Trestle author -tv flag doesn't enforce the version format (e.g. 0.0.1) correctly

oscal-compass / compliance-trestle

An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.

https://oscal-compass.github.io/compliance-trestle

Apache License 2.0

152 stars 56 forks source link

Trestle author -tv flag doesn't enforce the version format (e.g. 0.0.1) correctly #1586

Closed Ma1h01 closed 2 weeks ago

Ma1h01 commented 3 weeks ago

Describe the bug

Invalid version formats (e.g. 1a2b3) are not captured when using the trestle author header -tv command. This behavior is due to the . character is not escaped properly in is_valid_version() under template_versioning.py.

A fix might look like this:

To Reproduce

Steps to reproduce the behavior: trestle author headers setup -tn my_task -tv 1a2b3

Expected behavior

The program should throw an error, and the task folder should not be created.

Screenshots / Logs.

After executing the above command:

Environment

OS: [e.g. iOS]
Python version:
Installed packages:

AleJo2995 commented 2 weeks ago

@Ma1h01 you're right, this is a bug, I have confirmed, go ahead and work on it.

Could you please also take a look at this Sonar lint code suggestion and see if it makes any sense? It seems to be a readability and ease of use suggestion. Reference here https://www.quora.com/Is-there-any-difference-between-the-regular-expressions-0-9-and-d

I happen to have sonnar-lint extension installed on Code which is highlighting already that suggestion.

Thanks 👍

Ma1h01 commented 2 weeks ago

@AleJo2995 Both character classes specify digits from 0-9. However, \d also allows digits from different language systems (e.g. Arabic) whereas [0-9] only allows Latin digits. I'd suggest we stick with [0-9] as Latin digits are more universal.