Validate version and alias names

Author: jimporter

CHANGES.md

@@ -25,6 +25,8 @@
 - `mike alias` now checks for existing aliases to prevent erroneously setting an
   alias for two different versions
 - Replace `packaging` dependency with `verspec` for future stability
+- Validate version and alias names to ensure they're non-empty and don't
+  contain a directory separator
 
 [material-mike]: https://squidfunk.github.io/mkdocs-material/setup/setting-up-versioning/#versioning
 

mike/versions.py

@@ -1,4 +1,5 @@
 import json
+import re
 from verspec.loose import LooseVersion as Version
 
 
@@ -14,13 +15,23 @@ def _version_pair(version):
 
 class VersionInfo:
     def __init__(self, version, title=None, aliases=[]):
+        self._check_version(str(version), 'version')
+        for i in aliases:
+            self._check_version(i, 'alias')
+
         self.version, name = _version_pair(version)
         self.title = name if title is None else title
         self.aliases = set(aliases)
 
         if name in self.aliases:
             raise ValueError('duplicated version and alias')
 
+    @staticmethod
+    def _check_version(version, kind):
+        if ( not version or version in ['.', '..'] or
+             re.search(r'[\\/]', version) ):
+            raise ValueError('{!r} is not a valid {}'.format(version, kind))
+
     def __eq__(self, rhs):
         return (self.version == rhs.version and self.title == rhs.title and
                 self.aliases == rhs.aliases)
@@ -39,6 +50,8 @@ def dumps(self):
         return json.dumps(self.to_json())
 
     def update(self, title=None, aliases=[]):
+        for i in aliases:
+            self._check_version(i, 'alias')
         if title is not None:
             self.title = title
 

test/unit/test_versions.py

@@ -27,7 +27,27 @@ def test_create(self):
         self.assertEqual(v.title, '1.0')
         self.assertEqual(v.aliases, set())
 
-        with self.assertRaises(ValueError):
+        with self.assertRaisesRegex(ValueError, "^'' is not a valid version$"):
+            VersionInfo('')
+        with self.assertRaisesRegex(ValueError,
+                                    "^'..' is not a valid version$"):
+            VersionInfo('..')
+        with self.assertRaisesRegex(ValueError,
+                                    "^'foo/bar' is not a valid version$"):
+            VersionInfo('foo/bar')
+        with self.assertRaisesRegex(ValueError,
+                                    "^'foo/bar' is not a valid version$"):
+            VersionInfo(Version('foo/bar'))
+
+        with self.assertRaisesRegex(ValueError, "^'' is not a valid alias$"):
+            VersionInfo('1.0', aliases=['latest', ''])
+        with self.assertRaisesRegex(ValueError, "^'..' is not a valid alias$"):
+            VersionInfo('1.0', aliases=['..'])
+        with self.assertRaisesRegex(ValueError,
+                                    "^'foo/bar' is not a valid alias$"):
+            VersionInfo('1.0', aliases=['foo/bar'])
+        with self.assertRaisesRegex(ValueError,
+                                    "^duplicated version and alias$"):
             VersionInfo('1.0', aliases=['1.0'])
 
     def test_equality(self):
@@ -76,6 +96,14 @@ def test_update(self):
             '1.0', '1.0.1', ['latest', 'greatest']
         ))
 
+        with self.assertRaisesRegex(ValueError, "^'' is not a valid alias$"):
+            v.update(aliases=[''])
+        with self.assertRaisesRegex(ValueError, "^'..' is not a valid alias$"):
+            v.update(aliases=['..'])
+        with self.assertRaisesRegex(ValueError,
+                                    "^'foo/bar' is not a valid alias$"):
+            v.update(aliases=['foo/bar'])
+
 
 class TestVersions(unittest.TestCase):
     def test_add(self):