diff --git a/.golangci.yml b/.golangci.yml index a0e6fd5..e39b144 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,111 +1,32 @@ # See https://golangci-lint.run/usage/configuration/ - -linters-settings: - revive: - # see https://github.com/mgechev/revive#available-rules for details. - ignore-generated-header: true - severity: warning - rules: - - name: atomic - - name: blank-imports - - name: bool-literal-in-expr - - name: call-to-gc - - name: confusing-naming - - name: confusing-results - - name: constant-logical-expr - - name: context-as-argument - - name: context-keys-type - - name: deep-exit - - name: defer - - name: dot-imports - - name: duplicated-imports - - name: early-return - - name: empty-block - - name: empty-lines - - name: error-naming - - name: error-return - - name: error-strings - - name: errorf - - name: exported - - name: get-return - - name: identical-branches - - name: if-return - - name: import-shadowing - - name: increment-decrement - - name: indent-error-flow - - name: modifies-parameter - - name: modifies-value-receiver - - name: package-comments - - name: range - - name: range-val-address - - name: range-val-in-closure - - name: receiver-naming - - name: redefines-builtin-id - - name: string-of-int - - name: struct-tag - - name: superfluous-else - - name: time-naming - - name: unconditional-recursion - - name: unexported-naming - - name: unexported-return - - name: unnecessary-stmt - - name: unreachable-code - - name: unused-parameter - - name: var-declaration - - name: var-naming - - name: waitgroup-by-value - linters: - disable-all: true - enable: - - asciicheck - - bodyclose - - dogsled - - dupl - - durationcheck - - errcheck - - errorlint - - exhaustive - - exportloopref - - forcetypeassert - - funlen - - gochecknoinits - - gocognit - - goconst - - gocritic - - gocyclo - - godot - - godox - - goimports - - gomoddirectives - - gomodguard - - goprintffuncname - - gosec - - gosimple - - govet - - importas - - ineffassign + enable-all: true + disable: - lll - - makezero - - misspell - - nakedret - - nestif - - nilerr - - noctx - - nolintlint - - prealloc - - predeclared - - revive - - rowserrcheck - - sqlclosecheck - - staticcheck - - stylecheck - - testpackage - - thelper - - tparallel - - typecheck - - unconvert - - unparam - - unused - - whitespace - - wsl + - golint + - deadcode + - maligned + - scopelint + - nosnakecase + - exhaustivestruct + - ifshort + - varcheck + - structcheck + - interfacer + - gomodguard + - gochecknoglobals + - paralleltest + - varnamelen + - exhaustruct + - gomnd + - depguard + - forbidigo + - funlen + - nlreturn + - gofumpt + - nonamedreturns + - cyclop + - goerr113 + - perfsprint + - tagliatelle + - wrapcheck diff --git a/Makefile b/Makefile index 5235d5a..a44b707 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ lint: .PHONY: build build: - go build -o gomodguard cmd/gomodguard/main.go + go build -o "$$(go env GOPATH)/bin/gomodguard" cmd/gomodguard/main.go .PHONY: run run: build diff --git a/_example/.gomodguard.yaml b/_example/allOptions/.gomodguard.yaml similarity index 100% rename from _example/.gomodguard.yaml rename to _example/allOptions/.gomodguard.yaml diff --git a/_example/blocked_example.go b/_example/allOptions/blocked_example.go similarity index 100% rename from _example/blocked_example.go rename to _example/allOptions/blocked_example.go diff --git a/_example/go.mod b/_example/allOptions/go.mod similarity index 100% rename from _example/go.mod rename to _example/allOptions/go.mod diff --git a/_example/go.sum b/_example/allOptions/go.sum similarity index 100% rename from _example/go.sum rename to _example/allOptions/go.sum diff --git a/_example/emptyAllowList/.gomodguard.yaml b/_example/emptyAllowList/.gomodguard.yaml new file mode 100644 index 0000000..bd0cf7f --- /dev/null +++ b/_example/emptyAllowList/.gomodguard.yaml @@ -0,0 +1,6 @@ +blocked: + modules: + - gotest.tools/v3: + recommendations: + - github.com/stretchr/testify/assert + reason: "We have standardized on `github.com/stretchr/testify/assert`." diff --git a/_example/emptyAllowList/blocked_example_test.go b/_example/emptyAllowList/blocked_example_test.go new file mode 100644 index 0000000..b08f70c --- /dev/null +++ b/_example/emptyAllowList/blocked_example_test.go @@ -0,0 +1,11 @@ +package example2 + +import ( + "testing" + + "gotest.tools/v3/assert" +) + +func TestBlockedImport(t *testing.T) { //nolint + assert.Equal(t, 1, 1) +} diff --git a/_example/emptyAllowList/go.mod b/_example/emptyAllowList/go.mod new file mode 100644 index 0000000..6b017eb --- /dev/null +++ b/_example/emptyAllowList/go.mod @@ -0,0 +1,7 @@ +module github.com/ryancurrah/example/example2 + +go 1.21 + +require gotest.tools/v3 v3.5.1 + +require github.com/google/go-cmp v0.5.9 // indirect diff --git a/_example/emptyAllowList/go.sum b/_example/emptyAllowList/go.sum new file mode 100644 index 0000000..7dd4ab5 --- /dev/null +++ b/_example/emptyAllowList/go.sum @@ -0,0 +1,4 @@ +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= +gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= diff --git a/_example/invalidConstraint/.gomodguard.yaml b/_example/invalidConstraint/.gomodguard.yaml new file mode 100644 index 0000000..076b801 --- /dev/null +++ b/_example/invalidConstraint/.gomodguard.yaml @@ -0,0 +1,28 @@ +allowed: + modules: + - github.com/pborman/uuid + domains: + - golang.org +blocked: + modules: + - github.com/uudashr/go-module: {} + versions: + - github.com/mitchellh/go-homedir: + version: "<= 1.1.0" + reason: "testing if blocked version constraint works." + - cloud.google.com/go/compute: + version: "!= 1.7.0" + - sigs.k8s.io/kustomize/kyaml: + version: "< 0.13.6" + - sigs.k8s.io/kustomize/kyaml: + version: "> 0.13.9" + - sigs.k8s.io/structured-merge-diff/v4: + version: "!= 4.2.1" + - sigs.k8s.io/structured-merge-diff/v4: + version: "!= 4.2.3" + - sigs.k8s.io/yaml: + version: "!= 1.3.0" + - github.com/gin-gonic/gin: + version: "== 1.9.1" + domains: [] + \ No newline at end of file diff --git a/_example/invalidConstraint/blocked_example_test.go b/_example/invalidConstraint/blocked_example_test.go new file mode 100644 index 0000000..e95925a --- /dev/null +++ b/_example/invalidConstraint/blocked_example_test.go @@ -0,0 +1,13 @@ +package example2 + +import ( + "errors" + "testing" + + "github.com/gin-gonic/gin" + "gotest.tools/v3/assert" +) + +func TestBlockedImport(t *testing.T) { //nolint + assert.Equal(t, errors.New("test"), gin.ErrorTypeBind) +} diff --git a/_example/invalidConstraint/go.mod b/_example/invalidConstraint/go.mod new file mode 100644 index 0000000..15fe231 --- /dev/null +++ b/_example/invalidConstraint/go.mod @@ -0,0 +1,36 @@ +module github.com/ryancurrah/example/example3 + +go 1.21 + +require ( + github.com/gin-gonic/gin v1.9.1 + gotest.tools/v3 v3.5.1 +) + +require ( + github.com/bytedance/sonic v1.9.1 // indirect + github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect + github.com/gabriel-vasile/mimetype v1.4.2 // indirect + github.com/gin-contrib/sse v0.1.0 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.14.0 // indirect + github.com/goccy/go-json v0.10.2 // indirect + github.com/google/go-cmp v0.5.9 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/leodido/go-urn v1.2.4 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/pelletier/go-toml/v2 v2.0.8 // indirect + github.com/twitchyliquid64/golang-asm v0.15.1 // indirect + github.com/ugorji/go/codec v1.2.11 // indirect + golang.org/x/arch v0.3.0 // indirect + golang.org/x/crypto v0.9.0 // indirect + golang.org/x/net v0.10.0 // indirect + golang.org/x/sys v0.8.0 // indirect + golang.org/x/text v0.9.0 // indirect + google.golang.org/protobuf v1.30.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/_example/invalidConstraint/go.sum b/_example/invalidConstraint/go.sum new file mode 100644 index 0000000..979c0e6 --- /dev/null +++ b/_example/invalidConstraint/go.sum @@ -0,0 +1,88 @@ +github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= +github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= +github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= +github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY= +github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams= +github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= +github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= +github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= +github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg= +github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= +github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js= +github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= +github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= +github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= +github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= +github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= +github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= +github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= +github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU= +github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= +golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= +golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k= +golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= +golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= +gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= +rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= diff --git a/blocked.go b/blocked.go index 2a6e5c2..df24b85 100644 --- a/blocked.go +++ b/blocked.go @@ -4,7 +4,7 @@ import ( "fmt" "strings" - "github.com/Masterminds/semver" + "github.com/Masterminds/semver/v3" ) // Blocked is a list of modules that are @@ -15,7 +15,7 @@ type Blocked struct { LocalReplaceDirectives bool `yaml:"local_replace_directives"` } -// BlockedVersion has a version constraint a reason why the the module version is blocked. +// BlockedVersion has a version constraint a reason why the module version is blocked. type BlockedVersion struct { Version string `yaml:"version"` Reason string `yaml:"reason"` @@ -23,24 +23,22 @@ type BlockedVersion struct { // IsLintedModuleVersionBlocked returns true if a version constraint is specified and the // linted module version matches the constraint. -func (r *BlockedVersion) IsLintedModuleVersionBlocked(lintedModuleVersion string) bool { +func (r *BlockedVersion) IsLintedModuleVersionBlocked(lintedModuleVersion string) (bool, error) { if r.Version == "" { - return false + return false, nil } constraint, err := semver.NewConstraint(r.Version) if err != nil { - return false + return true, err } version, err := semver.NewVersion(lintedModuleVersion) if err != nil { - return false + return true, err } - meet := constraint.Check(version) - - return meet + return constraint.Check(version), nil } // Message returns the reason why the module version is blocked. diff --git a/go.mod b/go.mod index f58e860..dd241d8 100644 --- a/go.mod +++ b/go.mod @@ -3,13 +3,20 @@ module github.com/ryancurrah/gomodguard go 1.21 require ( - github.com/Masterminds/semver v1.5.0 + github.com/Masterminds/semver/v3 v3.2.1 github.com/go-xmlfmt/xmlfmt v1.1.2 github.com/mitchellh/go-homedir v1.1.0 github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d + github.com/stretchr/testify v1.9.0 github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c golang.org/x/mod v0.16.0 gopkg.in/yaml.v2 v2.4.0 ) +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) + retract v1.2.1 // Originally tagged for commit hash that was subsequently removed, and replaced by another commit hash diff --git a/go.sum b/go.sum index 5ad3c11..15faa1e 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,17 @@ -github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= -github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-xmlfmt/xmlfmt v1.1.2 h1:Nea7b4icn8s57fTx1M5AI4qQT5HEM3rVUO8MuE6g80U= github.com/go-xmlfmt/xmlfmt v1.1.2/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d h1:CdDQnGF8Nq9ocOS/xlSptM1N3BbrA6/kmaep5ggwaIA= github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c h1:+aPplBwWcHBo6q9xrfWdMrT9o4kltkmmvpemgIjep/8= github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c/go.mod h1:SbErYREK7xXdsRiigaQiQkI9McGRzYMvlKYaP3Nimdk= golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= @@ -14,3 +20,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/cli/cli.go b/internal/cli/cli.go index 8e3a0eb..f99a75f 100644 --- a/internal/cli/cli.go +++ b/internal/cli/cli.go @@ -1,6 +1,7 @@ package cli import ( + "errors" "flag" "fmt" "log" @@ -25,7 +26,7 @@ const ( var ( configFile = ".gomodguard.yaml" logger = log.New(os.Stderr, "", 0) - errFindingConfigFile = fmt.Errorf("could not find config file") + errFindingConfigFile = errors.New("could not find config file") ) // Run the gomodguard linter. Returns the exit code to use. @@ -125,9 +126,10 @@ func GetConfig(configFile string) (*gomodguard.Configuration, error) { return nil, fmt.Errorf(errFindingHomedir, err) } - cfgFile := "" homeDirCfgFile := filepath.Join(home, configFile) + var cfgFile string + switch { case fileExists(configFile): cfgFile = configFile diff --git a/processor.go b/processor.go index 51038f3..970dbc4 100644 --- a/processor.go +++ b/processor.go @@ -22,12 +22,10 @@ const ( ) var ( - blockReasonNotInAllowedList = "import of package `%s` is blocked because the module is not in the " + - "allowed modules list." - blockReasonInBlockedList = "import of package `%s` is blocked because the module is in the " + - "blocked modules list." - blockReasonHasLocalReplaceDirective = "import of package `%s` is blocked because the module has a " + - "local replace directive." + blockReasonNotInAllowedList = "import of package `%s` is blocked because the module is not in the allowed modules list." + blockReasonInBlockedList = "import of package `%s` is blocked because the module is in the blocked modules list." + blockReasonHasLocalReplaceDirective = "import of package `%s` is blocked because the module has a local replace directive." + blockReasonInvalidVersionConstraint = "import of package `%s` is blocked because the version constraint is invalid." // startsWithVersion is used to test when a string begins with the version identifier of a module, // after having stripped the prefix base module name. IE "github.com/foo/bar/v2/baz" => "v2/baz" @@ -181,9 +179,21 @@ func (p *Processor) SetBlockedModules() { //nolint:funlen fmt.Sprintf("%s %s", blockReasonInBlockedList, blockModuleReason.Message())) } - if blockVersionReason != nil && blockVersionReason.IsLintedModuleVersionBlocked(lintedModuleVersion) { - blockedModules[lintedModuleName] = append(blockedModules[lintedModuleName], - fmt.Sprintf("%s %s", blockReasonInBlockedList, blockVersionReason.Message(lintedModuleVersion))) + if blockVersionReason != nil { + isVersBlocked, err := blockVersionReason.IsLintedModuleVersionBlocked(lintedModuleVersion) + + var msg string + + switch err { + case nil: + msg = fmt.Sprintf("%s %s", blockReasonInBlockedList, blockVersionReason.Message(lintedModuleVersion)) + default: + msg = fmt.Sprintf("%s %s", blockReasonInvalidVersionConstraint, err) + } + + if isVersBlocked { + blockedModules[lintedModuleName] = append(blockedModules[lintedModuleName], msg) + } } } @@ -223,6 +233,11 @@ func (p *Processor) isBlockedPackageFromModFile(packageName string) []string { return nil } +// loadGoModFile loads the contents of the go.mod file in the current working directory. +// It first checks the "GOMOD" environment variable to determine the path of the go.mod file. +// If the environment variable is not set or the file does not exist, it falls back to reading the go.mod file in the current directory. +// If the "GOMOD" environment variable is set to "/dev/null", it returns an error indicating that the current working directory must have a go.mod file. +// The function returns the contents of the go.mod file as a byte slice and any error encountered during the process. func loadGoModFile() ([]byte, error) { cmd := exec.Command("go", "env", "-json") stdout, _ := cmd.StdoutPipe() @@ -257,7 +272,7 @@ func loadGoModFile() ([]byte, error) { return os.ReadFile(goEnv["GOMOD"]) } -// isPackageInModule determines if a package is apart of the specified go module. +// isPackageInModule determines if a package is a part of the specified Go module. func isPackageInModule(pkg, mod string) bool { // Split pkg and mod paths into parts pkgPart := strings.Split(pkg, "/") diff --git a/processor_internal_test.go b/processor_internal_test.go index e103915..93ae23a 100644 --- a/processor_internal_test.go +++ b/processor_internal_test.go @@ -2,6 +2,10 @@ package gomodguard import ( "testing" + + "github.com/stretchr/testify/assert" + "golang.org/x/mod/modfile" + "golang.org/x/mod/module" ) func TestIsModuleBlocked(t *testing.T) { @@ -168,3 +172,216 @@ func Test_packageInModule(t *testing.T) { //nolint:funlen }) } } + +func TestProcessorSetBlockedModulesWithAllowList(t *testing.T) { + config := &Configuration{ + Allowed: Allowed{ + Modules: []string{ + "gopkg.in/yaml.v2", + "github.com/go-xmlfmt/xmlfmt", + "github.com/Masterminds/semver/v3", + "github.com/ryancurrah/gomodguard", + }, + Domains: []string{ + "golang.org", + }, + }, + Blocked: Blocked{ + Modules: BlockedModules{ + { + "github.com/uudashr/go-module": BlockedModule{ + Recommendations: []string{"golang.org/x/mod"}, + Reason: "`mod` is the official go.mod parser library.", + }, + }, + { + "github.com/gofrs/uuid": BlockedModule{ + Recommendations: []string{"github.com/ryancurrah/gomodguard"}, + Reason: "testing if module is not blocked when it is recommended.", + }, + }, + }, + Versions: BlockedVersions{ + { + "github.com/mitchellh/go-homedir": BlockedVersion{ + Version: "<= 1.1.0", + Reason: "testing if blocked version constraint works.", + }, + }, + }, + LocalReplaceDirectives: true, + }, + } + + modfile := &modfile.File{ + Module: &modfile.Module{ + Mod: module.Version{ + Path: "github.com/ryancurrah/gomodguard", + Version: "v1.0.0", + }, + }, + Require: []*modfile.Require{ + { + Mod: module.Version{ + Path: "gopkg.in/yaml.v2", + Version: "v2.4.0", + }, + }, + { + Mod: module.Version{ + Path: "github.com/uudashr/go-module", + Version: "v1.0.0", + }, + }, + { + Mod: module.Version{ + Path: "github.com/gofrs/uuid", + Version: "v1.2.3", + }, + }, + { + Mod: module.Version{ + Path: "github.com/mitchellh/go-homedir", + Version: "v1.0.0", + }, + }, + }, + Replace: []*modfile.Replace{ + { + Old: module.Version{ + Path: "github.com/gofrs/uuid", + Version: "v1.2.3", + }, + New: module.Version{ + Path: "/path/to/local/package", + Version: "", + }, + }, + }, + } + + processor := &Processor{ + Config: config, + Modfile: modfile, + } + + processor.SetBlockedModules() + + // Assert number of blocked modules + assert.Len(t, processor.blockedModulesFromModFile, 3) + + // Assert blocked modules + assert.Equal(t, + []string{"import of package `%s` is blocked because the module is in the blocked modules list. " + + "`golang.org/x/mod` is a recommended module. `mod` is the official go.mod parser library."