Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changed purl-policy validation to use 'matches()' instead of 'contains(), so RegExes can be used #2334

Merged
merged 3 commits into from
Jan 28, 2023
Merged

Changed purl-policy validation to use 'matches()' instead of 'contains(), so RegExes can be used #2334

merged 3 commits into from
Jan 28, 2023

Conversation

malice00
Copy link
Contributor

@malice00 malice00 commented Dec 28, 2022
edited
Loading

Description

Changed purl-policy validation to use 'matches()' instead of 'contains(), so RegExes can be used

Addressed Issue

Fixes #2144

Additional Details

In order to not need any changes in the database, all values will get turned into RegExes if needed --> previous behavior was 'String contains', so the values will get '.*' both pre- and appended, unless the new value is a RegEx that already has this (although this wouldn't really make a difference) or if they use anchors ('^' for start-of-line and '$' for end-of-line).

Branch includes the changes from #2333, so it should be merged first!

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@malice00 malice00 changed the title Changed purl policy-validation to use 'matches()' instead of 'contains(), so RegExes can be used Changed purl-policy validation to use 'matches()' instead of 'contains(), so RegExes can be used Dec 28, 2022
@nscuro
Copy link
Member

nscuro commented Jan 27, 2023

Thanks for the PR @malice00! 🙌

If we change the behavior of MATCHES / NO_MATCH, it should be consistent across conditions. CpePolicyEvaluator and SwidTagIdPolicyEvaluator also use it, for example.

Perhaps it would make sense to encapsulate the logic of assembling the regex pattern in a utility method, so it can be used by all conditions that support MATCHES and NO_MATCH?

@malice00
Copy link
Contributor Author

Rebased to the current master and added a utility-class for matching policyconditions that support the (NO_)MATCH operator. Updated all those policycondition checks to use the new class.

@sonatype-lift

This comment was marked as outdated.

Sign in to view
@malice00
Corrected @SInCE
e6b476c 
Signed-off-by: Roland Asmann <[email protected]>
@malice00
Copy link
Contributor Author

Forgot to update the @since-field in the new class... I hope the new version will be 4.8.0, otherwise it's still wrong! ;-)

nscuro
nscuro approved these changes Jan 28, 2023
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks @malice00! 🚀

@nscuro nscuro merged commit 0ce7709 into DependencyTrack:master Jan 28, 2023
@malice00 malice00 deleted the fix/2144 branch January 28, 2023 16:02
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

@nscuro nscuro nscuro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Regex on Policy PURL
2 participants
@malice00 @nscuro