src/goVulncheck: add feedback link

hyangah · hyangah · commit 4b658d3b6ca6 · 2022-09-12T12:54:48.000Z
https://go.dev/s/vsc-vulncheck-feedback Also, copy the phrase for the unaffecting vulnerabilities section from govulncheck. Change-Id: I5f5eac80f459227adea3e687db762beb97857fa4 Reviewed-on: https://go-review.googlesource.com/c/vscode-go/+/429235 Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com> Reviewed-by: Jamal Carvalho <jamal@golang.org> TryBot-Result: kokoro <noreply+kokoro@google.com>
diff --git a/media/vulncheckView.js b/media/vulncheckView.js
@@ -156,7 +156,7 @@
 
 		unaffectingContainer.innerText = '';
 		if (unaffecting.length > 0) {
-			unaffectingContainer.innerHTML = '<hr></hr><p>These vulnerabilities exist in required modules, but no vulnerable symbols are used.<br>No action is required. For more information, visit <a href="https://pkg.go.dev/vuln">https://pkg.go.dev/vuln</a></p>';
+			unaffectingContainer.innerHTML = '<hr></hr><p>The vulnerabilities below are in packages that you import, but your code does not appear to call any vulnerable functions. You may not need to take any action. See <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck</a> for details.';
 
 			const details = document.createElement('table');
 			unaffecting.forEach((vuln) => {
diff --git a/src/goVulncheck.ts b/src/goVulncheck.ts
@@ -102,6 +102,9 @@ export class VulncheckResultViewProvider implements vscode.CustomTextEditorProvi
 				<title>Vulnerability Report - govulncheck</title>
 			</head>
 			<body>
+			    Vulncheck is an experimental tool.<br>
+				Share feedback at <a href="https://go.dev/s/vsc-vulncheck-feedback">go.dev/s/vsc-vulncheck-feedback</a>.
+
 				<div class="log"></div>
 				<div class="vulns"></div>
 				<div class="unaffecting"></div>
@@ -242,6 +245,7 @@ export class VulncheckProvider {
 		}
 
 		this.channel.clear();
+		this.channel.show();
 		this.channel.appendLine(`cd ${dir}; gopls vulncheck ${pattern}`);
 
 		try {
@@ -352,7 +356,7 @@ export async function vulncheck(
 						reject('analysis cancelled');
 					} else {
 						channel.appendLine(buf);
-						reject(`result in unexpected format: ${e}`);
+						reject('vulncheck failed: see govulncheck OUTPUT');
 					}
 				}
 			});
