fix(transaction): guard version parsing against short version strings

[CodeLine9]

Bug

_is_not_later_rippled_version() splits the version on . and directly accesses indices [0], [1], [2]. A 2-part version string (e.g. "1.11") from a buggy or compromised server causes an IndexError.

Fix

Check that both decomposed version strings have at least 3 parts before accessing them. If not, return False (treat as unknown version).

Closes #975

[coderabbitai]

Walkthrough

The _is_not_later_rippled_version() function now includes defensive validation to check that version strings have at least three dot-separated components before attempting to parse major, minor, and patch segments. Malformed version inputs with fewer components now return False.

Changes

Cohort / File(s)	Summary
Version String Validation xrpl/asyncio/transaction/main.py	Added defensive checks in _is_not_later_rippled_version() to verify version strings contain ≥3 dot-separated components before parsing, preventing IndexError on malformed inputs like "1.11".

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A version string, oh what a sight,
With dots splitting left and right,
But some came short—a two-part foe,
Now we check before we go! 🛡️
Defensive coding, keeping us safe,
No more crashes—we've sealed the chafe!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description clearly explains the bug and fix but lacks the full template structure with Type of Change, CHANGELOG confirmation, and Test Plan sections.	Fill out the remaining required template sections: mark the Type of Change (Bug fix), confirm CHANGELOG.md status, and document the Test Plan section.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding guards against short version strings in version parsing.
Linked Issues check	✅ Passed	The PR successfully addresses issue #975 by adding defensive checks to prevent IndexError when parsing malformed 2-part version strings like '1.11'.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the version parsing vulnerability in _is_not_later_rippled_version() as specified in issue #975; no unrelated modifications detected.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@xrpl/asyncio/transaction/main.py`:
- Around line 346-347: Add unit tests for _is_not_later_rippled_version and its
caller _tx_needs_networkID to cover malformed version strings so the existing
guard (if len(source_decomp) < 3 or len(target_decomp) < 3: return False) is
exercised: include cases like source="1.11" vs target="1.11.0", both sides
shorter than three segments, and assert that no IndexError is raised and that
the function returns False (the caller then skips adding network_id). Put tests
that explicitly pass malformed inputs into _is_not_later_rippled_version and
through _tx_needs_networkID to confirm behavior; optionally add a comment in the
tests noting the semantic caveat about "unknown" vs "not later" for future
maintainers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3cf59104-11d9-4572-8cf7-eb85e6831b89

📥 Commits

Reviewing files that changed from the base of the PR and between 8879e95 and f6b1c07.

📒 Files selected for processing (1)

• xrpl/asyncio/transaction/main.py