Skip to content

Commit

Permalink
internal/scan: print progress messages only in verbose mode
Browse files Browse the repository at this point in the history 
And also update the documentation.

Updates golang/go#66872

Change-Id: I73f0c7e9c1f46b66711b878748bf78571d26f66b
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/580175
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Cottrell <iancottrell@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
  • Loading branch information
@zpavlinovic
zpavlinovic committed Apr 18, 2024
1 parent 640d2c8 commit f3bc44a
Show file tree
Hide file tree
Showing 20 changed files with 11 additions and 52 deletions.
14 changes: 8 additions & 6 deletions cmd/govulncheck/doc.go
View file
Expand Up @@ -41,25 +41,27 @@ To control which files are processed, use the -tags flag to provide a
comma-separated list of build tags, and the -test flag to indicate that test
files should be included.
To include more detailed stack traces, pass -show=traces, this will cause it to
To include more detailed stack traces, pass '-show traces', this will cause it to
print the full call stack for each entry.
To include progress messages and more details on findings, pass '-show verbose'.
To run govulncheck on a compiled binary, pass it the path to the binary file
with the -mode=binary flag:
with the '-mode binary' flag:
$ govulncheck -mode=binary $HOME/go/bin/my-go-program
$ govulncheck -mode binary $HOME/go/bin/my-go-program
Govulncheck uses the binary's symbol information to find mentions of vulnerable
functions. Its output omits call stacks, which require source code analysis.
Govulncheck also supports -mode=extract on a Go binary for extraction of minimal
Govulncheck also supports '-mode extract' on a Go binary for extraction of minimal
information needed to analyze the binary. This will produce a blob, typically much
smaller than the binary, that can also be passed to govulncheck as an argument with
-mode=binary. The users should not rely on the contents or representation of the blob.
'-mode binary'. The users should not rely on the contents or representation of the blob.
Govulncheck exits successfully (exit code 0) if there are no vulnerabilities,
and exits unsuccessfully if there are. It also exits successfully if the -json flag
is provided, regardless of the number of detected vulnerabilities.
(or '-format json') is provided, regardless of the number of detected vulnerabilities.
Govulncheck supports streaming JSON. For more details, please see [golang.org/x/vuln/internal/govulncheck].
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_text.ct
View file
@@ -1,8 +1,6 @@
#####
# Test basic binary scanning with text output
$ govulncheck -mode=binary ${common_vuln_binary} --> FAIL 3
Scanning your binary for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0265
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/binary-module/binary_module_text.ct
View file
@@ -1,8 +1,6 @@
#####
# Test binary scanning at the module level
$ govulncheck -mode=binary -scan module ${common_vuln_binary} --> FAIL 3
Scanning your binary for known vulnerabilities...

=== Module Results ===

Vulnerability #1: GO-2021-0265
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/binary-package/binary_package_text.ct
View file
@@ -1,7 +1,5 @@
# Test binary scanning at the package level.
$ govulncheck -mode=binary -scan package ${common_vuln_binary} --> FAIL 3
Scanning your binary for known vulnerabilities...

=== Package Results ===

Vulnerability #1: GO-2021-0265
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/convert/convert_text.ct
View file
Expand Up @@ -2,8 +2,6 @@
# Test using the conversion from json on stdin to text on stdout
# location of convert input is subdirectory/convert_intput
$ govulncheck -mode=convert < convert/convert_input.json --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0265
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/extract/binary_extract.ct
View file
@@ -1,8 +1,6 @@
#####
# Test binary mode using the extracted binary blob.
$ govulncheck -mode=binary ${testdir}/extract/vuln.blob --> FAIL 3
Scanning your binary for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0265
Expand Down
4 changes: 0 additions & 4 deletions cmd/govulncheck/testdata/common/testfiles/source-call/source_call_text.ct
View file
@@ -1,8 +1,6 @@
#####
# Test of basic govulncheck in source mode
$ govulncheck -C ${moddir}/vuln ./... --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0265
Expand Down Expand Up @@ -47,8 +45,6 @@ Use '-show verbose' for more details.
#####
# Test of basic govulncheck in source mode with expanded traces
$ govulncheck -C ${moddir}/vuln -show=traces ./... --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0265
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/source-call/source_informational_text.ct
View file
@@ -1,8 +1,6 @@
#####
# Test source mode with no callstacks
$ govulncheck -C ${moddir}/informational -show=traces .
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

No vulnerabilities found.
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_text.ct
View file
@@ -1,8 +1,6 @@
#####
# Test for multiple call stacks in source mode
$ govulncheck -C ${moddir}/multientry . --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0113
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/source-call/source_replace_text.ct
View file
Expand Up @@ -2,8 +2,6 @@
# Test of source mode on a module with a replace directive.

