From 0e6ee70f6f39a46f0c204f09878e712eaa3fd707 Mon Sep 17 00:00:00 2001
From: Lucas Bajolet <lucas.bajolet@hashicorp.com>
Date: Fri, 22 Mar 2024 12:13:12 -0400
Subject: [PATCH] plugins: reject non-canonical version numbers

If a plugin is installed manually, its version number could be valid but
non-canonical (ex: 1.2.3 vs 01.002.0003).

Since these two versions refer to the same version, but the looks are
different, this may become ambiguous which version should be loaded.

To avoid such a situation, we reject explicitely non-canonical version
numbers in plugins, but only in path, we're aware that because of
metadata, the version from `describe' may already differ from the file
name.
---
 packer/plugin-getter/plugins.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packer/plugin-getter/plugins.go b/packer/plugin-getter/plugins.go
index 8a97b8cb0..17c0cdcc0 100644
--- a/packer/plugin-getter/plugins.go
+++ b/packer/plugin-getter/plugins.go
@@ -187,6 +187,11 @@ func (pr Requirement) ListInstallations(opts ListInstallationsOptions) (InstallL
 			continue
 		}
 
+		if fmt.Sprintf("v%s", ver.String()) != pluginVersionStr {
+			log.Printf("version %q in path is non canonical, this could introduce ambiguity and is not supported, ignoring it.", pluginVersionStr)
+			continue
+		}
+
 		if ver.Prerelease() != "" && opts.ReleasesOnly {
 			log.Printf("ignoring pre-release plugin %q", path)
 			continue