fix: improve version_compare logic (#3548)

Coverity was warning about unreachable code because I forgot to put in
an if statement.  Also, updated comment to better explain how version 
compare is terrible in the face of real life versions.

Signed-off-by: Terri Oda <[email protected]>

Author: terriko

cve_bin_tool/version_compare.py

@@ -149,13 +149,20 @@ def version_compare(v1: str, v2: str):
 
                 # They're both of type letter567 and we'll convert them to be letter.567 and
                 # run them through the compare function again
-                # Honestly it's hard to guess if .dev3 is going to be more or less than .rc4
-                # unless you know the project, so hopefully people don't expect that kind of range
-                # matching
-                v1_newstring = re.sub("([a-zA-Z]+)([0-9]+)", r"\1.\2", v1_array[i])
-                v2_newstring = re.sub("([a-zA-Z]+)([0-9]+)", r"\1.\2", v2_array[i])
-                print(f"`{v1_newstring}` and `{v2_newstring}`")
-                return version_compare(v1_newstring, v2_newstring)
+                # We will be dictionary comparing so that 4.alpha4 < 4.beta1
+                # but this also means .dev3 < .rc4 (because d is before r)
+                # which may make less sense depending on the project.
+                letter_number = re.compile("^[a-zA-Z]+[0-9]+$")
+                if re.match(letter_number, v1_array[i]) and re.match(
+                    letter_number, v2_array[i]
+                ):
+                    v1_letter_number = re.sub(
+                        "([a-zA-Z]+)([0-9]+)", r"\1.\2", v1_array[i]
+                    )
+                    v2_letter_number = re.sub(
+                        "([a-zA-Z]+)([0-9]+)", r"\1.\2", v2_array[i]
+                    )
+                    return version_compare(v1_letter_number, v2_letter_number)
 
                 # And if all else fails, just compare the strings
                 if v1_array[i] > v2_array[i]: