Allow local package identifiers for PyPI packages (#21690) (#21727)

Backport (#21690) Fixes #21683 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
author: Wayne Starr <Racer159@users.noreply.github.com> 2022-11-08 19:10:06 -0600
committer: GitHub <noreply@github.com> 2022-11-09 09:10:06 +0800
commit: e054f80fe0e6c6cc2e6a1338abb0c9e260e4d8be (patch)
tree: 9ec80c2264e8a67b3685cc66dd6319ccf209494e
parent: 89d52922d0cec319430e67add29aa4f5a54b1d03 (diff)
download: gitea-e054f80fe0e6c6cc2e6a1338abb0c9e260e4d8be.tar.gz
gitea-e054f80fe0e6c6cc2e6a1338abb0c9e260e4d8be.zip
2 files changed, 11 insertions, 4 deletions
diff --git a/routers/api/packages/pypi/pypi.go b/routers/api/packages/pypi/pypi.go
index 3a046abe18..66380d832c 100644
--- a/routers/api/packages/pypi/pypi.go
+++ b/routers/api/packages/pypi/pypi.go
@@ -25,8 +25,15 @@ import (
 var normalizer = strings.NewReplacer(".", "-", "_", "-")
 var nameMatcher = regexp.MustCompile(`\A[a-zA-Z0-9\.\-_]+\z`)
 
-// https://www.python.org/dev/peps/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
-var versionMatcher = regexp.MustCompile(`^([1-9][0-9]*!)?(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))*((a|b|rc)(0|[1-9][0-9]*))?(\.post(0|[1-9][0-9]*))?(\.dev(0|[1-9][0-9]*))?$`)
+// https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions
+var versionMatcher = regexp.MustCompile(`\Av?` +
+	`(?:[0-9]+!)?` + // epoch
+	`[0-9]+(?:\.[0-9]+)*` + // release segment
+	`(?:[-_\.]?(?:a|b|c|rc|alpha|beta|pre|preview)[-_\.]?[0-9]*)?` + // pre-release
+	`(?:-[0-9]+|[-_\.]?(?:post|rev|r)[-_\.]?[0-9]*)?` + // post release
+	`(?:[-_\.]?dev[-_\.]?[0-9]*)?` + // dev release
+	`(?:\+[a-z0-9]+(?:[-_\.][a-z0-9]+)*)?` + // local version
+	`\z`)
 
 func apiError(ctx *context.Context, status int, obj interface{}) {
 	helper.LogAndProcessError(ctx, status, obj, func(message string) {
diff --git a/tests/integration/api_packages_pypi_test.go b/tests/integration/api_packages_pypi_test.go
index 32b3304ca7..0cd6ff7d13 100644
--- a/tests/integration/api_packages_pypi_test.go
+++ b/tests/integration/api_packages_pypi_test.go
@@ -29,7 +29,7 @@ func TestPackagePyPI(t *testing.T) {
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 	packageName := "test-package"
-	packageVersion := "1.0.1"
+	packageVersion := "1.0.1+r1234"
 	packageAuthor := "KN4CK3R"
 	packageDescription := "Test Description"
 
@@ -164,7 +164,7 @@ func TestPackagePyPI(t *testing.T) {
 		nodes := htmlDoc.doc.Find("a").Nodes
 		assert.Len(t, nodes, 2)
 
-		hrefMatcher := regexp.MustCompile(fmt.Sprintf(`%s/files/%s/%s/test\..+#sha256-%s`, root, packageName, packageVersion, hashSHA256))
+		hrefMatcher := regexp.MustCompile(fmt.Sprintf(`%s/files/%s/%s/test\..+#sha256-%s`, root, regexp.QuoteMeta(packageName), regexp.QuoteMeta(packageVersion), hashSHA256))
 
 		for _, a := range nodes {
 			for _, att := range a.Attr {
author	Wayne Starr <Racer159@users.noreply.github.com>	2022-11-08 19:10:06 -0600
committer	GitHub <noreply@github.com>	2022-11-09 09:10:06 +0800
commit	e054f80fe0e6c6cc2e6a1338abb0c9e260e4d8be (patch)
tree	9ec80c2264e8a67b3685cc66dd6319ccf209494e
parent	89d52922d0cec319430e67add29aa4f5a54b1d03 (diff)
download	gitea-e054f80fe0e6c6cc2e6a1338abb0c9e260e4d8be.tar.gz gitea-e054f80fe0e6c6cc2e6a1338abb0c9e260e4d8be.zip