vulncheck: fix formatting for doc.go
doc.go current renders incorrectly due to some syntax errors.
See https://pkg.go.dev/golang.org/x/vuln/vulncheck.
(screenshot: https://screenshot.googleplex.com/ATdtaQiwBffdbiU.png)
It is updated to format properly. The "https" scheme is also added to
links so that they are now clickable.
Change-Id: Ibb515d61c8cb081f30d83f95e6a551943a0104e4
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/403794
Run-TryBot: Julie Qiu <julieqiu@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/vulncheck/doc.go b/vulncheck/doc.go
index 2de96ac..dba7374 100644
--- a/vulncheck/doc.go
+++ b/vulncheck/doc.go
@@ -2,57 +2,55 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-/*
-* Package vulncheck detects uses of known vulnerabilities
-* in Go programs. The two main APIs of vulncheck, Source
-* and Binary, allow vulnerability detection in Go source
-* code and binaries, respectively.
-*
-* vulncheck identifies vulnerability uses in Go programs
-* at the level of call graph, package import graph, and module
-* requires graph. For instance, vulncheck identifies which
-* vulnerable functions and methods are transitively called
-* from the program entry points. vulncheck also detects
-* transitively imported packages and required modules that
-* contain known vulnerable functions and methods.
-*
-* TODO(zpavlinovic): add a link to a more detailed overview of vulncheck
-*
-* # Inputs
-*
-* Source accepts a list of vulncheck.Package objects, which
-* are a trimmed version of packages.Package objects to reduce
-* memory consumption. Binary accepts a path to a Go binary file
-* that must have been compiled with Go 1.18 or greater. Otherwise,
-* the list of modules used by the binary is unavailable and
-* vulncheck hence might miss vulnerabilities present in the binary.
-*
-* Both Source and Binary require information about known
-* vulnerabilities in the form of a vulnerability database
-* golang.org/x/vuln/client.Client. The vulnerabilities
-* are modeled using the shared golang.org/x/vuln/osv format.
-*
-* # Results
-*
-* The result of vulncheck are slices of the call graph, package
-* imports graph, and module requires graph leading to the use
-* of an identified vulnerability. Parts of these graphs not
-* related to any vulnerabilities are omitted.
-*
-* # Vulnerability Witnesses
-*
-* CallStacks and ImportChains APIs search the returned slices
-* for user-friendly representative call stacks and import chains.
-* Clients of vulncheck can use these stacks and chains as a
-* witness of a vulnerability use during, for instance, security
-* review.
-*
-* # Limitations
-*
-* Note that since statically constructing an exact call graph of
-* a program is impossible, the produced call graph information
-* is over-approximate: the results might contain call stacks not
-* realizable in practice. On the other hand, vulncheck might
-* miss some call graph edges in the presence of unsafe and reflect.
- */
+// Package vulncheck detects uses of known vulnerabilities
+// in Go programs. The two main APIs of vulncheck, Source
+// and Binary, allow vulnerability detection in Go source
+// code and binaries, respectively.
+//
+// vulncheck identifies vulnerability uses in Go programs
+// at the level of call graph, package import graph, and module
+// requires graph. For instance, vulncheck identifies which
+// vulnerable functions and methods are transitively called
+// from the program entry points. vulncheck also detects
+// transitively imported packages and required modules that
+// contain known vulnerable functions and methods.
+//
+// TODO(zpavlinovic): add a link to a more detailed overview of vulncheck
+//
+// Inputs
+//
+// Source accepts a list of vulncheck.Package objects, which
+// are a trimmed version of packages.Package objects to reduce
+// memory consumption. Binary accepts a path to a Go binary file
+// that must have been compiled with Go 1.18 or greater. Otherwise,
+// the list of modules used by the binary is unavailable and
+// vulncheck hence might miss vulnerabilities present in the binary.
+//
+// Both Source and Binary require information about known
+// vulnerabilities in the form of a vulnerability database
+// https://golang.org/x/vuln/client#Client. The vulnerabilities
+// are modeled using the shared https://golang.org/x/vuln/osv format.
+//
+// Results
+//
+// The result of vulncheck are slices of the call graph, package
+// imports graph, and module requires graph leading to the use
+// of an identified vulnerability. Parts of these graphs not
+// related to any vulnerabilities are omitted.
+//
+// Vulnerability Witnesses
+//
+// CallStacks and ImportChains APIs search the returned slices
+// for user-friendly representative call stacks and import chains.
+// Clients of vulncheck can use these stacks and chains as a
+// witness of a vulnerability use during, for instance, security
+// review.
+//
+// Limitations
+//
+// Note that since statically constructing an exact call graph of
+// a program is impossible, the produced call graph information
+// is over-approximate: the results might contain call stacks not
+// realizable in practice. On the other hand, vulncheck might
+// miss some call graph edges in the presence of unsafe and reflect.
package vulncheck
