chore: support skipping known unsupported comparisons in generators

ackama · May 2, 2024 · 1b192c3 · 1b192c3
1 parent f1c4fc9
commit 1b192c3
Show file tree

Hide file tree

Showing 5 changed files with 191 additions and 8 deletions.
diff --git a/scripts/generators/GenerateMavenVersions.java b/scripts/generators/GenerateMavenVersions.java
@@ -32,6 +32,46 @@
  * </code>
  */
 public class GenerateMavenVersions {
+  /**
+   * An array of version comparisons that are known to be unsupported and so
+   * should be commented out in the generated fixture.
+   * <p>
+   * Generally this is because the native implementation has a suspected bug
+   * that causes the comparison to return incorrect results, and so supporting
+   * such comparisons in the detector would in fact be wrong.
+   */
+  private static final String[] UNSUPPORTED_COMPARISONS = {
+    "0.0.0-2021-07-06T00-28-13-573087f7 < 0.0.0-2021-07-06T01-14-42-efe42242",
+    "0.0.0-2021-12-06T00-08-57-89a33731 < 0.0.0-2021-12-06T01-21-56-e3888760",
+    "0.0.0-2022-02-01T00-45-53-0300684a < 0.0.0-2022-02-01T05-45-16-7258ece0",
+    "0.0.0-2022-02-28T00-18-39-7fe0d845 < 0.0.0-2022-02-28T04-15-47-83c97ebe",
+    "0.0.0-2022-04-29T00-08-11-7086a3ec < 0.0.0-2022-04-29T01-20-09-b424f986",
+    "0.0.0-2022-06-14T00-21-33-f21869a7 < 0.0.0-2022-06-14T02-56-29-1db980e0",
+    "0.0.0-2022-08-16T00-14-19-aeae3dc3 < 0.0.0-2022-08-16T10-34-26-7a56f709",
+    "0.0.0-2022-08-22T00-46-32-4652d3db < 0.0.0-2022-08-22T06-46-40-e7409ac5",
+    "0.0.0-2022-10-31T00-42-12-322ba6b9 < 0.0.0-2022-10-31T01-23-06-c6652489",
+    "0.0.0-2022-10-31T07-00-43-71eccd49 < 0.0.0-2022-10-31T07-05-43-97874976",
+    "0.0.0-2022-12-01T00-02-29-fe8d6705 < 0.0.0-2022-12-01T01-56-22-5b442198",
+    "0.0.0-2022-12-18T00-44-34-a222f475 < 0.0.0-2022-12-18T01-45-19-fec81751",
+    "0.0.0-2023-03-20T00-52-15-4b4c0e7 < 0.0.0-2023-03-20T01-49-44-80e3135"
+  };
+
+  public static boolean isUnsupportedComparison(String line) {
+    return Arrays.stream(UNSUPPORTED_COMPARISONS).anyMatch(line::equals);
+  }
+
+  public static String uncomment(String line) {
+    if(line.startsWith("#")) {
+      return line.substring(1);
+    }
+
+    if(line.startsWith("//")) {
+      return line.substring(2);
+    }
+
+    return line;
+  }
+
   public static String downloadMavenDb() throws IOException {
     URL website = new URL("https://osv-vulnerabilities.storage.googleapis.com/Maven/all.zip");
     String file = "./maven-db.zip";
@@ -140,6 +180,12 @@ public static boolean compareVersions(List<String> lines, String select) {
       line = line.trim();
 
       if(line.isEmpty() || line.startsWith("#") || line.startsWith("//")) {
+        String maybeUnsupported = uncomment(line).trim();
+
+        if(isUnsupportedComparison(maybeUnsupported)) {
+          System.out.printf("\033[96mS\033[0m: \033[93m%s\033[0m\n", maybeUnsupported);
+        }
+
         continue;
       }
 
@@ -192,7 +238,13 @@ public static List<String> generateVersionCompares(List<String> versions) {
       String previousVersion = versions.get(i - 1);
       String op = compareVers(currentVersion, "=", previousVersion) ? "=" : "<";
 
