From 29142df38213480ed3c3ce7ec44fa63f2220a7d1 Mon Sep 17 00:00:00 2001
From: David Dworken <david@daviddworken.com>
Date: Sun, 5 Nov 2023 00:38:21 -0700
Subject: [PATCH] Add additional check that checks that the version is valid
 per semver

---
 client/cmd/update.go | 6 +++++-
 client/lib/slsa.go   | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/client/cmd/update.go b/client/cmd/update.go
index 6f5fec4..4d61a29 100644
--- a/client/cmd/update.go
+++ b/client/cmd/update.go
@@ -19,6 +19,7 @@ import (
 	"github.com/ddworken/hishtory/client/lib"
 	"github.com/ddworken/hishtory/shared"
 	"github.com/spf13/cobra"
+	"golang.org/x/mod/semver"
 )
 
 var updateCmd = &cobra.Command{
@@ -36,7 +37,10 @@ var validateBinaryCmd = &cobra.Command{
 	Args:   cobra.ExactArgs(3),
 	Run: func(cmd *cobra.Command, args []string) {
 		ctx := hctx.MakeContext()
-		version := args[0]
+		version := strings.TrimSpace(args[0])
+		if !semver.IsValid(version) {
+			lib.CheckFatalError(fmt.Errorf("specified version %#v is not a valid version", version))
+		}
 		binaryPath := args[1]
 		attestationPath := args[2]
 		isMacOs, err := cmd.Flags().GetBool("is_macos")
diff --git a/client/lib/slsa.go b/client/lib/slsa.go
index 24cef7a..d16fe1c 100644
--- a/client/lib/slsa.go
+++ b/client/lib/slsa.go
@@ -36,6 +36,7 @@ func checkForDowngrade(currentVersionS, newVersionS string) error {
 	if err != nil {
 		return fmt.Errorf("failed to parse updated version %#v", newVersionS)
 	}
+	// TODO: migrate this to the version parser struct
 	if currentVersion > newVersion {
 		return fmt.Errorf("failed to update because the new version (%#v) is a downgrade compared to the current version (%#v)", newVersionS, currentVersionS)
 	}