require 'spec_helper' RSpec.describe "modules" do before do # Delete go module cache system('rm -fr ~/.local/pkg') system('rm -fr /opt/asdf/installs/golang/**/packages/pkg/') end include_examples "each report version", "go", "modules" ['1.11', '1.12', '1.13', '1.14'].each do |version| context "when scanning a go.mod and go.sum files with v#{version}" do subject { runner.scan } before do runner.add_file('main.go', fixture_file_content('go/main.go')) runner.add_file('go.mod', fixture_file_content('go/go.mod')) runner.add_file('go.sum', fixture_file_content('go/go.sum')) runner.add_file('.tool-versions', "golang #{version}") end specify do expect(subject).to match_schema expect(subject[:licenses]).not_to be_empty expect(subject.dependency_names).to match_array([ "cloud.google.com/go", "github.com/davecgh/go-spew", "github.com/dimfeld/httptreemux/v5", "github.com/go-logfmt/logfmt", "github.com/golang/protobuf", "github.com/google/uuid", "github.com/pmezard/go-difflib", "github.com/stretchr/objx", "github.com/stretchr/testify", "golang.org/x/net", "golang.org/x/oauth2", "golang.org/x/sync", "golang.org/x/text", "google.golang.org/appengine", "gopkg.in/check.v1", "gopkg.in/yaml.v2" ]) expect(subject.licenses_for('github.com/dimfeld/httptreemux/v5')).to match_array(['MIT']) expect(subject.licenses_for('github.com/go-logfmt/logfmt')).to match_array(['MIT']) expect(subject.licenses_for('github.com/google/uuid')).to match_array(['BSD-3-Clause']) expect(subject.licenses_for('github.com/stretchr/testify')).to match_array(['MIT']) expect(subject.licenses_for('golang.org/x/oauth2')).to match_array(['BSD-3-Clause']) end end end context "when scanning the `gitaly` project" do subject { runner.scan } before do runner.clone('https://gitlab.com/gitlab-org/gitaly.git') end specify do expect(subject).to match_schema expect(subject[:licenses]).not_to be_empty expect(subject[:dependencies]).not_to be_empty end end context "when scanning a project with vendored modules" do subject { runner.scan } before do runner.mount(dir: fixture_file('go/1.14-vendored-modules')) end specify do expect(subject).to match_schema expect(subject.dependency_names).to match_array([ "github.com/davecgh/go-spew", "github.com/konsorten/go-windows-terminal-sequences", "github.com/pmezard/go-difflib", "github.com/sirupsen/logrus", "github.com/stretchr/testify", "golang.org/x/sys" ]) expect(subject.licenses_for("github.com/davecgh/go-spew")).to match_array(['unknown']) expect(subject.licenses_for("github.com/konsorten/go-windows-terminal-sequences")).to match_array(['MIT']) expect(subject.licenses_for("github.com/pmezard/go-difflib")).to match_array(['unknown']) expect(subject.licenses_for("github.com/sirupsen/logrus")).to match_array(['MIT']) expect(subject.licenses_for("github.com/stretchr/testify")).to match_array(['unknown']) expect(subject.licenses_for("golang.org/x/sys")).to match_array(['BSD-3-Clause']) end end context "when scanning a project sourced from a TLS endpoint with a X.509 certificate signed by a private authority" do subject { runner.scan(env: env) } before do add_host('goproxy.test', '127.0.0.1') start_proxy_server runner.mount(dir: fixture_file('go/1.14-ignore-tls')) end context "when the CA certificate is provided" do let(:env) do { 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read, 'GOPROXY' => 'https://goproxy.test' } end specify do expect(subject).to match_schema expect(subject.dependency_names).to match_array([ "github.com/davecgh/go-spew", "github.com/google/go-cmp", "github.com/google/licenseclassifier", "github.com/pmezard/go-difflib", "github.com/sergi/go-diff", "github.com/stretchr/objx", "github.com/stretchr/testify" ]) end end context "when the CA certificate is NOT provided" do let(:env) { { 'GOPROXY' => 'https://goproxy.test' } } specify do expect(subject).to match_schema expect(subject.dependency_names).to be_empty end end end end