commit 65f7ea3d8ffdead93fa6f13ed3d8990970d6aaec
author Julie Qiu <julie@golang.org> Sun Oct 02 12:19:51 2022 -0400
committer Gopher Robot <gobot@golang.org> Mon Oct 03 17:40:54 2022 +0000
tree b7e5eb118ba1e8f1c023a93903673713f7b266f2
parent 181f22f704d5fcc0c6948abd72c1fda54b95104a

internal/govulncheck: make strings into consts

There were several hardcoded strings in Run, which are now changed to consts to make it easier to refactor, avoid typos, and see what is happening in the code.

Config is also moved to config.go

Change-Id: I2bc82cf68cec87e81252cce8b92bf844bd7874f4
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/437776
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>
Auto-Submit: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>

internal/govulncheck/config.go

diff --git a/internal/govulncheck/config.go b/internal/govulncheck/config.go
new file mode 100644
index 0000000..0b5e76b
--- /dev/null
+++ b/internal/govulncheck/config.go
@@ -0,0 +1,40 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package govulncheck
+
+import "golang.org/x/tools/go/packages"
+
+const (
+	analysisBinary = "binary"
+	analysisSource = "source"
+
+	formatJSON    = "json"
+	formatSummary = "summary"
+	formatText    = "text"
+	formatVerbose = "verbose"
+
+	envGOVULNDB = "GOVULNDB"
+
+	vulndbHost = "https://vuln.go.dev"
+)
+
+// Config is the configuration for Main.
+type Config struct {
+	// Analysis specifies the vulncheck analysis type. Valid types are "source" and "binary"
+	Analysis string
+	// OutputFormat specifies the result type. Valid types are:
+	//  "text": print human readable compact text output to STDOUT.
+	//  "verbose": print human readable verbose text output to STDOUT.
+	//  "json": print JSON-encoded vulncheck.Result.
+	//  "summary": print JSON-encoded Summary.
+	OutputFormat string
+
+	// Patterns are either the binary path for "binary" analysis mode, or
+	// go package patterns for "source" analysis mode.
+	Patterns []string
+
+	// SourceLoadConfig specifies the package loading configuration.
+	SourceLoadConfig packages.Config
+}

internal/govulncheck/run.go

diff --git a/internal/govulncheck/run.go b/internal/govulncheck/run.go
index 34037a7..853f551 100644
--- a/internal/govulncheck/run.go
+++ b/internal/govulncheck/run.go
@@ -16,36 +16,16 @@
 	"strings"
 
 	"golang.org/x/exp/maps"
-	"golang.org/x/tools/go/packages"
 	"golang.org/x/vuln/client"
 	"golang.org/x/vuln/osv"
 	"golang.org/x/vuln/vulncheck"
 )
 
-// Config is the configuration for Main.
-type Config struct {
-	// Analysis specifies the vulncheck analysis type. Valid types are "source" and "binary"
-	Analysis string
-	// OutputFormat specifies the result type. Valid types are:
-	//  "text": print human readable compact text output to STDOUT.
-	//  "verbose": print human readable verbose text output to STDOUT.
-	//  "json": print JSON-encoded vulncheck.Result.
-	//  "summary": print JSON-encoded Summary.
-	OutputFormat string
-
-	// Patterns are either the binary path for "binary" analysis mode, or
-	// go package patterns for "source" analysis mode.
-	Patterns []string
-
-	// SourceLoadConfig specifies the package loading configuration.
-	SourceLoadConfig packages.Config
-}
-
 // Run is the main function for the govulncheck command line tool.
 func Run(cfg Config) {
-	dbs := []string{"https://vuln.go.dev"}
-	if GOVULNDB := os.Getenv("GOVULNDB"); GOVULNDB != "" {
-		dbs = strings.Split(GOVULNDB, ",")
+	dbs := []string{vulndbHost}
+	if db := os.Getenv(envGOVULNDB); db != "" {
+		dbs = strings.Split(db, ",")
 	}
 	dbClient, err := client.NewClient(dbs, client.Options{
 		HTTPCache: DefaultCache(),
@@ -57,7 +37,7 @@
 
 	patterns := cfg.Patterns
 	format := cfg.OutputFormat
-	if format == "text" || format == "verbose" {
+	if format == formatText || format == formatVerbose {
 		fmt.Printf(`govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
 
 Scanning for dependencies with known vulnerabilities...
@@ -70,7 +50,7 @@
 		ctx        = context.Background()
 	)
 	switch cfg.Analysis {
-	case "binary":
+	case analysisBinary:
 		f, err := os.Open(patterns[0])
 		if err != nil {
 			die("govulncheck: %v", err)
@@ -80,7 +60,7 @@
 		if err != nil {
 			die("govulncheck: %v", err)
 		}
-	case "source":
+	case analysisSource:
 		cfg := &cfg.SourceLoadConfig
 		pkgs, err = LoadPackages(cfg, patterns...)
 		if err != nil {
@@ -109,16 +89,16 @@
 	}
 
 	switch format {
-	case "json":
+	case formatJSON:
 		// Following golang.org/x/tools/go/analysis/singlechecker,
 		// return 0 exit code in -json mode.
 		writeJSON(r)
 		os.Exit(0)
-	case "text", "verbose":
+	case formatText, formatVerbose:
 		// set of top-level packages, used to find representative symbols
 		ci := GetCallInfo(r, pkgs)
-		writeText(r, ci, unaffected, format == "verbose")
-	case "summary":
+		writeText(r, ci, unaffected, format == formatVerbose)
+	case formatSummary:
 		ci := GetCallInfo(r, pkgs)
 		writeJSON(summary(ci, unaffected))
 		os.Exit(0)