From 4f4fd6fbf4f030e672ebb3ddf0edec60539a03e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Rodr=C3=ADguez?= <deivid.rodriguez@riseup.net>
Date: Wed, 7 Sep 2022 13:30:02 +0200
Subject: [PATCH] Fix Python not cleaning up weird requirements

In 45f5b77a776cf8bada4c262af9e39ff492ab6ba9, we started handling odd
python requirements, with multiple constraints not separated by colons.

Native behavior is to ignore anything after the first requirement, yet
we were only ignoring the first one.

This was discovered though a CodeQL alert.
---
 python/lib/dependabot/python/requirement.rb       |  2 +-
 python/spec/dependabot/python/requirement_spec.rb | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/python/lib/dependabot/python/requirement.rb b/python/lib/dependabot/python/requirement.rb
index 62fc86da1cf..62414a29114 100644
--- a/python/lib/dependabot/python/requirement.rb
+++ b/python/lib/dependabot/python/requirement.rb
@@ -87,7 +87,7 @@ def convert_python_constraint_to_ruby_constraint(req_string)
         return nil if req_string == "*"
 
         req_string = req_string.gsub("~=", "~>")
-        req_string = req_string.gsub(/(?<=\d)[<=>].*/, "")
+        req_string = req_string.gsub(/(?<=\d)[<=>].*\Z/, "")
 
         if req_string.match?(/~[^>]/) then convert_tilde_req(req_string)
         elsif req_string.start_with?("^") then convert_caret_req(req_string)
diff --git a/python/spec/dependabot/python/requirement_spec.rb b/python/spec/dependabot/python/requirement_spec.rb
index 789945206e2..001a2731039 100644
--- a/python/spec/dependabot/python/requirement_spec.rb
+++ b/python/spec/dependabot/python/requirement_spec.rb
@@ -116,6 +116,17 @@
       end
     end
 
+    context "with multiple operators after the first" do
+      let(:requirement_string) { ">=2.0<2.1<2.2" }
+      # Python ignores operators after the first!
+      it { is_expected.to eq(Gem::Requirement.new(">=2.0")) }
+
+      context "separated with a comma" do
+        let(:requirement_string) { ">=2.0,<2.1,<2.2" }
+        it { is_expected.to eq(Gem::Requirement.new(">=2.0", "<2.1", "<2.2")) }
+      end
+    end
+
     context "with an array" do
       let(:requirement_string) { ["== 1.3.*", ">= 1.3.1"] }
       its(:to_s) do