Google Git
Sign in
go / vuln / 5d68670f2a88eb7c22650ec3b589c888540313d0^! / .
commit5d68670f2a88eb7c22650ec3b589c888540313d0[log] [tgz]
authorJulie Qiu <julie@golang.org>Sun Oct 02 16:51:20 2022 -0400
committerJulie Qiu <julie@golang.org>Wed Oct 05 13:03:44 2022 +0000
treed320ead332254c189b2b8b5ddeeb2c1a27f5ebee
parent2aa0553d353b72b8df9a1e17338ff7ec3f244aad [diff]
internal/govulncheck: move intro and informational messages

Move long messages to messages.go, to make it easier to see what
information govulncheck outputs to the user.

Change-Id: I6c06a9068fbe5d14864044b11809c6f0e393cf14
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/437792
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Auto-Submit: Julie Qiu <julie@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>

diff --git a/internal/govulncheck/message.go b/internal/govulncheck/message.go
new file mode 100644
index 0000000..737d182
--- /dev/null
+++ b/internal/govulncheck/message.go

@@ -0,0 +1,18 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package govulncheck
+
+const (
+	introMessage = `govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...`
+
+	informationalMessage = `=== Informational ===
+
+The vulnerabilities below are in packages that you import, but your code
+doesn't appear to call any vulnerable functions. You may not need to take any
+action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
+for details.`
+)

diff --git a/internal/govulncheck/run.go b/internal/govulncheck/run.go
index 2d98a2f..6008352 100644
--- a/internal/govulncheck/run.go
+++ b/internal/govulncheck/run.go

@@ -37,10 +37,7 @@
 	patterns := cfg.Patterns
 	format := cfg.OutputType
 	if format == OutputTypeText || format == OutputTypeVerbose {
-		fmt.Printf(`govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
-
-Scanning for dependencies with known vulnerabilities...
-`)
+		fmt.Println(introMessage)
 	}
 	var (
 		r          *vulncheck.Result
@@ -162,14 +159,8 @@
 		writeVulnerability(idx+1, id, details, b.String(), found, fixed, platforms(v0.OSV))
 	}
 	if len(unaffected) > 0 {
-		fmt.Printf(`
-=== Informational ===
-
-The vulnerabilities below are in packages that you import, but your code
-doesn't appear to call any vulnerable functions. You may not need to take any
-action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
-for details.
-`)
+		fmt.Println()
+		fmt.Println(informationalMessage)
 		for idx, vuln := range unaffected {
 			found := foundVersion(vuln.ModPath, vuln.PkgPath, ci)
 			fixed := fixedVersion(vuln.PkgPath, vuln.OSV.Affected)