$ govulncheck -C ${moddir}/replace ./... --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0113
Expand Down
4 changes: 0 additions & 4 deletions cmd/govulncheck/testdata/common/testfiles/source-call/source_subdir_text.ct
View file
@@ -1,8 +1,6 @@
#####
# Test govulncheck runs on the subdirectory of a module
$ govulncheck -C ${moddir}/vuln/subdir . --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0113
Expand All @@ -26,8 +24,6 @@ Use '-show verbose' for more details.
#####
# Test govulncheck runs on the subdirectory of a module
$ govulncheck -C ${moddir}/vuln/subdir -show=traces . --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0113
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/source-call/source_wholemodvuln_text.ct
View file
Expand Up @@ -2,8 +2,6 @@
# Test of govulncheck call analysis for vulns with no package info available.
# All symbols of the module are vulnerable.
$ govulncheck -C ${moddir}/wholemodvuln ./... --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2022-0956
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/source-module/source_module_text.ct
View file
Expand Up @@ -2,8 +2,6 @@
# Testing that govulncheck doesn't mention calls when it doesn't
# have callstack information
$ govulncheck -scan module -C ${moddir}/multientry --> FAIL 3
Scanning your code across 2 dependent modules for known vulnerabilities...

=== Module Results ===

Vulnerability #1: GO-2021-0113
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/source-package/source_package_text.ct
View file
@@ -1,8 +1,6 @@
#####
# Testing that govulncheck doesn't mention calls when it doesn't have the relevant info
$ govulncheck -scan package -C ${moddir}/multientry . --> FAIL 3
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Package Results ===

Vulnerability #1: GO-2021-0113
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/usage/format.ct
View file
@@ -1,8 +1,6 @@
#####
# Test of explicit text format
$ govulncheck -C ${moddir}/informational -format text .
Scanning your code and P packages across M dependent modules for known vulnerabilities...

=== Symbol Results ===

No vulnerabilities found.
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/common/testfiles/usage/source_no_packages.ct
View file
@@ -1,6 +1,4 @@
#####
# Test message when there are no packages matching the provided pattern (#59623).
$ govulncheck -C ${moddir}/vuln pkg/no-govulncheck/...
No packages matching the provided pattern.

No vulnerabilities found.
8 changes: 0 additions & 8 deletions cmd/govulncheck/testdata/stdlib/testfiles/stdlib/source_stdlib_text.ct
View file
@@ -1,8 +1,6 @@
#####
# Test finding stdlib vulnerability in source mode
$ govulncheck -C ${moddir}/stdlib . --> FAIL 3
Scanning your code and P packages across M dependent module for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2022-0969
Expand All @@ -25,8 +23,6 @@ Use '-show verbose' for more details.
#####
# Test finding stdlib vulnerability in source mode with expanded traces
$ govulncheck -C ${moddir}/stdlib -show=traces . --> FAIL 3
Scanning your code and P packages across M dependent module for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2022-0969
Expand Down Expand Up @@ -55,8 +51,6 @@ Use '-show verbose' for more details.
#####
# Test finding stdlib vulnerability in source mode at the package level
$ govulncheck -C ${moddir}/stdlib -scan package . --> FAIL 3
Scanning your code and P packages across M dependent module for known vulnerabilities...

=== Package Results ===

Vulnerability #1: GO-2022-0969
Expand All @@ -77,8 +71,6 @@ verbose' for more details.
#####
# Test finding stdlib vulnerability in source mode at the module level
$ govulncheck -C ${moddir}/stdlib -scan module --> FAIL 3
Scanning your code across 1 dependent module for known vulnerabilities...

=== Module Results ===

Vulnerability #1: GO-2022-0969
Expand Down
2 changes: 0 additions & 2 deletions cmd/govulncheck/testdata/strip/testfiles/binary/strip.ct
View file
@@ -1,8 +1,6 @@
#####
# Test for stripped binaries (see #57764)
$ govulncheck -mode=binary ${strip_vuln_binary} --> FAIL 3
Scanning your binary for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2021-0113
Expand Down
1 change: 0 additions & 1 deletion internal/scan/run.go
View file
Expand Up @@ -47,7 +47,6 @@ func RunGovulncheck(ctx context.Context, env []string, r io.Reader, stdout io.Wr
handler = th
}

// Write the introductory message to the user.
if err := handler.Config(&cfg.Config); err != nil {
return err
}
Expand Down
4 changes: 3 additions & 1 deletion internal/scan/text.go
View file
Expand Up @@ -116,7 +116,9 @@ func (h *TextHandler) Config(config *govulncheck.Config) error {

// Progress writes progress updates during govulncheck execution.
func (h *TextHandler) Progress(progress *govulncheck.Progress) error {
h.print(progress.Message, "\n\n")
if h.showVerbose {
h.print(progress.Message, "\n\n")
}
return h.err
}

Expand Down

0 comments on commit f3bc44a

Please sign in to comment.