cmd/vulnreport: move all logging logic to one file

Move all logic for vulnreport logging into a new inner package, log, which
will allow us to more easily change the logging internals (e.g., if we
want to use slog in the future).

Change-Id: I8287fc186451e6dc2e846ed071bd3c6fefdad359
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/559600
Reviewed-by: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>

Author: tatianab

cmd/vulnreport/create.go

@@ -12,6 +12,7 @@ import (
 	"strconv"
 	"strings"
 
+	"golang.org/x/vulndb/cmd/vulnreport/log"
 	"golang.org/x/vulndb/internal/cveclient"
 	"golang.org/x/vulndb/internal/cveschema5"
 	"golang.org/x/vulndb/internal/derrors"
@@ -51,11 +52,11 @@ func create(ctx context.Context, issueNumber int, cfg *createCfg) (err error) {
 		return err
 	}
 
-	outlog.Println(filename)
+	log.Out(filename)
 
 	xrefs := xref(filename, r, cfg.existingByFile)
 	if len(xrefs) != 0 {
-		infolog.Printf("found cross-references:\n%s", xrefs)
+		log.Infof("found cross-references:\n%s", xrefs)
 	}
 
 	return nil
@@ -75,21 +76,21 @@ func createExcluded(ctx context.Context, cfg *createCfg) (err error) {
 		if err != nil {
 			return err
 		}
-		infolog.Printf("found %d issues with label %s\n", len(tempIssues), label)
+		log.Infof("found %d issues with label %s\n", len(tempIssues), label)
 		isses = append(isses, tempIssues...)
 	}
 
 	var created []string
 	for _, iss := range isses {
 		// Don't create a report for an issue that already has a report.
 		if _, ok := cfg.existingByIssue[iss.Number]; ok {
-			infolog.Printf("skipped issue %d which already has a report\n", iss.Number)
+			log.Infof("skipped issue %d which already has a report\n", iss.Number)
 			continue
 		}
 
 		r, err := createReport(ctx, cfg, iss)
 		if err != nil {
-			errlog.Printf("skipped issue %d: %v\n", iss.Number, err)
+			log.Errf("skipped issue %d: %v\n", iss.Number, err)
 			continue
 		}
 
@@ -103,11 +104,11 @@ func createExcluded(ctx context.Context, cfg *createCfg) (err error) {
 
 	skipped := len(isses) - len(created)
 	if skipped > 0 {
-		infolog.Printf("skipped %d issue(s)\n", skipped)
+		log.Infof("skipped %d issue(s)\n", skipped)
 	}
 
 	if len(created) == 0 {
-		infolog.Printf("no files to commit, exiting")
+		log.Infof("no files to commit, exiting")
 		return nil
 	}
 
@@ -219,13 +220,13 @@ func createReport(ctx context.Context, cfg *createCfg, iss *issues.Issue) (r *re
 
 	aliases := allAliases(ctx, parsed.aliases, cfg.ghsaClient)
 	if alias, ok := pickBestAlias(aliases, *preferCVE); ok {
-		infolog.Printf("creating report %s based on %s (picked from [%s])", parsed.id, alias, strings.Join(aliases, ", "))
+		log.Infof("creating report %s based on %s (picked from [%s])", parsed.id, alias, strings.Join(aliases, ", "))
 		r, err = reportFromAlias(ctx, parsed.id, parsed.modulePath, alias, cfg)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		infolog.Printf("no alias found, creating basic report for %s", parsed.id)
+		log.Infof("no alias found, creating basic report for %s", parsed.id)
 		r = &report.Report{
 			ID: parsed.id,
 			Modules: []*report.Module{
@@ -258,11 +259,11 @@ func createReport(ctx context.Context, cfg *createCfg, iss *issues.Issue) (r *re
 	if cfg.aiClient != nil {
 		suggestions, err := suggest(ctx, cfg.aiClient, r, 1)
 		if err != nil {
-			warnlog.Printf("failed to get AI-generated suggestions for %s: %v\n", r.ID, err)
+			log.Warnf("failed to get AI-generated suggestions for %s: %v\n", r.ID, err)
 		} else if len(suggestions) == 0 {
-			warnlog.Printf("failed to get AI-generated suggestions for %s (none generated)\n", r.ID)
+			log.Warnf("failed to get AI-generated suggestions for %s (none generated)\n", r.ID)
 		} else {
-			infolog.Printf("applying AI-generated suggestion for %s", r.ID)
+			log.Infof("applying AI-generated suggestion for %s", r.ID)
 			applySuggestion(r, suggestions[0])
 		}
 	}
@@ -313,7 +314,7 @@ func parseGithubIssue(iss *issues.Issue, pc *proxy.Client, allowClosed bool) (*p
 	}
 
