feat(go): add main module (#6574)

Signed-off-by: knqyf263 <[email protected]>
aquasecurity · Apr 27, 2024 · 2d090ef · 2d090ef
1 parent 6343e4f
commit 2d090ef
Show file tree

Hide file tree

Showing 3 changed files with 145 additions and 2 deletions.
diff --git a/pkg/dependency/parser/golang/mod/parse.go b/pkg/dependency/parser/golang/mod/parse.go
@@ -85,16 +85,29 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 		skipIndirect = lessThan117(modFileParsed.Go.Version)
 	}
 
+	// Main module
+	if m := modFileParsed.Module; m != nil {
+		ver := strings.TrimPrefix(m.Mod.Version, "v")
+		libs[m.Mod.Path] = types.Library{
+			ID:                 packageID(m.Mod.Path, ver),
+			Name:               m.Mod.Path,
+			Version:            ver,
+			ExternalReferences: p.GetExternalRefs(m.Mod.Path),
+			Relationship:       types.RelationshipRoot,
+		}
+	}
+
 	// Required modules
 	for _, require := range modFileParsed.Require {
 		// Skip indirect dependencies less than Go 1.17
 		if skipIndirect && require.Indirect {
 			continue
 		}
+		ver := strings.TrimPrefix(require.Mod.Version, "v")
 		libs[require.Mod.Path] = types.Library{
-			ID:                 packageID(require.Mod.Path, require.Mod.Version[1:]),
+			ID:                 packageID(require.Mod.Path, ver),
 			Name:               require.Mod.Path,
-			Version:            require.Mod.Version[1:],
+			Version:            ver,
 			Relationship:       lo.Ternary(require.Indirect, types.RelationshipIndirect, types.RelationshipDirect),
 			ExternalReferences: p.GetExternalRefs(require.Mod.Path),
 		}

diff --git a/pkg/dependency/parser/golang/mod/parse_testcase.go b/pkg/dependency/parser/golang/mod/parse_testcase.go
@@ -5,6 +5,17 @@ import "github.com/aquasecurity/trivy/pkg/dependency/types"
 var (
 	// execute go mod tidy in normal folder
 	GoModNormal = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -39,6 +50,17 @@ var (
 
 	// execute go mod tidy in replaced folder
 	GoModReplaced = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -61,6 +83,17 @@ var (
 
 	// execute go mod tidy in replaced folder
 	GoModUnreplaced = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -83,6 +116,17 @@ var (
 
 	// execute go mod tidy in replaced-with-version folder
 	GoModReplacedWithVersion = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -105,6 +149,17 @@ var (
 
 	// execute go mod tidy in replaced-with-version-mismatch folder
 	GoModReplacedWithVersionMismatch = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -139,6 +194,17 @@ var (
 
 	// execute go mod tidy in replaced-with-local-path folder
 	GoModReplacedWithLocalPath = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -167,6 +233,17 @@ var (
 
 	// execute go mod tidy in replaced-with-local-path-and-version folder
 	GoModReplacedWithLocalPathAndVersion = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -195,6 +272,17 @@ var (
 
 	// execute go mod tidy in replaced-with-local-path-and-version-mismatch folder
 	GoModReplacedWithLocalPathAndVersionMismatch = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -229,6 +317,17 @@ var (
 
 	// execute go mod tidy in go116 folder
 	GoMod116 = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",
@@ -245,6 +344,17 @@ var (
 
 	// execute go mod tidy in no-go-version folder
 	GoModNoGoVersion = []types.Library{
+		{
+			ID:           "github.com/org/repo",
+			Name:         "github.com/org/repo",
+			Relationship: types.RelationshipRoot,
+			ExternalReferences: []types.ExternalRef{
+				{
+					Type: types.RefVCS,
+					URL:  "https://github.com/org/repo",
+				},
+			},
+		},
 		{
 			ID:           "github.com/aquasecurity/[email protected]",
 			Name:         "github.com/aquasecurity/go-dep-parser",

diff --git a/pkg/fanal/analyzer/language/golang/mod/mod_test.go b/pkg/fanal/analyzer/language/golang/mod/mod_test.go
@@ -32,6 +32,11 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 						Type:     types.GoModule,
 						FilePath: "go.mod",
 						Libraries: types.Packages{
+							{
+								ID:           "github.com/org/repo",
+								Name:         "github.com/org/repo",
+								Relationship: types.RelationshipRoot,
+							},
 							{
 								ID:           "github.com/aquasecurity/[email protected]",
 								Name:         "github.com/aquasecurity/go-dep-parser",
@@ -67,6 +72,11 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 						Type:     types.GoModule,
 						FilePath: "go.mod",
 						Libraries: types.Packages{
+							{
+								ID:           "github.com/org/repo",
+								Name:         "github.com/org/repo",
+								Relationship: types.RelationshipRoot,
+							},
 							{
 								ID:           "github.com/sad/[email protected]",
 								Name:         "github.com/sad/sad",
@@ -90,6 +100,11 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 						Type:     types.GoModule,
 						FilePath: "go.mod",
 						Libraries: types.Packages{
+							{
+								ID:           "github.com/org/repo",
+								Name:         "github.com/org/repo",
+								Relationship: types.RelationshipRoot,
+							},
 							{
 								ID:           "github.com/aquasecurity/[email protected]",
 								Name:         "github.com/aquasecurity/go-dep-parser",
@@ -125,6 +140,11 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 						Type:     types.GoModule,
 						FilePath: "go.mod",
 						Libraries: types.Packages{
+							{
+								ID:           "github.com/org/repo",
+								Name:         "github.com/org/repo",
+								Relationship: types.RelationshipRoot,
+							},
 							{
 								ID:           "github.com/aquasecurity/[email protected]",
 								Name:         "github.com/aquasecurity/go-dep-parser",