added Go indexer and scanner

pom.xml

@@ -13,7 +13,7 @@
         <maven.compiler.release>21</maven.compiler.release>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
-        <sonar.crypto.plugin.version>1.4.8</sonar.crypto.plugin.version>
+        <sonar.crypto.plugin.version>1.5.1</sonar.crypto.plugin.version>
         <sonar.plugin.api.version>13.3.0.3209</sonar.plugin.api.version>
         <sonar.plugin.api.impl.version>25.8.0.112029</sonar.plugin.api.impl.version>
 

src/main/java/org/pqca/indexing/IndexingService.java

@@ -46,9 +46,9 @@ public abstract class IndexingService {
     private static final Logger LOGGER = LoggerFactory.getLogger(IndexingService.class);
 
     @Nullable private final IProgressDispatcher progressDispatcher;
-    @Nonnull private final String languageIdentifier;
-    @Nonnull private final String languageFileExtension;
-    @Nonnull private File baseDirectory;
+    @Nonnull protected final String languageIdentifier;
+    @Nonnull protected final String languageFileExtension;
+    @Nonnull protected File baseDirectory;
     @Nullable private IBuildType mainBuildType;
 
     private List<Pattern> excludePatterns = new ArrayList<Pattern>();
@@ -178,12 +178,11 @@ void collectInputFiles(
                 }
                 continue;
             }
-            if (file.getName().endsWith(this.languageFileExtension)
-                    && !this.excludeFromIndexing(file)) {
+            if (this.isLanguageFile(file) && !this.excludeFromIndexing(file)) {
                 try {
                     final TestInputFileBuilder builder =
                             createTestFileBuilder(projectDirectory, file);
-                    builder.setLanguage(this.languageIdentifier);
+                    builder.setLanguage(getLanguage(file));
                     inputFiles.add(builder.build());
                 } catch (IOException iox) {
                     LOGGER.debug(iox.getLocalizedMessage());
@@ -233,5 +232,13 @@ protected String getProjectIdentifier(@Nonnull File directory) {
 
     public abstract boolean isModule(@Nonnull File directory);
 
+    protected boolean isLanguageFile(@Nonnull File file) {
+        return file.getName().endsWith(languageFileExtension);
+    }
+
+    protected String getLanguage(File file) {
+        return this.languageIdentifier;
+    }
+
     @Nullable public abstract IBuildType getMainBuildTypeFromModuleDirectory(@Nonnull File directory);
 }

src/main/java/org/pqca/indexing/go/GoBuildType.java

@@ -0,0 +1,28 @@
+/*
+ * CBOMkit-lib
+ * Copyright (C) 2025 PQCA
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pqca.indexing.go;
+
+import org.pqca.indexing.IBuildType;
+
+public enum GoBuildType implements IBuildType {
+    GO,
+    MAVEN,
+    GRADLE
+}

