package pep440 import ( "golang.org/x/xerrors" version "github.com/aquasecurity/go-pep440-version" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/detector/library/compare" ) // Comparer represents a comparer for PEP 440 type Comparer struct{} // IsVulnerable checks if the package version is vulnerable to the advisory. func (n Comparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool { return compare.IsVulnerable(ver, advisory, n.matchVersion) } // matchVersion checks if the package version satisfies the given constraint. func (n Comparer) matchVersion(currentVersion, constraint string) (bool, error) { v, err := version.Parse(currentVersion) if err != nil { return false, xerrors.Errorf("python version error (%s): %s", currentVersion, err) } c, err := version.NewSpecifiers(constraint, version.WithPreRelease(true)) if err != nil { return false, xerrors.Errorf("python constraint error (%s): %s", constraint, err) } return c.Check(v), nil }