Skip to content

Commit

Permalink
feat: add support for go.mod (#46)
Browse files Browse the repository at this point in the history
  • Loading branch information
@G-Rath
G-Rath committed Mar 8, 2022
1 parent 01dfa24 commit a9bcee1
Show file tree
Hide file tree
Showing 12 changed files with 199 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ The detector supports parsing the following lockfiles:
| `pnpm-lock.yaml` | `npm` | `pnpm` |
| `composer.lock` | `Packagist` | `composer` |
| `Gemfile.lock` | `RubyGems` | `bundler` |
| `go.mod` | `Go` | `go mod` |
| `requirements.txt`\* | `PyPI` | `pip` |

\*: `requirements.txt` support is currently very limited - it ignores anything
Expand Down
Empty file added detector/parsers/fixtures/go/empty.mod
View file
Empty file.
14 changes: 14 additions & 0 deletions detector/parsers/fixtures/go/indirect-packages.mod
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
module my-library

go 1.17

require (
github.com/BurntSushi/toml v1.0.0
gopkg.in/yaml.v2 v2.4.0
)

require (
github.com/mattn/go-colorable v0.1.9 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
)
1 change: 1 addition & 0 deletions detector/parsers/fixtures/go/not-go-mod.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
this is not a go.mod file!
5 changes: 5 additions & 0 deletions detector/parsers/fixtures/go/one-package.mod
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
module my-library

require (
github.com/BurntSushi/toml v1.0.0
)
8 changes: 8 additions & 0 deletions detector/parsers/fixtures/go/two-packages.mod
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
module my-library

go 1.17

require (
github.com/BurntSushi/toml v1.0.0
gopkg.in/yaml.v2 v2.4.0
)
36 changes: 36 additions & 0 deletions detector/parsers/parse-go-lock.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
package parsers

import (
"fmt"
"golang.org/x/mod/modfile"
"io/ioutil"
"strings"
)

const GoEcosystem Ecosystem = "Go"

func ParseGoLock(pathToLockfile string) ([]PackageDetails, error) {
lockfileContents, err := ioutil.ReadFile(pathToLockfile)

if err != nil {
return []PackageDetails{}, fmt.Errorf("could not read %s: %w", pathToLockfile, err)
}

parsedLockfile, err := modfile.Parse(pathToLockfile, lockfileContents, nil)

if err != nil {
return []PackageDetails{}, fmt.Errorf("could not parse %s: %w", pathToLockfile, err)
}

packages := make([]PackageDetails, 0, len(parsedLockfile.Require))

for _, require := range parsedLockfile.Require {
packages = append(packages, PackageDetails{
Name: require.Mod.Path,
Version: strings.TrimPrefix(require.Mod.Version, "v"),
Ecosystem: GoEcosystem,
})
}

return packages, nil
}
115 changes: 115 additions & 0 deletions detector/parsers/parse-go-lock_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
package parsers_test

import (
"osv-detector/detector/parsers"
"testing"
)

func TestParseGoLock_FileDoesNotExist(t *testing.T) {
t.Parallel()

packages, err := parsers.ParseGoLock("fixtures/go/does-not-exist")

expectErrContaining(t, err, "could not read")
expectPackages(t, packages, []parsers.PackageDetails{})
}

func TestParseGoLock_Invalid(t *testing.T) {
t.Parallel()

packages, err := parsers.ParseGoLock("fixtures/go/not-go-mod.txt")

expectErrContaining(t, err, "could not parse")
expectPackages(t, packages, []parsers.PackageDetails{})
}

func TestParseGoLock_NoPackages(t *testing.T) {
t.Parallel()

packages, err := parsers.ParseGoLock("fixtures/go/empty.mod")

if err != nil {
t.Errorf("Got unexpected error: %v", err)
}

expectPackages(t, packages, []parsers.PackageDetails{})
}

func TestParseGoLock_OnePackage(t *testing.T) {
t.Parallel()

packages, err := parsers.ParseGoLock("fixtures/go/one-package.mod")

if err != nil {
t.Errorf("Got unexpected error: %v", err)
}

expectPackages(t, packages, []parsers.PackageDetails{
{
Name: "github.com/BurntSushi/toml",
Version: "1.0.0",
Ecosystem: parsers.GoEcosystem,
},
})
}

func TestParseGoLock_TwoPackages(t *testing.T) {
t.Parallel()

packages, err := parsers.ParseGoLock("fixtures/go/two-packages.mod")

if err != nil {
t.Errorf("Got unexpected error: %v", err)
}

expectPackages(t, packages, []parsers.PackageDetails{
{
Name: "github.com/BurntSushi/toml",
Version: "1.0.0",
Ecosystem: parsers.GoEcosystem,
},
{
Name: "gopkg.in/yaml.v2",
Version: "2.4.0",
Ecosystem: parsers.GoEcosystem,
},
})
}

func TestParseGoLock_IndirectPackages(t *testing.T) {
t.Parallel()

packages, err := parsers.ParseGoLock("fixtures/go/indirect-packages.mod")

if err != nil {
t.Errorf("Got unexpected error: %v", err)
}

expectPackages(t, packages, []parsers.PackageDetails{
{
Name: "github.com/BurntSushi/toml",
Version: "1.0.0",
Ecosystem: parsers.GoEcosystem,
},
{
Name: "gopkg.in/yaml.v2",
Version: "2.4.0",
Ecosystem: parsers.GoEcosystem,
},
{
Name: "github.com/mattn/go-colorable",
Version: "0.1.9",
Ecosystem: parsers.GoEcosystem,
},
{
Name: "github.com/mattn/go-isatty",
Version: "0.0.14",
Ecosystem: parsers.GoEcosystem,
},
{
Name: "golang.org/x/sys",
Version: "0.0.0-20210630005230-0f9fa26af87c",
Ecosystem: parsers.GoEcosystem,
},
})
}
2 changes: 2 additions & 0 deletions detector/parsers/parsers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ func findParser(pathToLockfile string) PackageDetailsParser {
return ParseNpmLock
case "yarn.lock":
return ParseYarnLock
case "go.mod":
return ParseGoLock
case "pnpm-lock.yaml":
return ParsePnpmLock
case "requirements.txt":
Expand Down
1 change: 1 addition & 0 deletions detector/parsers/parsers_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ func TestTryParse_FindsExpectedParsers(t *testing.T) {
"pnpm-lock.yaml",
"composer.lock",
"Gemfile.lock",
"go.mod",
"requirements.txt",
}

Expand Down
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,13 @@ go 1.17
require (
github.com/BurntSushi/toml v1.0.0
github.com/fatih/color v1.13.0
golang.org/x/mod v0.5.1
gopkg.in/yaml.v2 v2.4.0
)

require (
github.com/mattn/go-colorable v0.1.9 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 // indirect
)
14 changes: 14 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,24 @@ github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
Expand Down

0 comments on commit a9bcee1

Please sign in to comment.