gopls/internal/lsp/mod: disable the diagnostics on stdlib vulns
Updates golang/vscode-go#2551
Change-Id: I4ae7c696202fd3b073aef81b0e18e3e501c1b0fc
Reviewed-on: https://go-review.googlesource.com/c/tools/+/454436
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
gopls-CI: kokoro <noreply+kokoro@google.com>
Reviewed-by: Suzy Mueller <suzmue@golang.org>
diff --git a/gopls/internal/lsp/mod/diagnostics.go b/gopls/internal/lsp/mod/diagnostics.go
index 4706503..7ee92bd 100644
--- a/gopls/internal/lsp/mod/diagnostics.go
+++ b/gopls/internal/lsp/mod/diagnostics.go
@@ -325,55 +325,60 @@
}
}
- // Add standard library vulnerabilities.
- stdlibVulns := vulnsByModule["stdlib"]
- if len(stdlibVulns) == 0 {
- return vulnDiagnostics, nil
- }
-
- // Put the standard library diagnostic on the module declaration.
- rng, err := pm.Mapper.OffsetRange(pm.File.Module.Syntax.Start.Byte, pm.File.Module.Syntax.End.Byte)
- if err != nil {
- return vulnDiagnostics, nil // TODO: bug report
- }
-
- stdlib := stdlibVulns[0].mod.FoundVersion
- var warning, info []string
- var relatedInfo []source.RelatedInformation
- for _, mv := range stdlibVulns {
- vuln := mv.vuln
- stdlib = mv.mod.FoundVersion
- if !vuln.IsCalled() {
- info = append(info, vuln.OSV.ID)
- } else {
- warning = append(warning, vuln.OSV.ID)
- relatedInfo = append(relatedInfo, listRelatedInfo(ctx, snapshot, vuln)...)
+ // TODO(hyangah): place this diagnostic on the `go` directive or `toolchain` directive
+ // after https://go.dev/issue/57001.
+ const diagnoseStdLib = false
+ if diagnoseStdLib {
+ // Add standard library vulnerabilities.
+ stdlibVulns := vulnsByModule["stdlib"]
+ if len(stdlibVulns) == 0 {
+ return vulnDiagnostics, nil
}
- }
- if len(warning) > 0 {
- vulnDiagnostics = append(vulnDiagnostics, &source.Diagnostic{
- URI: fh.URI(),
- Range: rng,
- Severity: protocol.SeverityWarning,
- Source: source.Vulncheck,
- Message: getVulnMessage(stdlib, warning, true, fromGovulncheck),
- Related: relatedInfo,
- })
- }
- if len(info) > 0 {
- var fixes []source.SuggestedFix
- if !fromGovulncheck {
- fixes = append(fixes, suggestVulncheck)
+
+ // Put the standard library diagnostic on the module declaration.
+ rng, err := pm.Mapper.OffsetRange(pm.File.Module.Syntax.Start.Byte, pm.File.Module.Syntax.End.Byte)
+ if err != nil {
+ return vulnDiagnostics, nil // TODO: bug report
}
- vulnDiagnostics = append(vulnDiagnostics, &source.Diagnostic{
- URI: fh.URI(),
- Range: rng,
- Severity: protocol.SeverityInformation,
- Source: source.Vulncheck,
- Message: getVulnMessage(stdlib, info, false, fromGovulncheck),
- SuggestedFixes: fixes,
- Related: relatedInfo,
- })
+
+ stdlib := stdlibVulns[0].mod.FoundVersion
+ var warning, info []string
+ var relatedInfo []source.RelatedInformation
+ for _, mv := range stdlibVulns {
+ vuln := mv.vuln
+ stdlib = mv.mod.FoundVersion
+ if !vuln.IsCalled() {
+ info = append(info, vuln.OSV.ID)
+ } else {
+ warning = append(warning, vuln.OSV.ID)
+ relatedInfo = append(relatedInfo, listRelatedInfo(ctx, snapshot, vuln)...)
