Skip to content

Commit

Permalink
Actually show the patch for stdlib we applied.
Browse files Browse the repository at this point in the history
  • Loading branch information
@another-rex
another-rex committed Feb 4, 2025
1 parent 9df9c00 commit 1baf4ed
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 21 deletions.
42 changes: 21 additions & 21 deletions cmd/osv-scanner/__snapshots__/main_test.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1085,15 +1085,15 @@ Scanned <rootdir>/fixtures/call-analysis-go-project/go.mod file and found 4 pack
+-------------------------------------+------+-----------+-----------------------------+---------+------------------------------------------+
| https://osv.dev/GO-2023-1558 | 5.9 | Go | github.com/ipfs/go-bitfield | 1.0.0 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GHSA-2h6c-j3gf-xp9r | | | | | |
| https://osv.dev/GO-2023-2375 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2102 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2185 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2382 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2598 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2599 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2687 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2887 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2025-3373 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2375 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2102 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2185 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2382 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2598 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2599 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2687 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2887 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2025-3373 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
+-------------------------------------+------+-----------+-----------------------------+---------+------------------------------------------+
| Uncalled vulnerabilities | | | | | |
+-------------------------------------+------+-----------+-----------------------------+---------+------------------------------------------+
Expand All @@ -1107,18 +1107,18 @@ Scanned <rootdir>/fixtures/call-analysis-go-project/go.mod file and found 4 pack
| https://osv.dev/GHSA-x92r-3vfx-4cv3 | | | | | |
| https://osv.dev/GO-2024-2937 | 8.7 | Go | golang.org/x/image | 0.4.0 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GHSA-9phm-fm57-rhg8 | | | | | |
| https://osv.dev/GO-2023-2041 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2043 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2186 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2600 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2609 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2610 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2888 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2963 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-3105 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-3106 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-3107 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2025-3420 | | Go | stdlib | 1.19 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2041 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2043 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2023-2186 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2600 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2609 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2610 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2888 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-2963 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-3105 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-3106 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2024-3107 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
| https://osv.dev/GO-2025-3420 | | Go | stdlib | 1.19.99 | fixtures/call-analysis-go-project/go.mod |
+-------------------------------------+------+-----------+-----------------------------+---------+------------------------------------------+

---
Expand Down
14 changes: 14 additions & 0 deletions internal/imodels/imodels.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package imodels

import (
"fmt"
"log"
"strings"

Expand All @@ -17,6 +18,7 @@ import (
"github.com/google/osv-scanner/v2/internal/imodels/ecosystem"
"github.com/google/osv-scanner/v2/internal/scalibrextract/language/javascript/nodemodules"
"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
"github.com/google/osv-scanner/v2/internal/semantic"
"github.com/google/osv-scanner/v2/pkg/models"
"github.com/ossf/osv-schema/bindings/go/osvschema"

Expand Down Expand Up @@ -125,6 +127,18 @@ func (pkg *PackageInfo) Version() string {
return pkg.purlCache.Version
}

if pkg.Ecosystem().Ecosystem == osvschema.EcosystemGo && pkg.Name() == "stdlib" {
v := semantic.ParseSemverLikeVersion(pkg.Inventory.Version, 3)
if len(v.Components) == 2 {
return fmt.Sprintf(
"%d.%d.%d",
v.Components.Fetch(0),
v.Components.Fetch(1),
99,
)
}
}

return pkg.Inventory.Version
}

Expand Down

0 comments on commit 1baf4ed

Please sign in to comment.