mirror of
https://github.com/ossf/scorecard.git
synced 2024-11-04 20:30:19 +03:00
✨ Handle vendored repos dependency
*Handle vendored repos for go dependency * Add additional repositories for projects.txt
This commit is contained in:
parent
f02df30b61
commit
9397708318
@ -2624,3 +2624,260 @@ github.com/nhooyr/websocket,
|
||||
github.com/rsc/binaryregexp,
|
||||
github.com/rsc/quote,
|
||||
github.com/rsc/sampler,
|
||||
github.com/MakeNowJust/heredoc,
|
||||
github.com/NYTimes/gziphandler,
|
||||
github.com/PuerkitoBio/urlesc,
|
||||
github.com/asaskevich/govalidator,
|
||||
github.com/chai2010/gettext-go,
|
||||
github.com/checkpoint-restore/go-criu,
|
||||
github.com/cilium/ebpf,
|
||||
github.com/containerd/console,
|
||||
github.com/containerd/ttrpc,
|
||||
github.com/cpuguy83/go-md2man,
|
||||
github.com/cyphar/filepath-securejoin,
|
||||
github.com/daviddengcn/go-colortext,
|
||||
github.com/dustin/go-humanize,
|
||||
github.com/euank/go-kmsg-parser,
|
||||
github.com/exponent-io/jsonpath,
|
||||
github.com/fatih/camelcase,
|
||||
github.com/fvbommel/sortorder,
|
||||
github.com/go-errors/errors,
|
||||
github.com/go-logr/logr,
|
||||
github.com/go-openapi/jsonpointer,
|
||||
github.com/go-openapi/jsonreference,
|
||||
github.com/go-openapi/swag,
|
||||
github.com/godbus/dbus,
|
||||
github.com/google/shlex,
|
||||
github.com/googleapis/gax-go,
|
||||
github.com/imdario/mergo,
|
||||
github.com/karrick/godirwalk,
|
||||
github.com/liggitt/tabwriter,
|
||||
github.com/mailru/easyjson,
|
||||
github.com/mindprince/gonvml,
|
||||
github.com/mistifyio/go-zfs,
|
||||
github.com/mitchellh/go-wordwrap,
|
||||
github.com/moby/spdystream,
|
||||
github.com/moby/sys,
|
||||
github.com/moby/term,
|
||||
github.com/monochromegane/go-gitignore,
|
||||
github.com/morikuni/aec,
|
||||
github.com/mxk/go-flowrate,
|
||||
github.com/opencontainers/image-spec,
|
||||
github.com/opencontainers/runtime-spec,
|
||||
github.com/pquerna/cachecontrol,
|
||||
github.com/rubiojr/go-vhd,
|
||||
github.com/russross/blackfriday,
|
||||
github.com/satori/go.uuid,
|
||||
github.com/syndtr/gocapability,
|
||||
github.com/vishvananda/netns,
|
||||
github.com/willf/bitset,
|
||||
github.com/xlab/treeprint,
|
||||
github.com/Azure/azure-amqp-common-go,
|
||||
github.com/cncf/udpa,
|
||||
github.com/go-playground/assert,
|
||||
github.com/go-playground/validator,
|
||||
github.com/google/go-replayers,
|
||||
github.com/sigstore/cosign,
|
||||
github.com/Azure/go-ansiterm,
|
||||
github.com/Knetic/govaluate,
|
||||
github.com/Masterminds/goutils,
|
||||
github.com/Masterminds/semver,
|
||||
github.com/Masterminds/sprig,
|
||||
github.com/OpenPeeDeeP/depguard,
|
||||
github.com/Shopify/toxiproxy,
|
||||
github.com/StackExchange/wmi,
|
||||
github.com/VividCortex/gohistogram,
|
||||
github.com/afex/hystrix-go,
|
||||
github.com/agnivade/levenshtein,
|
||||
github.com/andreyvit/diff,
|
||||
github.com/aokoli/goutils,
|
||||
github.com/armon/consul-api,
|
||||
github.com/aryann/difflib,
|
||||
github.com/aws/aws-lambda-go,
|
||||
github.com/aws/aws-sdk-go-v2,
|
||||
github.com/bytecodealliance/wasmtime-go,
|
||||
github.com/casbin/casbin,
|
||||
github.com/cavaliercoder/badio,
