Merge pull request #224 from sauyon/no-vendor

Skip vendor directories for go.mod extraction
2026-01-29 14:23:03 +01:00 · 2020-10-15 11:03:26 +01:00
parent b2fef01d28 2e73f3efd1
commit 4746789fe8
47 changed files with 305 additions and 224 deletions
--- a/change-notes/2020-10-01-gomod-extraction.md
+++ b/change-notes/2020-10-01-gomod-extraction.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The extractor now only extracts go.mod files belonging to extracted packages. In particular, vendored go.mod files will no longer be extracted unless the vendored package is explicitly passed to the extractor. This will remove unexpected `GoModExpr` and similar expressions seen by queries.
--- a/extractor/extractor.go
+++ b/extractor/extractor.go
@@ -178,6 +178,23 @@ func ExtractWithFlags(buildFlags []string, patterns []string) error {
 			}

 			extractPackage(pkg, &wg, goroutineSem, fdSem)
+
+			if pkgRoots[pkg.PkgPath] != "" {
+				modPath := filepath.Join(pkgRoots[pkg.PkgPath], "go.mod")
+				if util.FileExists(modPath) {
+					log.Printf("Extracting %s", modPath)
+					start := time.Now()
+
+					err := extractGoMod(modPath)
+					if err != nil {
+						log.Printf("Failed to extract go.mod: %s", err.Error())
+					}
+
+					end := time.Since(start)
+					log.Printf("Done extracting %s (%dms)", modPath, end.Nanoseconds()/1000000)
+				}
+			}
+
 			return
 		}

@@ -187,46 +204,6 @@ func ExtractWithFlags(buildFlags []string, patterns []string) error {
 	wg.Wait()

 	log.Println("Done extracting packages.")
-	log.Println("Starting to extract go.mod files.")
-
-	cwd, err := os.Getwd()
-	if err != nil {
-		log.Printf("Warning: unable to get working directory: %s", err.Error())
-		log.Println("Skipping go.mod extraction")
-	}
-	rcwd, err := filepath.EvalSymlinks(cwd)
-	if err == nil {
-		cwd = rcwd
-	}
-
-	goModPaths := make([]string, 0, 10)
-
-	filepath.Walk(cwd, func(path string, info os.FileInfo, err error) error {
-		if filepath.Base(path) == "go.mod" && info != nil && info.Mode().IsRegular() {
-			if err != nil {
-				log.Printf("Found go.mod with path %s, but encountered error %s", path, err.Error())
-			}
-
-			goModPaths = append(goModPaths, path)
-		}
-
-		return nil
-	})
-
-	for _, path := range goModPaths {
-		log.Printf("Extracting %s", path)
-		start := time.Now()
-
-		err := extractGoMod(path)
-		if err != nil {
-			log.Printf("Failed to extract go.mod: %s", err.Error())
-		}
-
-		end := time.Since(start)
-		log.Printf("Done extracting %s (%dms)", path, end.Nanoseconds()/1000000)
-	}
-
-	log.Println("Done extracting go.mod files.")

 	return nil
 }
--- a/ql/test/extractor-tests/go-mod-comments/stub.go
+++ b/ql/test/extractor-tests/go-mod-comments/stub.go
@@ -0,0 +1,3 @@
+package main
+
+func main() {}
--- a/ql/test/library-tests/semmle/go/GoModExpr/ExcludeLines.expected
+++ b/ql/test/library-tests/semmle/go/GoModExpr/ExcludeLines.expected
@@ -1,3 +0,0 @@
-| pkg1/go.mod:10:1:10:44 | go.mod exclude line | codeql-go-tests/gomod/dep1 | github.com/github/codeql-go | v1.23.1 |
-| pkg2/go.mod:15:2:15:35 | go.mod exclude line | codeql-go-tests/gomod/dep2 | github.com/sirupsen/logrus | v1.4.2 |
-| pkg2/go.mod:16:2:16:37 | go.mod exclude line | codeql-go-tests/gomod/dep2 | github.com/github/codeql-go | v1.23.1 |
--- a/ql/test/library-tests/semmle/go/GoModExpr/ExcludeLines.ql
+++ b/ql/test/library-tests/semmle/go/GoModExpr/ExcludeLines.ql
@@ -1,4 +0,0 @@
-import go
-
-from GoModExcludeLine excl
-select excl, excl.getModulePath(), excl.getPath(), excl.getVersion()
--- a/ql/test/library-tests/semmle/go/GoModExpr/GoModExprs.expected
+++ b/ql/test/library-tests/semmle/go/GoModExpr/GoModExprs.expected
@@ -0,0 +1,3 @@
+missingRequire
+missingExclude
+missingReplace
--- a/ql/test/library-tests/semmle/go/GoModExpr/GoModExprs.ql
+++ b/ql/test/library-tests/semmle/go/GoModExpr/GoModExprs.ql
@@ -0,0 +1,88 @@
+import go
+
+/**
+ * Holds if there exists a comment on the same line as `l`
+ * that contains the substring "`kind`,`dep`,`ver`".
+ */
+predicate metadata(Locatable l, string kind, string mod, string dep, string ver) {
+  exists(string f, int line, Comment c, string text |
+    l.hasLocationInfo(f, line, _, _, _) and
+    c.hasLocationInfo(f, line, _, _, _)
+  |
+    text = c.getText().regexpFind("\\b([^,\\s]+,[^,]+,[^,]+,[^,\\s]+)", _, _) and
+    kind = text.regexpCapture("([^,]+),([^,]+),([^,]+),([^,]+)", 1) and
+    mod = text.regexpCapture("([^,]+),([^,]+),([^,]+),([^,]+)", 2) and
+    dep = text.regexpCapture("([^,]+),([^,]+),([^,]+),([^,]+)", 3) and
+    ver = text.regexpCapture("([^,]+),([^,]+),([^,]+),([^,]+)", 4)
+  )
+}
+
+query predicate missingRequire(string mod, string dep, string ver, int line) {
+  exists(Locatable l | metadata(l, "RequireLine", mod, dep, ver) |
+    l.hasLocationInfo(_, line, _, _, _)
+  ) and
+  not exists(GoModRequireLine req |
+    req.getModulePath() = mod and
+    req.getPath() = dep and
+    req.getVersion() = ver and
+    metadata(req, "RequireLine", mod, dep, ver) and
+    req.hasLocationInfo(_, line, _, _, _)
+  )
+}
+
+query predicate missingExclude(string mod, string dep, string ver, int line) {
+  exists(Locatable l | metadata(l, "ExcludeLine", mod, dep, ver) |
+    l.hasLocationInfo(_, line, _, _, _)
+  ) and
+  not exists(GoModExcludeLine exc |
+    exc.getModulePath() = mod and
+    exc.getPath() = dep and
+    exc.getVersion() = ver and
+    metadata(exc, "ExcludeLine", mod, dep, ver) and
+    exc.hasLocationInfo(_, line, _, _, _)
+  )
+}
+
+/**
+ * Holds if there exists a comment on the same line as `l`
+ * that contains the substring "ReplaceLine,`mod`,`dep`,`dver`,`rep`,`rver`".
