all: gofmt
Gofmt to update doc comments to the new formatting.
For golang/go#51082.
Change-Id: I5fd6eaa2a711d27051045aaaef45799a12777e48
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/399605
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/client/client.go b/client/client.go
index 592c9d3..da8b7c6 100644
--- a/client/client.go
+++ b/client/client.go
@@ -12,7 +12,7 @@
// was added. The index file is called indx.json, and has the
// following format:
//
-// map[string]time.Time (DBIndex)
+// map[string]time.Time (DBIndex)
//
// Each vulnerable module is represented by an individual JSON file
// which contains all of the vulnerabilities in that module. The path
@@ -21,7 +21,7 @@
// golang.org/x/crypto.json file. The per-module JSON files have
// the following format:
//
-// []osv.Entry
+// []osv.Entry
//
// A single client.Client can be used to access multiple vulnerability
// databases. When looking up vulnerable module each database is
diff --git a/cmd/govulncheck/main.go b/cmd/govulncheck/main.go
index 82c86b0..3c79af4 100644
--- a/cmd/govulncheck/main.go
+++ b/cmd/govulncheck/main.go
@@ -11,7 +11,7 @@
// It uses static analysis or the binary's symbol table to narrow down reports to only
// those that potentially affect the application.
//
-// WARNING WARNING WARNING
+// # WARNING WARNING WARNING
//
// govulncheck is still experimental and neither its output or the vulnerability
// database should be relied on to be stable or comprehensive.
@@ -290,10 +290,11 @@
// summarizeCallStack returns a short description of the call stack.
// It uses one of two forms, depending on what the lowest function F in topPkgs
// calls:
-// - If it calls a function V from the vulnerable package, then summarizeCallStack
-// returns "F calls V".
-// - If it calls a function G in some other package, which eventually calls V,
-// it returns "F calls G, which eventually calls V".
+// - If it calls a function V from the vulnerable package, then summarizeCallStack
+// returns "F calls V".
+// - If it calls a function G in some other package, which eventually calls V,
+// it returns "F calls G, which eventually calls V".
+//
// If it can't find any of these functions, summarizeCallStack returns the empty string.
func summarizeCallStack(cs vulncheck.CallStack, topPkgs map[string]bool, vulnPkg string) string {
// Find the lowest function in the top packages.
diff --git a/vulncheck/binary_test.go b/vulncheck/binary_test.go
index 1d5210c..4b6c0c3 100644
--- a/vulncheck/binary_test.go
+++ b/vulncheck/binary_test.go
@@ -131,7 +131,7 @@
}
}
-// hasGoBuild reports whether the current system can build programs with ``go build''
+// hasGoBuild reports whether the current system can build programs with “go build”
// and then run them with os.StartProcess or exec.Command.
//
// Duplicated from std/internal/testenv
diff --git a/vulncheck/helpers_test.go b/vulncheck/helpers_test.go
index ddfe8ec..c7f0805 100644
--- a/vulncheck/helpers_test.go
+++ b/vulncheck/helpers_test.go
@@ -25,8 +25,9 @@
}
// testClient contains the following test vulnerabilities
-// golang.org/amod/avuln.{VulnData.Vuln1, vulnData.Vuln2}
-// golang.org/bmod/bvuln.{Vuln}
+//
+// golang.org/amod/avuln.{VulnData.Vuln1, vulnData.Vuln2}
+// golang.org/bmod/bvuln.{Vuln}
var testClient = &mockClient{
ret: map[string][]*osv.Entry{
"golang.org/amod": []*osv.Entry{
diff --git a/vulncheck/source.go b/vulncheck/source.go
index 0d106dd..55f3777 100644
--- a/vulncheck/source.go
+++ b/vulncheck/source.go
@@ -17,12 +17,12 @@
)
// Source detects vulnerabilities in pkgs and computes slices of
-// - imports graph related to an import of a package with some
-// known vulnerabilities
-// - requires graph related to a require of a module with a
-// package that has some known vulnerabilities
-// - call graph leading to the use of a known vulnerable function
-// or method
+// - imports graph related to an import of a package with some
+// known vulnerabilities
+// - requires graph related to a require of a module with a
+// package that has some known vulnerabilities
+// - call graph leading to the use of a known vulnerable function
+// or method
func Source(ctx context.Context, pkgs []*Package, cfg *Config) (_ *Result, err error) {
defer derrors.Wrap(&err, "vulncheck.Source")
diff --git a/vulncheck/source_test.go b/vulncheck/source_test.go
index 6d65706..0ded4dc 100644
--- a/vulncheck/source_test.go
+++ b/vulncheck/source_test.go
@@ -19,13 +19,13 @@
// for the Config.ImportsOnly=true mode. The inlined test code has
// the following package (left) and module (right) imports graphs:
//
-// entry/x entry/y entry
-// \ / \ / \
-// amod/avuln zmod/z amod zmod
-// | |
-// wmod/w wmod
-// | |
-// bmod/bvuln bmod
+// entry/x entry/y entry
+// \ / \ / \
+// amod/avuln zmod/z amod zmod
+// | |
+// wmod/w wmod
+// | |
+// bmod/bvuln bmod
//
// Packages ending in "vuln" have some known vulnerabilities.