|
||||
github.com/cavaliercoder/go-cpio,
|
||||
github.com/cavaliercoder/go-rpm,
|
||||
github.com/cenkalti/backoff,
|
||||
github.com/clbanning/x2j,
|
||||
github.com/cockroachdb/datadriven,
|
||||
github.com/codahale/hdrhistogram,
|
||||
github.com/containerd/stargz-snapshotter,
|
||||
github.com/coreos/go-etcd,
|
||||
github.com/docker/docker-credential-helpers,
|
||||
github.com/docopt/docopt-go,
|
||||
github.com/eapache/go-resiliency,
|
||||
github.com/eapache/go-xerial-snappy,
|
||||
github.com/eapache/queue,
|
||||
github.com/edsrzf/mmap-go,
|
||||
github.com/flynn/go-docopt,
|
||||
github.com/franela/goblin,
|
||||
github.com/franela/goreq,
|
||||
github.com/fullstorydev/grpcurl,
|
||||
github.com/gabriel-vasile/mimetype,
|
||||
github.com/globalsign/mgo,
|
||||
github.com/go-chi/chi,
|
||||
github.com/go-critic/go-critic,
|
||||
github.com/go-lintpack/lintpack,
|
||||
github.com/go-ole/go-ole,
|
||||
github.com/go-openapi/analysis,
|
||||
github.com/go-openapi/errors,
|
||||
github.com/go-openapi/loads,
|
||||
github.com/go-openapi/runtime,
|
||||
github.com/go-openapi/strfmt,
|
||||
github.com/go-openapi/validate,
|
||||
github.com/go-piv/piv-go,
|
||||
github.com/go-test/deep,
|
||||
github.com/go-toolsmith/astcast,
|
||||
github.com/go-toolsmith/astcopy,
|
||||
github.com/go-toolsmith/astequal,
|
||||
github.com/go-toolsmith/astfmt,
|
||||
github.com/go-toolsmith/astinfo,
|
||||
github.com/go-toolsmith/astp,
|
||||
github.com/go-toolsmith/pkgload,
|
||||
github.com/go-toolsmith/strparse,
|
||||
github.com/go-toolsmith/typep,
|
||||
github.com/gobuffalo/attrs,
|
||||
github.com/gobuffalo/depgen,
|
||||
github.com/gobuffalo/envy,
|
||||
github.com/gobuffalo/flect,
|
||||
github.com/gobuffalo/genny,
|
||||
github.com/gobuffalo/gitgen,
|
||||
github.com/gobuffalo/gogen,
|
||||
github.com/gobuffalo/logger,
|
||||
github.com/gobuffalo/mapi,
|
||||
github.com/gobuffalo/packd,
|
||||
github.com/gobuffalo/packr,
|
||||
github.com/gobuffalo/syncx,
|
||||
github.com/gobwas/glob,
|
||||
github.com/gogo/googleapis,
|
||||
github.com/golangci/check,
|
||||
github.com/golangci/dupl,
|
||||
github.com/golangci/errcheck,
|
||||
github.com/golangci/go-misc,
|
||||
github.com/golangci/go-tools,
|
||||
github.com/golangci/goconst,
|
||||
github.com/golangci/gocyclo,
|
||||
github.com/golangci/gofmt,
|
||||
github.com/golangci/gosec,
|
||||
github.com/golangci/ineffassign,
|
||||
github.com/golangci/lint-1,
|
||||
github.com/golangci/maligned,
|
||||
github.com/golangci/misspell,
|
||||
github.com/golangci/prealloc,
|
||||
github.com/golangci/revgrep,
|
||||
github.com/golangci/unconvert,
|
||||
github.com/google/certificate-transparency-go,
|
||||
github.com/google/go-containerregistry,
|
||||
github.com/google/monologue,
|
||||
github.com/google/rpmpack,
|
||||
github.com/google/trillian,
|
||||
github.com/google/trillian-examples,
|
||||
github.com/gordonklaus/ineffassign,
|
||||
github.com/gorilla/context,
|
||||
github.com/gorilla/mux,
|
||||
github.com/gostaticanalysis/analysisutil,
|
||||
github.com/hashicorp/go-version,
|
||||
github.com/huandu/xstrings,
|
||||
github.com/hudl/fargo,
|
||||
github.com/influxdata/influxdb1-client,
