search

toeb / cmakepp

An Enhancement Suite for the CMake Build System
Other
436 stars 37 forks source link

SemVer regex used to parse SemVer strings is broken. #133

Open jwdonahue opened 4 years ago

jwdonahue commented 4 years ago

In semver_parse.cmake, you have:

 set(semver_identifier_regex "[0-9A-Za-z-]+")
 set(semver_major_regex "[0-9]+")
 set(semver_minor_regex "[0-9]+")
 set(semver_patch_regex "[0-9]+")
 set(semver_identifiers_regex "${semver_identifier_regex}(\\.${semver_identifier_regex})*") 
 set(semver_prerelease_regex "${semver_identifiers_regex}")
 set(semver_metadata_regex "${semver_identifiers_regex}")
 set(semver_version_regex "(${semver_major_regex})\\.(${semver_minor_regex})\\.(${semver_patch_regex})")
 set(semver_regex "(${semver_version_regex})(-${semver_prerelease_regex})?(\\+${semver_metadata_regex})?")

I am not familiar with the cmake language, but I don't see where any of this excludes leading zeroes in numeric fields. As per the SemVer 2.0 spec, numeric fields may appear in the version triple (either major, minor or patch) and in prerelease fields (fields are dot delimited), and they may not have leading zeros. The following version strings are not SemVer compliant:

Please see the suggested regex's provided near the end of the FAQ and the discussion threads that eventually lead to their adoption, particularly the minimal set of oracles used to test them.

For major, minor and patch, you should have (0|[1-9]\d*), and prerelease is something like (?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*. The reason for the more complex prerelease part is due to the fact that a prerelease tag consists of either numeric or alphanumeric fields, delimited by periods.

Based on what you have in that file, I think you would also reject a valid SemVer strings of the form 1.0.0+meta and 1.0.0-prr+meta.1.

toeb commented 4 years ago

Hey, Thanks for the report.

I am sorry to say that I do not have the time to create a fix currently.
if you want to create a pull request i will approve it though.

To the problem:

you are looking in the wrong file (i did not delete a previous implementation but as you can see in line 15 there is a return statement and I just didnt delete the old code (shame on me)

the actual implementation is in https://github.com/toeb/cmakepp/blob/master/cmake/semver/semver_parse_lazy.cmake an you are right: my regex to get major,minor,patch parts of the semver is [0-9]+ instead of 0|[1-9][0-9]*