 	if len(parsed.aliases) == 0 {
-		infolog.Printf("%q has no CVE or GHSA IDs\n", iss.Title)
+		log.Infof("%q has no CVE or GHSA IDs\n", iss.Title)
 	}
 
 	return parsed, nil
@@ -373,13 +374,13 @@ func reportFromAlias(ctx context.Context, id, modulePath, alias string, cfg *cre
 		if err != nil {
 			// If a CVE is not found, it is most likely a CVE we reserved but haven't
 			// published yet.
-			infolog.Printf("no published record found for %s, creating basic report", alias)
+			log.Infof("no published record found for %s, creating basic report", alias)
 			return basicReport(id, modulePath), nil
 		}
 		return report.CVE5ToReport(cve, id, modulePath, cfg.proxyClient), nil
 	}
 
-	infolog.Printf("alias %s is not a CVE or GHSA, creating basic report", alias)
+	log.Infof("alias %s is not a CVE or GHSA, creating basic report", alias)
 	return basicReport(id, modulePath), nil
 }
 

cmd/vulnreport/cve.go

@@ -7,6 +7,7 @@ package main
 import (
 	"context"
 
+	"golang.org/x/vulndb/cmd/vulnreport/log"
 	"golang.org/x/vulndb/internal/database"
 	"golang.org/x/vulndb/internal/derrors"
 	"golang.org/x/vulndb/internal/report"
@@ -22,7 +23,7 @@ func cveCmd(_ context.Context, filename string) (err error) {
 		if err := writeCVE(r); err != nil {
 			return err
 		}
-		outlog.Println(r.CVEFilename())
+		log.Out(r.CVEFilename())
 	}
 	return nil
 }

cmd/vulnreport/find_aliases.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 
 	"golang.org/x/exp/slices"
+	"golang.org/x/vulndb/cmd/vulnreport/log"
 	"golang.org/x/vulndb/internal/cveschema5"
 	"golang.org/x/vulndb/internal/ghsa"
 	"golang.org/x/vulndb/internal/report"
@@ -68,7 +69,7 @@ func aliasesBFS(ctx context.Context, knownAliases []string,
 		all = append(all, alias)
 		aliases, err := aliasesFor(ctx, alias)
 		if err != nil {
-			errlog.Printf(err.Error())
+			log.Err(err)
 			continue
 		}
 		queue = append(queue, aliases...)

cmd/vulnreport/fix.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"golang.org/x/exp/slices"
+	"golang.org/x/vulndb/cmd/vulnreport/log"
 	"golang.org/x/vulndb/internal/derrors"
 	"golang.org/x/vulndb/internal/ghsa"
 	"golang.org/x/vulndb/internal/osvutils"
@@ -30,7 +31,7 @@ var (
 
 func fix(ctx context.Context, filename string, ghsaClient *ghsa.Client, pc *proxy.Client, force bool) (err error) {
 	defer derrors.Wrap(&err, "fix(%q)", filename)
-	infolog.Printf("fix %s\n", filename)
+	log.Infof("fix %s\n", filename)
 
 	r, err := report.Read(filename)
 	if err != nil {
@@ -44,27 +45,27 @@ func fix(ctx context.Context, filename string, ghsaClient *ghsa.Client, pc *prox
 	// report even if a fatal error occurs somewhere.
 	defer func() {
 		if err := r.Write(filename); err != nil {
-			errlog.Println(err)
+			log.Err(err)
 		}
 	}()
 
 	if lints := r.Lint(pc); force || len(lints) > 0 {
 		r.Fix(pc)
 	}
 	if lints := r.Lint(pc); len(lints) > 0 {
-		warnlog.Printf("%s still has lint errors after fix:\n\t- %s", filename, strings.Join(lints, "\n\t- "))
+		log.Warnf("%s still has lint errors after fix:\n\t- %s", filename, strings.Join(lints, "\n\t- "))
 	}
 
 	if !*skipSymbols {
-		infolog.Printf("%s: checking packages and symbols (use -skip-symbols to skip this)", r.ID)
+		log.Infof("%s: checking packages and symbols (use -skip-symbols to skip this)", r.ID)
 		if err := checkReportSymbols(r); err != nil {
 			return err
 		}
 	}
 	if !*skipAlias {
-		infolog.Printf("%s: checking for missing GHSAs and CVEs (use -skip-alias to skip this)", r.ID)
+		log.Infof("%s: checking for missing GHSAs and CVEs (use -skip-alias to skip this)", r.ID)
 		if added := addMissingAliases(ctx, r, ghsaClient); added > 0 {
-			infolog.Printf("%s: added %d missing aliases", r.ID, added)
+			log.Infof("%s: added %d missing aliases", r.ID, added)
 		}
 	}
 