|
||||
github.com/jedisct1/go-minisign,
|
||||
github.com/jhump/protoreflect,
|
||||
github.com/joefitzgerald/rainbow-reporter,
|
||||
github.com/josharian/intern,
|
||||
github.com/jpillora/backoff,
|
||||
github.com/juju/ansiterm,
|
||||
github.com/juju/ratelimit,
|
||||
github.com/klauspost/cpuid,
|
||||
github.com/kr/fs,
|
||||
github.com/kylelemons/godebug,
|
||||
github.com/letsencrypt/pkcs11key,
|
||||
github.com/lightstep/lightstep-tracer-common,
|
||||
github.com/lightstep/lightstep-tracer-go,
|
||||
github.com/logrusorgru/aurora,
|
||||
github.com/lunixbochs/vtclean,
|
||||
github.com/lyft/protoc-gen-validate,
|
||||
github.com/manifoldco/promptui,
|
||||
github.com/markbates/oncer,
|
||||
github.com/markbates/safe,
|
||||
github.com/mattn/go-runewidth,
|
||||
github.com/mattn/go-sqlite3,
|
||||
github.com/mattn/goveralls,
|
||||
github.com/maxbrunsfeld/counterfeiter,
|
||||
github.com/mediocregopher/radix,
|
||||
github.com/miekg/pkcs11,
|
||||
github.com/mitchellh/copystructure,
|
||||
github.com/mitchellh/go-ps,
|
||||
github.com/mitchellh/reflectwalk,
|
||||
github.com/montanaflynn/stats,
|
||||
github.com/mozilla/tls-observatory,
|
||||
github.com/mwitkow/go-proto-validators,
|
||||
github.com/nats-io/jwt,
|
||||
github.com/nats-io/nats-server,
|
||||
github.com/nats-io/nats.go,
|
||||
github.com/nats-io/nkeys,
|
||||
github.com/nats-io/nuid,
|
||||
github.com/nbutton23/zxcvbn-go,
|
||||
github.com/nishanths/predeclared,
|
||||
github.com/oklog/oklog,
|
||||
github.com/oklog/run,
|
||||
github.com/olekukonko/tablewriter,
|
||||
github.com/op/go-logging,
|
||||
github.com/opentracing-contrib/go-observer,
|
||||
github.com/opentracing/basictracer-go,
|
||||
github.com/opentracing/opentracing-go,
|
||||
github.com/openzipkin-contrib/zipkin-go-opentracing,
|
||||
github.com/openzipkin/zipkin-go,
|
||||
github.com/pact-foundation/pact-go,
|
||||
github.com/pborman/uuid,
|
||||
github.com/performancecopilot/speed,
|
||||
github.com/peterbourgon/ff,
|
||||
github.com/peterh/liner,
|
||||
github.com/pierrec/lz4,
|
||||
github.com/pkg/profile,
|
||||
github.com/pkg/sftp,
|
||||
github.com/pseudomuto/protoc-gen-doc,
|
||||
github.com/pseudomuto/protokit,
|
||||
github.com/quasilyte/go-consistent,
|
||||
github.com/rcrowley/go-metrics,
|
||||
github.com/rs/cors,
|
||||
github.com/ryanuber/go-glob,
|
||||
github.com/samuel/go-zookeeper,
|
||||
github.com/sclevine/spec,
|
||||
github.com/segmentio/ksuid,
|
||||
github.com/sergi/go-diff,
|
||||
github.com/shirou/w32,
|
||||
github.com/shurcooL/go,
|
||||
github.com/shurcooL/go-goon,
|
||||
github.com/sigstore/fulcio,
|
||||
github.com/sigstore/rekor,
|
||||
github.com/sigstore/sigstore,
|
||||
github.com/skratchdot/open-golang,
|
||||
github.com/sony/gobreaker,
|
||||
github.com/sourcegraph/go-diff,
|
||||
github.com/streadway/amqp,
|
||||
github.com/streadway/handy,
|
||||
github.com/tent/canonical-json-go,
|
||||
github.com/theupdateframework/go-tuf,
|
||||
github.com/tidwall/pretty,
|
||||
github.com/tilinna/clock,
|
||||
github.com/timakin/bodyclose,
|
||||
github.com/tomasen/realip,
|
||||
github.com/ulikunitz/xz,
|
||||
github.com/ultraware/funlen,
|
||||