+ */
+predicate repmetadata(Locatable l, string mod, string dep, string dver, string rep, string rver) {
+  exists(string f, int line, Comment c, string text |
+    l.hasLocationInfo(f, line, _, _, _) and
+    c.hasLocationInfo(f, line, _, _, _)
+  |
+    text = c.getText().regexpFind("\\b(ReplaceLine,[^,]*,[^,]*,[^,]*,[^,]*,[^,\\s]*)", _, _) and
+    mod = text.regexpCapture("ReplaceLine,([^,]*),([^,]*),([^,]*),([^,]*),([^,]*)", 1) and
+    dep = text.regexpCapture("ReplaceLine,([^,]*),([^,]*),([^,]*),([^,]*),([^,]*)", 2) and
+    dver = text.regexpCapture("ReplaceLine,([^,]*),([^,]*),([^,]*),([^,]*),([^,]*)", 3) and
+    rep = text.regexpCapture("ReplaceLine,([^,]*),([^,]*),([^,]*),([^,]*),([^,]*)", 4) and
+    rver = text.regexpCapture("ReplaceLine,([^,]*),([^,]*),([^,]*),([^,]*),([^,]*)", 5)
+  )
+}
+
+query predicate missingReplace(string mod, string dep, string dver, string rep, string rver, int line) {
+  exists(Locatable l | repmetadata(l, mod, dep, dver, rep, rver) |
+    l.hasLocationInfo(_, line, _, _, _)
+  ) and
+  not exists(GoModReplaceLine repl |
+    (
+      rver = repl.getReplacementVersion()
+      or
+      not exists(repl.getReplacementVersion()) and
+      rver = ""
+    ) and
+    (
+      dver = repl.getOriginalVersion()
+      or
+      not exists(repl.getOriginalVersion()) and
+      dver = ""
+    )
+  |
+    repl.getModulePath() = mod and
+    repl.getOriginalPath() = dep and
+    repl.getReplacementPath() = rep and
+    repmetadata(repl, mod, dep, dver, rep, rver) and
+    repl.hasLocationInfo(_, line, _, _, _)
+  )
+}
--- a/ql/test/library-tests/semmle/go/GoModExpr/ReplaceLines.expected
+++ b/ql/test/library-tests/semmle/go/GoModExpr/ReplaceLines.expected
@@ -1,2 +0,0 @@
-| pkg2/go.mod:5:1:5:55 | go.mod replace line | codeql-go-tests/gomod/dep2 | github.com/Masterminds/squirrel | no version | ../squirrel | no version |
-| pkg2/go.mod:6:1:6:79 | go.mod replace line | codeql-go-tests/gomod/dep2 | github.com/Sirupsen/logrus | v1.4.1 | github.com/sirupsen/logrus | v1.4.1 |
--- a/ql/test/library-tests/semmle/go/GoModExpr/ReplaceLines.ql
+++ b/ql/test/library-tests/semmle/go/GoModExpr/ReplaceLines.ql
@@ -1,18 +0,0 @@
-import go
-
-from GoModReplaceLine repl, string origVersion, string repVersion
-where
-  (
-    repVersion = repl.getReplacementVersion()
-    or
-    not exists(repl.getReplacementVersion()) and
-    repVersion = "no version"
-  ) and
-  (
-    origVersion = repl.getOriginalVersion()
-    or
-    not exists(repl.getOriginalVersion()) and
-    origVersion = "no version"
-  )
-select repl, repl.getModulePath(), repl.getOriginalPath(), origVersion, repl.getReplacementPath(),
-  repVersion
--- a/ql/test/library-tests/semmle/go/GoModExpr/RequireLines.expected
+++ b/ql/test/library-tests/semmle/go/GoModExpr/RequireLines.expected
@@ -1,5 +0,0 @@
-| pkg1/go.mod:6:2:6:67 | go.mod require line | codeql-go-tests/gomod/dep1 | github.com/github/codeql-go | v1.23.2-0.20200302182241-5e71a04fdf30 |
-| pkg1/go.mod:7:2:7:55 | go.mod require line | codeql-go-tests/gomod/dep1 | golang.org/x/tools | v0.0.0-20200109174759-ac4f524c1612 |
-| pkg2/go.mod:8:1:8:38 | go.mod require line | codeql-go-tests/gomod/dep2 | github.com/gorilla/mux | v1.7.4 |
-| pkg2/go.mod:10:2:10:35 | go.mod require line | codeql-go-tests/gomod/dep2 | github.com/Sirupsen/logrus | v1.4.1 |
-| pkg2/go.mod:11:2:11:40 | go.mod require line | codeql-go-tests/gomod/dep2 | github.com/Masterminds/squirrel | v1.2.0 |
--- a/ql/test/library-tests/semmle/go/GoModExpr/RequireLines.ql
+++ b/ql/test/library-tests/semmle/go/GoModExpr/RequireLines.ql
@@ -1,4 +0,0 @@
-import go
-
-from GoModRequireLine req
-select req, req.getModulePath(), req.getPath(), req.getVersion()
--- a/ql/test/library-tests/semmle/go/GoModExpr/go.mod
+++ b/ql/test/library-tests/semmle/go/GoModExpr/go.mod
@@ -0,0 +1,23 @@
+module codeql-go-tests/gomod
+
+go 1.14
+
+require (
+	github.com/github/codeql-go v1.23.2-0.20200302182241-5e71a04fdf30 // indirect RequireLine,codeql-go-tests/gomod,github.com/github/codeql-go,v1.23.2-0.20200302182241-5e71a04fdf30
+	golang.org/x/tools v0.0.0-20200109174759-ac4f524c1612 // indirect RequireLine,codeql-go-tests/gomod,golang.org/x/tools,v0.0.0-20200109174759-ac4f524c1612
+)
+
+exclude github.com/github/codeql-go v1.23.1 // ExcludeLine,codeql-go-tests/gomod,github.com/github/codeql-go,v1.23.1
+
+replace github.com/Masterminds/squirrel => ./squirrel // ReplaceLine,codeql-go-tests/gomod,github.com/Masterminds/squirrel,,./squirrel,
+
+replace github.com/Sirupsen/logrus v1.4.1 => github.com/sirupsen/logrus v1.4.1 // ReplaceLine,codeql-go-tests/gomod,github.com/Sirupsen/logrus,v1.4.1,github.com/sirupsen/logrus,v1.4.1
+
+require github.com/gorilla/mux v1.7.4 // indirect RequireLine,codeql-go-tests/gomod,github.com/gorilla/mux,v1.7.4
+
+require (
+	github.com/Masterminds/squirrel v1.2.0 // indirect RequireLine,codeql-go-tests/gomod,github.com/Masterminds/squirrel,v1.2.0
+	github.com/Sirupsen/logrus v1.4.1 // indirect RequireLine,codeql-go-tests/gomod,github.com/Sirupsen/logrus,v1.4.1
+)
+
+exclude github.com/sirupsen/logrus v1.4.2 // ExcludeLine,codeql-go-tests/gomod,github.com/sirupsen/logrus,v1.4.2
--- a/ql/test/library-tests/semmle/go/GoModExpr/pkg1/go.mod
+++ b/ql/test/library-tests/semmle/go/GoModExpr/pkg1/go.mod
@@ -1,10 +0,0 @@
-module codeql-go-tests/gomod/dep1
-
-go 1.14
-
-require (
-	github.com/github/codeql-go v1.23.2-0.20200302182241-5e71a04fdf30
-	golang.org/x/tools v0.0.0-20200109174759-ac4f524c1612
-)
-
-exclude github.com/github/codeql-go v1.23.1
--- a/ql/test/library-tests/semmle/go/GoModExpr/pkg1/pkg1.go
+++ b/ql/test/library-tests/semmle/go/GoModExpr/pkg1/pkg1.go
@@ -1,16 +0,0 @@
-package pkg1
-
-import (
-	"fmt"
-
-	"github.com/github/codeql-go/extractor/dbscheme"
-	"github.com/github/codeql-go/extractor/trap"
-	"golang.org/x/tools/go/packages"
-)
-
-func usePkgs() {
-	fmt.Println(packages.NeedImports)
-	fmt.Println(dbscheme.LabelObjectType.Index())
-	var lbl trap.Label
-	fmt.Println(lbl)
-}
--- a/ql/test/library-tests/semmle/go/GoModExpr/pkg2/go.mod
+++ b/ql/test/library-tests/semmle/go/GoModExpr/pkg2/go.mod
@@ -1,17 +0,0 @@
-module codeql-go-tests/gomod/dep2
-
-go 1.14
-
-replace github.com/Masterminds/squirrel => ../squirrel
-replace github.com/Sirupsen/logrus v1.4.1 => github.com/sirupsen/logrus v1.4.1
-
-require github.com/gorilla/mux v1.7.4
-require (
-	github.com/Sirupsen/logrus v1.4.1
-	github.com/Masterminds/squirrel v1.2.0
-)
-
-exclude (
-	github.com/sirupsen/logrus v1.4.2
-	github.com/github/codeql-go v1.23.1
-)
--- a/ql/test/library-tests/semmle/go/GoModExpr/pkg2/pkg2.go
+++ b/ql/test/library-tests/semmle/go/GoModExpr/pkg2/pkg2.go
@@ -1,13 +0,0 @@
-package pkg2
-
-import (
-	"fmt"
-
-	"github.com/Masterminds/squirrel"
-	"github.com/gorilla/mux"
-	"github.com/sirupsen/logrus"
-)
-
-func useDeps() {
-
-}
--- a/ql/test/library-tests/semmle/go/GoModExpr/stub.go
+++ b/ql/test/library-tests/semmle/go/GoModExpr/stub.go
@@ -0,0 +1 @@
+package gomod
--- a/ql/test/library-tests/semmle/go/GoModExpr/vendor/modules.txt
+++ b/ql/test/library-tests/semmle/go/GoModExpr/vendor/modules.txt
@@ -0,0 +1,12 @@
+# github.com/Masterminds/squirrel v1.2.0 => ./squirrel
+## explicit
+# github.com/Sirupsen/logrus v1.4.1 => github.com/sirupsen/logrus v1.4.1
+## explicit
+# github.com/github/codeql-go v1.23.2-0.20200302182241-5e71a04fdf30
+## explicit
+# github.com/gorilla/mux v1.7.4
+## explicit
+# golang.org/x/tools v0.0.0-20200109174759-ac4f524c1612
+## explicit
+# github.com/Masterminds/squirrel => ./squirrel
+# github.com/Sirupsen/logrus v1.4.1 => github.com/sirupsen/logrus v1.4.1
--- a/ql/test/library-tests/semmle/go/dependencies/GoModDependency.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/GoModDependency.expected
@@ -1,60 +0,0 @@
-| codeql-go/go.mod:6:2:6:25 | go.mod require line | golang.org/x/mod | v0.2.0 | golang.org/x/mod | v0.2.0 |
-| codeql-go/go.mod:7:2:7:55 | go.mod require line | golang.org/x/tools | v0.0.0-20200302225559-9b52d559c609 | golang.org/x/tools | v0.0.0-20200302225559-9b52d559c609 |
-| fabric-snaps/go.mod:4:2:4:34 | go.mod require line | github.com/DATA-DOG/godog | v0.7.4 | github.com/DATA-DOG/godog | v0.7.4 |
-| fabric-snaps/go.mod:5:2:5:56 | go.mod require line | github.com/cactus/go-statsd-client | v3.1.1+incompatible | github.com/cactus/go-statsd-client | v3.1.1+incompatible |
-| fabric-snaps/go.mod:6:2:6:64 | go.mod require line | github.com/cloudflare/cfssl | v0.0.0-20180323000720-5d63dbd981b5 | github.com/cloudflare/cfssl | v0.0.0-20180323000720-5d63dbd981b5 |
-| fabric-snaps/go.mod:7:2:7:64 | go.mod require line | github.com/facebookgo/clock | v0.0.0-20150410010913-600d898af40a | github.com/facebookgo/clock | v0.0.0-20150410010913-600d898af40a |
-| fabric-snaps/go.mod:8:2:8:42 | go.mod require line | github.com/fsouza/go-dockerclient | v1.3.0 | github.com/fsouza/go-dockerclient | v1.3.0 |
-| fabric-snaps/go.mod:9:2:9:30 | go.mod require line | github.com/go-kit/kit | v0.7.0 | github.com/go-kit/kit | v0.7.0 |
-| fabric-snaps/go.mod:10:2:10:36 | go.mod require line | github.com/go-logfmt/logfmt | v0.4.0 | github.com/go-logfmt/logfmt | v0.3.0 |
-| fabric-snaps/go.mod:11:2:11:35 | go.mod require line | github.com/golang/protobuf | v1.2.0 | github.com/golang/protobuf | v1.2.0 |
-| fabric-snaps/go.mod:12:2:12:82 | go.mod require line | github.com/google/certificate-transparency-go | v0.0.0-20180219093839-391726f8973d | github.com/google/certificate-transparency-go | v0.0.0-20180219093839-391726f8973d |
-| fabric-snaps/go.mod:13:2:13:38 | go.mod require line | github.com/hyperledger/fabric | v1.4.0 | github.com/securekey/fabric-next | v0.0.0-20190216163058-9e08161f2597 |
-| fabric-snaps/go.mod:14:2:14:73 | go.mod require line | github.com/hyperledger/fabric-sdk-go | v0.0.0-20190125204638-b490519efff9 | github.com/hyperledger/fabric-sdk-go | v0.0.0-20190125204638-b490519efff9 |
-| fabric-snaps/go.mod:15:2:15:31 | go.mod require line | github.com/onsi/gomega | v1.5.0 | github.com/onsi/gomega | v1.4.2 |
-| fabric-snaps/go.mod:16:2:16:61 | go.mod require line | github.com/op/go-logging | v0.0.0-20160315200505-970db520ece7 | github.com/op/go-logging | v0.0.0-20160315200505-970db520ece7 |
-| fabric-snaps/go.mod:17:2:17:30 | go.mod require line | github.com/pkg/errors | v0.8.1 | github.com/pkg/errors | v0.8.0 |
-| fabric-snaps/go.mod:18:2:18:54 | go.mod require line | github.com/rs/xid | v0.0.0-20170604230408-02dd45c33376 | github.com/rs/xid | v0.0.0-20170604230408-02dd45c33376 |
-| fabric-snaps/go.mod:19:2:19:72 | go.mod require line | github.com/securekey/fabric-snaps/membershipsnap/pkg/membership | v0.0.0 | ./membershipsnap/pkg/membership | unknown |
-| fabric-snaps/go.mod:20:2:20:56 | go.mod require line | github.com/securekey/fabric-snaps/util/rolesmgr | v0.4.0 | ./util/rolesmgr | unknown |
-| fabric-snaps/go.mod:21:2:21:56 | go.mod require line | github.com/securekey/fabric-snaps/util/statemgr | v0.4.0 | ./util/statemgr | unknown |
-| fabric-snaps/go.mod:22:2:22:31 | go.mod require line | github.com/spf13/cobra | v0.0.3 | github.com/spf13/cobra | v0.0.3 |
-| fabric-snaps/go.mod:23:2:23:31 | go.mod require line | github.com/spf13/pflag | v1.0.3 | github.com/spf13/pflag | v1.0.3 |
-| fabric-snaps/go.mod:24:2:24:59 | go.mod require line | github.com/spf13/viper | v0.0.0-20171227194143-aafc9e6bc7b7 | github.com/spf13/viper | v0.0.0-20171227194143-aafc9e6bc7b7 |
-| fabric-snaps/go.mod:25:2:25:36 | go.mod require line | github.com/stretchr/testify | v1.3.0 | github.com/stretchr/testify | v1.2.2 |
-| fabric-snaps/go.mod:26:2:26:46 | go.mod require line | github.com/uber-go/tally | v3.3.2+incompatible | github.com/uber-go/tally | v3.3.2+incompatible |
-| fabric-snaps/go.mod:27:2:27:69 | go.mod require line | github.com/xeipuuv/gojsonpointer | v0.0.0-20170225233418-6fe8760cad35 | github.com/xeipuuv/gojsonpointer | v0.0.0-20170225233418-6fe8760cad35 |
-| fabric-snaps/go.mod:28:2:28:71 | go.mod require line | github.com/xeipuuv/gojsonreference | v0.0.0-20150808065054-e02fc20de94c | github.com/xeipuuv/gojsonreference | v0.0.0-20150808065054-e02fc20de94c |
-| fabric-snaps/go.mod:29:2:29:68 | go.mod require line | github.com/xeipuuv/gojsonschema | v0.0.0-20170528113821-0c8571ac0ce1 | github.com/xeipuuv/gojsonschema | v0.0.0-20170528113821-0c8571ac0ce1 |
-| fabric-snaps/go.mod:30:2:30:56 | go.mod require line | golang.org/x/crypto | v0.0.0-20181001203147-e3636079e1a4 | golang.org/x/crypto | v0.0.0-20180827131323-e3636079e1a4 |
-| fabric-snaps/go.mod:31:2:31:53 | go.mod require line | golang.org/x/net | v0.0.0-20181003013248-f5e5bdd77824 | golang.org/x/net | v0.0.0-20181003013248-f5e5bdd77824 |
-| fabric-snaps/go.mod:32:2:32:55 | go.mod require line | golang.org/x/tools | v0.0.0-20181026183834-f60e5f99f081 | golang.org/x/tools | v0.0.0-20181026183834-f60e5f99f081 |
-| fabric-snaps/go.mod:33:2:33:32 | go.mod require line | google.golang.org/grpc | v1.17.0 | google.golang.org/grpc | v1.15.0 |
-| hrm-profile-tool/go.mod:4:2:4:61 | go.mod require line | github.com/ajstarks/svgo | v0.0.0-20180830174826-7338bd80e790 | github.com/ajstarks/svgo | v0.0.0-20180830174826-7338bd80e790 |
-| hrm-profile-tool/go.mod:5:2:5:48 | go.mod require line | github.com/clj/hrm-profile-tool/cmd/hrm | v0.0.0 | ./cmd/hrm | unknown |
-| hrm-profile-tool/go.mod:6:2:6:53 | go.mod require line | github.com/clj/hrm-profile-tool/instructions | v0.0.0 | ./instructions | unknown |
-| hrm-profile-tool/go.mod:7:2:7:48 | go.mod require line | github.com/clj/hrm-profile-tool/profile | v0.0.0 | ./profile | unknown |
-| hrm-profile-tool/go.mod:8:2:8:47 | go.mod require line | github.com/clj/hrm-profile-tool/render | v0.0.0 | ./render | unknown |
-| sweb/go.mod:40:2:40:30 | go.mod require line | github.com/Joker/jade | v1.0.0 | github.com/Joker/jade | v1.0.0 |
-| sweb/go.mod:41:2:41:66 | go.mod require line | github.com/Shopify/goreferrer | v0.0.0-20181106222321-ec9c9a553398 | github.com/Shopify/goreferrer | v0.0.0-20181106222321-ec9c9a553398 |
-| sweb/go.mod:42:2:42:49 | go.mod require line | github.com/aymerick/raymond | v2.0.2+incompatible | github.com/aymerick/raymond | v2.0.2+incompatible |
-| sweb/go.mod:43:2:43:59 | go.mod require line | github.com/eknkc/amber | v0.0.0-20171010120322-cdade1c07385 | github.com/eknkc/amber | v0.0.0-20171010120322-cdade1c07385 |
-| sweb/go.mod:44:2:44:33 | go.mod require line | github.com/fatih/structs | v1.1.0 | github.com/fatih/structs | v1.1.0 |
-| sweb/go.mod:45:2:45:61 | go.mod require line | github.com/flosch/pongo2 | v0.0.0-20190707114632-bbf5a6c351f4 | github.com/flosch/pongo2 | v0.0.0-20190707114632-bbf5a6c351f4 |
-| sweb/go.mod:46:2:46:57 | go.mod require line | github.com/iris-contrib/blackfriday | v2.0.0+incompatible | github.com/iris-contrib/blackfriday | v2.0.0+incompatible |
-| sweb/go.mod:47:2:47:71 | go.mod require line | github.com/iris-contrib/formBinder | v0.0.0-20190104093907-fbd5963f41e1 | github.com/iris-contrib/formBinder | v0.0.0-20190104093907-fbd5963f41e1 |
-| sweb/go.mod:48:2:48:53 | go.mod require line | github.com/iris-contrib/go.uuid | v2.0.0+incompatible | github.com/iris-contrib/go.uuid | v2.0.0+incompatible |
-| sweb/go.mod:49:2:49:36 | go.mod require line | github.com/json-iterator/go | v1.1.6 | github.com/json-iterator/go | v1.1.6 |
-| sweb/go.mod:50:2:50:61 | go.mod require line | github.com/kataras/golog | v0.0.0-20190624001437-99c81de45f40 | github.com/kataras/golog | v0.0.0-20190624001437-99c81de45f40 |
-| sweb/go.mod:51:2:51:46 | go.mod require line | github.com/kataras/iris | v11.1.1+incompatible | github.com/kataras/iris | v11.1.1+incompatible |
-| sweb/go.mod:52:2:52:59 | go.mod require line | github.com/kataras/pio | v0.0.0-20190103105442-ea782b38602d | github.com/kataras/pio | v0.0.0-20190103105442-ea782b38602d |
-| sweb/go.mod:53:2:53:38 | go.mod require line | github.com/klauspost/compress | v1.7.2 | github.com/klauspost/compress | v1.7.2 |
-| sweb/go.mod:54:2:54:35 | go.mod require line | github.com/klauspost/cpuid | v1.2.1 | github.com/klauspost/cpuid | v1.2.1 |
-| sweb/go.mod:55:2:55:43 | go.mod require line | github.com/microcosm-cc/bluemonday | v1.0.2 | github.com/microcosm-cc/bluemonday | v1.0.2 |
-| sweb/go.mod:56:2:56:40 | go.mod require line | github.com/mitchellh/go-homedir | v1.1.0 | github.com/mitchellh/go-homedir | v1.1.0 |
-| sweb/go.mod:57:2:57:68 | go.mod require line | github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd |
-| sweb/go.mod:58:2:58:38 | go.mod require line | github.com/modern-go/reflect2 | v1.0.1 | github.com/modern-go/reflect2 | v1.0.1 |
-| sweb/go.mod:59:2:59:51 | go.mod require line | github.com/ryanuber/columnize | v2.1.0+incompatible | github.com/ryanuber/columnize | v2.1.0+incompatible |
-| sweb/go.mod:60:2:60:50 | go.mod require line | github.com/shurcooL/sanitized_anchor_name | v1.0.0 | github.com/shurcooL/sanitized_anchor_name | v1.0.0 |
-| sweb/go.mod:61:2:61:31 | go.mod require line | github.com/spf13/cobra | v0.0.5 | github.com/spf13/cobra | v0.0.5 |
-| sweb/go.mod:62:2:62:31 | go.mod require line | github.com/spf13/viper | v1.4.0 | github.com/spf13/viper | v1.4.0 |
--- a/ql/test/library-tests/semmle/go/dependencies/codeql-go/GoModDependency.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/codeql-go/GoModDependency.expected
@@ -0,0 +1,2 @@
+| go.mod:6:2:6:25 | go.mod require line | golang.org/x/mod | v0.2.0 | golang.org/x/mod | v0.2.0 |
+| go.mod:7:2:7:55 | go.mod require line | golang.org/x/tools | v0.0.0-20200302225559-9b52d559c609 | golang.org/x/tools | v0.0.0-20200302225559-9b52d559c609 |
--- a/ql/test/library-tests/semmle/go/dependencies/codeql-go/GoModDependency.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/codeql-go/GoModDependency.ql
--- a/ql/test/library-tests/semmle/go/dependencies/codeql-go/SemVer.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/codeql-go/SemVer.expected
@@ -0,0 +1,2 @@
+| v0.0.0-20200302225559-9b52d559c609 | 0.0.0 |
+| v0.2.0 | 0.2.0 |
--- a/ql/test/library-tests/semmle/go/dependencies/codeql-go/SemVer.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/codeql-go/SemVer.ql
--- a/ql/test/library-tests/semmle/go/dependencies/codeql-go/ShaVer.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/codeql-go/ShaVer.expected
@@ -0,0 +1 @@
+| v0.0.0-20200302225559-9b52d559c609 | 9b52d559c609 |
--- a/ql/test/library-tests/semmle/go/dependencies/codeql-go/ShaVer.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/codeql-go/ShaVer.ql
--- a/ql/test/library-tests/semmle/go/dependencies/codeql-go/stub.go
+++ b/ql/test/library-tests/semmle/go/dependencies/codeql-go/stub.go
@@ -0,0 +1 @@
+package codeqlgo
--- a/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/GoModDependency.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/GoModDependency.expected
@@ -0,0 +1,30 @@
+| go.mod:4:2:4:34 | go.mod require line | github.com/DATA-DOG/godog | v0.7.4 | github.com/DATA-DOG/godog | v0.7.4 |
+| go.mod:5:2:5:56 | go.mod require line | github.com/cactus/go-statsd-client | v3.1.1+incompatible | github.com/cactus/go-statsd-client | v3.1.1+incompatible |
+| go.mod:6:2:6:64 | go.mod require line | github.com/cloudflare/cfssl | v0.0.0-20180323000720-5d63dbd981b5 | github.com/cloudflare/cfssl | v0.0.0-20180323000720-5d63dbd981b5 |
+| go.mod:7:2:7:64 | go.mod require line | github.com/facebookgo/clock | v0.0.0-20150410010913-600d898af40a | github.com/facebookgo/clock | v0.0.0-20150410010913-600d898af40a |
+| go.mod:8:2:8:42 | go.mod require line | github.com/fsouza/go-dockerclient | v1.3.0 | github.com/fsouza/go-dockerclient | v1.3.0 |
+| go.mod:9:2:9:30 | go.mod require line | github.com/go-kit/kit | v0.7.0 | github.com/go-kit/kit | v0.7.0 |
+| go.mod:10:2:10:36 | go.mod require line | github.com/go-logfmt/logfmt | v0.4.0 | github.com/go-logfmt/logfmt | v0.3.0 |
+| go.mod:11:2:11:35 | go.mod require line | github.com/golang/protobuf | v1.2.0 | github.com/golang/protobuf | v1.2.0 |
+| go.mod:12:2:12:82 | go.mod require line | github.com/google/certificate-transparency-go | v0.0.0-20180219093839-391726f8973d | github.com/google/certificate-transparency-go | v0.0.0-20180219093839-391726f8973d |
+| go.mod:13:2:13:38 | go.mod require line | github.com/hyperledger/fabric | v1.4.0 | github.com/securekey/fabric-next | v0.0.0-20190216163058-9e08161f2597 |
+| go.mod:14:2:14:73 | go.mod require line | github.com/hyperledger/fabric-sdk-go | v0.0.0-20190125204638-b490519efff9 | github.com/hyperledger/fabric-sdk-go | v0.0.0-20190125204638-b490519efff9 |
+| go.mod:15:2:15:31 | go.mod require line | github.com/onsi/gomega | v1.5.0 | github.com/onsi/gomega | v1.4.2 |
+| go.mod:16:2:16:61 | go.mod require line | github.com/op/go-logging | v0.0.0-20160315200505-970db520ece7 | github.com/op/go-logging | v0.0.0-20160315200505-970db520ece7 |
+| go.mod:17:2:17:30 | go.mod require line | github.com/pkg/errors | v0.8.1 | github.com/pkg/errors | v0.8.0 |
+| go.mod:18:2:18:54 | go.mod require line | github.com/rs/xid | v0.0.0-20170604230408-02dd45c33376 | github.com/rs/xid | v0.0.0-20170604230408-02dd45c33376 |
+| go.mod:19:2:19:72 | go.mod require line | github.com/securekey/fabric-snaps/membershipsnap/pkg/membership | v0.0.0 | ./membershipsnap/pkg/membership | unknown |
+| go.mod:20:2:20:56 | go.mod require line | github.com/securekey/fabric-snaps/util/rolesmgr | v0.4.0 | ./util/rolesmgr | unknown |
+| go.mod:21:2:21:56 | go.mod require line | github.com/securekey/fabric-snaps/util/statemgr | v0.4.0 | ./util/statemgr | unknown |
+| go.mod:22:2:22:31 | go.mod require line | github.com/spf13/cobra | v0.0.3 | github.com/spf13/cobra | v0.0.3 |
+| go.mod:23:2:23:31 | go.mod require line | github.com/spf13/pflag | v1.0.3 | github.com/spf13/pflag | v1.0.3 |
+| go.mod:24:2:24:59 | go.mod require line | github.com/spf13/viper | v0.0.0-20171227194143-aafc9e6bc7b7 | github.com/spf13/viper | v0.0.0-20171227194143-aafc9e6bc7b7 |
+| go.mod:25:2:25:36 | go.mod require line | github.com/stretchr/testify | v1.3.0 | github.com/stretchr/testify | v1.2.2 |
+| go.mod:26:2:26:46 | go.mod require line | github.com/uber-go/tally | v3.3.2+incompatible | github.com/uber-go/tally | v3.3.2+incompatible |
+| go.mod:27:2:27:69 | go.mod require line | github.com/xeipuuv/gojsonpointer | v0.0.0-20170225233418-6fe8760cad35 | github.com/xeipuuv/gojsonpointer | v0.0.0-20170225233418-6fe8760cad35 |
+| go.mod:28:2:28:71 | go.mod require line | github.com/xeipuuv/gojsonreference | v0.0.0-20150808065054-e02fc20de94c | github.com/xeipuuv/gojsonreference | v0.0.0-20150808065054-e02fc20de94c |
+| go.mod:29:2:29:68 | go.mod require line | github.com/xeipuuv/gojsonschema | v0.0.0-20170528113821-0c8571ac0ce1 | github.com/xeipuuv/gojsonschema | v0.0.0-20170528113821-0c8571ac0ce1 |
+| go.mod:30:2:30:56 | go.mod require line | golang.org/x/crypto | v0.0.0-20181001203147-e3636079e1a4 | golang.org/x/crypto | v0.0.0-20180827131323-e3636079e1a4 |
+| go.mod:31:2:31:53 | go.mod require line | golang.org/x/net | v0.0.0-20181003013248-f5e5bdd77824 | golang.org/x/net | v0.0.0-20181003013248-f5e5bdd77824 |
+| go.mod:32:2:32:55 | go.mod require line | golang.org/x/tools | v0.0.0-20181026183834-f60e5f99f081 | golang.org/x/tools | v0.0.0-20181026183834-f60e5f99f081 |
+| go.mod:33:2:33:32 | go.mod require line | google.golang.org/grpc | v1.17.0 | google.golang.org/grpc | v1.15.0 |
--- a/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/GoModDependency.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/GoModDependency.ql
@@ -0,0 +1,5 @@
+import semmle.go.dependencies.Dependencies
+
+from GoModDependency dep, string origpath, string origver, string path, string ver
+where dep.info(path, ver) and dep.originalInfo(origpath, origver)
+select dep, origpath, origver, path, ver
--- a/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/SemVer.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/SemVer.expected
@@ -4,47 +4,24 @@
 | v0.0.0-20170225233418-6fe8760cad35 | 0.0.0 |
 | v0.0.0-20170528113821-0c8571ac0ce1 | 0.0.0 |
 | v0.0.0-20170604230408-02dd45c33376 | 0.0.0 |
-| v0.0.0-20171010120322-cdade1c07385 | 0.0.0 |
 | v0.0.0-20171227194143-aafc9e6bc7b7 | 0.0.0 |
 | v0.0.0-20180219093839-391726f8973d | 0.0.0 |
-| v0.0.0-20180306012644-bacd9c7ef1dd | 0.0.0 |
 | v0.0.0-20180323000720-5d63dbd981b5 | 0.0.0 |
 | v0.0.0-20180827131323-e3636079e1a4 | 0.0.0 |
-| v0.0.0-20180830174826-7338bd80e790 | 0.0.0 |
 | v0.0.0-20181003013248-f5e5bdd77824 | 0.0.0 |
 | v0.0.0-20181026183834-f60e5f99f081 | 0.0.0 |
-| v0.0.0-20181106222321-ec9c9a553398 | 0.0.0 |
-| v0.0.0-20190103105442-ea782b38602d | 0.0.0 |
-| v0.0.0-20190104093907-fbd5963f41e1 | 0.0.0 |
 | v0.0.0-20190125204638-b490519efff9 | 0.0.0 |
 | v0.0.0-20190216163058-9e08161f2597 | 0.0.0 |
-| v0.0.0-20190624001437-99c81de45f40 | 0.0.0 |
-| v0.0.0-20190707114632-bbf5a6c351f4 | 0.0.0 |
-| v0.0.0-20200302225559-9b52d559c609 | 0.0.0 |
 | v0.0.3 | 0.0.3 |
-| v0.0.5 | 0.0.5 |
-| v0.2.0 | 0.2.0 |
 | v0.3.0 | 0.3.0 |
 | v0.7.0 | 0.7.0 |
 | v0.7.4 | 0.7.4 |
 | v0.8.0 | 0.8.0 |
-| v1.0.0 | 1.0.0 |
-| v1.0.1 | 1.0.1 |
-| v1.0.2 | 1.0.2 |
 | v1.0.3 | 1.0.3 |
-| v1.1.0 | 1.1.0 |
-| v1.1.6 | 1.1.6 |
 | v1.2.0 | 1.2.0 |
-| v1.2.1 | 1.2.1 |
 | v1.2.2 | 1.2.2 |
 | v1.3.0 | 1.3.0 |
-| v1.4.0 | 1.4.0 |
 | v1.4.2 | 1.4.2 |
-| v1.7.2 | 1.7.2 |
 | v1.15.0 | 1.15.0 |
-| v2.0.0+incompatible | 2.0.0 |
-| v2.0.2+incompatible | 2.0.2 |
-| v2.1.0+incompatible | 2.1.0 |
 | v3.1.1+incompatible | 3.1.1 |
 | v3.3.2+incompatible | 3.3.2 |
-| v11.1.1+incompatible | 11.1.1 |
--- a/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/SemVer.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/SemVer.ql
@@ -0,0 +1,11 @@
+import semmle.go.dependencies.SemVer
+
+from DependencySemVer ver, string normVersion
+where
+  exists(int major, int minor, int patch |
+    major = [0 .. 20] and minor = [0 .. 20] and patch = [0 .. 20]
+  |
+    normVersion = major + "." + minor + "." + patch
+  ) and
+  ver.is(normVersion)
+select ver, normVersion
--- a/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/ShaVer.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/ShaVer.expected
@@ -4,20 +4,11 @@
 | v0.0.0-20170225233418-6fe8760cad35 | 6fe8760cad35 |
 | v0.0.0-20170528113821-0c8571ac0ce1 | 0c8571ac0ce1 |
 | v0.0.0-20170604230408-02dd45c33376 | 02dd45c33376 |
-| v0.0.0-20171010120322-cdade1c07385 | cdade1c07385 |
 | v0.0.0-20171227194143-aafc9e6bc7b7 | aafc9e6bc7b7 |
 | v0.0.0-20180219093839-391726f8973d | 391726f8973d |
-| v0.0.0-20180306012644-bacd9c7ef1dd | bacd9c7ef1dd |
 | v0.0.0-20180323000720-5d63dbd981b5 | 5d63dbd981b5 |
 | v0.0.0-20180827131323-e3636079e1a4 | e3636079e1a4 |
-| v0.0.0-20180830174826-7338bd80e790 | 7338bd80e790 |
 | v0.0.0-20181003013248-f5e5bdd77824 | f5e5bdd77824 |
 | v0.0.0-20181026183834-f60e5f99f081 | f60e5f99f081 |
-| v0.0.0-20181106222321-ec9c9a553398 | ec9c9a553398 |
-| v0.0.0-20190103105442-ea782b38602d | ea782b38602d |
-| v0.0.0-20190104093907-fbd5963f41e1 | fbd5963f41e1 |
 | v0.0.0-20190125204638-b490519efff9 | b490519efff9 |
 | v0.0.0-20190216163058-9e08161f2597 | 9e08161f2597 |
-| v0.0.0-20190624001437-99c81de45f40 | 99c81de45f40 |
-| v0.0.0-20190707114632-bbf5a6c351f4 | bbf5a6c351f4 |
-| v0.0.0-20200302225559-9b52d559c609 | 9b52d559c609 |
--- a/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/ShaVer.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/ShaVer.ql
@@ -0,0 +1,4 @@
+import semmle.go.dependencies.SemVer
+
+from DependencySemShaVersion ver
+select ver, ver.getSha()
--- a/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/stub.go
+++ b/ql/test/library-tests/semmle/go/dependencies/fabric-snaps/stub.go
@@ -0,0 +1 @@
+package fabricsnaps
--- a/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/GoModDependency.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/GoModDependency.expected
@@ -0,0 +1,5 @@
+| go.mod:4:2:4:61 | go.mod require line | github.com/ajstarks/svgo | v0.0.0-20180830174826-7338bd80e790 | github.com/ajstarks/svgo | v0.0.0-20180830174826-7338bd80e790 |
+| go.mod:5:2:5:48 | go.mod require line | github.com/clj/hrm-profile-tool/cmd/hrm | v0.0.0 | ./cmd/hrm | unknown |
+| go.mod:6:2:6:53 | go.mod require line | github.com/clj/hrm-profile-tool/instructions | v0.0.0 | ./instructions | unknown |
+| go.mod:7:2:7:48 | go.mod require line | github.com/clj/hrm-profile-tool/profile | v0.0.0 | ./profile | unknown |
+| go.mod:8:2:8:47 | go.mod require line | github.com/clj/hrm-profile-tool/render | v0.0.0 | ./render | unknown |
--- a/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/GoModDependency.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/GoModDependency.ql
@@ -0,0 +1,5 @@
+import semmle.go.dependencies.Dependencies
+
+from GoModDependency dep, string origpath, string origver, string path, string ver
+where dep.info(path, ver) and dep.originalInfo(origpath, origver)
+select dep, origpath, origver, path, ver
--- a/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/SemVer.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/SemVer.expected
@@ -0,0 +1 @@
+| v0.0.0-20180830174826-7338bd80e790 | 0.0.0 |
--- a/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/SemVer.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/SemVer.ql
@@ -0,0 +1,11 @@
+import semmle.go.dependencies.SemVer
+
+from DependencySemVer ver, string normVersion
+where
+  exists(int major, int minor, int patch |
+    major = [0 .. 20] and minor = [0 .. 20] and patch = [0 .. 20]
+  |
+    normVersion = major + "." + minor + "." + patch
+  ) and
+  ver.is(normVersion)
+select ver, normVersion
--- a/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/ShaVer.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/ShaVer.expected
@@ -0,0 +1 @@
+| v0.0.0-20180830174826-7338bd80e790 | 7338bd80e790 |
--- a/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/ShaVer.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/ShaVer.ql
@@ -0,0 +1,4 @@
+import semmle.go.dependencies.SemVer
+
+from DependencySemShaVersion ver
+select ver, ver.getSha()
--- a/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/stub.go
+++ b/ql/test/library-tests/semmle/go/dependencies/hrm-profile-tool/stub.go
@@ -0,0 +1 @@
+package hrmprofiletool
--- a/ql/test/library-tests/semmle/go/dependencies/sweb/GoModDependency.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/sweb/GoModDependency.expected
@@ -0,0 +1,23 @@
+| go.mod:40:2:40:30 | go.mod require line | github.com/Joker/jade | v1.0.0 | github.com/Joker/jade | v1.0.0 |
+| go.mod:41:2:41:66 | go.mod require line | github.com/Shopify/goreferrer | v0.0.0-20181106222321-ec9c9a553398 | github.com/Shopify/goreferrer | v0.0.0-20181106222321-ec9c9a553398 |
+| go.mod:42:2:42:49 | go.mod require line | github.com/aymerick/raymond | v2.0.2+incompatible | github.com/aymerick/raymond | v2.0.2+incompatible |
+| go.mod:43:2:43:59 | go.mod require line | github.com/eknkc/amber | v0.0.0-20171010120322-cdade1c07385 | github.com/eknkc/amber | v0.0.0-20171010120322-cdade1c07385 |
+| go.mod:44:2:44:33 | go.mod require line | github.com/fatih/structs | v1.1.0 | github.com/fatih/structs | v1.1.0 |
+| go.mod:45:2:45:61 | go.mod require line | github.com/flosch/pongo2 | v0.0.0-20190707114632-bbf5a6c351f4 | github.com/flosch/pongo2 | v0.0.0-20190707114632-bbf5a6c351f4 |
