fix: handle another import case

Bearer · Mar 21, 2024 · 6c44b83 · 6c44b83
1 parent 61020b5
commit 6c44b83
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 33 deletions.
diff --git a/internal/languages/golang/.snapshots/TestImport--main.yml b/internal/languages/golang/.snapshots/TestImport--main.yml
@@ -6,25 +6,25 @@ high:
         title: Test imports
         description: Test imports
         documentation_url: ""
-      line_number: 11
+      line_number: 13
       full_filename: main.go
       filename: main.go
       source:
         location:
-            start: 11
-            end: 11
+            start: 13
+            end: 13
             column:
                 start: 2
-                end: 12
+                end: 10
       sink:
         location:
-            start: 11
-            end: 11
+            start: 13
+            end: 13
             column:
                 start: 2
-                end: 12
+                end: 10
         content: ""
-      parent_line_number: 11
+      parent_line_number: 13
       fingerprint: 7cec89718a2276537c30e7b656c0ecb2_0
       old_fingerprint: 7cec89718a2276537c30e7b656c0ecb2_0
     - rule:
@@ -34,25 +34,25 @@ high:
         title: Test imports
         description: Test imports
         documentation_url: ""
-      line_number: 12
+      line_number: 14
       full_filename: main.go
       filename: main.go
       source:
         location:
-            start: 12
-            end: 12
+            start: 14
+            end: 14
             column:
                 start: 2
-                end: 12
+                end: 10
       sink:
         location:
-            start: 12
-            end: 12
+            start: 14
+            end: 14
             column:
                 start: 2
-                end: 12
+                end: 10
         content: ""
-      parent_line_number: 12
+      parent_line_number: 14
       fingerprint: 7cec89718a2276537c30e7b656c0ecb2_1
       old_fingerprint: 7cec89718a2276537c30e7b656c0ecb2_1
     - rule:
@@ -62,25 +62,81 @@ high:
         title: Test imports
         description: Test imports
         documentation_url: ""
-      line_number: 13
+      line_number: 15
       full_filename: main.go
       filename: main.go
       source:
         location:
-            start: 13
-            end: 13
+            start: 15
+            end: 15
             column:
                 start: 2
-                end: 12
+                end: 10
       sink:
         location:
-            start: 13
-            end: 13
+            start: 15
+            end: 15
             column:
                 start: 2
-                end: 12
+                end: 10
         content: ""
-      parent_line_number: 13
+      parent_line_number: 15
       fingerprint: 7cec89718a2276537c30e7b656c0ecb2_2
       old_fingerprint: 7cec89718a2276537c30e7b656c0ecb2_2
+    - rule:
+        cwe_ids:
+            - "42"
+        id: import_test
+        title: Test imports
+        description: Test imports
+        documentation_url: ""
+      line_number: 16
+      full_filename: main.go
+      filename: main.go
+      source:
+        location:
+            start: 16
+            end: 16
+            column:
+                start: 2
+                end: 10
+      sink:
+        location:
+            start: 16
+            end: 16
+            column:
+                start: 2
+                end: 10
+        content: ""
+      parent_line_number: 16
+      fingerprint: 7cec89718a2276537c30e7b656c0ecb2_3
+      old_fingerprint: 7cec89718a2276537c30e7b656c0ecb2_3
+    - rule:
+        cwe_ids:
+            - "42"
+        id: import_test
+        title: Test imports
+        description: Test imports
+        documentation_url: ""
+      line_number: 17
+      full_filename: main.go
+      filename: main.go
+      source:
+        location:
+            start: 17
+            end: 17
+            column:
+                start: 2
+                end: 10
+      sink:
+        location:
+            start: 17
+            end: 17
+            column:
+                start: 2
+                end: 10
+        content: ""
+      parent_line_number: 17
+      fingerprint: 7cec89718a2276537c30e7b656c0ecb2_4
+      old_fingerprint: 7cec89718a2276537c30e7b656c0ecb2_4
 
diff --git a/internal/languages/golang/analyzer/analyzer.go b/internal/languages/golang/analyzer/analyzer.go
@@ -13,6 +13,7 @@ import (
 )
 
 var versionRegex = regexp.MustCompile(`\Av\d+\z`)
+var versionSuffixRegex = regexp.MustCompile(`\.v\d+\z`)
 
 type analyzer struct {
 	builder *tree.Builder
@@ -109,6 +110,9 @@ func (analyzer *analyzer) analyzeImportSpec(node *sitter.Node, visitChildren fun
 		if versionRegex.MatchString(guessedName) && len(packageName) > 1 {
 			guessedName = stringutil.StripQuotes((packageName[len(packageName)-2]))
 		}
+
+		// account for imports like `github.com/foo/bar.v3`
+		guessedName = versionSuffixRegex.ReplaceAllString(guessedName, "")
 	}
 
 	guessedName = strings.TrimSuffix(guessedName, "-go")

diff --git a/internal/languages/golang/testdata/import/main.go b/internal/languages/golang/testdata/import/main.go
@@ -1,15 +1,19 @@
 package main
 
-import "example.com/bar/v5"
-import "example.com/foo"
-
 import (
-	baz "example.com/foo"
+	"example.com/a/v5"
+	"example.com/b"
+	"example.com/c-go.v5"
+	"example.com/go-d"
+
+	e "example.com/foo"
 )
 
 func m() {
-	foo.Test()
-	bar.Test()
-	baz.Test()
+	a.Test()
+	b.Test()
+	c.Test()
+	d.Test()
+	e.Test()
 	other.Test()
 }
diff --git a/internal/languages/golang/testdata/import_rule.yml b/internal/languages/golang/testdata/import_rule.yml
@@ -9,8 +9,10 @@ patterns:
 auxiliary:
   - id: import_test_package
     patterns:
-      - import $<!>"example.com/bar/v5"
-      - import $<!>"example.com/foo"
+      - import ($<!>"example.com/a/v5")
+      - import ($<!>"example.com/b")
+      - import ($<!>"example.com/c-go.v5")
+      - import ($<!>"example.com/go-d")
       - import ($<!>"example.com/foo")
 severity: high
 metadata: