Google Git
Sign in
go / tools / 121f889bbcde58dff814df66c9c1d1bac935c0f6
commit121f889bbcde58dff814df66c9c1d1bac935c0f6[log] [tgz]
authorHana (Hyang-Ah) Kim <hyangah@gmail.com>Fri Oct 21 17:29:55 2022 -0400
committerHyang-Ah Hana Kim <hyangah@gmail.com>Tue Oct 25 17:27:10 2022 +0000
treec8aa1417ab58297f5358afe7090816c33b994590
parentd6511e5e9f58a975b5568d11282c30bc70bdc2e5 [diff]
gopls/internal/lsp/mod: merge vuln diagnostics to one, and add a hover

When a module contains multiple vulnerabilities, previously gopls published
one diagnostic message for each vulnerability. This change modifies this
behavior to publish only one vuln diagnostic for each module. This will
make the PROBLEMS panel more concise and readable. However, the information
about each vulnerability finding is useful, so we supplement this diagnostics
by sending a hover message in the module require line. An added benefit
of this approach is that, unlike the Diagnostics, VS Code supports rich
text rendering for Hover messages. So we can use markdown to add links and
necessary highlighting.

Before this change, go.mod require hover messages (e.g. go mod why result)
were associated only with the module path part, excluding the version string
part. But for vulnerability information hover message, I think it is better
to be applied to the entire module require line (both module path & version)
because they are information about the specific module/version. Currently
LSP hover returns only one hover, so we cannot use this different range only
to the vulnerability information hover. Thus, one side effect of this change
is that the module info hover message will be also shown to the version
part of each require statement.

Change-Id: Iccacd19fdebadc4768abcad8a218bbae14f9d7e2
Reviewed-on: https://go-review.googlesource.com/c/tools/+/444798
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
gopls-CI: kokoro <noreply+kokoro@google.com>
Reviewed-by: Suzy Mueller <suzmue@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
3 files changed
tree: c8aa1417ab58297f5358afe7090816c33b994590
  1. benchmark/
  2. blog/
  3. cmd/
  4. container/
  5. copyright/
  6. cover/
  7. go/
  8. godoc/
  9. gopls/
  10. imports/
  11. internal/
  12. playground/
  13. present/
  14. refactor/
  15. txtar/
  16. .gitattributes
  17. .gitignore
  18. .prettierrc
  19. codereview.cfg
  20. CONTRIBUTING.md
  21. go.mod
  22. go.sum
  23. LICENSE
  24. PATENTS
  25. README.md
README.md

Go Tools

PkgGoDev

This repository provides the golang.org/x/tools module, comprising various tools and packages mostly for static analysis of Go programs, some of which are listed below. Use the “Go reference” link above for more information about any package.

It also contains the golang.org/x/tools/gopls module, whose root package is a language-server protocol (LSP) server for Go. An LSP server analyses the source code of a project and responds to requests from a wide range of editors such as VSCode and Vim, allowing them to support IDE-like functionality.

Selected commands:

  • cmd/goimports formats a Go program like go fmt and additionally inserts import statements for any packages required by the file after it is edited.
  • cmd/callgraph prints the call graph of a Go program.
  • cmd/digraph is a utility for manipulating directed graphs in textual notation.
  • cmd/stringer generates declarations (including a String method) for “enum” types.
  • cmd/toolstash is a utility to simplify working with multiple versions of the Go toolchain.

These commands may be fetched with a command such as

go install golang.org/x/tools/cmd/goimports@latest

Selected packages:

  • go/ssa provides a static single-assignment form (SSA) intermediate representation (IR) for Go programs, similar to a typical compiler, for use by analysis tools.

  • go/packages provides a simple interface for loading, parsing, and type checking a complete Go program from source code.

  • go/analysis provides a framework for modular static analysis of Go programs.

  • go/callgraph provides call graphs of Go programs using a variety of algorithms with different trade-offs.

  • go/ast/inspector provides an optimized means of traversing a Go parse tree for use in analysis tools.

  • go/cfg provides a simple control-flow graph (CFG) for a Go function.

  • go/expect reads Go source files used as test inputs and interprets special comments within them as queries or assertions for testing.

  • go/gcexportdata and go/gccgoexportdata read and write the binary files containing type information used by the standard and gccgo compilers.

  • go/types/objectpath provides a stable naming scheme for named entities (“objects”) in the go/types API.

Numerous other packages provide more esoteric functionality.

Contributing

This repository uses Gerrit for code changes. To learn how to submit changes, see https://golang.org/doc/contribute.html.

The main issue tracker for the tools repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/tools/(your subdir):” in the subject line, so it is easy to find.

JavaScript and CSS Formatting

This repository uses prettier to format JS and CSS files.

The version of prettier used is 1.18.2.

It is encouraged that all JS and CSS code be run through this before submitting a change. However, it is not a strict requirement enforced by CI.