From 04f497c9af8f160ca8553739e6abce67c010723c Mon Sep 17 00:00:00 2001
From: Daniele Nicolodi <daniele@grinta.net>
Date: Thu, 12 Dec 2024 22:23:23 +0100
Subject: [PATCH] Tighten regular expression used to validate wheel filenames

Drop the .dist-info file extension. Enforce that each component of the
filename does not contain a dash: dashes are used as separators.

See https://packaging.python.org/en/latest/specifications/binary-distribution-format/#file-name-convention

Remove spurious grouping, while at it.
---
 twine/wheel.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/twine/wheel.py b/twine/wheel.py
index c1d82352..955214ae 100644
--- a/twine/wheel.py
+++ b/twine/wheel.py
@@ -20,9 +20,13 @@
 from twine import exceptions
 
 wheel_file_re = re.compile(
-    r"""^(?P<namever>(?P<name>.+?)(-(?P<ver>\d.+?))?)
-        ((-(?P<build>\d.*?))?-(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)
-        \.whl|\.dist-info)$""",
+    r"""^(?P<name>[^-]+)-
+         (?P<version>[^-]+)
+         (:?-(?P<build>\d[^-]*))?-
+         (?P<pyver>[^-]+)-
+         (?P<abi>[^-]+)-
+         (?P<plat>[^-]+)
+         \.whl$""",
     re.VERBOSE,
 )