Skip to content

Commit ad640c4

Browse files
committed
gobin: ignore flags in stdlib version
Signed-off-by: RTann <[email protected]>
1 parent 3f4919e commit ad640c4

File tree

2 files changed

+13
-5
lines changed

2 files changed

+13
-5
lines changed

gobin/exe.go

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,11 @@ func toPackages(ctx context.Context, out *[]*claircore.Package, p string, r io.R
5454
// TODO(hank) The "go version" is documented as the toolchain that produced
5555
// the binary, which may be distinct from the version of the stdlib used?
5656
// Need to investigate.
57-
runtimeVer, err := ParseVersion(strings.TrimPrefix(bi.GoVersion, "go"))
57+
// GoVersion only documents "go1.19.2" as an example, but something like
58+
// "go1.20.12 X:strictfipsruntime" has been seen in the wild, hence the call
59+
// to [strings.Cut]. This is necessary for accurate vulnerability matching.
60+
goVer, _, _ := strings.Cut(strings.TrimPrefix(bi.GoVersion, "go"), " ")
61+
runtimeVer, err := ParseVersion(goVer)
5862
switch {
5963
case errors.Is(err, nil):
6064
case errors.Is(err, ErrInvalidSemVer):
@@ -64,9 +68,13 @@ func toPackages(ctx context.Context, out *[]*claircore.Package, p string, r io.R
6468
}
6569

6670
*out = append(*out, &claircore.Package{
67-
Kind: claircore.BINARY,
68-
Name: "stdlib",
69-
Version: bi.GoVersion,
71+
Kind: claircore.BINARY,
72+
Name: "stdlib",
73+
// This was previously bi.GoVersion,
74+
// but it must be changed to ensure an entry
75+
// with the fixed NormalizedVersion is added to the
76+
// package table without requiring a migration.
77+
Version: goVer,
7078
PackageDB: pkgdb,
7179
Filepath: p,
7280
NormalizedVersion: runtimeVer,

gobin/gobin.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ type Detector struct{}
3535

3636
const (
3737
detectorName = `gobin`
38-
detectorVersion = `5`
38+
detectorVersion = `6`
3939
detectorKind = `package`
4040
)
4141

0 commit comments

Comments
 (0)