src/main/java/org/pqca/indexing/go/GoIndexService.java

@@ -0,0 +1,102 @@
+/*
+ * CBOMkit-lib
+ * Copyright (C) 2024 PQCA
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pqca.indexing.go;
+
+import jakarta.annotation.Nonnull;
+import java.io.File;
+import java.util.List;
+import javax.annotation.Nullable;
+import org.pqca.indexing.IBuildType;
+import org.pqca.indexing.IndexingService;
+import org.pqca.progress.IProgressDispatcher;
+
+public final class GoIndexService extends IndexingService {
+
+    public GoIndexService(@Nonnull File baseDirectory) {
+        this(null, baseDirectory);
+    }
+
+    public GoIndexService(
+            @Nullable IProgressDispatcher progressDispatcher, @Nonnull File baseDirectory) {
+        super(progressDispatcher, baseDirectory, "go", ".go");
+        this.setExcludePatterns(null);
+    }
+
+    public void setExcludePatterns(@Nullable List<String> patterns) {
+        if (patterns == null) {
+            super.setExcludePatterns(List.of("test/", "_test.go$"));
+        } else {
+            super.setExcludePatterns(patterns);
+        }
+    }
+
+    @Override
+    public boolean isModule(@Nonnull File directory) {
+        if (!directory.isDirectory()) {
+            return false;
+        }
+        for (String buildFileName :
+                List.of("go.mod", "pom.xml", "build.gradle", "build.gradle.kts")) {
+            final File file = new File(directory, buildFileName);
+            if (file.exists() && file.isFile()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @Override
+    public boolean isLanguageFile(@Nonnull File file) {
+        return file.getName().endsWith(languageFileExtension) || file.getName().equals("go.mod");
+    }
+
+    @Override
+    public String getLanguage(File file) {
+        if (file.getName().equals("go.mod")) {
+            return "gomod";
+        }
+        return this.languageIdentifier;
+    }
+
+    @Override
+    @Nullable public IBuildType getMainBuildTypeFromModuleDirectory(@Nonnull File directory) {
+        if (!directory.isDirectory()) {
+            return null;
+        }
+        // go
+        final File goModFile = new File(directory, "go.mod");
+        if (goModFile.exists() && goModFile.isFile()) {
+            return GoBuildType.GO;
+        }
+        // maven
+        final File pomFile = new File(directory, "pom.xml");
+        if (pomFile.exists() && pomFile.isFile()) {
+            return GoBuildType.MAVEN;
+        }
+        // gradle
+        for (String gradleFileName : List.of("build.gradle", "build.gradle.kts")) {
+            final File gradleFile = new File(directory, gradleFileName);
+            if (gradleFile.exists() && gradleFile.isFile()) {
+                return GoBuildType.GRADLE;
+            }
+        }
+        return null;
+    }
+}

src/main/java/org/pqca/scanning/IScannerService.java

@@ -23,10 +23,11 @@
 import jakarta.annotation.Nonnull;
 import java.util.List;
 import java.util.function.Consumer;
+import org.pqca.errors.ClientDisconnected;
 import org.pqca.indexing.ProjectModule;
 
 public interface IScannerService extends Consumer<List<INode>> {
 
     @Nonnull
-    ScanResultDTO scan(@Nonnull List<ProjectModule> index) throws Exception;
+    ScanResultDTO scan(@Nonnull List<ProjectModule> index) throws ClientDisconnected;
 }

src/main/java/org/pqca/scanning/Language.java

@@ -0,0 +1,26 @@
+/*
+ * CBOMkit-lib
+ * Copyright (C) 2024 PQCA
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pqca.scanning;
+
+public enum Language {
+    JAVA,
+    PYTHON,
+    GO
+}

src/main/java/org/pqca/scanning/go/GoDetectionCollectionRule.java

@@ -0,0 +1,46 @@
+/*
+ * CBOMkit-lib
+ * Copyright (C) 2024 PQCA
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pqca.scanning.go;
+
+import com.ibm.engine.detection.Finding;
+import com.ibm.engine.language.go.GoScanContext;
+import com.ibm.mapper.model.INode;
+import com.ibm.plugin.rules.GoInventoryRule;
+import jakarta.annotation.Nonnull;
+import java.util.List;
+import java.util.function.Consumer;
+import org.sonar.go.symbols.Symbol;
+import org.sonar.plugins.go.api.Tree;
+import org.sonar.plugins.go.api.checks.GoCheck;
+
+public class GoDetectionCollectionRule extends GoInventoryRule {
+    private final Consumer<List<INode>> handler;
+
+    public GoDetectionCollectionRule(@Nonnull Consumer<List<INode>> findingConsumer) {
+        this.handler = findingConsumer;
+    }
+
+    @Override
+    public void update(@Nonnull Finding<GoCheck, Tree, Symbol, GoScanContext> finding) {
+        super.update(finding);
+        final List<INode> nodes = goTranslationProcess.initiate(finding.detectionStore());
+        handler.accept(nodes);
+    }
+}