+| go.mod:46:2:46:57 | go.mod require line | github.com/iris-contrib/blackfriday | v2.0.0+incompatible | github.com/iris-contrib/blackfriday | v2.0.0+incompatible |
+| go.mod:47:2:47:71 | go.mod require line | github.com/iris-contrib/formBinder | v0.0.0-20190104093907-fbd5963f41e1 | github.com/iris-contrib/formBinder | v0.0.0-20190104093907-fbd5963f41e1 |
+| go.mod:48:2:48:53 | go.mod require line | github.com/iris-contrib/go.uuid | v2.0.0+incompatible | github.com/iris-contrib/go.uuid | v2.0.0+incompatible |
+| go.mod:49:2:49:36 | go.mod require line | github.com/json-iterator/go | v1.1.6 | github.com/json-iterator/go | v1.1.6 |
+| go.mod:50:2:50:61 | go.mod require line | github.com/kataras/golog | v0.0.0-20190624001437-99c81de45f40 | github.com/kataras/golog | v0.0.0-20190624001437-99c81de45f40 |
+| go.mod:51:2:51:46 | go.mod require line | github.com/kataras/iris | v11.1.1+incompatible | github.com/kataras/iris | v11.1.1+incompatible |
+| go.mod:52:2:52:59 | go.mod require line | github.com/kataras/pio | v0.0.0-20190103105442-ea782b38602d | github.com/kataras/pio | v0.0.0-20190103105442-ea782b38602d |
+| go.mod:53:2:53:38 | go.mod require line | github.com/klauspost/compress | v1.7.2 | github.com/klauspost/compress | v1.7.2 |
+| go.mod:54:2:54:35 | go.mod require line | github.com/klauspost/cpuid | v1.2.1 | github.com/klauspost/cpuid | v1.2.1 |
+| go.mod:55:2:55:43 | go.mod require line | github.com/microcosm-cc/bluemonday | v1.0.2 | github.com/microcosm-cc/bluemonday | v1.0.2 |
+| go.mod:56:2:56:40 | go.mod require line | github.com/mitchellh/go-homedir | v1.1.0 | github.com/mitchellh/go-homedir | v1.1.0 |
+| go.mod:57:2:57:68 | go.mod require line | github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd |
+| go.mod:58:2:58:38 | go.mod require line | github.com/modern-go/reflect2 | v1.0.1 | github.com/modern-go/reflect2 | v1.0.1 |
+| go.mod:59:2:59:51 | go.mod require line | github.com/ryanuber/columnize | v2.1.0+incompatible | github.com/ryanuber/columnize | v2.1.0+incompatible |
+| go.mod:60:2:60:50 | go.mod require line | github.com/shurcooL/sanitized_anchor_name | v1.0.0 | github.com/shurcooL/sanitized_anchor_name | v1.0.0 |
+| go.mod:61:2:61:31 | go.mod require line | github.com/spf13/cobra | v0.0.5 | github.com/spf13/cobra | v0.0.5 |
+| go.mod:62:2:62:31 | go.mod require line | github.com/spf13/viper | v1.4.0 | github.com/spf13/viper | v1.4.0 |
--- a/ql/test/library-tests/semmle/go/dependencies/sweb/GoModDependency.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/sweb/GoModDependency.ql
@@ -0,0 +1,5 @@
+import semmle.go.dependencies.Dependencies
+
+from GoModDependency dep, string origpath, string origver, string path, string ver
+where dep.info(path, ver) and dep.originalInfo(origpath, origver)
+select dep, origpath, origver, path, ver
--- a/ql/test/library-tests/semmle/go/dependencies/sweb/SemVer.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/sweb/SemVer.expected
@@ -0,0 +1,20 @@
+| v0.0.0-20171010120322-cdade1c07385 | 0.0.0 |
+| v0.0.0-20180306012644-bacd9c7ef1dd | 0.0.0 |
+| v0.0.0-20181106222321-ec9c9a553398 | 0.0.0 |
+| v0.0.0-20190103105442-ea782b38602d | 0.0.0 |
+| v0.0.0-20190104093907-fbd5963f41e1 | 0.0.0 |
+| v0.0.0-20190624001437-99c81de45f40 | 0.0.0 |
+| v0.0.0-20190707114632-bbf5a6c351f4 | 0.0.0 |
+| v0.0.5 | 0.0.5 |
+| v1.0.0 | 1.0.0 |
+| v1.0.1 | 1.0.1 |
+| v1.0.2 | 1.0.2 |
+| v1.1.0 | 1.1.0 |
+| v1.1.6 | 1.1.6 |
+| v1.2.1 | 1.2.1 |
+| v1.4.0 | 1.4.0 |
+| v1.7.2 | 1.7.2 |
+| v2.0.0+incompatible | 2.0.0 |
+| v2.0.2+incompatible | 2.0.2 |
+| v2.1.0+incompatible | 2.1.0 |
+| v11.1.1+incompatible | 11.1.1 |
--- a/ql/test/library-tests/semmle/go/dependencies/sweb/SemVer.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/sweb/SemVer.ql
@@ -0,0 +1,11 @@
+import semmle.go.dependencies.SemVer
+
+from DependencySemVer ver, string normVersion
+where
+  exists(int major, int minor, int patch |
+    major = [0 .. 20] and minor = [0 .. 20] and patch = [0 .. 20]
+  |
+    normVersion = major + "." + minor + "." + patch
+  ) and
+  ver.is(normVersion)
+select ver, normVersion
--- a/ql/test/library-tests/semmle/go/dependencies/sweb/ShaVer.expected
+++ b/ql/test/library-tests/semmle/go/dependencies/sweb/ShaVer.expected
@@ -0,0 +1,7 @@
+| v0.0.0-20171010120322-cdade1c07385 | cdade1c07385 |
+| v0.0.0-20180306012644-bacd9c7ef1dd | bacd9c7ef1dd |
+| v0.0.0-20181106222321-ec9c9a553398 | ec9c9a553398 |
+| v0.0.0-20190103105442-ea782b38602d | ea782b38602d |
+| v0.0.0-20190104093907-fbd5963f41e1 | fbd5963f41e1 |
+| v0.0.0-20190624001437-99c81de45f40 | 99c81de45f40 |
+| v0.0.0-20190707114632-bbf5a6c351f4 | bbf5a6c351f4 |
--- a/ql/test/library-tests/semmle/go/dependencies/sweb/ShaVer.ql
+++ b/ql/test/library-tests/semmle/go/dependencies/sweb/ShaVer.ql
@@ -0,0 +1,4 @@
+import semmle.go.dependencies.SemVer
+
+from DependencySemShaVersion ver
+select ver, ver.getSha()
--- a/ql/test/library-tests/semmle/go/dependencies/sweb/stub.go
+++ b/ql/test/library-tests/semmle/go/dependencies/sweb/stub.go
@@ -0,0 +1 @@
+package sweb
				`@@ -0,0 +1 @@`
				`\| v0.0.0-20200302225559-9b52d559c609 \| 9b52d559c609 \|`
				`@@ -0,0 +1 @@`
				`\| v0.0.0-20180830174826-7338bd80e790 \| 0.0.0 \|`