internal/vulncheck: emit fetch db and vuln checking progress messages Fixes golang/go#66872 Change-Id: I32c92767a62b3425bff0f1496c76e47170d39885 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/580216 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Cottrell <iancottrell@google.com>

commit: 086b27baf0be2baae021afc6bce0b55e41683a81 [log] [tgz]
author: Zvonimir Pavlinovic <zpavlinovic@google.com> Thu Apr 18 20:22:50 2024 +0000
committer: Zvonimir Pavlinovic <zpavlinovic@google.com> Thu Apr 18 21:53:05 2024 +0000
tree: e393461398153c7c6cceb60a34eb505903adacc9
parent: f3bc44a739cce2bd827f651bd1b67bac7500426e [diff]
diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_json.ct b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_json.ct
index 31e4806..b48f574 100644
--- a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_json.ct

@@ -18,6 +18,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0265",

diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vendored_json.ct b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vendored_json.ct
index f1435c2..94a8669 100644
--- a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vendored_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vendored_json.ct

@@ -18,6 +18,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0265",

diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-module/binary_module_json.ct b/cmd/govulncheck/testdata/common/testfiles/binary-module/binary_module_json.ct
index d41d68e..7eb8029 100644
--- a/cmd/govulncheck/testdata/common/testfiles/binary-module/binary_module_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/binary-module/binary_module_json.ct

@@ -18,6 +18,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0265",

diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-package/binary_package_json.ct b/cmd/govulncheck/testdata/common/testfiles/binary-package/binary_package_json.ct
index cac29b3..43e08c4 100644
--- a/cmd/govulncheck/testdata/common/testfiles/binary-package/binary_package_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/binary-package/binary_package_json.ct

@@ -18,6 +18,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0265",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_json.ct
index 8ab84e6..1f055c2 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_json.ct

@@ -18,6 +18,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0265",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_text.ct
index f03625a..ee2303f 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_text.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_text.ct

@@ -101,6 +101,10 @@
 $ govulncheck -C ${moddir}/vuln -show verbose ./... --> FAIL 3
 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Symbol Results ===
 
 Vulnerability #1: GO-2021-0265

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_json.ct
index f316fb6..58d7705 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_json.ct

@@ -19,6 +19,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0113",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_text.ct
index d6138db..5e03a39 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_text.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_text.ct

@@ -26,6 +26,10 @@
 $ govulncheck -show verbose -C ${moddir}/multientry -show=traces ./... --> FAIL 3
 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Symbol Results ===
 
 Vulnerability #1: GO-2021-0113

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_replace_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_replace_json.ct
index bf64357..c94fef5 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-call/source_replace_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-call/source_replace_json.ct

@@ -19,6 +19,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0113",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_json.ct
index 3c1fca2..5464bf8 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_json.ct

@@ -19,6 +19,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0265",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_text.ct
index 10f7e79..b0bd512 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_text.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_text.ct

@@ -3,6 +3,10 @@
 $ govulncheck -C ${moddir}/vendored -show verbose ./... --> FAIL 3
 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Symbol Results ===
 
 Vulnerability #1: GO-2021-0265

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_json.ct
index fff1190..f27ec8d 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_json.ct

@@ -19,6 +19,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0113",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_text.ct
index 6385111..d0f0988 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_text.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_text.ct

@@ -22,6 +22,10 @@
 $ govulncheck -scan module -show verbose -C ${moddir}/multientry --> FAIL 3
 Scanning your code across 2 dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Module Results ===
 
 Vulnerability #1: GO-2021-0113

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_json.ct
index 140dc80..5bc1c79 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_json.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_json.ct

@@ -19,6 +19,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2021-0113",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_text.ct
index e56b84b..69ff2a7 100644
--- a/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_text.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_text.ct

@@ -23,6 +23,10 @@
 $ govulncheck -show verbose -scan package -C ${moddir}/multientry . --> FAIL 3
 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Package Results ===
 
