Merge pull request #69 from SocketDev/support-go

Add Golang support
SocketDev · Aug 1, 2023 · c8b16d3 · c8b16d3
2 parents ae2f58c + 524b9bd
commit c8b16d3
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -26,10 +26,10 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
 
 * `socket report create <path(s)-to-folder-or-file>` - creates a report on [socket.dev](https://socket.dev/)
 
-  Uploads the specified `package.json` and lock files for JavaScript and Python dependency manifests.
+  Uploads the specified `package.json` and lock files for JavaScript, Python, and Go dependency manifests.
   If any folder is specified, the ones found in there recursively are uploaded.
 
-  Supports globbing such as `**/package.json`, `**/requirements.txt`, and `**/pyproject.toml`.
+  Supports globbing such as `**/package.json`, `**/requirements.txt`, `**/pyproject.toml`, and `**/go.mod`.
 
   Ignores any file specified in your project's `.gitignore`, the `projectIgnorePaths` in your project's [`socket.yml`](https://docs.socket.dev/docs/socket-yml) and on top of that has a sensible set of [default ignores](https://www.npmjs.com/package/ignore-by-default)
 

diff --git a/lib/commands/report/create.js b/lib/commands/report/create.js
@@ -107,10 +107,10 @@ async function setupCommand (name, description, argv, importMeta) {
     Usage
       $ ${name} <paths-to-package-folders-and-files>
 
-    Uploads the specified "package.json" and lock files for JavaScript and Python dependency manifests.
+    Uploads the specified "package.json" and lock files for JavaScript, Python, and Go dependency manifests.
     If any folder is specified, the ones found in there recursively are uploaded.
 
-    Supports globbing such as "**/package.json", "**/requirements.txt", and "**/pyproject.toml".
+    Supports globbing such as "**/package.json", "**/requirements.txt", "**/pyproject.toml", and "**/go.mod".
 
     Ignores any file specified in your project's ".gitignore", your project's
     "socket.yml" file's "projectIgnorePaths" and also has a sensible set of

diff --git a/lib/utils/path-resolve.js b/lib/utils/path-resolve.js
@@ -100,6 +100,10 @@ export async function mapGlobEntryToFiles (entry, supportedFiles) {
   let jsLockFiles = []
   /** @type {string[]} */
   let pyFiles = []
+  /** @type {string|undefined} */
+  let pkgGoFile
+  /** @type {string[]} */
+  let goExtraFiles = []
 
   const jsSupported = supportedFiles['npm'] || {}
   const jsLockFilePatterns = Object.keys(jsSupported)
@@ -108,10 +112,20 @@ export async function mapGlobEntryToFiles (entry, supportedFiles) {
 
   const pyFilePatterns = Object.values(supportedFiles['pypi'] || {})
     .map(p => /** @type {{ pattern: string }} */ (p).pattern)
+
+  const goSupported = supportedFiles['go'] || {}
+  const goSupplementalPatterns = Object.keys(goSupported)
+    .filter(key => key !== 'gomod')
+    .map(key => /** @type {{ pattern: string }} */ (goSupported[key]).pattern)
+
   if (entry.endsWith('/')) {
     // If the match is a folder and that folder contains a package.json file, then include it
-    const filePath = path.resolve(entry, 'package.json')
-    if (await fileExists(filePath)) pkgJSFile = filePath
+    const jsPkg = path.resolve(entry, 'package.json')
+    if (await fileExists(jsPkg)) pkgJSFile = jsPkg
+
+    const goPkg = path.resolve(entry, 'go.mod')
+    if (await fileExists(goPkg)) pkgGoFile = goPkg
+
     pyFiles = await globby(pyFilePatterns, {
       ...BASE_GLOBBY_OPTS,
       cwd: entry
@@ -126,6 +140,11 @@ export async function mapGlobEntryToFiles (entry, supportedFiles) {
       jsLockFiles = [entry]
       pkgJSFile = path.resolve(path.dirname(entry), 'package.json')
       if (!(await fileExists(pkgJSFile))) return []
+    } else if (entryFile === 'go.mod') {
+      pkgGoFile = entry
+    } else if (micromatch.isMatch(entryFile, goSupplementalPatterns)) {
+      goExtraFiles = [entry]
+      pkgGoFile = path.resolve(path.dirname(entry), 'go.mod')
     } else if (micromatch.isMatch(entryFile, pyFilePatterns)) {
       pyFiles = [entry]
     }
@@ -141,7 +160,19 @@ export async function mapGlobEntryToFiles (entry, supportedFiles) {
     })
   }
 
-  return [...jsLockFiles, ...pyFiles].concat(pkgJSFile ? [pkgJSFile] : [])
+  if (!goExtraFiles.length && pkgGoFile) {
+    // get go.sum whenever possible
+    const pkgDir = path.dirname(pkgGoFile)
+
+    goExtraFiles = await globby(goSupplementalPatterns, {
+      ...BASE_GLOBBY_OPTS,
+      cwd: pkgDir
+    })
+  }
+
+  return [...jsLockFiles, ...pyFiles, ...goExtraFiles]
+    .concat(pkgJSFile ? [pkgJSFile] : [])
+    .concat(pkgGoFile ? [pkgGoFile] : [])
 }
 
 /**