fix(go): 间接依赖识别错误

reverse-direction-god · reverse-direction-god · commit eb29d0a55e0b · 2025-02-28T14:48:57.000+08:00
diff --git a/module/go_mod/error.go b/module/go_mod/error.go
diff --git a/module/go_mod/goModTidy.go b/module/go_mod/goModTidy.go
@@ -0,0 +1,69 @@
+package go_mod
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"github.com/murphysecurity/murphysec/infra/logctx"
+	"go.uber.org/zap"
+	"os"
+	"os/exec"
+	"strings"
+)
+
+const (
+	sourceError = "no secure protocol found for repository"
+)
+
+func setPrivate(ctx context.Context, privateUrl string) error {
+
+	privateUrlList := os.Getenv("GOPRIVATE")
+	privateUrlList = privateUrlList + "," + privateUrl
+	if err := os.Setenv("GOPRIVATE", privateUrlList); err != nil {
+		logctx.Use(ctx).Error("Failed to set GOPRIVATE", zap.Error(err))
+		return err
+	}
+	logctx.Use(ctx).Info("set GOPRIVATE = " + privateUrlList)
+	return nil
+}
+func goModTidyError(ctx context.Context, msg string) error {
+	if strings.Contains(msg, sourceError) {
+		var privateUrl string
+		if u := strings.Split(msg, "/"); len(u) > 1 {
+			privateUrl = u[0]
+			if privateUrl != "" {
+				return setPrivate(ctx, privateUrl)
+			}
+		}
+	}
+	return nil
+}
+func goModTidy(ctx context.Context, path string) error {
+	logger := logctx.Use(ctx)
+	var stdErr bytes.Buffer
+	var againBol = false
+	logger.Debug("go mod tidy :" + path)
+again:
+
+	cmd := exec.Command("go", "mod", "tidy")
+	cmd.Stderr = &stdErr
+	cmd.Dir = path
+	if err := cmd.Start(); err != nil {
+		logctx.Use(ctx).Error("Command finished with error" + err.Error())
+		return err
+	}
+	cmd.Wait()
+
+	if againBol {
+		return errors.New(stdErr.String())
+	}
+	if stdErr.Len() > 0 {
+		if err := goModTidyError(ctx, stdErr.String()); err != nil {
+			return err
+		} else {
+			againBol = true
+			goto again
+		}
+	}
+	return nil
+}
diff --git a/module/go_mod/gotree.go b/module/go_mod/gotree.go
@@ -53,22 +53,10 @@ func checkNetworkEnvironment(ctx context.Context) bool {
 	}
 	return false
 }
-func goModTidy(ctx context.Context, path string) error {
-	logger := logctx.Use(ctx)
-	logger.Debug("go mod tidy :" + path)
-	_, err := os.Stat(path)
-	if err != nil {
-		cmd := exec.Command("go", "mod", "tidy")
-		if err := cmd.Start(); err != nil {
-			return err
-		}
-	}
-	return nil
-}
+
 func buildScan(ctx context.Context) error {
 	task := model.UseInspectionTask(ctx)
 	logger := logctx.Use(ctx)
-
 	if !checkNetworkEnvironment(ctx) {
 		return errors.New("network environment error")
 	}
@@ -114,7 +102,6 @@ func buildScan(ctx context.Context) error {
 		ModuleName:     modName,
 		Dependencies:   dependencies,
 	}
-
 	task.AddModule(m)
 	return nil
 }
@@ -140,7 +127,9 @@ func buildingDependencyTree(dInfo map[string]string, d *model.DependencyItem, so
 					IsDirectDependency: false,
 				}
 				(*packageToPackageUsed)[d.CompName] = append((*packageToPackageUsed)[d.CompName], j)
-				d.Dependencies = append(d.Dependencies, buildingDependencyTree(dInfo, &mod, sonTree, packageToPackageUsed, logger))
+				t := buildingDependencyTree(dInfo, &mod, sonTree, packageToPackageUsed, logger)
+				t.IsDirectDependency = false
+				d.Dependencies = append(d.Dependencies, t)
 			}
 		}
 	}
@@ -294,7 +283,7 @@ func readGraphCmd(ctx context.Context, dir string, directDependencyList map[stri
 			}
 			sonTree[name] = append(sonTree[name], n)
 		}
-		logger.Debug("go: " + text)
+		// logger.Debug("go: " + text)
 	}
 	stdout.Close()
 	if err := cmd.Wait(); err != nil {

Original file line number	Diff line number	Diff line change
`@@ -53,22 +53,10 @@ func checkNetworkEnvironment(ctx context.Context) bool {`
`53`	`53`	`}`
`54`	`54`	`return false`
`55`	`55`	`}`
`56`		`-func goModTidy(ctx context.Context, path string) error {`
`57`		`- logger := logctx.Use(ctx)`
`58`		`- logger.Debug("go mod tidy :" + path)`
`59`		`- _, err := os.Stat(path)`
`60`		`- if err != nil {`
`61`		`- cmd := exec.Command("go", "mod", "tidy")`
`62`		`- if err := cmd.Start(); err != nil {`
`63`		`- return err`
`64`		`- }`
`65`		`- }`
`66`		`- return nil`
`67`		`-}`
	`56`	`+`
`68`	`57`	`func buildScan(ctx context.Context) error {`
`69`	`58`	`task := model.UseInspectionTask(ctx)`
`70`	`59`	`logger := logctx.Use(ctx)`
`71`		`-`
`72`	`60`	`if !checkNetworkEnvironment(ctx) {`
`73`	`61`	`return errors.New("network environment error")`
`74`	`62`	`}`
`@@ -114,7 +102,6 @@ func buildScan(ctx context.Context) error {`
`114`	`102`	`ModuleName: modName,`
`115`	`103`	`Dependencies: dependencies,`
`116`	`104`	`}`
`117`		`-`
`118`	`105`	`task.AddModule(m)`
`119`	`106`	`return nil`
`120`	`107`	`}`
`@@ -140,7 +127,9 @@ func buildingDependencyTree(dInfo map[string]string, d *model.DependencyItem, so`
`140`	`127`	`IsDirectDependency: false,`
`141`	`128`	`}`
`142`	`129`	`(packageToPackageUsed)[d.CompName] = append((packageToPackageUsed)[d.CompName], j)`
`143`		`- d.Dependencies = append(d.Dependencies, buildingDependencyTree(dInfo, &mod, sonTree, packageToPackageUsed, logger))`
	`130`	`+ t := buildingDependencyTree(dInfo, &mod, sonTree, packageToPackageUsed, logger)`
	`131`	`+ t.IsDirectDependency = false`
	`132`	`+ d.Dependencies = append(d.Dependencies, t)`
`144`	`133`	`}`
`145`	`134`	`}`
`146`	`135`	`}`
`@@ -294,7 +283,7 @@ func readGraphCmd(ctx context.Context, dir string, directDependencyList map[stri`
`294`	`283`	`}`
`295`	`284`	`sonTree[name] = append(sonTree[name], n)`
`296`	`285`	`}`
`297`		`- logger.Debug("go: " + text)`
	`286`	`+ // logger.Debug("go: " + text)`
`298`	`287`	`}`
`299`	`288`	`stdout.Close()`
`300`	`289`	`if err := cmd.Wait(); err != nil {`