From d837ff86426137299700241b0997c011091800ff Mon Sep 17 00:00:00 2001
From: Zvonimir Pavlinovic <zpavlinovic@google.com>
Date: Tue, 9 Apr 2024 17:06:10 +0000
Subject: [PATCH] internal/scan: improve textual output for binary traces

There are no traces in binary mode, just vulnerable symbols detected.

Change-Id: I9f1ccc83c0527537d8d42d7397de0562ed8d2842
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/577675
Reviewed-by: Ian Cottrell <iancottrell@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
---
 .../testfiles/binary-call/binary_call_text.ct     |  6 +++---
 .../common/testfiles/extract/binary_extract.ct    |  6 +++---
 .../testdata/strip/testfiles/binary/strip.ct      |  4 ++--
 internal/scan/text.go                             | 15 ++++++++++-----
 4 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_text.ct b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_text.ct
index 81f0a47..2710d9e 100644
--- a/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_text.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_text.ct
@@ -10,7 +10,7 @@ Vulnerability #1: GO-2021-0265
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3
-    Example traces found:
+    Vulnerable symbols found:
       #1: gjson.Get
       #2: gjson.Result.Get
 
@@ -23,7 +23,7 @@ Vulnerability #2: GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
-    Example traces found:
+    Vulnerable symbols found:
       #1: language.Parse
 
 Vulnerability #3: GO-2021-0054
@@ -34,7 +34,7 @@ Vulnerability #3: GO-2021-0054
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.6.6
-    Example traces found:
+    Vulnerable symbols found:
       #1: gjson.Result.ForEach
 
 Your code is affected by 3 vulnerabilities from 2 modules.
diff --git a/cmd/govulncheck/testdata/common/testfiles/extract/binary_extract.ct b/cmd/govulncheck/testdata/common/testfiles/extract/binary_extract.ct
index 98f8f79..207e74b 100644
--- a/cmd/govulncheck/testdata/common/testfiles/extract/binary_extract.ct
+++ b/cmd/govulncheck/testdata/common/testfiles/extract/binary_extract.ct
@@ -10,7 +10,7 @@ Vulnerability #1: GO-2021-0265
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.9.3
-    Example traces found:
+    Vulnerable symbols found:
       #1: gjson.Get
       #2: gjson.Result.Get
 
@@ -23,7 +23,7 @@ Vulnerability #2: GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
-    Example traces found:
+    Vulnerable symbols found:
       #1: language.Parse
 
 Vulnerability #3: GO-2021-0054
@@ -34,7 +34,7 @@ Vulnerability #3: GO-2021-0054
   Module: github.com/tidwall/gjson
     Found in: github.com/tidwall/gjson@v1.6.5
     Fixed in: github.com/tidwall/gjson@v1.6.6
-    Example traces found:
+    Vulnerable symbols found:
       #1: gjson.Result.ForEach
 
 Your code is affected by 3 vulnerabilities from 2 modules.
diff --git a/cmd/govulncheck/testdata/strip/testfiles/binary/strip.ct b/cmd/govulncheck/testdata/strip/testfiles/binary/strip.ct
index 5bc8aa2..f4bb898 100644
--- a/cmd/govulncheck/testdata/strip/testfiles/binary/strip.ct
+++ b/cmd/govulncheck/testdata/strip/testfiles/binary/strip.ct
@@ -12,7 +12,7 @@ Vulnerability #1: GO-2021-0113
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.7
-    Example traces found:
+    Vulnerable symbols found:
       #1: language.MatchStrings
       #2: language.MustParse
       #3: language.Parse
@@ -24,7 +24,7 @@ Vulnerability #2: GO-2020-0015
   Module: golang.org/x/text
     Found in: golang.org/x/text@v0.3.0
     Fixed in: golang.org/x/text@v0.3.3
-    Example traces found:
+    Vulnerable symbols found:
       #1: transform.String
       #2: unicode.bomOverride.Transform
       #3: unicode.utf16Decoder.Transform
diff --git a/internal/scan/text.go b/internal/scan/text.go
index 2050c66..d7b26c6 100644
--- a/internal/scan/text.go
+++ b/internal/scan/text.go
@@ -38,6 +38,7 @@ type TextHandler struct {
 	osvs      []*osv.Entry
 	findings  []*findingSummary
 	scanLevel govulncheck.ScanLevel
+	scanMode  govulncheck.ScanMode
 
 	err error
 
@@ -84,9 +85,9 @@ func (h *TextHandler) Flush() error {
 
 // Config writes version information only if --version was set.
 func (h *TextHandler) Config(config *govulncheck.Config) error {
-	if config.ScanLevel != "" {
-		h.scanLevel = config.ScanLevel
-	}
+	h.scanLevel = config.ScanLevel
+	h.scanMode = config.ScanMode
+
 	if !h.showVersion {
 		return nil
 	}
@@ -300,10 +301,14 @@ func (h *TextHandler) traces(traces []*findingSummary) {
 	count := 1
 	for _, entry := range traces {
 		if entry.Compact == "" {
-			continue
+			continue // skip package and module level traces
 		}
 		if first {
-			h.style(keyStyle, "    Example traces found:\n")
+			if h.scanMode == govulncheck.ScanModeBinary {
+				h.style(keyStyle, "    Vulnerable symbols found:\n")
+			} else {
+				h.style(keyStyle, "    Example traces found:\n")
+			}
 		}
 		first = false