internal/govulncheck: move intro and informational messages
Move long messages to messages.go, to make it easier to see what
information govulncheck outputs to the user.
Change-Id: I6c06a9068fbe5d14864044b11809c6f0e393cf14
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/437792
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Auto-Submit: Julie Qiu <julie@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
diff --git a/internal/govulncheck/message.go b/internal/govulncheck/message.go
new file mode 100644
index 0000000..737d182
--- /dev/null
+++ b/internal/govulncheck/message.go
@@ -0,0 +1,18 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package govulncheck
+
+const (
+ introMessage = `govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...`
+
+ informationalMessage = `=== Informational ===
+
+The vulnerabilities below are in packages that you import, but your code
+doesn't appear to call any vulnerable functions. You may not need to take any
+action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
+for details.`
+)
diff --git a/internal/govulncheck/run.go b/internal/govulncheck/run.go
index 2d98a2f..6008352 100644
--- a/internal/govulncheck/run.go
+++ b/internal/govulncheck/run.go
@@ -37,10 +37,7 @@
patterns := cfg.Patterns
format := cfg.OutputType
if format == OutputTypeText || format == OutputTypeVerbose {
- fmt.Printf(`govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
-
-Scanning for dependencies with known vulnerabilities...
-`)
+ fmt.Println(introMessage)
}
var (
r *vulncheck.Result
@@ -162,14 +159,8 @@
writeVulnerability(idx+1, id, details, b.String(), found, fixed, platforms(v0.OSV))
}
if len(unaffected) > 0 {
- fmt.Printf(`
-=== Informational ===
-
-The vulnerabilities below are in packages that you import, but your code
-doesn't appear to call any vulnerable functions. You may not need to take any
-action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
-for details.
-`)
+ fmt.Println()
+ fmt.Println(informationalMessage)
for idx, vuln := range unaffected {
found := foundVersion(vuln.ModPath, vuln.PkgPath, ci)
fixed := fixedVersion(vuln.PkgPath, vuln.OSV.Affected)