func TestImportsOnly(t *testing.T) {
@@ -171,37 +171,38 @@
// TestCallGraph checks for call graph vuln slicing correctness.
// The inlined test code has the following call graph
//
-// x.X
-// / | \
-// / d.D1 avuln.VulnData.Vuln1
-// / / |
-// c.C1 d.internal.Vuln1
-// |
-// avuln.VulnData.Vuln2
+// x.X
+// / | \
+// / d.D1 avuln.VulnData.Vuln1
+// / / |
+// c.C1 d.internal.Vuln1
+// |
+// avuln.VulnData.Vuln2
//
-// --------------------y.Y-------------------------------
-// / / \ \ \ \
-// / / \ \ \ \
-// / / \ \ \ \
-// c.C4 c.vulnWrap.V.Vuln1(=nil) c.C2 bvuln.Vuln c.C3 c.C3$1
-// | | |
-// y.benign e.E
+// --------------------y.Y-------------------------------
+// / / \ \ \ \
+// / / \ \ \ \
+// / / \ \ \ \
+// c.C4 c.vulnWrap.V.Vuln1(=nil) c.C2 bvuln.Vuln c.C3 c.C3$1
+// | | |
+// y.benign e.E
//
// and this slice
//
-// x.X
-// / | \
-// / d.D1 avuln.VulnData.Vuln1
-// / /
-// c.C1
-// |
-// avuln.VulnData.Vuln2
+// x.X
+// / | \
+// / d.D1 avuln.VulnData.Vuln1
+// / /
+// c.C1
+// |
+// avuln.VulnData.Vuln2
//
-// y.Y
-// |
-// bvuln.Vuln
-// | |
-// e.E
+// y.Y
+// |
+// bvuln.Vuln
+// | |
+// e.E
+//
// related to avuln.VulnData.{Vuln1, Vuln2} and bvuln.Vuln vulnerabilities.
func TestCallGraph(t *testing.T) {
e := packagestest.Export(t, packagestest.Modules, []packagestest.Module{
diff --git a/vulncheck/utils.go b/vulncheck/utils.go
index 780cd63..0886a27 100644
--- a/vulncheck/utils.go
+++ b/vulncheck/utils.go
@@ -98,8 +98,8 @@
// dbTypeFormat formats the name of t according how types
// are encoded in vulnerability database:
-// - pointer designation * is skipped
-// - full path prefix is skipped as well
+// - pointer designation * is skipped
+// - full path prefix is skipped as well
func dbTypeFormat(t types.Type) string {
switch tt := t.(type) {
case *types.Pointer:
@@ -118,9 +118,10 @@
// enclosing package, but not globally.
//
// Examples:
-// func (a A) foo (...) {...} -> A.foo
-// func foo(...) {...} -> foo
-// func (b *B) bar (...) {...} -> B.bar
+//
+// func (a A) foo (...) {...} -> A.foo
+// func foo(...) {...} -> foo
+// func (b *B) bar (...) {...} -> B.bar
func dbFuncName(f *ssa.Function) string {
selectBound := func(f *ssa.Function) types.Type {
// If f is a "bound" function introduced by ssa for a given type, return the type.