oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: go binary replace handling in path (#4156)

Browse Source 
* Fix issue with relative paths on go binary

Signed-off-by: Stepan <stepworm@yandex.ru>

* Linting

Signed-off-by: Stepan <stepworm@yandex.ru>

---------

Signed-off-by: Stepan <stepworm@yandex.ru>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
Stepan 2025-10-29 18:59:47 +03:00 committed by GitHub
parent c5c1454848
commit efc2f0012c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 74 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
syft/pkg/cataloger/golang/package.go
View File

@ -10,7 +10,14 @@ import (
) )
func (c *goBinaryCataloger) newGoBinaryPackage(dep *debug.Module, m pkg.GolangBinaryBuildinfoEntry, licenses []pkg.License, locations ...file.Location) pkg.Package { func (c *goBinaryCataloger) newGoBinaryPackage(dep *debug.Module, m pkg.GolangBinaryBuildinfoEntry, licenses []pkg.License, locations ...file.Location) pkg.Package {
// Similar to syft/pkg/cataloger/golang/parse_go_mod.go logic - use original path for relative replacements
finalPath := dep.Path
if dep.Replace != nil { if dep.Replace != nil {
if strings.HasPrefix(dep.Replace.Path, ".") || strings.HasPrefix(dep.Replace.Path, "/") {
finalPath = dep.Path
} else {
finalPath = dep.Replace.Path
}
dep = dep.Replace dep = dep.Replace
} }
@ -23,10 +30,10 @@ func (c *goBinaryCataloger) newGoBinaryPackage(dep *debug.Module, m pkg.GolangBi
} }
p := pkg.Package{ p := pkg.Package{
Name: dep.Path, Name: finalPath,
Version: version, Version: version,
Licenses: pkg.NewLicenseSet(licenses...), Licenses: pkg.NewLicenseSet(licenses...),
PURL: packageURL(dep.Path, version), PURL: packageURL(finalPath, version),
Language: pkg.Go, Language: pkg.Go,
Type: pkg.GoModulePkg, Type: pkg.GoModulePkg,
Locations: file.NewLocationSet(locations...), Locations: file.NewLocationSet(locations...),

65
syft/pkg/cataloger/golang/package_test.go
View File

@ -1,6 +1,7 @@
package golang package golang
import ( import (
"runtime/debug"
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -54,3 +55,67 @@ func Test_packageURL(t *testing.T) {
}) })
} }
} }
func Test_newGoBinaryPackage_relativeReplace(t *testing.T) {
tests := []struct {
name string
dep *debug.Module
expectedName string
}{
{
name: "relative replace with ../",
dep: &debug.Module{
Path: "github.com/aws/aws-sdk-go-v2",
Version: "(devel)",
Replace: &debug.Module{
Path: "../../",
Version: "(devel)",
},
},
expectedName: "github.com/aws/aws-sdk-go-v2", // should use original path, not relative
},
{
name: "relative replace with ./",
dep: &debug.Module{
Path: "github.com/example/module",
Version: "v1.0.0",
Replace: &debug.Module{
Path: "./local",
Version: "v0.0.0",
},
},
expectedName: "github.com/example/module", // should use original path
},
{
name: "absolute replace",
dep: &debug.Module{
Path: "github.com/old/module",
Version: "v1.0.0",
Replace: &debug.Module{
Path: "github.com/new/module",
Version: "v2.0.0",
},
},
expectedName: "github.com/new/module", // should use replacement path
},
{
name: "no replace",
dep: &debug.Module{
Path: "github.com/normal/module",
Version: "v1.0.0",
},
expectedName: "github.com/normal/module", // should use original path
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
cataloger := &goBinaryCataloger{}
result := cataloger.newGoBinaryPackage(test.dep, pkg.GolangBinaryBuildinfoEntry{}, nil)
assert.Equal(t, test.expectedName, result.Name)
assert.Equal(t, pkg.Go, result.Language)
assert.Equal(t, pkg.GoModulePkg, result.Type)
})
}
}