Refactor Go package handler: add v prefix, go mod tidy, and rename to GoPackageUpdater

- Add 'v' prefix to Go module versions (fixes: go get invalid version error)
- Run 'go mod tidy' after 'go get' to ensure go.mod and go.sum consistency
- Set GOFLAGS=-mod=mod for predictable module behavior
- Add debug logging for command output (warnings, etc.)
- Remove CommonPackageHandler dependency - Go handler is now fully independent
- Rename GoPackageHandler -> GoPackageUpdater (better name for future dependency bump feature)
- Change receiver from 'golang' to 'gpu' for clarity
- Follows Dependabot/Renovate best practices

Author: eyalk007

packagehandlers/commonpackagehandler.go

@@ -23,7 +23,7 @@ type PackageHandler interface {
 func GetCompatiblePackageHandler(vulnDetails *utils.VulnerabilityDetails, details *utils.ScanDetails) (handler PackageHandler) {
 	switch vulnDetails.Technology {
 	case techutils.Go:
-		handler = &GoPackageHandler{}
+		handler = &GoPackageUpdater{}
 	case techutils.Poetry:
 		handler = &PythonPackageHandler{}
 	case techutils.Pipenv:

packagehandlers/gopackagehandler.go

@@ -8,34 +8,41 @@ import (
 
 	"github.com/jfrog/frogbot/v2/utils"
 	golangutils "github.com/jfrog/jfrog-cli-artifactory/artifactory/commands/golang"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 )
 
-type GoPackageHandler struct {
-	CommonPackageHandler
+type GoPackageUpdater struct {
+	serverDetails *config.ServerDetails
+	depsRepo      string
 }
 
-func (golang *GoPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error {
-	if golang.depsRepo != "" {
-		if err := golangutils.SetArtifactoryAsResolutionServer(golang.serverDetails, golang.depsRepo, golangutils.GoProxyUrlParams{}); err != nil {
+func (gpu *GoPackageUpdater) SetCommonParams(serverDetails *config.ServerDetails, depsRepo string) {
+	gpu.serverDetails = serverDetails
+	gpu.depsRepo = depsRepo
+}
+
+func (gpu *GoPackageUpdater) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error {
+	if gpu.depsRepo != "" {
+		if err := golangutils.SetArtifactoryAsResolutionServer(gpu.serverDetails, gpu.depsRepo, golangutils.GoProxyUrlParams{}); err != nil {
 			return err
 		}
 	}
 
-	env := golang.allowLockfileManipulation()
+	env := gpu.allowLockfileManipulation()
 
-	if err := golang.updateDependency(vulnDetails, env); err != nil {
+	if err := gpu.updateDependency(vulnDetails, env); err != nil {
 		return err
 	}
 
-	return golang.tidyLockfiles(env)
+	return gpu.tidyLockfiles(env)
 }
 
-func (golang *GoPackageHandler) allowLockfileManipulation() []string {
+func (gpu *GoPackageUpdater) allowLockfileManipulation() []string {
 	return append(os.Environ(), "GOFLAGS=-mod=mod")
 }
 
-func (golang *GoPackageHandler) updateDependency(vulnDetails *utils.VulnerabilityDetails, env []string) error {
+func (gpu *GoPackageUpdater) updateDependency(vulnDetails *utils.VulnerabilityDetails, env []string) error {
 	impactedPackage := strings.ToLower(vulnDetails.ImpactedDependencyName)
 	fixedVersion := strings.TrimSpace(vulnDetails.SuggestedFixedVersion)
 
@@ -47,19 +54,29 @@ func (golang *GoPackageHandler) updateDependency(vulnDetails *utils.Vulnerabilit
 	log.Debug(fmt.Sprintf("Running 'go get %s'", fixedPackage))
 
 	//#nosec G204 -- False positive - the subprocess only runs after the user's approval.
-	if output, err := cmd.CombinedOutput(); err != nil {
+	output, err := cmd.CombinedOutput()
+	if len(output) > 0 {
+		log.Debug(fmt.Sprintf("go get output:\n%s", string(output)))
+	}
+
+	if err != nil {
 		return fmt.Errorf("go get failed: %s\n%s", err.Error(), output)
 	}
 	return nil
 }
 
-func (golang *GoPackageHandler) tidyLockfiles(env []string) error {
+func (gpu *GoPackageUpdater) tidyLockfiles(env []string) error {
 	cmd := exec.Command("go", "mod", "tidy")
 	cmd.Env = env
 	log.Debug("Running 'go mod tidy'")
 
 	//#nosec G204 -- False positive - the subprocess only runs after the user's approval.
-	if output, err := cmd.CombinedOutput(); err != nil {
+	output, err := cmd.CombinedOutput()
+	if len(output) > 0 {
+		log.Debug(fmt.Sprintf("go mod tidy output:\n%s", string(output)))
+	}
+
+	if err != nil {
 		return fmt.Errorf("go mod tidy failed: %s\n%s", err.Error(), output)
 	}
 	return nil