fix: use base-url for finding link (#196)

analyze/analyze.go

@@ -13,6 +13,7 @@ import (
 
 	"github.com/boostsecurityio/poutine/opa"
 	"github.com/boostsecurityio/poutine/providers/pkgsupply"
+	"github.com/boostsecurityio/poutine/providers/scm/domain"
 	"github.com/boostsecurityio/poutine/scanner"
 	"github.com/rs/zerolog/log"
 	"github.com/schollz/progressbar/v3"
@@ -274,7 +275,16 @@ func (a *Analyzer) generatePackageInsights(ctx context.Context, tempDir string,
 		return nil, fmt.Errorf("failed to get commit SHA: %w", err)
 	}
 
-	purl, _ := models.NewPurl(fmt.Sprintf("pkg:%s/%s", repo.GetProviderName(), repo.GetRepoIdentifier()))
+	var (
+		purl   models.Purl
+		domain = a.ScmClient.GetProviderBaseURL()
+	)
+	if domain != scm_domain.DefaultGitHubDomain && domain != scm_domain.DefaultGitLabDomain {
+		purl, _ = models.NewPurl(fmt.Sprintf("pkg:%s/%s?repository_url=%s", repo.GetProviderName(), repo.GetRepoIdentifier(), domain))
+	} else {
+		purl, _ = models.NewPurl(fmt.Sprintf("pkg:%s/%s", repo.GetProviderName(), repo.GetRepoIdentifier()))
+	}
+
 	switch ref {
 	case "HEAD", "":
 		ref, err = a.GitClient.GetRepoHeadBranchName(ctx, tempDir)

cmd/root.go

@@ -11,6 +11,7 @@ import (
 	"github.com/boostsecurityio/poutine/opa"
 	"github.com/boostsecurityio/poutine/providers/gitops"
 	"github.com/boostsecurityio/poutine/providers/scm"
+	"github.com/boostsecurityio/poutine/providers/scm/domain"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
@@ -26,7 +27,7 @@ import (
 var Format string
 var Verbose bool
 var ScmProvider string
-var ScmBaseURL scm.ScmBaseDomain
+var ScmBaseURL scm_domain.ScmBaseDomain
 var (
 	Version string
 	Commit  string

models/purl.go

@@ -2,8 +2,9 @@ package models
 
 import (
 	"fmt"
-	"github.com/package-url/packageurl-go"
 	"strings"
+
+	"github.com/package-url/packageurl-go"
 )
 
 type Purl struct {
@@ -45,11 +46,22 @@ func (p *Purl) FullName() string {
 
 func (p *Purl) Link() string {
 	repo := p.FullName()
+	qualifiers := p.Qualifiers.Map()
+	repoUrl := qualifiers["repository_url"]
+
 	if p.Type == "githubactions" || p.Type == "github" {
-		return fmt.Sprintf("https://github.com/%s", repo)
+		if repoUrl != "" {
+			return fmt.Sprintf("https://%s/%s", repoUrl, repo)
+		} else {
+			return fmt.Sprintf("https://github.com/%s", repo)
+		}
 	}
 	if p.Type == "gitlab" {
-		return fmt.Sprintf("https://gitlab.com/%s", repo)
+		if repoUrl != "" {
+			return fmt.Sprintf("https://%s/%s", repoUrl, repo)
+		} else {
+			return fmt.Sprintf("https://gitlab.com/%s", repo)
+		}
 	}
 	return ""
 }

models/purl_test.go

@@ -87,3 +87,44 @@ func TestPurlFromGithubActions(t *testing.T) {
 		}
 	}
 }
+
+func TestPurlLink(t *testing.T) {
+	cases := []struct {
+		name     string
+		purl     string
+		expected string
+	}{
+		// GitHub
+		{
+			name:     "github.com default",
+			purl:     "pkg:githubactions/actions/checkout@v4",
+			expected: "https://github.com/actions/checkout",
+		},
+		{
+			name:     "github custom base ",
+			purl:     "pkg:githubactions/actions/checkout@v4?repository_url=github.example.com",
+			expected: "https://github.example.com/actions/checkout",
+		},
+		// GitLab
+		{
+			name:     "gitlab.com default",
+			purl:     "pkg:gitlab/include/remote?download_url=https%3A%2F%2Fexample.com%2F.gitlab-ci.yml",
+			expected: "https://gitlab.com/include/remote",
+		},
+		{
+			name:     "gitlab custom base",
+			purl:     "pkg:gitlab/include/remote?download_url=https%3A%2F%2Fexample.com%2F.gitlab-ci.yml&repository_url=gitlab.example.com",
+			expected: "https://gitlab.example.com/include/remote",
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			p, err := NewPurl(c.purl)
+			assert.Nil(t, err)
+
+			link := p.Link()
+			assert.Equal(t, c.expected, link)
+		})
+	}
+}

providers/github/client.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/boostsecurityio/poutine/analyze"
+	"github.com/boostsecurityio/poutine/providers/scm/domain"
 	"github.com/rs/zerolog/log"
 
 	"github.com/gofri/go-github-ratelimit/github_ratelimit"
@@ -19,10 +20,9 @@ import (
 )
 
 const GitHub string = "github"
-const defaultDomain string = "github.com"
 
 func NewGithubSCMClient(ctx context.Context, baseURL string, token string) (*ScmClient, error) {
-	domain := defaultDomain
+	domain := scm_domain.DefaultGitHubDomain
 	if baseURL != "" {
 		domain = baseURL
 	}
@@ -150,7 +150,7 @@ func NewClient(ctx context.Context, token string, domain string) (*Client, error
 		graphQLClient *githubv4.Client
 	)
 
-	if domain == defaultDomain {
+	if domain == scm_domain.DefaultGitHubDomain {
 		graphQLClient = githubv4.NewClient(httpClient)
 	} else {
 		baseURL := fmt.Sprintf("https://%s/", domain)

providers/gitlab/client.go

@@ -8,13 +8,14 @@ import (
 	"strings"
 
 	"github.com/boostsecurityio/poutine/analyze"
+	"github.com/boostsecurityio/poutine/providers/scm/domain"
 	"github.com/xanzy/go-gitlab"
 )
 
 const GitLab string = "gitlab"
 
 func NewGitlabSCMClient(ctx context.Context, baseURL string, token string) (*ScmClient, error) {
-	domain := "gitlab.com"
+	domain := scm_domain.DefaultGitLabDomain
 	if baseURL != "" {
 		domain = baseURL
 	}

providers/scm/scm_domain.go → providers/scm/domain/scm_domain.go

@@ -1,10 +1,13 @@
-package scm
+package scm_domain
 
 import "strings"
 
 // ScmBaseDomain represent the base domain for a SCM provider.
 type ScmBaseDomain string
 
+const DefaultGitHubDomain string = "github.com"
+const DefaultGitLabDomain string = "gitlab.com"
+
 var schemePrefixes = []string{"https://", "http://"}
 
 func (d *ScmBaseDomain) Set(value string) error {

providers/scm/scm_domain_test.go → providers/scm/domain/scm_domain_test.go

@@ -1,4 +1,4 @@
-package scm
+package scm_domain
 
 import "testing"