From 036cda2fbc8a5bbcdd55254b6a86932a68286607 Mon Sep 17 00:00:00 2001
From: Soim Kim <soim.kim@lge.com>
Date: Wed, 6 May 2026 11:36:50 +0900
Subject: [PATCH] fix(download): preserve full dotted-numeric versions for
 clarified_version

Maven/OSGi-style versions like 1.1.7.7 were reduced to trailing x.y (7.7) by the
two-part semver heuristic; match pure dotted-numeric strings first after stripping v.

- Add regression tests for mvnrepository artifact URLs and 1.1.7.7 hints
---
 src/fosslight_util/download.py      |  5 +++++
 tests/test_download_version_hint.py | 15 +++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/fosslight_util/download.py b/src/fosslight_util/download.py
index 61b90ec..b160efa 100755
--- a/src/fosslight_util/download.py
+++ b/src/fosslight_util/download.py
@@ -319,6 +319,8 @@ def get_remote_refs(git_url: str):
     re.IGNORECASE,
 )
 _CLARIFIED_MAJOR_ONLY_FULL = re.compile(r'^(?:v\.? ?)?(\d+)$', re.IGNORECASE)
+# Maven / OSGi style: 1.1.7.7 (more than three numeric segments; not strict semver)
+_PURE_DOT_NUMERIC_VERSION = re.compile(r'^\d+(\.\d+)+$')
 # Two-part x.y not followed by .digit (avoids taking "1.2" from "1.2.3")
 _CLARIFIED_TWO_IN_STR = re.compile(r'(\d+)\.(\d+)(?!\.\d)')
 _CLARIFIED_MAJOR_IN_STR = re.compile(
@@ -350,6 +352,9 @@ def clarified_version_from_oss_version(oss_version: str) -> str:
     s = (oss_version or "").strip()
     if not s:
         return ""
+    core = _strip_leading_v_prefix(s)
+    if _PURE_DOT_NUMERIC_VERSION.match(core):
+        return core
     m = _BASE_SEMVER_FOR_CHECKOUT.match(s)
     if m:
         if m.group(3):
diff --git a/tests/test_download_version_hint.py b/tests/test_download_version_hint.py
index 81e2cee..4c51000 100644
--- a/tests/test_download_version_hint.py
+++ b/tests/test_download_version_hint.py
@@ -54,6 +54,12 @@
             "/t/lodash-4.17.21.tgz",
             "4.17.21",
         ),
+        # mvnrepository.com page URL (version is last path segment; four-part Maven version)
+        (
+            "https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.7.7",
+            "",
+            "1.1.7.7",
+        ),
         # Generic: path ends with /download but real version only in filename
         (
             "https://example.com/releases/download",
@@ -81,6 +87,8 @@ def test_oss_version_hint_from_wget_link(link, downloaded_file, expected_hint):
         ("2.31.0", "2.31.0"),
         ("4.17.21", "4.17.21"),
         ("1.1.4", "1.1.4"),
+        ("1.1.7.7", "1.1.7.7"),
+        ("v1.1.7.7", "1.1.7.7"),
         ("v3.28.3", "3.28.3"),
     ],
 )
@@ -93,3 +101,10 @@ def test_github_archive_hint_then_clarified():
     hint = _oss_version_hint_from_wget_link(link, "/t/v3.28.3.tar.gz")
     assert hint == "v3.28.3"
     assert clarified_version_from_oss_version(hint) == "3.28.3"
+
+
+def test_mvnrepository_url_hint_then_clarified():
+    link = "https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.7.7"
+    hint = _oss_version_hint_from_wget_link(link, "")
+    assert hint == "1.1.7.7"
+    assert clarified_version_from_oss_version(hint) == "1.1.7.7"