Properly handle dependency specifications

rvermeulen · rvermeulen · commit df27f71ef879 · 2023-06-23T16:36:45.000-07:00
diff --git a/codeql_bundle/helpers/bundle.py b/codeql_bundle/helpers/bundle.py
@@ -89,9 +89,9 @@ def _validate_pack(self, pack: ResolvedCodeQLPack) -> None:
                 )
 
             dep_pack = self.available_packs[dep_name]
-            if pack.dependencies[dep_name] > dep_pack.version:
+            if not pack.dependencies[dep_name].match(dep_pack.version):
                 raise BundleException(
-                    f"Package {pack.name} depends on version {pack.dependencies[dep_name]} of pack {dep_pack.name}, but the bundle contains {dep_pack.version}",
+                    f"Package {pack.name} depends on version specification {pack.dependencies[dep_name]} of pack {dep_pack.name}, but the bundle contains {dep_pack.version}",
                 )
         logging.info(f"The CodeQL pack {pack.name}'s dependencies are satisfied.")
 
diff --git a/codeql_bundle/helpers/codeql.py b/codeql_bundle/helpers/codeql.py
@@ -1,6 +1,6 @@
 import subprocess
 import json
-from semantic_version import Version
+from semantic_version import Version, NpmSpec
 from pathlib import Path
 from typing import Dict, Any, Iterable, Self, Optional, List
 import yaml
@@ -20,14 +20,22 @@ class CodeQLPack:
     library: bool = False
     name: str
     version: Version = Version("0.0.0")
-    dependencies: Dict[str, Version] = field(default_factory=dict)
+    dependencies: Dict[str, NpmSpec] = field(default_factory=dict)
     extractor: Optional[str] = None
 
     @classmethod
     def from_dict(cls, dict_: Dict[str, Any]) -> Self:
         fieldset = {f.name for f in fields(cls) if f.init}
 
-        filtered_dict = {k: v for k, v in dict_.items() if k in fieldset}
+        def _convert_value(k : str, v : Any) -> Any:
+            if k == "version":
+                return Version(v)
+            elif k == "dependencies":
+                return {k: NpmSpec(v) for k, v in v.items()}
+            else:
+                return v
+
+        filtered_dict = {k: _convert_value(k, v) for k, v in dict_.items() if k in fieldset}
         return cls(**filtered_dict)
 
     def get_scope(self) -> Optional[str]:

Original file line number	Diff line number	Diff line change
`@@ -89,9 +89,9 @@ def _validate_pack(self, pack: ResolvedCodeQLPack) -> None:`
`89`	`89`	`)`
`90`	`90`
`91`	`91`	`dep_pack = self.available_packs[dep_name]`
`92`		`- if pack.dependencies[dep_name] > dep_pack.version:`
	`92`	`+ if not pack.dependencies[dep_name].match(dep_pack.version):`
`93`	`93`	`raise BundleException(`
`94`		`- f"Package {pack.name} depends on version {pack.dependencies[dep_name]} of pack {dep_pack.name}, but the bundle contains {dep_pack.version}",`
	`94`	`+ f"Package {pack.name} depends on version specification {pack.dependencies[dep_name]} of pack {dep_pack.name}, but the bundle contains {dep_pack.version}",`
`95`	`95`	`)`
`96`	`96`	`logging.info(f"The CodeQL pack {pack.name}'s dependencies are satisfied.")`
`97`	`97`