internal/scan: improve textual output for binary traces

There are no traces in binary mode, just vulnerable symbols detected. Change-Id: I9f1ccc83c0527537d8d42d7397de0562ed8d2842 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/577675 Reviewed-by: Ian Cottrell <iancottrell@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
golang · May 15, 2024 · d837ff8 · d837ff8
1 parent 4a8a6ff
commit d837ff8
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 13 deletions.
diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_text.ct b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_text.ct
@@ -10,7 +10,7 @@ Vulnerability #1: GO-2021-0265
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3
-    Example traces found:
+    Vulnerable symbols found:
       #1: gjson.Get
       #2: gjson.Result.Get
 
@@ -23,7 +23,7 @@ Vulnerability #2: GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
-    Example traces found:
+    Vulnerable symbols found:
       #1: language.Parse
 
 Vulnerability #3: GO-2021-0054
@@ -34,7 +34,7 @@ Vulnerability #3: GO-2021-0054
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.6.6
-    Example traces found:
+    Vulnerable symbols found:
       #1: gjson.Result.ForEach
 
 Your code is affected by 3 vulnerabilities from 2 modules.

diff --git a/cmd/govulncheck/testdata/common/testfiles/extract/binary_extract.ct b/cmd/govulncheck/testdata/common/testfiles/extract/binary_extract.ct
@@ -10,7 +10,7 @@ Vulnerability #1: GO-2021-0265
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3
-    Example traces found:
+    Vulnerable symbols found:
       #1: gjson.Get
       #2: gjson.Result.Get
 
@@ -23,7 +23,7 @@ Vulnerability #2: GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
-    Example traces found:
+    Vulnerable symbols found:
       #1: language.Parse
 
 Vulnerability #3: GO-2021-0054
@@ -34,7 +34,7 @@ Vulnerability #3: GO-2021-0054
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.6.6
-    Example traces found:
+    Vulnerable symbols found:
       #1: gjson.Result.ForEach
 
 Your code is affected by 3 vulnerabilities from 2 modules.

diff --git a/cmd/govulncheck/testdata/strip/testfiles/binary/strip.ct b/cmd/govulncheck/testdata/strip/testfiles/binary/strip.ct
@@ -12,7 +12,7 @@ Vulnerability #1: GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
-    Example traces found:
+    Vulnerable symbols found:
       #1: language.MatchStrings
       #2: language.MustParse
       #3: language.Parse
@@ -24,7 +24,7 @@ Vulnerability #2: GO-2020-0015
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.3
-    Example traces found:
+    Vulnerable symbols found:
       #1: transform.String
       #2: unicode.bomOverride.Transform
       #3: unicode.utf16Decoder.Transform

diff --git a/internal/scan/text.go b/internal/scan/text.go
@@ -38,6 +38,7 @@ type TextHandler struct {
 	osvs      []*osv.Entry
 	findings  []*findingSummary
 	scanLevel govulncheck.ScanLevel
+	scanMode  govulncheck.ScanMode
 
 	err error
 
@@ -84,9 +85,9 @@ func (h *TextHandler) Flush() error {
 
 // Config writes version information only if --version was set.
 func (h *TextHandler) Config(config *govulncheck.Config) error {
-	if config.ScanLevel != "" {
-		h.scanLevel = config.ScanLevel
-	}
+	h.scanLevel = config.ScanLevel
+	h.scanMode = config.ScanMode
+
 	if !h.showVersion {
 		return nil
 	}
@@ -300,10 +301,14 @@ func (h *TextHandler) traces(traces []*findingSummary) {
 	count := 1
 	for _, entry := range traces {
 		if entry.Compact == "" {
-			continue
+			continue // skip package and module level traces
 		}
 		if first {
-			h.style(keyStyle, "    Example traces found:\n")
+			if h.scanMode == govulncheck.ScanModeBinary {
+				h.style(keyStyle, "    Vulnerable symbols found:\n")
+			} else {
+				h.style(keyStyle, "    Example traces found:\n")
+			}
 		}
 		first = false