Google Git
Sign in
go / vscode-go / 4b658d3b6ca6bd7f8f6ff28ef437bf50aeeb0d6b^! / .
commit4b658d3b6ca6bd7f8f6ff28ef437bf50aeeb0d6b[log] [tgz]
authorHana (Hyang-Ah) Kim <hyangah@gmail.com>Tue Sep 06 17:45:21 2022 -0400
committerHyang-Ah Hana Kim <hyangah@gmail.com>Mon Sep 12 12:54:48 2022 +0000
tree8caecd5e935002fcb0db24aec4b7f8858112475e
parent4b6ce1fcfb9443e0f2d6fde1e59463f364100a29 [diff]
src/goVulncheck: add feedback link

https://go.dev/s/vsc-vulncheck-feedback

Also, copy the phrase for the unaffecting vulnerabilities section
from govulncheck.

Change-Id: I5f5eac80f459227adea3e687db762beb97857fa4
Reviewed-on: https://go-review.googlesource.com/c/vscode-go/+/429235
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
Reviewed-by: Jamal Carvalho <jamal@golang.org>
TryBot-Result: kokoro <noreply+kokoro@google.com>

diff --git a/media/vulncheckView.js b/media/vulncheckView.js
index d5e5ef4..118942f 100644
--- a/media/vulncheckView.js
+++ b/media/vulncheckView.js

@@ -156,7 +156,7 @@
 
 		unaffectingContainer.innerText = '';
 		if (unaffecting.length > 0) {
-			unaffectingContainer.innerHTML = '<hr></hr><p>These vulnerabilities exist in required modules, but no vulnerable symbols are used.<br>No action is required. For more information, visit <a href="https://pkg.go.dev/vuln">https://pkg.go.dev/vuln</a></p>';
+			unaffectingContainer.innerHTML = '<hr></hr><p>The vulnerabilities below are in packages that you import, but your code does not appear to call any vulnerable functions. You may not need to take any action. See <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck</a> for details.';
 
 			const details = document.createElement('table');
 			unaffecting.forEach((vuln) => {

diff --git a/src/goVulncheck.ts b/src/goVulncheck.ts
index ff4bed4..8e5a74f 100644
--- a/src/goVulncheck.ts
+++ b/src/goVulncheck.ts

@@ -102,6 +102,9 @@
 				<title>Vulnerability Report - govulncheck</title>
 			</head>
 			<body>
+			    Vulncheck is an experimental tool.<br>
+				Share feedback at <a href="https://go.dev/s/vsc-vulncheck-feedback">go.dev/s/vsc-vulncheck-feedback</a>.
+
 				<div class="log"></div>
 				<div class="vulns"></div>
 				<div class="unaffecting"></div>
@@ -242,6 +245,7 @@
 		}
 
 		this.channel.clear();
+		this.channel.show();
 		this.channel.appendLine(`cd ${dir}; gopls vulncheck ${pattern}`);
 
 		try {
@@ -352,7 +356,7 @@
 						reject('analysis cancelled');
 					} else {
 						channel.appendLine(buf);
-						reject(`result in unexpected format: ${e}`);
+						reject('vulncheck failed: see govulncheck OUTPUT');
 					}
 				}
 			});