cmd/govulncheck/template.go - vuln - Git at Google

 // Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package main

 // outputTemplate is a text template used to print out
 // govulncheck output. It consists of three sections showing
 // 1) the number of vulnerabilities detected, 2) callstacks
 // detected for each pair of module and vulnerability, and
 // 3) vulnerabilities that are only imported but not called.
 const outputTemplate = `
 {{- define "VulnCount" -}}
 {{if eq .UniqueVulns 0}}No vulnerabilities found.
 {{else if eq .UniqueVulns 1}}Found 1 known vulnerability.
 {{else}}Found {{ .UniqueVulns }} known vulnerabilities.
 {{end}}
 {{- end -}}

 {{- define "Affected" -}}
 {{if len .Affected}}{{range $idx, $vulnInfo := .Affected}}
 Vulnerability #{{inc $idx}}: {{$vulnInfo.ID}}
 {{wrap $vulnInfo.Details | indent 2}}
 {{if $vulnInfo.Stacks}}
   Call stacks in your code:
 {{indent 6 $vulnInfo.Stacks}}
 {{end}}  Found in: {{$vulnInfo.Found}}
   Fixed in: {{if $vulnInfo.Fixed}}{{$vulnInfo.Fixed}}{{else}}N/A{{end}}
   {{if $vulnInfo.Platforms}}Platforms: {{$vulnInfo.Platforms}}
   {{end -}}
   More info: https://pkg.go.dev/vuln/{{$vulnInfo.ID}}
 {{end}}
 {{- end -}}
 {{- end -}}

 {{- define "Informational" -}}
 {{if len .Unaffected}}
 === Informational ===

 The vulnerabilities below are in packages that you import, but your code
 doesn't appear to call any vulnerable functions. You may not need to take any
 action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
 for details.
 {{range $idx, $vulnInfo := .Unaffected}}
 Vulnerability #{{inc $idx}}: {{$vulnInfo.ID}}
 {{wrap $vulnInfo.Details | indent 2}}
   Found in: {{$vulnInfo.Found}}
   Fixed in: {{if $vulnInfo.Fixed}}{{$vulnInfo.Fixed}}{{else}}N/A{{end}}
   {{if $vulnInfo.Platforms}}Platforms: {{$vulnInfo.Platforms}}
   {{end -}}
   More info: https://pkg.go.dev/vuln/{{$vulnInfo.ID}}
 {{end}}
 {{- end -}}
 {{- end -}}

 {{template "VulnCount" .}}{{template "Affected" .}}{{template "Informational" . -}}
 `

 // tmplResult is a structure containing summarized
 // govulncheck.Result, passed to outputTemplate.
 type tmplResult struct {
 	UniqueVulns int
 	Unaffected  []tmplVulnInfo
 	Affected    []tmplVulnInfo
 }

 // tmplVulnInfo is a vulnerability info
 // structure used by the outputTemplate.
 type tmplVulnInfo struct {
 	ID        string
 	Details   string
 	Found     string
 	Fixed     string
 	Platforms string
 	Stacks    string
 }
	// Copyright 2022 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package main

	// outputTemplate is a text template used to print out
	// govulncheck output. It consists of three sections showing
	// 1) the number of vulnerabilities detected, 2) callstacks
	// detected for each pair of module and vulnerability, and
	// 3) vulnerabilities that are only imported but not called.
	const outputTemplate = `
	{{- define "VulnCount" -}}
	{{if eq .UniqueVulns 0}}No vulnerabilities found.
	{{else if eq .UniqueVulns 1}}Found 1 known vulnerability.
	{{else}}Found {{ .UniqueVulns }} known vulnerabilities.
	{{end}}
	{{- end -}}

	{{- define "Affected" -}}
	{{if len .Affected}}{{range $idx, $vulnInfo := .Affected}}
	Vulnerability #{{inc $idx}}: {{$vulnInfo.ID}}
	{{wrap $vulnInfo.Details \| indent 2}}
	{{if $vulnInfo.Stacks}}
	Call stacks in your code:
	{{indent 6 $vulnInfo.Stacks}}
	{{end}} Found in: {{$vulnInfo.Found}}
	Fixed in: {{if $vulnInfo.Fixed}}{{$vulnInfo.Fixed}}{{else}}N/A{{end}}
	{{if $vulnInfo.Platforms}}Platforms: {{$vulnInfo.Platforms}}
	{{end -}}
	More info: https://pkg.go.dev/vuln/{{$vulnInfo.ID}}
	{{end}}
	{{- end -}}
	{{- end -}}

	{{- define "Informational" -}}
	{{if len .Unaffected}}
	=== Informational ===

	The vulnerabilities below are in packages that you import, but your code
	doesn't appear to call any vulnerable functions. You may not need to take any
	action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
	for details.
	{{range $idx, $vulnInfo := .Unaffected}}
	Vulnerability #{{inc $idx}}: {{$vulnInfo.ID}}
	{{wrap $vulnInfo.Details \| indent 2}}
	Found in: {{$vulnInfo.Found}}
	Fixed in: {{if $vulnInfo.Fixed}}{{$vulnInfo.Fixed}}{{else}}N/A{{end}}
	{{if $vulnInfo.Platforms}}Platforms: {{$vulnInfo.Platforms}}
	{{end -}}
	More info: https://pkg.go.dev/vuln/{{$vulnInfo.ID}}
	{{end}}
	{{- end -}}
	{{- end -}}

	{{template "VulnCount" .}}{{template "Affected" .}}{{template "Informational" . -}}
	`

	// tmplResult is a structure containing summarized
	// govulncheck.Result, passed to outputTemplate.
	type tmplResult struct {
	UniqueVulns int
	Unaffected []tmplVulnInfo
	Affected []tmplVulnInfo
	}

	// tmplVulnInfo is a vulnerability info
	// structure used by the outputTemplate.
	type tmplVulnInfo struct {
	ID string
	Details string
	Found string
	Fixed string
	Platforms string
	Stacks string
	}