 Vulnerability #1: GO-2021-0113

diff --git a/cmd/govulncheck/testdata/stdlib/testfiles/stdlib/source_stdlib_json.ct b/cmd/govulncheck/testdata/stdlib/testfiles/stdlib/source_stdlib_json.ct
index 32dbf0f..884dd59 100644
--- a/cmd/govulncheck/testdata/stdlib/testfiles/stdlib/source_stdlib_json.ct
+++ b/cmd/govulncheck/testdata/stdlib/testfiles/stdlib/source_stdlib_json.ct

@@ -19,6 +19,16 @@
   }
 }
 {
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
+{
   "osv": {
     "schema_version": "1.3.1",
     "id": "GO-2022-0969",

diff --git a/internal/vulncheck/binary.go b/internal/vulncheck/binary.go
index c8fa1d3..dbe8975 100644
--- a/internal/vulncheck/binary.go
+++ b/internal/vulncheck/binary.go

@@ -49,6 +49,10 @@
 	graph.AddModules(bin.Modules...)
 	mods := append(bin.Modules, graph.GetModule(internal.GoStdModulePath))
 
+	if err := handler.Progress(&govulncheck.Progress{Message: fetchingVulnsMessage}); err != nil {
+		return nil, err
+	}
+
 	mv, err := FetchVulnerabilities(ctx, client, mods)
 	if err != nil {
 		return nil, err
@@ -59,6 +63,10 @@
 		return nil, err
 	}
 
+	if err := handler.Progress(&govulncheck.Progress{Message: checkingVulnsMessage}); err != nil {
+		return nil, err
+	}
+
 	if bin.GOOS == "" || bin.GOARCH == "" {
 		fmt.Printf("warning: failed to extract build system specification GOOS: %s GOARCH: %s\n", bin.GOOS, bin.GOARCH)
 	}

diff --git a/internal/vulncheck/source.go b/internal/vulncheck/source.go
index 4014eff..e008717 100644
--- a/internal/vulncheck/source.go
+++ b/internal/vulncheck/source.go

@@ -57,6 +57,10 @@
 		}()
 	}
 
+	if err := handler.Progress(&govulncheck.Progress{Message: fetchingVulnsMessage}); err != nil {
+		return nil, err
+	}
+
 	mv, err := FetchVulnerabilities(ctx, client, graph.Modules())
 	if err != nil {
 		return nil, err
@@ -67,6 +71,10 @@
 		return nil, err
 	}
 
+	if err := handler.Progress(&govulncheck.Progress{Message: checkingVulnsMessage}); err != nil {
+		return nil, err
+	}
+
 	affVulns := affectingVulnerabilities(mv, "", "")
 	if err := emitModuleFindings(handler, affVulns); err != nil {
 		return nil, err

diff --git a/internal/vulncheck/vulncheck.go b/internal/vulncheck/vulncheck.go
index 96db715..ac61087 100644
--- a/internal/vulncheck/vulncheck.go
+++ b/internal/vulncheck/vulncheck.go

@@ -16,6 +16,11 @@
 	"golang.org/x/vuln/internal/semver"
 )
 
+const (
+	fetchingVulnsMessage = "Fetching vulnerabilities from the database..."
+	checkingVulnsMessage = "Checking the code against the vulnerabilities..."
+)
+
 // Result contains information on detected vulnerabilities.
 // For call graph analysis, it provides information on reachability
 // of vulnerable symbols through entry points of the program.
commit	086b27baf0be2baae021afc6bce0b55e41683a81	[log] [tgz]
author	Zvonimir Pavlinovic <zpavlinovic@google.com>	Thu Apr 18 20:22:50 2024 +0000
committer	Zvonimir Pavlinovic <zpavlinovic@google.com>	Thu Apr 18 21:53:05 2024 +0000
tree	e393461398153c7c6cceb60a34eb505903adacc9
parent	f3bc44a739cce2bd827f651bd1b67bac7500426e [diff]