Ruby special semver matching (#95)

Signed-off-by: Benji Visser <[email protected]>

test/integration/db_mock_test.go

@@ -144,11 +144,19 @@ func cycles(name string) []xeolDB.Cycle {
 				Eol:          "2019-11-26",
 			},
 		},
+		"ruby": {
+			{
+				ProductName:  "Ruby",
+				ReleaseCycle: "2.7",
+				Eol:          "2023-03-31",
+			},
+		},
 	}
 	return cycleDict[name]
 }
 
 func (d *mockStore) stub() {
+	d.backend["pkg:generic/ruby"] = cycles("ruby")
 	d.backend["cpe:/o:fedoraproject:fedora"] = cycles("fedora")
 	d.backend["pkg:generic/redis"] = cycles("redis")
 	d.backend["pkg:generic/node"] = cycles("node")

test/integration/match_by_image_test.go

@@ -39,6 +39,24 @@ func addMongo32Matches(t *testing.T, theResult *match.Matches) {
 	})
 }
 
+func addRuby27Matches(t *testing.T, theResult *match.Matches) {
+	theResult.Add(match.Match{
+		Package: pkg.Package{
+			Name:     "ruby",
+			ID:       "2ba17cf1680ce4f2",
+			Version:  "2.7.8p225",
+			Type:     syftPkg.BinaryPkg,
+			Language: "",
+			PURL:     "pkg:generic/[email protected]",
+		},
+		Cycle: eol.Cycle{
+			ProductName:  "Ruby",
+			ReleaseCycle: "2.7",
+			Eol:          "2023-03-31",
+		},
+	})
+}
+
 func addPython34Matches(t *testing.T, theResult *match.Matches) {
 	theResult.Add(match.Match{
 		Package: pkg.Package{
@@ -258,6 +276,14 @@ func TestMatchByImage(t *testing.T) {
 				return expectedMatches
 			},
 		},
+		{
+			fixtureImage: "image-ruby-2.7",
+			expectedFn: func() match.Matches {
+				expectedMatches := match.NewMatches()
+				addRuby27Matches(t, &expectedMatches)
+				return expectedMatches
+			},
+		},
 		{
 			fixtureImage: "image-python-3.4",
 			expectedFn: func() match.Matches {

test/integration/test-fixtures/image-ruby-2.7/Dockerfile

@@ -0,0 +1 @@
+FROM docker.io/ruby:2.7.8@sha256:9fcde368ee5ae444a3d3345fe4549d937ea68c52bb55c681ceb340f548a7b24e

xeol/search/purl.go

@@ -1,6 +1,7 @@
 package search
 
 import (
+	"regexp"
 	"strings"
 	"time"
 
@@ -68,17 +69,25 @@ func ByDistroCpe(store eol.Provider, distro *linux.Release, eolMatchDate time.Ti
 	return match.Match{}, nil
 }
 
+// normalizeSemver returns the major.minor.patch portion of a semver string.
+// it turns versions like 2.7.8p225 into 2.7.8
+func normalizeSemver(version string) string {
+	re := regexp.MustCompile(`^(\d+\.\d+\.\d+).*`)
+	return re.ReplaceAllString(version, "$1")
+}
+
 // returnMatchingCycle returns the first cycle that matches the version string.
 // If no cycle matches, an empty cycle is returned.
 func returnMatchingCycle(version string, cycles []eol.Cycle) (eol.Cycle, error) {
-	v, err := semver.NewVersion(version)
+	normalizedVersion := normalizeSemver(version)
+	v, err := semver.NewVersion(normalizedVersion)
 	if err != nil {
 		return eol.Cycle{}, err
 	}
 
 	for _, c := range cycles {
 		// direct match, if it exists
-		if version == c.ReleaseCycle {
+		if normalizedVersion == c.ReleaseCycle {
 			return c, nil
 		}
 

xeol/search/purl_test.go

@@ -9,6 +9,43 @@ import (
 	"github.com/xeol-io/xeol/xeol/eol"
 )
 
+func TestNormalizeSemver(t *testing.T) {
+	testCases := []struct {
+		version  string
+		expected string
+	}{
+		{
+			version:  "1.2.3",
+			expected: "1.2.3",
+		},
+		{
+			version:  "1.2.3-rc1",
+			expected: "1.2.3",
+		},
+		{
+			version:  "1.2.3-rc1+build1",
+			expected: "1.2.3",
+		},
+		{
+			version:  "1.2.3p288",
+			expected: "1.2.3",
+		},
+		{
+			version:  "1.2.3p288+1.3",
+			expected: "1.2.3",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.version, func(t *testing.T) {
+			actual := normalizeSemver(tc.version)
+			if actual != tc.expected {
+				t.Errorf("Expected %s, got %s", tc.expected, actual)
+			}
+		})
+	}
+}
+
 func TestReturnMatchingCycle(t *testing.T) {
 	testCases := []struct {
 		name     string