And, make gopls.run_vulncheck_exp show an information/error
message popup after a successful run. This is temporary.
We plan to publish the results as diagnostics and quick-fix.
Finally, changed the stdlib vulnerability info id in
testdata to GO-0000-0001 which looks more like a vulnerability
ID than STD.
Changed TestRunVulncheckExp to include tests on codelens
and use the command included in the codelens, instead of
directly calling the gopls.run_vulncheck_exp command.
Change-Id: Iaf91e4e61b2dfc1e050b887946a69efd3e3785b0
Reviewed-on: https://go-review.googlesource.com/c/tools/+/420995
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
gopls-CI: kokoro <noreply+kokoro@google.com>
Reviewed-by: Suzy Mueller <suzmue@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
By making gopls.run_vulncheck_exp (RunVulncheckExp implements)
call `gopls vulncheck`, we achieve
- gopls.run_vulncheck_exp can run asynchronously and be cancellable
- log information can be forwarded as progress messages
- isolate any failures during vulncheck execution
In this CL, we also changed not to include test files in the analysis
(match the default of govulncheck). We will add an option in the future.
TODO:
- prevent concurrent gopls.run_vulncheck_exp
- convert the gopls vulncheck output to diagnostics and publish it
- remove timestamps from the `gopls vulncheck` log messages
for simplify progress messages
- add test to check vulnerability in third-party dependencies
Change-Id: I21592e03794cd9e9d96ed3989973a2ab7d75c538
Reviewed-on: https://go-review.googlesource.com/c/tools/+/420717
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
Reviewed-by: Suzy Mueller <suzmue@golang.org>
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
gopls-CI: kokoro <noreply+kokoro@google.com>
Hana (Hyang-Ah) Kim