Skip to content

Commit edadb02

Browse files
eli-darklyeli-darkly
authored
disallow non-strings in semver comparisons (#98)
1 parent d85c61d commit edadb02

File tree

2 files changed

+24
-9
lines changed

2 files changed

+24
-9
lines changed

src/LaunchDarkly/Impl/Model/Operators.php

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -101,23 +101,33 @@ public static function apply(?string $op, $u, $c): bool
101101
}
102102
break;
103103
case "semVerEqual":
104-
$uVer = self::parseSemVer($u);
105-
$cVer = self::parseSemVer($c);
106-
return ($uVer != null) && ($cVer != null) && $uVer->comparePrecedence($cVer) == 0;
104+
return self::semver_operator($u, $c, 0);
107105
case "semVerLessThan":
108-
$uVer = self::parseSemVer($u);
109-
$cVer = self::parseSemVer($c);
110-
return ($uVer != null) && ($cVer != null) && $uVer->comparePrecedence($cVer) < 0;
106+
return self::semver_operator($u, $c, -1);
111107
case "semVerGreaterThan":
112-
$uVer = self::parseSemVer($u);
113-
$cVer = self::parseSemVer($c);
114-
return ($uVer != null) && ($cVer != null) && $uVer->comparePrecedence($cVer) > 0;
108+
return self::semver_operator($u, $c, 1);
115109
}
116110
} catch (Exception $ignored) {
117111
}
118112
return false;
119113
}
120114

115+
/**
116+
* @param mixed|null $u
117+
* @param mixed|null $c
118+
* @param int $expectedComparisonResult
119+
* @return bool
120+
*/
121+
private static function semver_operator($u, $c, $expectedComparisonResult): bool
122+
{
123+
if (!is_string($u) || !is_string($c)) {
124+
return false;
125+
}
126+
$uVer = self::parseSemVer($u);
127+
$cVer = self::parseSemVer($c);
128+
return ($uVer != null) && ($cVer != null) && $uVer->comparePrecedence($cVer) == $expectedComparisonResult;
129+
}
130+
121131
/**
122132
* A stricter version of the built-in is_numeric checker.
123133
*

tests/Impl/Model/OperatorsTest.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,11 @@ public function testSemVer()
7373
$this->assertTrue(Operators::apply("semVerGreaterThan", "2.0.0-rc.1", "2.0.0-rc.0"));
7474
$this->assertFalse(Operators::apply("semVerLessThan", "2.0.0", "xbad%ver"));
7575
$this->assertFalse(Operators::apply("semVerGreaterThan", "2.0.0", "xbad%ver"));
76+
77+
// numeric values are always invalid - must be a string
78+
$this->assertFalse(Operators::apply("semVerEqual", 2, "2.0.0"));
79+
$this->assertFalse(Operators::apply("semVerLessThan", 2, "2.0.1"));
80+
$this->assertFalse(Operators::apply("semVerGreaterThan", 3, "2.0.1"));
7681
}
7782

7883
public function comparisonOperators(): array

0 commit comments

Comments
 (0)