Merge branch '541-do-not-allow-to-upload-extensions-with-invalid-versions' into 'develop'

[BUGFIX] Make valid version check more restrictive Closes #541 See merge request !691

Merge branch '541-do-not-allow-to-upload-extensions-with-invalid-versions' into 'develop'
[BUGFIX] Make valid version check more restrictive Closes #541 See merge request !691
dfa36ce7 · Thomas Löffler · b1f67bd6 · fb188583 · dfa36ce7 · dfa36ce7
Commit dfa36ce7 authored Dec 03, 2021 by Thomas Löffler
--- a/extensions/ter/Classes/Api/ExtensionVersion.php
+++ b/extensions/ter/Classes/Api/ExtensionVersion.php
@@ -20,6 +20,7 @@ use T3o\Ter\Exception\NotFoundException;
 use T3o\Ter\Exception\NoUploadCommentException;
 use T3o\Ter\Exception\UnauthorizedException;
 use T3o\TerFe2\Service\LTSVersionService;
+use T3o\TerFe2\Service\ValidExtensionVersionService;
 use T3o\TerFe2\Utility\ArchiveUtility;
 use T3o\TerFe2\Utility\CategoryUtility;
 use T3o\TerFe2\Utility\VersionUtility;
@@ -99,7 +100,7 @@ class ExtensionVersion
     */
    public function isValidVersionNumber(): bool
    {
-        return preg_match('/^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$/', $this->version) !== false;
+        return ValidExtensionVersionService::isVersionStringValid($this->version);
        // alternative (preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $version) !== false) {
    }


--- a/extensions/ter_fe2/Classes/Service/ExtensionIndexService.php
+++ b/extensions/ter_fe2/Classes/Service/ExtensionIndexService.php
@@ -123,6 +123,16 @@ class ExtensionIndexService implements LoggerAwareInterface

        // Create the nested XML structure:
        foreach ($extensionsAndVersionsArr as $extensionKey => $extensionVersionsArr) {
+            $extensionHasMinimumOneValidVersion = false;
+            foreach ($extensionVersionsArr['versions'] as $versionNumber => $extensionVersionArr) {
+                if (ValidExtensionVersionService::isVersionStringValid($versionNumber)) {
+                    $extensionHasMinimumOneValidVersion = true;
+                    break;
+                }
+            }
+            if (!$extensionHasMinimumOneValidVersion) {
+                continue;
+            }
            $extensionObj = $extensionsObj->appendChild(new \DOMElement('extension'));
            $extensionObj->appendChild(new \DOMAttr('extensionkey', $extensionKey));
            $extensionObj->appendChild(
@@ -133,6 +143,9 @@ class ExtensionIndexService implements LoggerAwareInterface
            );

            foreach ($extensionVersionsArr['versions'] as $versionNumber => $extensionVersionArr) {
+                if (!ValidExtensionVersionService::isVersionStringValid($versionNumber)) {
+                    continue;
+                }
                $versionObj = $extensionObj->appendChild(new \DOMElement('version'));
                $versionObj->appendChild(new \DOMAttr('version', (string)$versionNumber));
                $versionObj->appendChild(new \DOMElement('title', $this->xmlentities((string)$extensionVersionArr['title'])));

