cmd/govulncheck: print additional information
The following information is now printed:
- Feedback link
- # of vulnerabilities found
Change-Id: I8f0dcb05493736c7298a5d058854a1cb06d18d23
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/408976
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
diff --git a/cmd/govulncheck/main.go b/cmd/govulncheck/main.go
index ace18df..a96eeba 100644
--- a/cmd/govulncheck/main.go
+++ b/cmd/govulncheck/main.go
@@ -81,12 +81,18 @@
die("govulncheck: %s", err)
}
vcfg := &vulncheck.Config{Client: dbClient}
- ctx := context.Background()
patterns := flag.Args()
+ if !(*jsonFlag || *htmlFlag) {
+ fmt.Printf(`govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...
+`)
+ }
var (
r *vulncheck.Result
pkgs []*vulncheck.Package
+ ctx = context.Background()
)
if len(patterns) == 1 && isFile(patterns[0]) {
f, err := os.Open(patterns[0])
@@ -149,6 +155,22 @@
}
func writeText(r *vulncheck.Result, ci *govulncheck.CallInfo) {
+ uniqueVulns := map[string]bool{}
+ for _, v := range r.Vulns {
+ uniqueVulns[v.OSV.ID] = true
+ }
+ switch len(uniqueVulns) {
+ case 0:
+ fmt.Println("No vulnerabilities found.")
+ return
+ case 1:
+ fmt.Println("Found 1 known vulnerability.")
+ default:
+ fmt.Printf("Found %d known vulnerabilities.\n", len(uniqueVulns))
+ }
+ fmt.Println(strings.Repeat("-", 55))
+ fmt.Println()
+
for _, vg := range ci.VulnGroups {
// All the vulns in vg have the same PkgPath, ModPath and OSV.
// All have a non-zero CallSink.
diff --git a/cmd/govulncheck/testdata/default-binary.ct b/cmd/govulncheck/testdata/default-binary.ct
index 4986f45..2369b22 100644
--- a/cmd/govulncheck/testdata/default-binary.ct
+++ b/cmd/govulncheck/testdata/default-binary.ct
@@ -2,8 +2,18 @@
# No vulnerabilities, no output.
$ govulncheck ${novuln_binary}
+govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...
+No vulnerabilities found.
$ govulncheck ${vuln_binary} --> FAIL 3
+govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...
+Found 1 known vulnerability.
+-------------------------------------------------------
+
package: golang.org/x/text/language
your version: v0.3.0
fixed version: v0.3.7
diff --git a/cmd/govulncheck/testdata/default.ct b/cmd/govulncheck/testdata/default.ct
index b548503..e61a455 100644
--- a/cmd/govulncheck/testdata/default.ct
+++ b/cmd/govulncheck/testdata/default.ct
@@ -3,9 +3,19 @@
# No vulnerabilities, no output.
$ cdmodule novuln
$ govulncheck .
+govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...
+No vulnerabilities found.
$ cdmodule vuln
$ govulncheck . --> FAIL 3
+govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...
+Found 1 known vulnerability.
+-------------------------------------------------------
+
package: golang.org/x/text/language
your version: v0.3.0
fixed version: v0.3.7
diff --git a/cmd/govulncheck/testdata/verbose.ct b/cmd/govulncheck/testdata/verbose.ct
index 95c1311..71a3f03 100644
--- a/cmd/govulncheck/testdata/verbose.ct
+++ b/cmd/govulncheck/testdata/verbose.ct
@@ -3,9 +3,19 @@
# No vulnerabilities, no output.
$ cdmodule novuln
$ govulncheck -v .
+govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...
+No vulnerabilities found.
$ cdmodule vuln
$ govulncheck -v . --> FAIL 3
+govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Scanning for dependencies with known vulnerabilities...
+Found 1 known vulnerability.
+-------------------------------------------------------
+
package: golang.org/x/text/language
your version: v0.3.0
fixed version: v0.3.7
