cmd/govulncheck: wrap details of informational messages as well
We limit the line length when printing details of called
vulnerabilities, but we don't do it for just imported ones.
This CL rectifies that.
Change-Id: I221d4638c057a1301eabddd8a3a9d557629d12a5
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/448777
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/cmd/govulncheck/print.go b/cmd/govulncheck/print.go
index d3e4be5..0d31cf9 100644
--- a/cmd/govulncheck/print.go
+++ b/cmd/govulncheck/print.go
@@ -54,6 +54,7 @@
fmt.Printf("Found %d known vulnerabilities.\n", uniqueVulns)
}
+ lineWidth := 80 - labelWidth
idx := 0
for _, v := range r.Vulns {
for _, m := range v.Modules {
@@ -65,7 +66,7 @@
fmt.Println()
id := v.OSV.ID
- details := wrap(v.OSV.Details, 80-labelWidth)
+ details := wrap(v.OSV.Details, lineWidth)
found := packageVersionString(p.Path, m.FoundVersion)
fixed := packageVersionString(p.Path, m.FixedVersion)
@@ -99,7 +100,8 @@
found := packageVersionString(p.Path, m.FoundVersion)
fixed := packageVersionString(p.Path, m.FixedVersion)
fmt.Println()
- printVulnerability(idx+1, un.OSV.ID, un.OSV.Details, "", found, fixed, platforms(un.OSV))
+ details := wrap(un.OSV.Details, lineWidth)
+ printVulnerability(idx+1, un.OSV.ID, details, "", found, fixed, platforms(un.OSV))
}
}
}
diff --git a/cmd/govulncheck/testdata/default.ct b/cmd/govulncheck/testdata/default.ct
index 5c89e0e..e0cb05a 100644
--- a/cmd/govulncheck/testdata/default.ct
+++ b/cmd/govulncheck/testdata/default.ct
@@ -35,13 +35,15 @@
for details.
Vulnerability #1: GO-2022-0592
- A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.
+ A maliciously crafted path can cause Get and other query
+ functions to consume excessive amounts of CPU and time.
Found in: github.com/tidwall/gjson@v1.9.2
Fixed in: github.com/tidwall/gjson@v1.9.3
More info: https://pkg.go.dev/vuln/GO-2022-0592
Vulnerability #2: GO-2021-0265
- GJSON allowed a ReDoS (regular expression denial of service) attack.
+ GJSON allowed a ReDoS (regular expression denial of service)
+ attack.
Found in: github.com/tidwall/gjson@v1.9.2
Fixed in: github.com/tidwall/gjson@v1.9.3
Platforms: linux/amd64, windows/amd64
diff --git a/cmd/govulncheck/testdata/import-no-call.ct b/cmd/govulncheck/testdata/import-no-call.ct
index 69d414b..2bd78b6 100644
--- a/cmd/govulncheck/testdata/import-no-call.ct
+++ b/cmd/govulncheck/testdata/import-no-call.ct
@@ -15,10 +15,10 @@
for details.
Vulnerability #1: GO-2021-0113
- Due to improper index calculation, an incorrectly formatted language tag can cause Parse
- to panic via an out of bounds read. If Parse is used to process untrusted user inputs,
- this may be used as a vector for a denial of service attack.
-
+ Due to improper index calculation, an incorrectly formatted
+ language tag can cause Parse to panic via an out of bounds read.
+ If Parse is used to process untrusted user inputs, this may be
+ used as a vector for a denial of service attack.
Found in: golang.org/x/text/language@v0.3.0
Fixed in: golang.org/x/text/language@v0.3.7
More info: https://pkg.go.dev/vuln/GO-2021-0113
diff --git a/cmd/govulncheck/testdata/manystacks-verbose.ct b/cmd/govulncheck/testdata/manystacks-verbose.ct
index ce0215a..e909da0 100644
--- a/cmd/govulncheck/testdata/manystacks-verbose.ct
+++ b/cmd/govulncheck/testdata/manystacks-verbose.ct
@@ -39,10 +39,9 @@
for details.
Vulnerability #1: GO-2022-0969
- HTTP/2 server connections can hang forever waiting for a clean shutdown
- that was preempted by a fatal error. This condition can be exploited
- by a malicious client to cause a denial of service.
