Merge branch 'add-validation-to-maven-version' into 'master'

Add validation to maven package version

See merge request gitlab-org/gitlab!32925

doc/user/packages/maven_repository/index.md

@@ -821,6 +821,16 @@ user's home location (in this case the user is `root` since it runs in a
 Docker container), and Maven will use the configured CI
 [environment variables](../../../ci/variables/README.md#predefined-environment-variables).
 
+### Version validation
+
+The version string is validated using the following regex.
+
+```ruby
+\A(\.?[\w\+-]+\.?)+\z
+```
+
+You can play around with the regex and try your version strings on [this regular expression editor](https://rubular.com/r/rrLQqUXjfKEoL6).
+
 ## Troubleshooting
 
 ### Useful Maven command line options

ee/app/models/packages/package.rb

@@ -36,6 +36,7 @@ class Packages::Package < ApplicationRecord
   validates :version, format: { with: Gitlab::Regex.semver_regex }, if: -> { npm? || nuget? }
   validates :name, format: { with: Gitlab::Regex.conan_recipe_component_regex }, if: :conan?
   validates :version, format: { with: Gitlab::Regex.conan_recipe_component_regex }, if: :conan?
+  validates :version, format: { with: Gitlab::Regex.maven_version_regex }, if: -> { version? && maven? }
 
   enum package_type: { maven: 1, npm: 2, conan: 3, nuget: 4, pypi: 5, composer: 6 }
 

ee/changelogs/unreleased/32925-add-validation-to-maven-package-version.yml

+---
+title: Add validation to maven package version
+merge_request: 32925
+author: Bola Ahmed Buari
+type: added

ee/spec/models/packages/package_spec.rb

@@ -141,6 +141,34 @@ RSpec.describe Packages::Package, type: :model do
         it { is_expected.not_to allow_value('%2e%2e%2f1.2.3').for(:version) }
       end
 
+      context 'maven package' do
+        subject { create(:maven_package) }
+
+        it { is_expected.to allow_value('0').for(:version) }
+        it { is_expected.to allow_value('1').for(:version) }
+        it { is_expected.to allow_value('10').for(:version) }
+        it { is_expected.to allow_value('1.0').for(:version) }
+        it { is_expected.to allow_value('1.3.350.v20200505-1744').for(:version) }
+        it { is_expected.to allow_value('1.1-beta-2').for(:version) }
+        it { is_expected.to allow_value('1.2-SNAPSHOT').for(:version) }
+        it { is_expected.to allow_value('12.1.2-2-1').for(:version) }
+        it { is_expected.to allow_value('1.2.3..beta').for(:version) }
+        it { is_expected.to allow_value('1.2.3-beta').for(:version) }
+        it { is_expected.to allow_value('10.2.3-beta').for(:version) }
+        it { is_expected.to allow_value('2.0.0.v200706041905-7C78EK9E_EkMNfNOd2d8qq').for(:version) }
+        it { is_expected.to allow_value('1.2-alpha-1-20050205.060708-1').for(:version) }
+        it { is_expected.to allow_value('703220b4e2cea9592caeb9f3013f6b1e5335c293').for(:version) }
+        it { is_expected.to allow_value('RELEASE').for(:version) }
+        it { is_expected.not_to allow_value('..1.2.3').for(:version) }
+        it { is_expected.not_to allow_value('  1.2.3').for(:version) }
+        it { is_expected.not_to allow_value("1.2.3  \r\t").for(:version) }
+        it { is_expected.not_to allow_value("\r\t 1.2.3").for(:version) }
+        it { is_expected.not_to allow_value('1.2.3-4/../../').for(:version) }
+        it { is_expected.not_to allow_value('1.2.3-4%2e%2e%').for(:version) }
+        it { is_expected.not_to allow_value('../../../../../1.2.3').for(:version) }
+        it { is_expected.not_to allow_value('%2e%2e%2f1.2.3').for(:version) }
+      end
+
       it_behaves_like 'validating version to be SemVer compliant for', :npm_package
       it_behaves_like 'validating version to be SemVer compliant for', :nuget_package
     end

lib/gitlab/regex.rb

@@ -43,6 +43,10 @@ module Gitlab
         @maven_app_name_regex ||= /\A[\w\-\.]+\z/.freeze
       end
 
+      def maven_version_regex
+        @maven_version_regex ||= /\A(\.?[\w\+-]+\.?)+\z/.freeze
+      end
+
       def maven_app_group_regex
         maven_app_name_regex
       end

spec/lib/gitlab/regex_spec.rb

@@ -262,6 +262,39 @@ describe Gitlab::Regex do
     it { is_expected.not_to match('!!()()') }
   end
 
+  describe '.maven_version_regex' do
+    subject { described_class.maven_version_regex }
+
+    it { is_expected.to match('0')}
+    it { is_expected.to match('1') }
+    it { is_expected.to match('03') }
+    it { is_expected.to match('2.0') }
+    it { is_expected.to match('01.2') }
+    it { is_expected.to match('10.2.3-beta')}
+    it { is_expected.to match('1.2-SNAPSHOT') }
+    it { is_expected.to match('20') }
+    it { is_expected.to match('20.3') }
+    it { is_expected.to match('1.2.1') }
+    it { is_expected.to match('1.4.2-12') }
+    it { is_expected.to match('1.2-beta-2') }
+    it { is_expected.to match('12.1.2-2-1') }
+    it { is_expected.to match('1.1-beta-2') }
+    it { is_expected.to match('1.3.350.v20200505-1744') }
+    it { is_expected.to match('2.0.0.v200706041905-7C78EK9E_EkMNfNOd2d8qq') }
+    it { is_expected.to match('1.2-alpha-1-20050205.060708-1') }
+    it { is_expected.to match('703220b4e2cea9592caeb9f3013f6b1e5335c293') }
+    it { is_expected.to match('RELEASE') }
+    it { is_expected.not_to match('..1.2.3') }
+    it { is_expected.not_to match('  1.2.3') }
+    it { is_expected.not_to match("1.2.3  \r\t") }
+    it { is_expected.not_to match("\r\t 1.2.3") }
+    it { is_expected.not_to match('1./2.3') }
+    it { is_expected.not_to match('1.2.3-4/../../') }
+    it { is_expected.not_to match('1.2.3-4%2e%2e%') }
+    it { is_expected.not_to match('../../../../../1.2.3') }
+    it { is_expected.not_to match('%2e%2e%2f1.2.3') }
+  end
+
   describe '.semver_regex' do
     subject { described_class.semver_regex }