Merge branch 'main' into action-doc-change

hayleycd · Dec 27, 2023 · 54f8a22 · 54f8a22
2 parents 9afdc04 + dd30864
commit 54f8a22
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 44 deletions.
diff --git a/cmd/osv-scanner/main_test.go b/cmd/osv-scanner/main_test.go
@@ -623,7 +623,7 @@ func TestRun_LockfileWithExplicitParseAs(t *testing.T) {
 			args:         []string{"", "--lockfile=go.mod:./fixtures/locks-many/replace-local.mod"},
 			wantExitCode: 0,
 			wantStdout: `
-				Scanned <rootdir>/fixtures/locks-many/replace-local.mod file as a go.mod and found 2 packages
+				Scanned <rootdir>/fixtures/locks-many/replace-local.mod file as a go.mod and found 1 package
 				Filtered 1 local package/s from the scan.
 				No issues found
 			`,

diff --git a/pkg/lockfile/parse-go-lock.go b/pkg/lockfile/parse-go-lock.go
@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/google/osv-scanner/internal/semantic"
 	"golang.org/x/mod/modfile"
 )
 
@@ -82,6 +83,24 @@ func (e GoLockExtractor) Extract(f DepFile) ([]PackageDetails, error) {
 		}
 	}
 
+	if parsedLockfile.Go != nil && parsedLockfile.Go.Version != "" {
+		v := semantic.ParseSemverLikeVersion(parsedLockfile.Go.Version, 3)
+
+		goVersion := fmt.Sprintf(
+			"%d.%d.%d",
+			v.Components.Fetch(0),
+			v.Components.Fetch(1),
+			v.Components.Fetch(2),
+		)
+
+		packages["stdlib"] = PackageDetails{
+			Name:      "stdlib",
+			Version:   goVersion,
+			Ecosystem: GoEcosystem,
+			CompareAs: GoEcosystem,
+		}
+	}
+
 	return pkgDetailsMapToSlice(deduplicatePackages(packages)), nil
 }
 

diff --git a/pkg/lockfile/parse-go-lock_test.go b/pkg/lockfile/parse-go-lock_test.go
@@ -130,6 +130,12 @@ func TestParseGoLock_TwoPackages(t *testing.T) {
 			Ecosystem: lockfile.GoEcosystem,
 			CompareAs: lockfile.GoEcosystem,
 		},
+		{
+			Name:      "stdlib",
+			Version:   "1.17.0",
+			Ecosystem: lockfile.GoEcosystem,
+			CompareAs: lockfile.GoEcosystem,
+		},
 	})
 }
 
@@ -173,6 +179,12 @@ func TestParseGoLock_IndirectPackages(t *testing.T) {
 			Ecosystem: lockfile.GoEcosystem,
 			CompareAs: lockfile.GoEcosystem,
 		},
+		{
+			Name:      "stdlib",
+			Version:   "1.17.0",
+			Ecosystem: lockfile.GoEcosystem,
+			CompareAs: lockfile.GoEcosystem,
+		},
 	})
 }
 

diff --git a/pkg/osvscanner/optional_enricher.go b/pkg/osvscanner/optional_enricher.go
diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go
@@ -357,8 +357,6 @@ func scanLockfile(r reporter.Reporter, path string, parseAs string) ([]scannedPa
 		return nil, err
 	}
 
-	addCompilerVersion(r, &parsedLockfile)
-
 	parsedAsComment := ""
 
 	if parseAs != "" {