diff --git a/pkg/dependency/parser/golang/mod/parse.go b/pkg/dependency/parser/golang/mod/parse.go index b506128997ad..3be3bb0c2800 100644 --- a/pkg/dependency/parser/golang/mod/parse.go +++ b/pkg/dependency/parser/golang/mod/parse.go @@ -85,16 +85,29 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, skipIndirect = lessThan117(modFileParsed.Go.Version) } + // Main module + if m := modFileParsed.Module; m != nil { + ver := strings.TrimPrefix(m.Mod.Version, "v") + libs[m.Mod.Path] = types.Library{ + ID: packageID(m.Mod.Path, ver), + Name: m.Mod.Path, + Version: ver, + ExternalReferences: p.GetExternalRefs(m.Mod.Path), + Relationship: types.RelationshipRoot, + } + } + // Required modules for _, require := range modFileParsed.Require { // Skip indirect dependencies less than Go 1.17 if skipIndirect && require.Indirect { continue } + ver := strings.TrimPrefix(require.Mod.Version, "v") libs[require.Mod.Path] = types.Library{ - ID: packageID(require.Mod.Path, require.Mod.Version[1:]), + ID: packageID(require.Mod.Path, ver), Name: require.Mod.Path, - Version: require.Mod.Version[1:], + Version: ver, Relationship: lo.Ternary(require.Indirect, types.RelationshipIndirect, types.RelationshipDirect), ExternalReferences: p.GetExternalRefs(require.Mod.Path), } diff --git a/pkg/dependency/parser/golang/mod/parse_testcase.go b/pkg/dependency/parser/golang/mod/parse_testcase.go index 4edeccc2b581..dfadc32f67c3 100644 --- a/pkg/dependency/parser/golang/mod/parse_testcase.go +++ b/pkg/dependency/parser/golang/mod/parse_testcase.go @@ -5,6 +5,17 @@ import "github.com/aquasecurity/trivy/pkg/dependency/types" var ( // execute go mod tidy in normal folder GoModNormal = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", @@ -39,6 +50,17 @@ var ( // execute go mod tidy in replaced folder GoModReplaced = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237", Name: "github.com/aquasecurity/go-dep-parser", @@ -61,6 +83,17 @@ var ( // execute go mod tidy in replaced folder GoModUnreplaced = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211110174639-8257534ffed3", Name: "github.com/aquasecurity/go-dep-parser", @@ -83,6 +116,17 @@ var ( // execute go mod tidy in replaced-with-version folder GoModReplacedWithVersion = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237", Name: "github.com/aquasecurity/go-dep-parser", @@ -105,6 +149,17 @@ var ( // execute go mod tidy in replaced-with-version-mismatch folder GoModReplacedWithVersionMismatch = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", @@ -139,6 +194,17 @@ var ( // execute go mod tidy in replaced-with-local-path folder GoModReplacedWithLocalPath = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", @@ -167,6 +233,17 @@ var ( // execute go mod tidy in replaced-with-local-path-and-version folder GoModReplacedWithLocalPathAndVersion = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", @@ -195,6 +272,17 @@ var ( // execute go mod tidy in replaced-with-local-path-and-version-mismatch folder GoModReplacedWithLocalPathAndVersionMismatch = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", @@ -229,6 +317,17 @@ var ( // execute go mod tidy in go116 folder GoMod116 = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", @@ -245,6 +344,17 @@ var ( // execute go mod tidy in no-go-version folder GoModNoGoVersion = []types.Library{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + ExternalReferences: []types.ExternalRef{ + { + Type: types.RefVCS, + URL: "https://github.com/org/repo", + }, + }, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20211224170007-df43bca6b6ff", Name: "github.com/aquasecurity/go-dep-parser", diff --git a/pkg/fanal/analyzer/language/golang/mod/mod_test.go b/pkg/fanal/analyzer/language/golang/mod/mod_test.go index d9a5254e1953..c667170af7a6 100644 --- a/pkg/fanal/analyzer/language/golang/mod/mod_test.go +++ b/pkg/fanal/analyzer/language/golang/mod/mod_test.go @@ -32,6 +32,11 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { Type: types.GoModule, FilePath: "go.mod", Libraries: types.Packages{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237", Name: "github.com/aquasecurity/go-dep-parser", @@ -67,6 +72,11 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { Type: types.GoModule, FilePath: "go.mod", Libraries: types.Packages{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + }, { ID: "github.com/sad/sad@v0.0.1", Name: "github.com/sad/sad", @@ -90,6 +100,11 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { Type: types.GoModule, FilePath: "go.mod", Libraries: types.Packages{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20230219131432-590b1dfb6edd", Name: "github.com/aquasecurity/go-dep-parser", @@ -125,6 +140,11 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) { Type: types.GoModule, FilePath: "go.mod", Libraries: types.Packages{ + { + ID: "github.com/org/repo", + Name: "github.com/org/repo", + Relationship: types.RelationshipRoot, + }, { ID: "github.com/aquasecurity/go-dep-parser@v0.0.0-20230219131432-590b1dfb6edd", Name: "github.com/aquasecurity/go-dep-parser",