Fix matching

RetireJS · Feb 13, 2024 · 3493e34 · 3493e34
1 parent 48411f6
commit 3493e34
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 19 deletions.
diff --git a/node/CHANGELOG.md b/node/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## [4.4.2]
+
+### Fix
+
+- Fix matching to include all matches
+
+
 ## [4.4.1]
 
 ### Chore

diff --git a/node/lib/retire.js b/node/lib/retire.js
@@ -4,7 +4,7 @@
  */
 
 var exports = exports || {};
-exports.version = '4.4.1';
+exports.version = '4.4.2';
 
 function isDefined(o) {
   return typeof o !== 'undefined';
@@ -19,15 +19,14 @@ function uniq(results) {
   });
 }
 
-function scan(data, extractor, repo, matcher) {
-  matcher = matcher || simpleMatch;
+function scan(data, extractor, repo, matcher = simpleMatch) {
   var detected = [];
   for (var component in repo) {
     var extractors = repo[component].extractors[extractor];
     if (!isDefined(extractors)) continue;
     for (var i in extractors) {
-      var match = matcher(extractors[i], data);
-      if (match) {
+      var matches = matcher(extractors[i], data);
+      matches.forEach(match => {
         match = match.replace(/(\.|-)min$/, '');
         detected.push({
           version: match,
@@ -36,27 +35,34 @@ function scan(data, extractor, repo, matcher) {
           basePurl: repo[component].basePurl,
           detection: extractor,
         });
-      }
+      });
     }
   }
   return uniq(detected);
 }
 
 function simpleMatch(regex, data) {
-  var re = new RegExp(regex);
-  var match = re.exec(data);
-  return match ? match[1] : null;
+  var re = new RegExp(regex, "g");
+  const result = [];
+  let match;
+  while (match = re.exec(data)) {
+    result.push(match[1]);
+  }
+  return result;
 }
 function replacementMatch(regex, data) {
   var ar = /^\/(.*[^\\])\/([^\/]+)\/$/.exec(regex);
-  var re = new RegExp(ar[1]);
-  var match = re.exec(data);
-  var ver = null;
-  if (match) {
-    ver = match[0].replace(new RegExp(ar[1]), ar[2]);
-    return ver;
+  var re = new RegExp(ar[1], "g");
+  const result = [];
+  let match;
+  while(match = re.exec(data)) {
+    var ver = null;
+    if (match) {
+      ver = match[0].replace(new RegExp(ar[1]), ar[2]);
+      result.push(ver);
+    }
   }
-  return null;
+  return result;
 }
 
 function splitAndMatchAll(tokenizer) {

diff --git a/node/package-lock.json b/node/package-lock.json
diff --git a/node/package.json b/node/package.json
@@ -2,7 +2,7 @@
   "author": "Erlend Oftedal <erlend@oftedal.no>",
   "name": "retire",
   "description": "Retire is a tool for detecting use of vulnerable libraries",
-  "version": "4.4.1",
+  "version": "4.4.2",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",

diff --git a/node/publish.sh b/node/publish.sh
@@ -19,6 +19,11 @@ COMMIT_ID=$(git rev-parse HEAD)
 
 node -e "if (require('./lib/retire.js').version != require('./package.json').version) throw new Error('Wrong version in lib/retire.js')"
 
+if grep -q "$VERSION" CHANGELOG.md; then
+    echo "Version is missing in CHANGELOG.md"
+    exit 1
+fi
+
 echo "Point $VERSION to $COMMIT_ID and publish (Y/N)?"
 
 if [ $(git tag -l $VERSION) ]; then