From 3ed5e856463f2a6b2d252ce8f0eddb8d5ca8c8e2 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 10 May 2015 07:16:22 -0400
Subject: [PATCH] added code to strip -py2 from the identified version

Former-commit-id: 4e8f8f21a3ac21099b6ea4524f5299da95973943
---
 .../owasp/dependencycheck/utils/DependencyVersionUtil.java | 7 +++++--
 .../dependencycheck/utils/DependencyVersionUtilTest.java   | 6 ++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
index aa1187d12..02845f2c1 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
@@ -35,8 +35,8 @@ public final class DependencyVersionUtil {
      */
     private static final Pattern RX_VERSION = Pattern.compile("\\d+(\\.\\d{1,6})+(\\.?([_-](release|beta|alpha|\\d+)|[a-zA-Z_-]{1,3}\\d{0,8}))?");
     /**
-     * Regular expression to extract a single version number without periods. This is a last ditch effort just to check
-     * in case we are missing a version number using the previous regex.
+     * Regular expression to extract a single version number without periods. This is a last ditch effort just to check in case we
+     * are missing a version number using the previous regex.
      */
     private static final Pattern RX_SINGLE_VERSION = Pattern.compile("\\d+(\\.?([_-](release|beta|alpha)|[a-zA-Z_-]{1,3}\\d{1,8}))?");
 
@@ -89,6 +89,9 @@ public final class DependencyVersionUtil {
                 return null;
             }
         }
+        if (version != null && version.endsWith("-py2") && version.length() > 4) {
+            version = version.substring(0, version.length() - 4);
+        }
         return new DependencyVersion(version);
     }
 }
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java
index a76c73240..b8b49c453 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java
@@ -58,9 +58,11 @@ public class DependencyVersionUtilTest {
         final String[] fileName = {"something-0.9.5.jar", "lib2-1.1.jar", "lib1.5r4-someflag-R26.jar",
             "lib-1.2.5-dev-20050313.jar", "testlib_V4.4.0.jar", "lib-core-2.0.0-RC1-SNAPSHOT.jar",
             "lib-jsp-2.0.1_R114940.jar", "dev-api-2.3.11_R121413.jar", "lib-api-3.7-SNAPSHOT.jar",
-            "-", "", "1.3-beta", "6", "openssl1.0.1c", "jsf-impl-2.2.8-02.jar"};
+            "-", "", "1.3-beta", "6", "openssl1.0.1c", "jsf-impl-2.2.8-02.jar",
+            "plone.rfc822-1.1.1-py2-none-any.whl"};
         final String[] expResult = {"0.9.5", "1.1", "1.5.r4", "1.2.5", "4.4.0", "2.0.0.rc1",
-            "2.0.1.r114940", "2.3.11.r121413", "3.7", "-", null, "1.3.beta", "6", "1.0.1c", "2.2.8.02"};
+            "2.0.1.r114940", "2.3.11.r121413", "3.7", "-", null, "1.3.beta", "6", "1.0.1c",
+            "2.2.8.02", "1.1.1"};
 
         for (int i = 0; i < fileName.length; i++) {
             final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName[i]);