-      return String.format("%s %s %s", previousVersion, op, currentVersion);
+      String comparison = String.format("%s %s %s", previousVersion, op, currentVersion);
+
+      if(isUnsupportedComparison(comparison)) {
+        comparison = "# " + comparison;
+      }
+
+      return comparison;
     }).collect(Collectors.toList());
   }
 

diff --git a/scripts/generators/generate-debian-versions.py b/scripts/generators/generate-debian-versions.py
@@ -8,7 +8,6 @@
 import zipfile
 from pathlib import Path
 
-
 # this requires being run on an OS that has a version of "dpkg" which supports the
 # "--compare-versions" option; also make sure to consider the version of dpkg being
 # used in case there are changes to the comparing logic (last run with 1.19.7).
@@ -18,6 +17,27 @@
 # the results of said subprocess calls; a typical no-cache run takes about 5+
 # minutes whereas with the cache it only takes seconds.
 
+# An array of version comparisons that are known to be unsupported and so
+# should be commented out in the generated fixture.
+#
+# Generally this is because the native implementation has a suspected bug
+# that causes the comparison to return incorrect results, and so supporting
+# such comparisons in the detector would in fact be wrong.
+UNSUPPORTED_COMPARISONS = []
+
+
+def is_unsupported_comparison(line):
+  return line in UNSUPPORTED_COMPARISONS
+
+
+def uncomment(line):
+  if line.startswith("#"):
+    return line[1:]
+  if line.startswith("//"):
+    return line[2:]
+  return line
+
+
 def download_debian_db():
   urllib.request.urlretrieve("https://osv-vulnerabilities.storage.googleapis.com/Debian/all.zip", "debian-db.zip")
 
@@ -128,6 +148,10 @@ def compare_versions(lines, select="all"):
     line = line.strip()
 
     if line == "" or line.startswith('#') or line.startswith('//'):
+      maybe_unsupported = uncomment(line).strip()
+
+      if is_unsupported_comparison(maybe_unsupported):
+        print(f"\033[96mS\033[0m: \033[93m{maybe_unsupported}\033[0m")
       continue
 
     v1, op, v2 = line.strip().split(" ")
@@ -160,7 +184,12 @@ def generate_version_compares(versions):
   for i, version in enumerate(versions):
     if i == 0:
       continue
-    comparisons.append(f"{versions[i - 1]} < {version}\n")
+
+    comparison = f"{versions[i - 1]} < {version}\n"
+
+    if is_unsupported_comparison(comparison.strip()):
+      comparison = "# " + comparison
+    comparisons.append(comparison)
   return comparisons
 
 

diff --git a/scripts/generators/generate-packagist-versions.php b/scripts/generators/generate-packagist-versions.php
@@ -1,5 +1,35 @@
 <?php
 
+//
+
+// An array of version comparisons that are known to be unsupported and so
+// should be commented out in the generated fixture.
+//
+// Generally this is because the native implementation has a suspected bug
+// that causes the comparison to return incorrect results, and so supporting
+// such comparisons in the detector would in fact be wrong.
+$UNSUPPORTED_COMPARISONS = [];
+
+function isUnsupportedComparison(string $line): bool
+{
+  global $UNSUPPORTED_COMPARISONS;
+
+  return in_array($line, $UNSUPPORTED_COMPARISONS, true);
+}
+
+function uncomment(string $line): string
+{
+  if (str_starts_with($line, '#')) {
+    return substr($line, 1);
+  }
+
+  if (str_starts_with($line, '//')) {
+    return substr($line, 2);
+  }
+
+  return $line;
+}
+
 function downloadPackagistDb(): string
 {
   $url = 'https://osv-vulnerabilities.storage.googleapis.com/Packagist/all.zip';
@@ -115,7 +145,13 @@ function generateVersionCompares(array $versions): array
     $prevVersion = normalizePrevVersion($version, $versions[$index - 1]);
     $op          = version_compare($prevVersion, $version) === 0 ? "=" : "<";
 
-    $comparisons[] = "$prevVersion $op $version";
+    $comparison = "$prevVersion $op $version";
+
+    if (isUnsupportedComparison($comparison)) {
+      $comparison = "# $comparison";
+    }
+
+    $comparisons[] = $comparison;
   }
 
   return $comparisons;
@@ -140,6 +176,12 @@ function compareVersions(array $lines, string $select = "all"): bool
     $line = trim($line);
 
     if (empty($line) || str_starts_with($line, "#") || str_starts_with($line, "//")) {
+      $maybeUnsupported = trim(uncomment($line));
+
+      if (isUnsupportedComparison($maybeUnsupported)) {
+        echo "\033[96mS\033[0m: \033[93m$maybeUnsupported\033[0m\n";
+      }
+
       continue;
     }
 

diff --git a/scripts/generators/generate-pypi-versions.py b/scripts/generators/generate-pypi-versions.py
@@ -7,10 +7,30 @@
 import urllib.request
 import zipfile
 
