Comments (9)
I suggest printing a message when starting the request, not afterwards. That way, if the program hangs, it’s very clear what’s happening: the last line will tell you exactly what it’s trying to do.
Hiding this behind a verbose flag sounds reasonable.
from go.
cc @golang/vulndb
from go.
Thanks for reporting this.
Yes, govulncheck does not do any type of caching. We don't print anything related to that so as to not confuse the users. They shouldn't even be aware of its (non-)existence.
It is hard to tell why you are seeing this. We'll try to dig on the server side for more information.
from go.
Yes, govulncheck does not do any type of caching. We don't print anything related to that so as to not confuse the users. They shouldn't even be aware of its (non-)existence.
…but maybe you could print something about querying a remote server? That would be helpful, not just to establish the correct mental model, but also for many other issues (e.g. slow networking).
Thanks for taking a look at the server side.
from go.
Would that just be a message upon successful retrieval of information from the vuln db server?
I think that if we decide to add this, then we'd likely hide this under the -show verbose
option. We already have people mentioning that govulncheck is quite chatty.
from go.
Change https://go.dev/cl/580175 mentions this issue: internal/scan: print progress messages only in verbose mode
from go.
Govulncheck first prints out the message about the user program and then goes to fetching vulnerabilities for that program. So this message would be the second one. If govulncheck hangs, then it is very likely due to the analysis taking a long time. A message on starting the request would then be misleading.
Edit: we'll just also add an additional message when the checking phase starts.
from go.
Change https://go.dev/cl/580216 mentions this issue: internal/vulncheck: emit fetch db and vuln checking progress messages
from go.
We looked at the server side and we believe this has something to do with replication and eventual-consistency. We could dig deeper into that, but it is not clear if it is really worth it.
from go.
Related Issues (20)
- math/big: fix "%#v" format HOT 4
- proposal: go/doc: ITU-T URL support HOT 4
- cmd/go: TestScript/mod_cache_dir failures HOT 2
- proposal: cmd/compile,runtime: `-race` should report the allocation site of the object involved in the data race HOT 1
- sync/atomic Store() does not leave, CPU at 100% HOT 1
- x/website: dark background of images in chacha8rand blog post HOT 4
- x/tools/gopls: make it tolerant against non-file scheme DocumentURIs in requests HOT 1
- net: listening on dual-stack UDP socket sometimes silently fails on macOS HOT 2
- cmd/compile: test/inline_sync.go test fails if GOARM64=v8.1 HOT 3
- x/tools/gopls: enable {framepointer,sigchanyzer} analyzers HOT 1
- proposal: Variables in Defers should probably have a warning if they overwrite something that the function Returns HOT 2
- x/build/cmd/watchflakes: shouldn't reopen frozen issues
- proposal: cmd/go: vendor: only copy files that the Go build system recognizes HOT 10
- net: TestLookupGoogleSRV failures HOT 1
- cmd/go: mod tidy reports toolchain not available with 'go 1.21' [1.21 backport] HOT 2
- cmd/go: mod tidy reports toolchain not available with 'go 1.21' [1.22 backport] HOT 2
- x/tools/gopls: analysis crash analyzing new uses of go1.23 range iterators HOT 3
- cmd/go,x/mod/module: add COM0, LPT0 exclusion for allowed file names HOT 3
- x/tools/gopls/internal/analysis/simplifyrange: adapt for go1.23 range over func
- x/crypto/chacha20poly1305: 15% performance regression on certain cpus HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go.