--- a/extensions/ter_fe2/Classes/Service/ValidExtensionVersionService.php
+++ b/extensions/ter_fe2/Classes/Service/ValidExtensionVersionService.php
+<?php
+declare(strict_types = 1);
+namespace T3o\TerFe2\Service;
+
+final class ValidExtensionVersionService
+{
+    public const VERSION_REGEX = '/^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$/';
+
+    public static function isVersionStringValid(string $versionString): bool
+    {
+        return (bool)preg_match(self::VERSION_REGEX, $versionString);
+    }
+}
--- a/extensions/ter_fe2/Tests/Unit/Service/ValidExtensionVersionServiceTest.php
+++ b/extensions/ter_fe2/Tests/Unit/Service/ValidExtensionVersionServiceTest.php
+<?php
+declare(strict_types = 1);
+namespace T3o\TerFe2\Tests\Service;
+
+/*
+ * This file is part of a TYPO3 extension.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use T3o\TerFe2\Service\ValidExtensionVersionService;
+
+class ValidExtensionVersionServiceTest extends \Nimut\TestingFramework\TestCase\AbstractTestCase
+{
+    /**
+     * @test
+     * @param string $versionNumber
+     * @dataProvider isVersionStringOfExtensionVersionValidDataProvider
+     */
+    public function isVersionStringOfExtensionVersionValid(string $versionNumber)
+    {
+        self::assertTrue(
+            ValidExtensionVersionService::isVersionStringValid($versionNumber)
+        );
+    }
+
+    /**
+     * @test
+     * @param string $versionNumber
+     * @dataProvider isVersionStringOfExtensionVersionInvalidDataProvider
+     */
+    public function isVersionStringOfExtensionVersionInvalid(string $versionNumber)
+    {
+        self::assertFalse(
+            ValidExtensionVersionService::isVersionStringValid($versionNumber)
+        );
+    }
+
+    /**
+     * Data provider for isVersionStringOfExtensionVersionValid
+     *
+     * @return array
+     */
+    public function isVersionStringOfExtensionVersionValidDataProvider()
+    {
+        return [
+            ['Version 1.0.0 is valid' => '1.0.0'],
+            ['Version 1.99.0 is valid' => '1.99.0'],
+            ['Version 1.999.999 is valid' => '1.999.999'],
+            ['Version 0.999.999 is valid' => '0.999.999'],
+            ['Version 0.0.0 is valid' => '0.0.0'],
+        ];
+    }
+
+    /**
+     * Data provider for isVersionStringOfExtensionVersionInvalid
+     *
+     * @return array
+     */
+    public function isVersionStringOfExtensionVersionInvalidDataProvider()
+    {
+        return [
+            ['Version 1.0.00 is invalid' => '1.0.00'],
+            ['Version 01.0.0 is invalid' => '01.0.0'],
+            ['Version 1.0.0-beta is invalid' => '1.0.0-beta'],
+            ['Version 1.0.0 - dev is invalid' => '1.0.0 - dev'],
+            ['Version v1.0.0 is invalid' => 'v1.0.0'],
+            ['Version 1.0.9999 is invalid' => '1.0.9999'],
+            ['Version 1.0 is invalid' => '1.0'],
+            ['Version 1..0 is invalid' => '1..0'],
+            ['Version .1.0. is invalid' => '.1.0.'],
+            ['Version 1.0.0 Free is invalid' => '1.0.0 Free'],
+            ['Version 0.02.3 is invalid' => '0.02.3'],
+            ['Version 1.a.3 is invalid' => '1.a.3'],
+            ['Version 1-0-0 is invalid' => '1-0-0'],
+            ['Version 100 is invalid' => '100'],
+        ];
+    }
+}
--- a/extensions/ter_rest/Resources/Private/Schema/v1.json
+++ b/extensions/ter_rest/Resources/Private/Schema/v1.json
@@ -1659,7 +1659,7 @@
            "schema": {
              "maxLength": 14,
              "minLength": 5,
-              "pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
+              "pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
              "type": "string"
            },
            "example": "10.4.8"
@@ -1802,7 +1802,7 @@
            "schema": {
              "maxLength": 14,
              "minLength": 5,
-              "pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
+              "pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
              "type": "string"
            },
            "example": "10.4.8"
@@ -1980,7 +1980,7 @@
            "schema": {
              "maxLength": 14,
              "minLength": 5,
-              "pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
+              "pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
              "type": "string"
            },
            "example": "10.4.8"
@@ -2118,7 +2118,7 @@
            "schema": {
              "maxLength": 14,
              "minLength": 5,
-              "pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
+              "pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
              "type": "string"
            },
            "example": "10.4.8"
@@ -3098,7 +3098,7 @@
        "schema": {
          "maxLength": 14,
          "minLength": 5,
-          "pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
+          "pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
          "type": "string"
        },
        "example": "10.4.8"

--- a/extensions/ter_rest/Resources/Private/Schema/v1.yaml
+++ b/extensions/ter_rest/Resources/Private/Schema/v1.yaml
@@ -1072,7 +1072,7 @@ paths:
        schema:
          maxLength: 14
          minLength: 5
-          pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
+          pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
          type: string
        example: 10.4.8
      responses:
@@ -1163,7 +1163,7 @@ paths:
        schema:
          maxLength: 14
          minLength: 5
-          pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
+          pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
          type: string
        example: 10.4.8
      requestBody:
@@ -1276,7 +1276,7 @@ paths:
        schema:
          maxLength: 14
          minLength: 5
-          pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
+          pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
          type: string
        example: 10.4.8
      responses:
@@ -1364,7 +1364,7 @@ paths:
        schema:
          maxLength: 14
          minLength: 5
-          pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
+          pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
          type: string
        example: 10.4.8
      - name: review_state
@@ -2026,7 +2026,7 @@ components:
      schema:
        maxLength: 14
        minLength: 5
-        pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
+        pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
        type: string
      example: 10.4.8
    ReviewState: