cmd,internal/scan: remove verbose mode

It isn't clear that having a detailed callstack is useful outside of
json mode, so remove the verbose text output for now.

Change-Id: Ie8bfe3e1d343eb8a86370453be93b6a80dfdf113
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/481295
Run-TryBot: Julie Qiu <[email protected]>
Reviewed-by: Julie Qiu <[email protected]>
Reviewed-by: Tatiana Bradley <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>

Author: julieqiu

cmd/govulncheck/testdata/informational.ct

@@ -1,4 +1,4 @@
-$ govulncheck -dir ${moddir}/informational -v .
+$ govulncheck -dir ${moddir}/informational .
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
 
 Using go1.18 and [email protected] with

cmd/govulncheck/testdata/source.ct

@@ -1,4 +1,4 @@
-$ govulncheck -dir ${moddir}/vuln -v . --> FAIL 3
+$ govulncheck -dir ${moddir}/vuln . --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
 
 Using go1.18 and [email protected] with
@@ -20,10 +20,7 @@ Vulnerability #1: GO-2021-0113
     Fixed in: golang.org/x/[email protected]
 
     Call stacks in your code:
-      #1: for function Parse
-        golang.org/vuln.main
-            .../vuln.go:13:16
-        golang.org/x/text/language.Parse
+      .../vuln.go:13:16: golang.org/vuln.main calls golang.org/x/text/language.Parse
 
 === Informational ===
 

cmd/govulncheck/testdata/stdlib.ct

@@ -1,4 +1,4 @@
-$ govulncheck -dir ${moddir}/stdlib -v . --> FAIL 3
+$ govulncheck -dir ${moddir}/stdlib . --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
 
 Using go1.18 and [email protected] with
@@ -19,7 +19,4 @@ Vulnerability #1: GO-2022-0969
     Fixed in: net/[email protected]
 
     Call stacks in your code:
-      #1: for function ListenAndServe
-        golang.org/stdlib.main
-            .../stdlib.go:17:31
-        net/http.ListenAndServe
+      .../stdlib.go:17:31: golang.org/stdlib.main calls net/http.ListenAndServe

cmd/govulncheck/testdata/usage.ct

@@ -15,7 +15,6 @@ usage:
     	comma-separated list of build tags
   -test
     	analyze test files. Only valid for source code.
-  -v	print a full call stack for each vulnerability
 
 For details, see https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck.
 
@@ -38,6 +37,5 @@ usage:
     	comma-separated list of build tags
   -test
     	analyze test files. Only valid for source code.
-  -v	print a full call stack for each vulnerability
 
 For details, see https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck.

internal/govulncheck/result.go

@@ -12,15 +12,6 @@ import (
 	"golang.org/x/vuln/internal/osv"
 )
 
-// Mode indicates the display mode that the user specified for running
-// govulncheck.
-type Mode string
-
-const (
-	ModeCompact Mode = "Compact"
-	ModeVerbose Mode = "Verbose"
-)
-
 // AnalysisType indicates the type of analysis performed by govulncheck.
 type AnalysisType string
 
@@ -57,10 +48,6 @@ type Config struct {
 
 	// Analysis is the analysis type.
 	Analysis AnalysisType `json:"analysis,omitempty"`
-
-	// Mode controls the information that is printed to the user, either
-	// compact or verbose.
-	Mode Mode `json:"callstack_mode,omitempty"` // TODO: remove field and verbose mode
 }
 
 type Progress struct {

internal/scan/flags.go

@@ -21,7 +21,6 @@ type config struct {
 	db       string
 	json     bool
 	dir      string
-	verbose  bool
 	tags     []string
 	test     bool
 }
@@ -34,7 +33,6 @@ func (c *Cmd) parseFlags() (*config, error) {
 	)
 	flags := flag.NewFlagSet("", flag.ContinueOnError)
 	flags.BoolVar(&cfg.json, "json", false, "output JSON")
-	flags.BoolVar(&cfg.verbose, "v", false, "print a full call stack for each vulnerability")
 	flags.BoolVar(&cfg.test, "test", false, "analyze test files. Only valid for source code.")
 	flags.StringVar(&cfg.db, "db", "https://vuln.go.dev", "vulnerability database URL")
 	flags.StringVar(&mode, "mode", "", "source or binary modes are supported, default is source")

internal/scan/run.go

@@ -82,10 +82,6 @@ func newConfig(ctx context.Context, cfg *config) *govulncheck.Config {
 	config := govulncheck.Config{
 		DataSource: cfg.db,
 		Analysis:   cfg.analysis,
-		Mode:       govulncheck.ModeCompact,
-	}
-	if cfg.verbose {
-		config.Mode = govulncheck.ModeVerbose
 	}
 	if cfg.analysis == govulncheck.AnalysisSource {
 		// The Go version is only relevant for source analysis, so omit it for

internal/scan/template.go

@@ -6,7 +6,6 @@ package scan
 
 import (
 	_ "embed"
-	"fmt"
 	"sort"
 	"strings"
 
@@ -34,12 +33,12 @@ type tmplResult struct {
 
 // createTmplResult transforms Result r into a
 // template structure for printing.
-func createTmplResult(vulns []*govulncheck.Vuln, verbose, source bool) tmplResult {
+func createTmplResult(vulns []*govulncheck.Vuln, source bool) tmplResult {
 	// unaffected are (imported) OSVs, none of which vulnerabilities are called.
 	var r tmplResult
 	var vInfos []tmplVulnInfo
 	for _, v := range vulns {
-		vInfos = append(vInfos, createTmplVulnInfo(v, verbose, source))
+		vInfos = append(vInfos, createTmplVulnInfo(v, source))
 	}
 	r.Affected, r.Unaffected = splitVulns(vInfos)
 	r.AffectedModules = affectedModules(vInfos)
@@ -103,23 +102,19 @@ type tmplVulnInfo struct {
 // createTmplVulnInfo creates a template vuln info for
 // a vulnerability that is called by source code or
 // present in the binary.
-func createTmplVulnInfo(v *govulncheck.Vuln, verbose, source bool) tmplVulnInfo {
+func createTmplVulnInfo(v *govulncheck.Vuln, source bool) tmplVulnInfo {
 	vInfo := tmplVulnInfo{
 		ID:       v.OSV.ID,
 		Details:  v.OSV.Details,
 		Affected: !source || IsCalled(v),
 	}
 
 	// stacks returns call stack info of p as a
-	// string depending on verbose and source mode.
+	// string depending on source mode.
 	stacks := func(p *govulncheck.Package) string {
 		if !source {
 			return ""
 		}
-
-		if verbose {
-			return verboseCallStacks(p.CallStacks)
-		}
 		return defaultCallStacks(p.CallStacks)
 	}
 
@@ -208,23 +203,6 @@ func defaultCallStacks(css []govulncheck.CallStack) string {
 	return b.String()
 }
 
-func verboseCallStacks(css []govulncheck.CallStack) string {
-	// Display one full call stack for each vuln.
-	i := 1
-	var b strings.Builder
-	for _, cs := range css {
-		b.WriteString(fmt.Sprintf("#%d: for function %s\n", i, cs.Symbol))
-		for _, e := range cs.Frames {
-			b.WriteString(fmt.Sprintf("  %s\n", FuncName(e)))
-			if pos := AbsRelShorter(Pos(e)); pos != "" {
-				b.WriteString(fmt.Sprintf("      %s\n", pos))
-			}
-		}
-		i++
-	}
-	return b.String()
-}
-
 // platforms returns a string describing the GOOS, GOARCH,
 // or GOOS/GOARCH pairs that the vuln affects for a particular
 // module mod. If it affects all of them, it returns the empty

internal/scan/testdata/binary.json

@@ -1,7 +1,6 @@
 {
   "config": {
-    "analysis": "Binary",
-    "callstack_mode": "Compact"
+    "analysis": "Binary"
   }
 }
 {

internal/scan/testdata/multi_stacks.json

@@ -1,7 +1,6 @@
 {
   "config": {
-    "analysis": "Source",
-    "callstack_mode": "Compact"
+    "analysis": "Source"
   }
 }
 {