[vuln] internal/scan: improve error for bad package pattern

32 views
Skip to first unread message

Julie Qiu (Gerrit)

unread,
Apr 20, 2023, 12:18:17 PM4/20/23
to Julie Qiu, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Tatiana Bradley, Gopher Robot, golang-co...@googlegroups.com

Julie Qiu submitted this change.

View Change

Approvals: Tatiana Bradley: Looks good to me, approved Gopher Robot: TryBots succeeded Julie Qiu: Run TryBots Julie Qiu: Looks good to me, but someone else must approve 
internal/scan: improve error for bad package pattern

Fixes golang/go#59699

Change-Id: I4a41a036fecb212696338a6127827d7ffecb6b4d
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/486396
Run-TryBot: Julie Qiu <ju...@golang.org>
Reviewed-by: Tatiana Bradley <tatiana...@google.com>
TryBot-Result: Gopher Robot <go...@golang.org>
Reviewed-by: Julie Qiu <juli...@google.com>
---
M cmd/govulncheck/main_command_118_test.go
A cmd/govulncheck/testdata/sourcebadpattern.ct
M internal/scan/errors.go
3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/cmd/govulncheck/main_command_118_test.go b/cmd/govulncheck/main_command_118_test.go
index ba6bb17..1a20a93 100644
--- a/cmd/govulncheck/main_command_118_test.go
+++ b/cmd/govulncheck/main_command_118_test.go
@@ -160,6 +160,7 @@
 	govulncheckBinaryErrorRegexp = regexp.MustCompile(`govulncheck: (.*) is a file`)
 	govulncheckJSONRegexp        = regexp.MustCompile(`"govulncheck@v(.*)",`)
 	vulndbRegexp                 = regexp.MustCompile(`file:///(.*)/testdata/vulndb`)
+	gorootRegexp                 = regexp.MustCompile(`package (.*) is not in GOROOT (.*)`)
 	lastModifiedRegexp           = regexp.MustCompile(`modified (.*)\)`)
 )
 
@@ -189,5 +190,6 @@
 	data = govulncheckJSONRegexp.ReplaceAll(data, []byte("govul...@v0.0.0-00000000000-20000101010101"))
 	data = govulncheckBinaryErrorRegexp.ReplaceAll(data, []byte("govulncheck: myfile is a file"))
 	data = vulndbRegexp.ReplaceAll(data, []byte("testdata/vulndb"))
+	data = gorootRegexp.ReplaceAll(data, []byte("package foo is not in GOROOT (/tmp/foo)"))
 	return lastModifiedRegexp.ReplaceAll(data, []byte("modified 01 Jan 21 00:00 UTC)"))
 }
diff --git a/cmd/govulncheck/testdata/sourcebadpattern.ct b/cmd/govulncheck/testdata/sourcebadpattern.ct
new file mode 100644
index 0000000..abfa6f6
--- /dev/null
+++ b/cmd/govulncheck/testdata/sourcebadpattern.ct
@@ -0,0 +1,11 @@
+$ govulncheck -C ${moddir}/vuln blah --> FAIL 1
+govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
+
+Using go1.18 and govul...@v0.0.0-00000000000-20000101010101 with
+vulnerability data from testdata/vulndb-v1 (last modified 01 Jan 21 00:00 UTC).
+
+There are errors with the provided package patterns:
+
+-: package foo is not in GOROOT (/tmp/foo)
+
+For details on package patterns, see https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns.
diff --git a/internal/scan/errors.go b/internal/scan/errors.go
index 6f03809..6927bb6 100644
--- a/internal/scan/errors.go
+++ b/internal/scan/errors.go
@@ -58,10 +58,12 @@
 
 func (e *packageError) Error() string {
 	var b strings.Builder
-	fmt.Fprintln(&b, "Packages contain errors:")
+	fmt.Fprintln(&b, "\nThere are errors with the provided package patterns:")
+	fmt.Fprintln(&b, "")
 	for _, e := range e.Errors {
 		fmt.Fprintln(&b, e)
 	}
+	fmt.Fprintln(&b, "\nFor details on package patterns, see https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns.")
 	return b.String()
 }

To view, visit change 486396. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: vuln
Gerrit-Branch: master
Gerrit-Change-Id: I4a41a036fecb212696338a6127827d7ffecb6b4d
Gerrit-Change-Number: 486396
Gerrit-PatchSet: 10
Gerrit-Owner: Julie Qiu <ju...@golang.org>
Gerrit-Reviewer: Gopher Robot <go...@golang.org>
Gerrit-Reviewer: Julie Qiu <ju...@golang.org>
Gerrit-Reviewer: Julie Qiu <juli...@google.com>
Gerrit-Reviewer: Tatiana Bradley <tatiana...@google.com>
Reply all
Reply to author
Forward
0 new messages