src/goVulncheck: add feedback link
https://go.dev/s/vsc-vulncheck-feedback
Also, copy the phrase for the unaffecting vulnerabilities section
from govulncheck.
Change-Id: I5f5eac80f459227adea3e687db762beb97857fa4
Reviewed-on: https://go-review.googlesource.com/c/vscode-go/+/429235
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
Reviewed-by: Jamal Carvalho <jamal@golang.org>
TryBot-Result: kokoro <noreply+kokoro@google.com>
diff --git a/media/vulncheckView.js b/media/vulncheckView.js
index d5e5ef4..118942f 100644
--- a/media/vulncheckView.js
+++ b/media/vulncheckView.js
@@ -156,7 +156,7 @@
unaffectingContainer.innerText = '';
if (unaffecting.length > 0) {
- unaffectingContainer.innerHTML = '<hr></hr><p>These vulnerabilities exist in required modules, but no vulnerable symbols are used.<br>No action is required. For more information, visit <a href="https://pkg.go.dev/vuln">https://pkg.go.dev/vuln</a></p>';
+ unaffectingContainer.innerHTML = '<hr></hr><p>The vulnerabilities below are in packages that you import, but your code does not appear to call any vulnerable functions. You may not need to take any action. See <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck</a> for details.';
const details = document.createElement('table');
unaffecting.forEach((vuln) => {
diff --git a/src/goVulncheck.ts b/src/goVulncheck.ts
index ff4bed4..8e5a74f 100644
--- a/src/goVulncheck.ts
+++ b/src/goVulncheck.ts
@@ -102,6 +102,9 @@
<title>Vulnerability Report - govulncheck</title>
</head>
<body>
+ Vulncheck is an experimental tool.<br>
+ Share feedback at <a href="https://go.dev/s/vsc-vulncheck-feedback">go.dev/s/vsc-vulncheck-feedback</a>.
+
<div class="log"></div>
<div class="vulns"></div>
<div class="unaffecting"></div>
@@ -242,6 +245,7 @@
}
this.channel.clear();
+ this.channel.show();
this.channel.appendLine(`cd ${dir}; gopls vulncheck ${pattern}`);
try {
@@ -352,7 +356,7 @@
reject('analysis cancelled');
} else {
channel.appendLine(buf);
- reject(`result in unexpected format: ${e}`);
+ reject('vulncheck failed: see govulncheck OUTPUT');
}
}
});