Skip to content

Commit

Permalink
fix #264: restore v version prefix (#267)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bhamail
bhamail authored Jun 2, 2022
1 parent 3a62d04 commit 281866d
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 19 deletions.
8 changes: 1 addition & 7 deletions packages/dep.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@
package packages

import (
"strings"

"github.com/Masterminds/semver"
"github.com/golang/dep"
)
Expand All @@ -28,11 +26,7 @@ func ExtractPurlsUsingDep(project *dep.Project) ([]string, []string) {
var purls []string
var invalidPurls []string
for _, lockedProject := range lockedProjects {
var version string
i := lockedProject.Version().String()

version = strings.Replace(i, "v", "", -1)

version := lockedProject.Version().String()
if len(version) > 0 { // There must be a version we can use
name := lockedProject.Ident().String()
packageName := convertGopkgNameToPurl(name)
Expand Down
14 changes: 7 additions & 7 deletions packages/dep_int_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,13 @@ func TestExtractPurlsFromManifestUsingDep(t *testing.T) {
assertPurlFound("pkg:golang/golang.org/x/sync@master", invalidPurls, t)
assertPurlFound("pkg:golang/golang.org/x/sys@master", invalidPurls, t)

assertPurlFound("pkg:golang/github.com/go-yaml/yaml@2", purls, t)
assertPurlFound("pkg:golang/github.com/Masterminds/vcs@1.11.1", purls, t)
assertPurlFound("pkg:golang/github.com/boltdb/bolt@1.3.1", purls, t)
assertPurlFound("pkg:golang/github.com/golang/protobuf@1.0.0", purls, t)
assertPurlFound("pkg:golang/github.com/jmank88/nuts@0.3.0", purls, t)
assertPurlFound("pkg:golang/github.com/pelletier/go-toml@1.2.0", purls, t)
assertPurlFound("pkg:golang/github.com/pkg/errors@0.8.0", purls, t)
assertPurlFound("pkg:golang/github.com/go-yaml/yaml@v2", purls, t)
assertPurlFound("pkg:golang/github.com/Masterminds/vcs@v1.11.1", purls, t)
assertPurlFound("pkg:golang/github.com/boltdb/bolt@v1.3.1", purls, t)
assertPurlFound("pkg:golang/github.com/golang/protobuf@v1.0.0", purls, t)
assertPurlFound("pkg:golang/github.com/jmank88/nuts@v0.3.0", purls, t)
assertPurlFound("pkg:golang/github.com/pelletier/go-toml@v1.2.0", purls, t)
assertPurlFound("pkg:golang/github.com/pkg/errors@v0.8.0", purls, t)
}

func assertPurlFound(expectedPurl string, result []string, t *testing.T) {
Expand Down
6 changes: 2 additions & 4 deletions packages/mod.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,8 @@ type Mod struct {
func (m Mod) ExtractPurlsFromManifest() (purls []string) {
for _, s := range m.ProjectList.Projects {
if len(s.Version) > 0 { // There must be a version we can use
// OSS Index no likey v before version, IQ does though, comment left so I will never forget.
// go-sona-types library now takes care of querying both ossi and iq with reformatted purls as needed (to v or not to v).
version := strings.Replace(s.Version, "v", "", -1)
version = strings.Replace(version, "+incompatible", "", -1)
// remove "+incompatible" from version string if it exists
version := strings.Replace(s.Version, "+incompatible", "", -1)
var purl = "pkg:" + convertGopkgNameToPurl(s.Name) + "@" + version
purls = append(purls, purl)
}
Expand Down
14 changes: 13 additions & 1 deletion packages/mod_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,15 @@
package packages

import (
"github.com/stretchr/testify/assert"
"testing"

"github.com/sonatype-nexus-community/nancy/types"
)

const versionFormatDateHash = "v0.0.0-20201221181555-eec23a3978ad"
const versionFormatIncompatible = "v2.0.3+incompatible"

// Simulate calling parse.GopkgLock()
func getProjectList() (projectList types.ProjectList) {
appendProject("github.com/AndreasBriese/bbloom", "", &projectList)
Expand All @@ -34,6 +38,8 @@ func getProjectList() (projectList types.ProjectList) {
appendProject("github.com/shopspring/decimal", "1.1.0", &projectList)
appendProject("golang.org/x/net", "", &projectList)
appendProject("golang.org/x/sys", "", &projectList)
appendProject("golang/golang.org/x/crypto", versionFormatDateHash, &projectList)
appendProject("github.com/logrusorgru/aurora", versionFormatIncompatible, &projectList)

return projectList
}
Expand Down Expand Up @@ -66,9 +72,15 @@ func TestModExtractPurlsFromManifest(t *testing.T) {
mod.ProjectList = getProjectList()

result := mod.ExtractPurlsFromManifest()
if len(result) != 5 {
if len(result) != 7 {
t.Error(result)
}

// verify version format with date and hashcode is not altered
assert.Equal(t, "pkg:golang/golang/golang.org/x/crypto@"+versionFormatDateHash, result[5])

// verify version format with '+incompatible' has that string removed
assert.Equal(t, "pkg:golang/github.com/logrusorgru/[email protected]", result[6])
}

func TestModExtractPurlsFromManifestDuplicates(t *testing.T) {
Expand Down

0 comments on commit 281866d

Please sign in to comment.