From 4105c7810162d5008dce5ed42389543bcf8ba314 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Cort=C3=AAs?= <mrfyda@gmail.com>
Date: Sun, 30 Jun 2024 09:12:30 +0100
Subject: [PATCH] fix: Try writing file in /tmp

---
 internal/tool/golang.go | 55 +++++++++++++++++++++++++++++++++++++++--
 internal/tool/tool.go   |  2 +-
 2 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/internal/tool/golang.go b/internal/tool/golang.go
index 749eacd..1fe6a77 100644
--- a/internal/tool/golang.go
+++ b/internal/tool/golang.go
@@ -2,6 +2,7 @@ package tool
 
 import (
 	"bufio"
+	"io"
 	"os"
 	"path/filepath"
 	"strings"
@@ -9,14 +10,24 @@ import (
 	"github.com/samber/lo"
 )
 
-func patchGoModFilesForStdlib(dir string, files []string) {
+func patchGoModFilesForStdlib(srcDir string, files []string) string {
+	// Copy the files to a temporary directory because /src is read-only
+	dstDir := "/tmp/src"
+	if err := CopyFiles(files, srcDir, dstDir); err != nil {
+		return srcDir
+	}
+
+	// Find and patch the go.mod files
 	lo.ForEach(files, func(file string, _ int) {
 		if strings.HasSuffix(file, "go.mod") {
-			patchGoModFileForStdlib(filepath.Join(dir, file))
+			patchGoModFileForStdlib(filepath.Join(dstDir, file))
 		}
 	})
+
+	return dstDir
 }
 
+// Find lines in go.mod files that specify the Go version and replace them with a require statement for the stdlib module.
 func patchGoModFileForStdlib(filename string) {
 	tempFilename := filename + ".tmp"
 
@@ -75,3 +86,43 @@ func patchGoModFileForStdlib(filename string) {
 		return
 	}
 }
+
+// CopyFiles copies specific files from the source directory to the destination directory.
+func CopyFiles(files []string, srcDir string, dstDir string) error {
+	for _, file := range files {
+		srcPath := filepath.Join(srcDir, file)
+		dstPath := filepath.Join(dstDir, file)
+
+		// Ensure the destination directory exists
+		if err := os.MkdirAll(filepath.Dir(dstPath), os.ModePerm); err != nil {
+			return err
+		}
+
+		// Copy the file
+		if err := CopyFile(srcPath, dstPath); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// CopyFile copies a single file from src to dst.
+func CopyFile(src, dst string) error {
+	sourceFile, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer sourceFile.Close()
+
+	destinationFile, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+	defer destinationFile.Close()
+
+	if _, err := io.Copy(destinationFile, sourceFile); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/internal/tool/tool.go b/internal/tool/tool.go
index 193b6ae..8e170ec 100644
--- a/internal/tool/tool.go
+++ b/internal/tool/tool.go
@@ -82,7 +82,7 @@ func (t codacyTrivy) runVulnerabilityScanning(ctx context.Context, toolExecution
 	// Workaround for detecting vulnerabilities in the Go standard library.
 	// Mimics the behavior of govulncheck by replacing the go version directive with a require statement for stdlib. https://go.dev/blog/govulncheck
 	// This is only supported by Trivy for Go binaries. https://github.com/aquasecurity/trivy/issues/4133
-	patchGoModFilesForStdlib(toolExecution.SourceDir, *toolExecution.Files)
+	toolExecution.SourceDir = patchGoModFilesForStdlib(toolExecution.SourceDir, *toolExecution.Files)
 
 	config := flag.Options{
 		GlobalOptions: flag.GlobalOptions{