Parse Firefox VPN versions using StrictVersion

As far as I can tell, version numbers only contain digits and periods,
so we can do without LooseVersion here, reject bad version strings, and
ensure comparisons work.

Fixes #3441

Author: jcristau

src/auslib/util/versions.py

@@ -153,6 +153,14 @@ def _cmp(self, other):
             return 1
 
 
+def FirefoxVPNVersion(version):
+    try:
+        return StrictVersion(version)
+    except ValueError:
+        raise BadDataError(f"Invalid app version {version}")
+
+
+
 class PostModernMozillaVersion(StrictVersion):
     """A version class that supports Firefox versions 5.0 and up, which
     may have "a1" but not "b2" tags in them"""
@@ -281,7 +289,7 @@ def decrement_version(version):
 
 def get_version_class(product):
     if product in ("FirefoxVPN", "Guardian"):
-        return LooseVersion
+        return FirefoxVPNVersion
 
     return MozillaVersion
 

tests/web/test_json.py

@@ -521,3 +521,10 @@ def testJSONForAppReleaseBlob(client):
     assert ret.status_code < 500
     ret = client.get("/json/2/b/127.0/p/release/default/update.json")
     assert ret.status_code < 500
+
+
+@pytest.mark.usefixtures("guardian_db")
+def testJSONBadAppVersion(client):
+    ret = client.get("/update/1/Guardian/0_4/default/WINNT_x86_64/en-US/release/update.xml")
+    assert ret.status_code == 400
+    assert ret.text == "Invalid app version 0_4"