+ }
+ }
+ if len(warning) > 0 {
+ vulnDiagnostics = append(vulnDiagnostics, &source.Diagnostic{
+ URI: fh.URI(),
+ Range: rng,
+ Severity: protocol.SeverityWarning,
+ Source: source.Vulncheck,
+ Message: getVulnMessage(stdlib, warning, true, fromGovulncheck),
+ Related: relatedInfo,
+ })
+ }
+ if len(info) > 0 {
+ var fixes []source.SuggestedFix
+ if !fromGovulncheck {
+ fixes = append(fixes, suggestVulncheck)
+ }
+ vulnDiagnostics = append(vulnDiagnostics, &source.Diagnostic{
+ URI: fh.URI(),
+ Range: rng,
+ Severity: protocol.SeverityInformation,
+ Source: source.Vulncheck,
+ Message: getVulnMessage(stdlib, info, false, fromGovulncheck),
+ SuggestedFixes: fixes,
+ Related: relatedInfo,
+ })
+ }
}
return vulnDiagnostics, nil
diff --git a/gopls/internal/regtest/misc/vuln_test.go b/gopls/internal/regtest/misc/vuln_test.go
index daeb736..377e9a2 100644
--- a/gopls/internal/regtest/misc/vuln_test.go
+++ b/gopls/internal/regtest/misc/vuln_test.go
@@ -194,7 +194,7 @@
OnceMet(
CompletedProgress(result.Token),
ShownMessage("Found GOSTDLIB"),
- env.DiagnosticAtRegexpWithMessage("go.mod", `module`, `go1.18 has a vulnerability used in the code: GOSTDLIB.`),
+ EmptyOrNoDiagnostics("go.mod"),
),
)
testFetchVulncheckResult(t, env, map[string]fetchVulncheckResult{
@@ -202,7 +202,7 @@
})
}
-func TestRunVulncheckDiagnosticsStd(t *testing.T) {
+func TestFetchVulncheckResultStd(t *testing.T) {
testenv.NeedsGo1Point(t, 18)
const files = `
-- go.mod --
@@ -240,10 +240,9 @@
Settings{"ui.diagnostic.vulncheck": "Imports"},
).Run(t, files, func(t *testing.T, env *Env) {
env.OpenFile("go.mod")
- gotDiagnostics := &protocol.PublishDiagnosticsParams{}
env.AfterChange(
- env.DiagnosticAtRegexp("go.mod", `module mod.com`),
- ReadDiagnostics("go.mod", gotDiagnostics),
+ EmptyOrNoDiagnostics("go.mod"),
+ // we don't publish diagnostics for standard library vulnerability yet.
)
testFetchVulncheckResult(t, env, map[string]fetchVulncheckResult{
"go.mod": {
@@ -251,29 +250,6 @@
Mode: govulncheck.ModeImports,
},
})
-
- wantVulncheckDiagnostics := map[string]vulnDiagExpectation{
- "module mod.com": {
- diagnostics: []vulnDiag{
- {
- msg: "go1.18 has a vulnerability GOSTDLIB.",
- severity: protocol.SeverityInformation,
- codeActions: []string{"Run govulncheck"},
- },
- },
- hover: []string{"GOSTDLIB", "No fix is available", "GOSTDLIB"},
- codeActions: []string{"Run govulncheck"},
- },
- }
-
- for pattern, want := range wantVulncheckDiagnostics {
- modPathDiagnostics := testVulnDiagnostics(t, env, pattern, want, gotDiagnostics)
- gotActions := env.CodeAction("go.mod", modPathDiagnostics)
- if diff := diffCodeActions(gotActions, want.codeActions); diff != "" {
- t.Errorf("code actions for %q do not match, got %v, want %v\n%v\n", pattern, gotActions, want.codeActions, diff)
- continue
- }
- }
})
}