-
+ HTTP/2 server connections can hang forever waiting for a clean
+ shutdown that was preempted by a fatal error. This condition can
+ be exploited by a malicious client to cause a denial of service.
Found in: net/http@go1.18
Fixed in: net/http@go1.19.1
More info: https://pkg.go.dev/vuln/GO-2022-0969
diff --git a/cmd/govulncheck/testdata/manystacks.ct b/cmd/govulncheck/testdata/manystacks.ct
index cfadefa..b35ce36 100644
--- a/cmd/govulncheck/testdata/manystacks.ct
+++ b/cmd/govulncheck/testdata/manystacks.ct
@@ -26,10 +26,9 @@
for details.
Vulnerability #1: GO-2022-0969
- HTTP/2 server connections can hang forever waiting for a clean shutdown
- that was preempted by a fatal error. This condition can be exploited
- by a malicious client to cause a denial of service.
-
+ HTTP/2 server connections can hang forever waiting for a clean
+ shutdown that was preempted by a fatal error. This condition can
+ be exploited by a malicious client to cause a denial of service.
Found in: net/http@go1.18
Fixed in: net/http@go1.19.1
More info: https://pkg.go.dev/vuln/GO-2022-0969
diff --git a/cmd/govulncheck/testdata/multi-module.ct b/cmd/govulncheck/testdata/multi-module.ct
index 98d9f88..f8f2a59 100644
--- a/cmd/govulncheck/testdata/multi-module.ct
+++ b/cmd/govulncheck/testdata/multi-module.ct
@@ -14,10 +14,9 @@
for details.
Vulnerability #1: GO-2022-0969
- HTTP/2 server connections can hang forever waiting for a clean shutdown
- that was preempted by a fatal error. This condition can be exploited
- by a malicious client to cause a denial of service.
-
+ HTTP/2 server connections can hang forever waiting for a clean
+ shutdown that was preempted by a fatal error. This condition can
+ be exploited by a malicious client to cause a denial of service.
Found in: golang.org/x/net/http2@v0.0.0-20220425223048-2871e0cb64e4
Fixed in: golang.org/x/net/http2@v0.0.0-20220906165146-f3363e06e74c
More info: https://pkg.go.dev/vuln/GO-2022-0969
diff --git a/cmd/govulncheck/testdata/two-symbols.ct b/cmd/govulncheck/testdata/two-symbols.ct
index 3fc8095..4c6ba0b 100644
--- a/cmd/govulncheck/testdata/two-symbols.ct
+++ b/cmd/govulncheck/testdata/two-symbols.ct
@@ -37,7 +37,8 @@
for details.
Vulnerability #1: GO-2021-0265
- GJSON allowed a ReDoS (regular expression denial of service) attack.
+ GJSON allowed a ReDoS (regular expression denial of service)
+ attack.
Found in: github.com/tidwall/gjson@v1.9.2
Fixed in: github.com/tidwall/gjson@v1.9.3
Platforms: linux/amd64, windows/amd64
diff --git a/cmd/govulncheck/testdata/verbose.ct b/cmd/govulncheck/testdata/verbose.ct
index 5c1e49b..82529ed 100644
--- a/cmd/govulncheck/testdata/verbose.ct
+++ b/cmd/govulncheck/testdata/verbose.ct
@@ -37,13 +37,15 @@
for details.
Vulnerability #1: GO-2022-0592
- A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.
+ A maliciously crafted path can cause Get and other query
+ functions to consume excessive amounts of CPU and time.
Found in: github.com/tidwall/gjson@v1.9.2
Fixed in: github.com/tidwall/gjson@v1.9.3
More info: https://pkg.go.dev/vuln/GO-2022-0592
Vulnerability #2: GO-2021-0265
- GJSON allowed a ReDoS (regular expression denial of service) attack.
+ GJSON allowed a ReDoS (regular expression denial of service)
+ attack.
Found in: github.com/tidwall/gjson@v1.9.2
Fixed in: github.com/tidwall/gjson@v1.9.3
Platforms: linux/amd64, windows/amd64