}, + processor.blockedModulesFromModFile["github.com/uudashr/go-module"], + ) + + assert.Equal(t, + []string{"import of package `%s` is blocked because the module has a local replace directive."}, + processor.blockedModulesFromModFile["github.com/gofrs/uuid"], + ) + + assert.Equal(t, + []string{"import of package `%s` is blocked because the module is in the blocked modules list. " + + "version `v1.0.0` is blocked because it does not meet the version constraint `<= 1.1.0`. testing " + + "if blocked version constraint works."}, + processor.blockedModulesFromModFile["github.com/mitchellh/go-homedir"], + ) +} + +func TestProcessorSetBlockedModulesWithoutAllowList(t *testing.T) { + config := &Configuration{ + Blocked: Blocked{ + Modules: BlockedModules{ + { + "gotest.tools/v3": BlockedModule{ + Recommendations: []string{"github.com/stretchr/testify/assert"}, + Reason: "We have standardized on `github.com/stretchr/testify/assert`.", + }, + }, + }, + }, + } + + modfile := &modfile.File{ + Module: &modfile.Module{ + Mod: module.Version{ + Path: "github.com/ryancurrah/gomodguard", + Version: "v1.0.0", + }, + }, + Require: []*modfile.Require{ + { + Mod: module.Version{ + Path: "gotest.tools/v3", + Version: "v3.4.0", + }, + }, + }, + } + + processor := &Processor{ + Config: config, + Modfile: modfile, + } + + processor.SetBlockedModules() + + // Assert number of blocked modules + assert.Len(t, processor.blockedModulesFromModFile, 1) + + // Assert blocked modules + assert.Equal(t, + []string{"import of package `%s` is blocked because the module is in the blocked modules list. " + + "`github.com/stretchr/testify/assert` is a recommended module. We have standardized on `github.com/stretchr/testify/assert`."}, + processor.blockedModulesFromModFile["gotest.tools/v3"], + ) +} + +func TestProcessorSetBlockedModulesWithInvalidVersionConstraint(t *testing.T) { + config := &Configuration{ + Blocked: Blocked{ + Versions: BlockedVersions{ + { + "github.com/gin-gonic/gin": BlockedVersion{ + Version: "== 1.0.0", + }, + }, + }, + }, + } + + modfile := &modfile.File{ + Module: &modfile.Module{ + Mod: module.Version{ + Path: "github.com/ryancurrah/gomodguard", + Version: "v1.0.0", + }, + }, + Require: []*modfile.Require{ + { + Mod: module.Version{ + Path: "github.com/gin-gonic/gin", + Version: "v1.0.0", + }, + }, + }, + } + + processor := &Processor{ + Config: config, + Modfile: modfile, + } + + processor.SetBlockedModules() + + // Assert number of blocked modules + assert.Len(t, processor.blockedModulesFromModFile, 1) + + // Assert blocked modules + assert.Equal(t, + []string{"import of package `%s` is blocked because the version constraint is invalid. improper constraint: == 1.0.0"}, + processor.blockedModulesFromModFile["github.com/gin-gonic/gin"], + ) +} diff --git a/processor_test.go b/processor_test.go index 76b9784..150394d 100644 --- a/processor_test.go +++ b/processor_test.go @@ -20,11 +20,12 @@ func TestProcessorNewProcessor(t *testing.T) { }) if err != nil { t.Error(err) + return } } func TestProcessorProcessFiles(t *testing.T) { //nolint:funlen - err := os.Chdir("_example") + err := os.Chdir("_example/allOptions") if err != nil { t.Error(err) } @@ -39,7 +40,7 @@ func TestProcessorProcessFiles(t *testing.T) { //nolint:funlen Modules: []string{ "gopkg.in/yaml.v2", "github.com/go-xmlfmt/xmlfmt", - "github.com/Masterminds/semver", + "github.com/Masterminds/semver/v3", "github.com/ryancurrah/gomodguard", }, Domains: []string{ @@ -110,6 +111,7 @@ func TestProcessorProcessFiles(t *testing.T) { //nolint:funlen for _, tt := range tests { t.Run(tt.testName, func(t *testing.T) { tt.processor.SetBlockedModules() + results := tt.processor.ProcessFiles(filteredFiles) if len(results) == 0 {