fix golang coordinate to ensure valid coordinate

Signed-off-by: pxp928 <parth.psu@gmail.com>

Author: pxp928

coordinates/coordinates.go

@@ -20,6 +20,7 @@ import (
 	"strings"
 
 	purl "github.com/package-url/packageurl-go"
+	"golang.org/x/mod/semver"
 )
 
 type Coordinate struct {
@@ -238,7 +239,7 @@ func ConvertPurlToCoordinate(purlUri string) (*Coordinate, error) {
 			Provider:       pkg.Type,
 			Namespace:      emptyToHyphen(strings.ReplaceAll(pkg.Namespace, "/", "%2f")),
 			Name:           pkg.Name,
-			Revision:       "v" + pkg.Version,
+			Revision:       ensureSemverPrefixGolang(pkg.Version),
 		}, nil
 	case "maven":
 		// maven is a unique case where it can have 3 Providers
@@ -307,3 +308,18 @@ func emptyToHyphen(namespace string) string {
 		return namespace
 	}
 }
+
+// ensureSemverPrefixGolang checks if the version string is valid SemVer and ensures it starts with "v" for golang version
+func ensureSemverPrefixGolang(version string) string {
+	if semver.IsValid(version) {
+		return version
+	}
+
+	vPrefixed := "v" + version
+	if semver.IsValid(vPrefixed) {
+		return vPrefixed
+	}
+
+	// If not a valid SemVer, return as-is
+	return version
+}

coordinates/coordinates_test.go

@@ -160,7 +160,8 @@ func TestConvertPurlToCoordinate(t *testing.T) {
 				Revision:       "244fd47e07d1004",
 			},
 			wantErr: false,
-		}, {
+		},
+		{
 			Name:    "golang",
 			purlUri: "pkg:golang/cloud.google.com/go/compute@1.23.0",
 			want: &Coordinate{
@@ -172,6 +173,18 @@ func TestConvertPurlToCoordinate(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			Name:    "golang",
+			purlUri: "pkg:golang/github.com/aws/aws-lambda-go@v1.46.0",
+			want: &Coordinate{
+				CoordinateType: "go",
+				Provider:       "golang",
+				Namespace:      "github.com%2faws",
+				Name:           "aws-lambda-go",
+				Revision:       "v1.46.0",
+			},
+			wantErr: false,
+		},
 		{
 			Name:    "golang",
 			purlUri: "pkg:golang/context@234fd47e07d1004f0aed9c#api",
@@ -180,7 +193,7 @@ func TestConvertPurlToCoordinate(t *testing.T) {
 				Provider:       "golang",
 				Namespace:      "-",
 				Name:           "context",
-				Revision:       "v234fd47e07d1004f0aed9c",
+				Revision:       "234fd47e07d1004f0aed9c",
 			},
 			wantErr: false,
 		}, {

go.mod

@@ -2,4 +2,7 @@ module github.com/guacsec/sw-id-core
 
 go 1.23.3
 
-require github.com/package-url/packageurl-go v0.1.3 // indirect
+require (
+	github.com/package-url/packageurl-go v0.1.3
+	golang.org/x/mod v0.24.0
+)

go.sum

@@ -1,2 +1,4 @@
 github.com/package-url/packageurl-go v0.1.3 h1:4juMED3hHiz0set3Vq3KeQ75KD1avthoXLtmE3I0PLs=
 github.com/package-url/packageurl-go v0.1.3/go.mod h1:nKAWB8E6uk1MHqiS/lQb9pYBGH2+mdJ2PJc2s50dQY0=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=