github.com/valyala/bytebufferpool,
|
||||
github.com/valyala/quicktemplate,
|
||||
github.com/valyala/tcplisten,
|
||||
github.com/vektah/gqlparser,
|
||||
github.com/xdg-go/pbkdf2,
|
||||
github.com/xdg-go/scram,
|
||||
github.com/xdg-go/stringprep,
|
||||
github.com/xdg/scram,
|
||||
github.com/xdg/stringprep,
|
||||
github.com/xeipuuv/gojsonpointer,
|
||||
github.com/xeipuuv/gojsonreference,
|
||||
github.com/xordataexchange/crypt,
|
||||
github.com/yashtewari/glob-intersection,
|
||||
github.com/youmark/pkcs8,
|
||||
|
@ -36,6 +36,7 @@ import (
|
||||
|
||||
type RepositoryDepsURL struct {
|
||||
Owner, Repo, File string
|
||||
Vendor bool
|
||||
}
|
||||
|
||||
type Repository struct {
|
||||
@ -88,7 +89,8 @@ func GetGoDeps(repo RepositoryDepsURL) []Repository {
|
||||
log.Default().Println(err)
|
||||
return nil
|
||||
}
|
||||
|
||||
//nolint
|
||||
defer os.Chdir(pwd)
|
||||
// creating temp dir for git clone
|
||||
gitDir, err := ioutil.TempDir(pwd, "")
|
||||
if err != nil {
|
||||
@ -110,7 +112,12 @@ func GetGoDeps(repo RepositoryDepsURL) []Repository {
|
||||
return nil
|
||||
}
|
||||
|
||||
cmd := exec.Command("go", "list", "-m", "all")
|
||||
var cmd *exec.Cmd
|
||||
if repo.Vendor {
|
||||
cmd = exec.Command("go", "list", "-e", "mod=vendor", "all")
|
||||
} else {
|
||||
cmd = exec.Command("go", "list", "-m", "all")
|
||||
}
|
||||
var out bytes.Buffer
|
||||
cmd.Stdout = &out
|
||||
err = cmd.Run()
|
||||
@ -126,20 +133,11 @@ func GetGoDeps(repo RepositoryDepsURL) []Repository {
|
||||
*/
|
||||
for _, l := range strings.Split(out.String(), "\n") {
|
||||
dependency := strings.Split(l, " ")[0]
|
||||
//nolint
|
||||
if strings.HasPrefix(dependency, "github.com") {
|
||||
repourl := RepoURL{}
|
||||
if err := repourl.Set(dependency); err == nil {
|
||||
repos = append(repos, Repository{repourl.String(), ""})
|
||||
}
|
||||
parseGoModURL(dependency, repos)
|
||||
} else {
|
||||
repo := getVanityRepoURL(dependency)
|
||||
if strings.Contains(repo, "github.com") {
|
||||
repourl := RepoURL{}
|
||||
if err := repourl.Set(repo); err == nil {
|
||||
repos = append(repos, Repository{repourl.String(), ""})
|
||||
}
|
||||
}
|
||||
dependency = getVanityRepoURL(dependency)
|
||||
parseGoModURL(dependency, repos)
|
||||
}
|
||||
}
|
||||
return repos
|
||||
@ -189,6 +187,11 @@ func main() {
|
||||
Owner: "sigstore",
|
||||
Repo: "cosign",
|
||||
},
|
||||
{
|
||||
Owner: "kubernetes",
|
||||
Repo: "kubernetes",
|
||||
Vendor: true,
|
||||
},
|
||||
}
|
||||
|
||||
projects, err := os.OpenFile(os.Args[1], os.O_RDWR, 0644)
|
||||
@ -285,3 +288,16 @@ func (r *RepoURL) Set(s string) error {
|
||||
r.Host, r.Owner, r.Repo = parsedURL.Host, split[0], split[1]
|
||||
return nil
|
||||
}
|
||||
|
||||
func parseGoModURL(dependency string, repos []Repository) {
|
||||
repourl := RepoURL{}
|
||||
splitURL := strings.Split(dependency, "/")
|
||||
if len(splitURL) < 3 {
|
||||
return
|
||||
}
|
||||
u := fmt.Sprintf("%s/%s/%s", splitURL[0], splitURL[1], splitURL[2])
|
||||
var err error
|
||||
if err = repourl.Set(u); err == nil {
|
||||
repos = append(repos, Repository{repourl.String(), ""})
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user