Fix Go module path separators in remediation commands

packagehandlers/gopackagehandler.go

@@ -1,6 +1,8 @@
 package packagehandlers
 
 import (
+	"strings"
+
 	"github.com/jfrog/frogbot/v2/utils"
 	golangutils "github.com/jfrog/jfrog-cli-artifactory/artifactory/commands/golang"
 )
@@ -17,5 +19,11 @@ func (golang *GoPackageHandler) UpdateDependency(vulnDetails *utils.Vulnerabilit
 		}
 	}
 	// In Golang, we can address every dependency as a direct dependency.
-	return golang.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand())
+	normalizedVulnDetails := *vulnDetails
+	normalizedVulnDetails.ImpactedDependencyName = normalizeGoModulePath(vulnDetails.ImpactedDependencyName)
+	return golang.CommonPackageHandler.UpdateDependency(&normalizedVulnDetails, vulnDetails.Technology.GetPackageInstallationCommand())
+}
+
+func normalizeGoModulePath(packageName string) string {
+	return strings.ReplaceAll(packageName, ":", "/")
 }

packagehandlers/packagehandlers_test.go

@@ -395,6 +395,36 @@ func TestUpdateDependency(t *testing.T) {
 	}
 }
 
+func TestNormalizeGoModulePath(t *testing.T) {
+	testCases := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "keeps slash-separated module path",
+			input:    "go.opentelemetry.io/otel/sdk",
+			expected: "go.opentelemetry.io/otel/sdk",
+		},
+		{
+			name:     "converts colon-separated module path",
+			input:    "go.opentelemetry.io:otel:sdk",
+			expected: "go.opentelemetry.io/otel/sdk",
+		},
+		{
+			name:     "converts github module path",
+			input:    "github.com:golang:go",
+			expected: "github.com/golang/go",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.name, func(t *testing.T) {
+			assert.Equal(t, test.expected, normalizeGoModulePath(test.input))
+		})
+	}
+}
+
 func TestPipPackageRegex(t *testing.T) {
 	var pipPackagesRegexTests = []pipPackageRegexTest{
 		{"oslo.config", "oslo.config>=1.12.1,<1.13"},