@@ -85,7 +86,7 @@ func fix(ctx context.Context, filename string, ghsaClient *ghsa.Client, pc *prox
 
 func checkReportSymbols(r *report.Report) error {
 	if r.IsExcluded() {
-		infolog.Printf("%s is excluded, skipping symbol checks\n", r.ID)
+		log.Infof("%s is excluded, skipping symbol checks\n", r.ID)
 		return nil
 	}
 	for _, m := range r.Modules {
@@ -100,28 +101,28 @@ func checkReportSymbols(r *report.Report) error {
 				return err
 			}
 			if ver == "" || !affected {
-				warnlog.Printf("%s: current Go version %q is not in a vulnerable range, skipping symbol checks for module %s\n", r.ID, gover, m.Module)
+				log.Warnf("%s: current Go version %q is not in a vulnerable range, skipping symbol checks for module %s\n", r.ID, gover, m.Module)
 				continue
 			}
 			if ver != m.VulnerableAt {
-				warnlog.Printf("%s: current Go version %q does not match vulnerable_at version (%s) for module %s\n", r.ID, ver, m.VulnerableAt, m.Module)
+				log.Warnf("%s: current Go version %q does not match vulnerable_at version (%s) for module %s\n", r.ID, ver, m.VulnerableAt, m.Module)
 			}
 		}
 
 		for _, p := range m.Packages {
 			if p.SkipFix != "" {
-				infolog.Printf("%s: skipping symbol checks for package %s (reason: %q)\n", r.ID, p.Package, p.SkipFix)
+				log.Infof("%s: skipping symbol checks for package %s (reason: %q)\n", r.ID, p.Package, p.SkipFix)
 				continue
 			}
-			syms, err := symbols.Exported(m, p, errlog)
+			syms, err := symbols.Exported(m, p, log.Errf, log.Err)
 			if err != nil {
 				return fmt.Errorf("package %s: %w", p.Package, err)
 			}
 			// Remove any derived symbols that were marked as excluded by a human.
 			syms = removeExcluded(syms, p.ExcludedSymbols)
 			if !cmp.Equal(syms, p.DerivedSymbols) {
 				p.DerivedSymbols = syms
-				infolog.Printf("%s: updated derived symbols for package %s\n", r.ID, p.Package)
+				log.Infof("%s: updated derived symbols for package %s\n", r.ID, p.Package)
 			}
 		}
 	}
@@ -136,7 +137,7 @@ func removeExcluded(syms, excluded []string) []string {
 	var newSyms []string
 	for _, d := range syms {
 		if slices.Contains(excluded, d) {
-			infolog.Printf("removed excluded symbol %s\n", d)
+			log.Infof("removed excluded symbol %s\n", d)
 			continue
 		}
 		newSyms = append(newSyms, d)

cmd/vulnreport/lint.go

@@ -7,14 +7,15 @@ package main
 import (
 	"context"
 
+	"golang.org/x/vulndb/cmd/vulnreport/log"
 	"golang.org/x/vulndb/internal/derrors"
 	"golang.org/x/vulndb/internal/proxy"
 	"golang.org/x/vulndb/internal/report"
 )
 
 func lint(_ context.Context, filename string, pc *proxy.Client) (err error) {
 	defer derrors.Wrap(&err, "lint(%q)", filename)
-	infolog.Printf("lint %s\n", filename)
+	log.Infof("lint %s\n", filename)
 
 	_, err = report.ReadAndLint(filename, pc)
 	return err

cmd/vulnreport/log/log.go

@@ -0,0 +1,62 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package log
+
+import (
+	"io"
+	"os"
+
+	"log"
+)
+
+var (
+	infolog *log.Logger
+	outlog  *log.Logger
+	warnlog *log.Logger
+	errlog  *log.Logger
+)
+
+func Init(quiet bool) {
+	if quiet {
+		infolog = log.New(io.Discard, "", 0)
+	} else {
+		infolog = log.New(os.Stderr, "info: ", 0)
+	}
+	outlog = log.New(os.Stdout, "", 0)
+	warnlog = log.New(os.Stderr, "WARNING: ", 0)
+	errlog = log.New(os.Stderr, "ERROR: ", 0)
+}
+
+func Infof(format string, v ...any) {
+	infolog.Printf(format, v...)
+}
+
+func Outf(format string, v ...any) {
+	outlog.Printf(format, v...)
+}
+
+func Warnf(format string, v ...any) {
+	warnlog.Printf(format, v...)
+}
+
+func Errf(format string, v ...any) {
+	errlog.Printf(format, v...)
+}
+
+func Info(v ...any) {
+	infolog.Println(v...)
+}
+
+func Out(v ...any) {
+	outlog.Println(v...)
+}
+
+func Warn(v ...any) {
+	warnlog.Println(v...)
+}
+
+func Err(v ...any) {
+	errlog.Println(v...)
+}