throw new IllegalArgumentException("Invalid JSON for VersionRange!");
     }

cli/src/main/java/com/devonfw/tools/ide/url/model/file/json/Cve.java

@@ -64,7 +64,11 @@ public Cve merge(Cve issue) {
     return new Cve(this.id, this.severity, newVersions);
   }
 
-  private static void mergeVersionRage(List<VersionRange> newVersions, VersionRange versionRange) {
+  /**
+   * @param newVersions the {@link List} of {@link VersionRange}s.
+   * @param versionRange the new {@link VersionRange} to add.
+   */
+  public static void mergeVersionRage(List<VersionRange> newVersions, VersionRange versionRange) {
 
     if (newVersions.isEmpty()) {
       newVersions.add(versionRange);

cli/src/main/java/com/devonfw/tools/ide/version/VersionIdentifier.java

@@ -16,7 +16,7 @@
 public final class VersionIdentifier implements VersionObject<VersionIdentifier>, GenericVersionRange {
 
   /** {@link VersionIdentifier} "*" that will resolve to the latest stable version. */
-  public static final VersionIdentifier LATEST = VersionIdentifier.of("*");
+  public static final VersionIdentifier LATEST = new VersionIdentifier(VersionSegment.of("*"));
 
   /** {@link VersionIdentifier} "*!" that will resolve to the latest snapshot. */
   public static final VersionIdentifier LATEST_UNSTABLE = VersionIdentifier.of("*!");
@@ -324,7 +324,7 @@ public static VersionIdentifier of(String version) {
 
     if (version == null) {
       return null;
-    } else if (version.equals("latest")) {
+    } else if (version.equals("latest") || version.equals("*")) {
       return VersionIdentifier.LATEST;
     }
     VersionSegment startSegment = VersionSegment.of(version);

cli/src/main/java/com/devonfw/tools/ide/version/VersionRange.java

@@ -193,6 +193,16 @@ public String toString() {
    */
   public static VersionRange of(String value) {
 
+    return of(value, false);
+  }
+
+  /**
+   * @param value the {@link #toString() string representation} of a {@link VersionRange} to parse.
+   * @param tolerance {@code true} to enable tolerant parsing so we can read garbage (e.g. form JSON) without failing.
+   * @return the parsed {@link VersionRange}.
+   */
+  public static VersionRange of(String value, boolean tolerance) {
+
     Boolean isleftExclusive = null;
     Boolean isRightExclusive = null;
     if (value.startsWith(BoundaryType.START_EXCLUDING_PREFIX)) {
@@ -219,18 +229,25 @@ public static VersionRange of(String value) {
       String minString = value.substring(0, index);
       if (!minString.isBlank()) {
         min = VersionIdentifier.of(minString);
+        if (min == VersionIdentifier.LATEST) {
+          min = null;
+        }
       }
       String maxString = value.substring(index + 1);
       if (!maxString.isBlank()) {
         max = VersionIdentifier.of(maxString);
+        if (max == VersionIdentifier.LATEST) {
+          max = null;
+        }
       }
     }
-    if (isleftExclusive == null) {
+    if ((isleftExclusive == null) || (tolerance && (min == null))) {
       isleftExclusive = min == null;
     }
-    if (isRightExclusive == null) {
+    if ((isRightExclusive == null) || (tolerance && (max == null))) {
       isRightExclusive = max == null;
     }
+
     if ((min == null) && (max == null) && isleftExclusive && isRightExclusive) {
       return UNBOUNDED;
     }

cli/src/test/java/com/devonfw/tools/ide/version/VersionRangeTest.java

@@ -172,6 +172,16 @@ public void testIllegalSyntax() {
     checkIllegalRange("(1.1,1.0)");
   }
 
+  /** Test of {@link VersionRange#of(String, boolean)} with tolerance. */
+  @Test
+  public void testTolerance() {
+
+    assertThat(VersionRange.of("[*,*]", true)).isEqualTo(VersionRange.UNBOUNDED);
+    assertThat(VersionRange.of("[,)", true)).isEqualTo(VersionRange.UNBOUNDED);
+    assertThat(VersionRange.of("(,]", true)).isEqualTo(VersionRange.UNBOUNDED);
+    assertThat(VersionRange.of("[,]", true)).isEqualTo(VersionRange.UNBOUNDED);
+  }
+
   private void checkIllegalRange(String range) {
 
     try {