internal/vulncheck: emit fetch db and vuln checking progress messages

Fixes golang/go#66872 Change-Id: I32c92767a62b3425bff0f1496c76e47170d39885 Reviewed-on: https://go-review.googlesource.com/c/vuln/+/580216 Run-TryBot: Zvonimir Pavlinovic <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Ian Cottrell <[email protected]>
golang · Apr 18, 2024 · 086b27b · 086b27b
1 parent f3bc44a
commit 086b27b
Show file tree

Hide file tree

Showing 19 changed files with 151 additions and 0 deletions.
diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_json.ct b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_json.ct
@@ -17,6 +17,16 @@ $ govulncheck -format json -mode binary ${common_vuln_binary}
     "message": "Scanning your binary for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vendored_json.ct b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vendored_json.ct
@@ -17,6 +17,16 @@ $ govulncheck -format json -mode binary ${common_vendored_binary}
     "message": "Scanning your binary for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-module/binary_module_json.ct b/cmd/govulncheck/testdata/common/testfiles/binary-module/binary_module_json.ct
@@ -17,6 +17,16 @@ $ govulncheck -format json -mode binary -scan module ${common_vuln_binary}
     "message": "Scanning your binary for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-package/binary_package_json.ct b/cmd/govulncheck/testdata/common/testfiles/binary-package/binary_package_json.ct
@@ -17,6 +17,16 @@ $ govulncheck -format json -mode binary -scan package ${common_vuln_binary}
     "message": "Scanning your binary for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_json.ct
@@ -17,6 +17,16 @@ $ govulncheck -C ${moddir}/vuln -format json ./...
     "message": "Scanning your code and P packages across M dependent modules for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_call_text.ct
@@ -101,6 +101,10 @@ Use '-show verbose' for more details.
 $ govulncheck -C ${moddir}/vuln -show verbose ./... --> FAIL 3
 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Symbol Results ===
 
 Vulnerability #1: GO-2021-0265

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_json.ct
@@ -18,6 +18,16 @@ $ govulncheck -format json -C ${moddir}/multientry .
     "message": "Scanning your code and P packages across M dependent modules for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_text.ct
@@ -26,6 +26,10 @@ Use '-show verbose' for more details.
 $ govulncheck -show verbose -C ${moddir}/multientry -show=traces ./... --> FAIL 3
 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Symbol Results ===
 
 Vulnerability #1: GO-2021-0113

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_replace_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_replace_json.ct
@@ -18,6 +18,16 @@ $ govulncheck -C ${moddir}/replace -format json ./...
     "message": "Scanning your code and P packages across M dependent modules for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_json.ct
@@ -18,6 +18,16 @@ $ govulncheck -C ${moddir}/vendored -format json ./...
     "message": "Scanning your code and P packages across M dependent modules for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_text.ct
@@ -3,6 +3,10 @@
 $ govulncheck -C ${moddir}/vendored -show verbose ./... --> FAIL 3
 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Symbol Results ===
 
 Vulnerability #1: GO-2021-0265

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_json.ct
@@ -18,6 +18,16 @@ $ govulncheck -format json -scan module -C ${moddir}/multientry
     "message": "Scanning your code across 2 dependent modules for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-module/source_module_text.ct
@@ -22,6 +22,10 @@ Use '-scan symbol' for more fine grained vulnerability detection.
 $ govulncheck -scan module -show verbose -C ${moddir}/multientry --> FAIL 3
 Scanning your code across 2 dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Module Results ===
 
 Vulnerability #1: GO-2021-0113

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_json.ct b/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_json.ct
@@ -18,6 +18,16 @@ $ govulncheck -format json -scan package -C ${moddir}/multientry .
     "message": "Scanning your code and P packages across M dependent modules for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_text.ct b/cmd/govulncheck/testdata/common/testfiles/source-package/source_package_text.ct
@@ -23,6 +23,10 @@ verbose' for more details.
 $ govulncheck -show verbose -scan package -C ${moddir}/multientry . --> FAIL 3
 Scanning your code and P packages across M dependent modules for known vulnerabilities...
 
+Fetching vulnerabilities from the database...
+
+Checking the code against the vulnerabilities...
+
 === Package Results ===
 
 Vulnerability #1: GO-2021-0113

diff --git a/cmd/govulncheck/testdata/stdlib/testfiles/stdlib/source_stdlib_json.ct b/cmd/govulncheck/testdata/stdlib/testfiles/stdlib/source_stdlib_json.ct
@@ -18,6 +18,16 @@ $ govulncheck -C ${moddir}/stdlib -format json .
     "message": "Scanning your code and P packages across M dependent module for known vulnerabilities..."
   }
 }
+{
+  "progress": {
+    "message": "Fetching vulnerabilities from the database..."
+  }
+}
+{
+  "progress": {
+    "message": "Checking the code against the vulnerabilities..."
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

diff --git a/internal/vulncheck/binary.go b/internal/vulncheck/binary.go
@@ -49,6 +49,10 @@ func binary(ctx context.Context, handler govulncheck.Handler, bin *Bin, cfg *gov
 	graph.AddModules(bin.Modules...)
 	mods := append(bin.Modules, graph.GetModule(internal.GoStdModulePath))
 
+	if err := handler.Progress(&govulncheck.Progress{Message: fetchingVulnsMessage}); err != nil {
+		return nil, err
+	}
+
 	mv, err := FetchVulnerabilities(ctx, client, mods)
 	if err != nil {
 		return nil, err
@@ -59,6 +63,10 @@ func binary(ctx context.Context, handler govulncheck.Handler, bin *Bin, cfg *gov
 		return nil, err
 	}
 
+	if err := handler.Progress(&govulncheck.Progress{Message: checkingVulnsMessage}); err != nil {
+		return nil, err
+	}
+
 	if bin.GOOS == "" || bin.GOARCH == "" {
 		fmt.Printf("warning: failed to extract build system specification GOOS: %s GOARCH: %s\n", bin.GOOS, bin.GOARCH)
 	}

diff --git a/internal/vulncheck/source.go b/internal/vulncheck/source.go
@@ -57,6 +57,10 @@ func source(ctx context.Context, handler govulncheck.Handler, cfg *govulncheck.C
 		}()
 	}
 
+	if err := handler.Progress(&govulncheck.Progress{Message: fetchingVulnsMessage}); err != nil {
+		return nil, err
+	}
+
 	mv, err := FetchVulnerabilities(ctx, client, graph.Modules())
 	if err != nil {
 		return nil, err
@@ -67,6 +71,10 @@ func source(ctx context.Context, handler govulncheck.Handler, cfg *govulncheck.C
 		return nil, err
 	}
 
+	if err := handler.Progress(&govulncheck.Progress{Message: checkingVulnsMessage}); err != nil {
+		return nil, err
+	}
+
 	affVulns := affectingVulnerabilities(mv, "", "")
 	if err := emitModuleFindings(handler, affVulns); err != nil {
 		return nil, err

diff --git a/internal/vulncheck/vulncheck.go b/internal/vulncheck/vulncheck.go
@@ -16,6 +16,11 @@ import (
 	"golang.org/x/vuln/internal/semver"
 )
 
+const (
+	fetchingVulnsMessage = "Fetching vulnerabilities from the database..."
+	checkingVulnsMessage = "Checking the code against the vulnerabilities..."
+)
+
 // Result contains information on detected vulnerabilities.
 // For call graph analysis, it provides information on reachability
 // of vulnerable symbols through entry points of the program.