-
 # this requires you run "pip install packaging" - have to be careful about versions too
 # because of the "legacy version" stuff
 
+# An array of version comparisons that are known to be unsupported and so
+# should be commented out in the generated fixture.
+#
+# Generally this is because the native implementation has a suspected bug
+# that causes the comparison to return incorrect results, and so supporting
+# such comparisons in the detector would in fact be wrong.
+UNSUPPORTED_COMPARISONS = []
+
+
+def is_unsupported_comparison(line):
+  return line in UNSUPPORTED_COMPARISONS
+
+
+def uncomment(line):
+  if line.startswith("#"):
+    return line[1:]
+  if line.startswith("//"):
+    return line[2:]
+  return line
+
+
 def download_pypi_db():
   urllib.request.urlretrieve("https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip", "pypi-db.zip")
 
@@ -50,6 +70,10 @@ def compare_versions(lines, select="all"):
     line = line.strip()
 
     if line == "" or line.startswith('#') or line.startswith('//'):
+      maybe_unsupported = uncomment(line).strip()
+
+      if is_unsupported_comparison(maybe_unsupported):
+        print(f"\033[96mS\033[0m: \033[93m{maybe_unsupported}\033[0m")
       continue
 
     v1, op, v2 = line.strip().split(" ")
@@ -82,7 +106,12 @@ def generate_version_compares(versions):
   for i, version in enumerate(versions):
     if i == 0:
       continue
-    comparisons.append(f"{versions[i - 1]} < {version}\n")
+
+    comparison = f"{versions[i - 1]} < {version}\n"
+
+    if is_unsupported_comparison(comparison.strip()):
+      comparison = "# " + comparison
+    comparisons.append(comparison)
   return comparisons
 
 

diff --git a/scripts/generators/generate-rubygems-versions.rb b/scripts/generators/generate-rubygems-versions.rb
@@ -5,6 +5,28 @@
 require "json"
 require "zip"
 
+# An array of version comparisons that are known to be unsupported and so
+# should be commented out in the generated fixture.
+#
+# Generally this is because the native implementation has a suspected bug
+# that causes the comparison to return incorrect results, and so supporting
+# such comparisons in the detector would in fact be wrong.
+#
+# @type [Array<String>]
+UNSUPPORTED_COMPARISONS = []
+
+# @param [String] line
+# @return [Boolean]
+def is_unsupported_comparison?(line)
+  UNSUPPORTED_COMPARISONS.include? line
+end
+
+# @param [String] line
+# @return [String]
+def uncomment(line)
+  line.sub(/^#|\/\//, "")
+end
+
 def download_rubygems_db
   URI.open("https://osv-vulnerabilities.storage.googleapis.com/RubyGems/all.zip") do |zip|
     File.open("rubygems-db.zip", "wb") { |f| f.write(zip.read) }
@@ -42,7 +64,13 @@ def compare_versions(lines, select = :all)
   lines.each do |line|
     line = line.strip
 
-    next if line.empty? || line.start_with?("#") || line.start_with?("//")
+    if line.empty? || line.start_with?("#") || line.start_with?("//")
+      maybe_unsupported = uncomment(line).strip
+
+      puts "\033[96mS\033[0m: \033[93m#{maybe_unsupported}\033[0m" if is_unsupported_comparison?(maybe_unsupported)
+
+      next
+    end
 
     parts = line.split(" ")
     v1 = parts[0]
@@ -77,7 +105,10 @@ def generate_version_compares(versions)
     op = "<"
     op = "=" if versions[i - 1] == version
 
-    comparisons << "#{versions[i - 1]} #{op} #{version}"
+    comparison = "#{versions[i - 1]} #{op} #{version}"
+    comparison = "# #{comparison}" if is_unsupported_comparison?(comparison)
+
+    comparisons << comparison
   end
 
   comparisons