| // Copyright 2021 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package audit |
| |
| import ( |
| "golang.org/x/tools/go/packages" |
| "golang.org/x/vulndb/osv" |
| ) |
| |
| type dbClient interface { |
| Get([]string) ([]*osv.Entry, error) |
| } |
| |
| // FetchVulnerabilities fetches vulnerabilities that affect the supplied modules. |
| func FetchVulnerabilities(client dbClient, modules []*packages.Module) (ModuleVulnerabilities, error) { |
| mv := ModuleVulnerabilities{} |
| for _, mod := range modules { |
| modPath := mod.Path |
| if mod.Replace != nil { |
| modPath = mod.Replace.Path |
| } |
| vulns, err := client.Get([]string{modPath}) |
| if err != nil { |
| return nil, err |
| } |
| if len(vulns) == 0 { |
| continue |
| } |
| mv = append(mv, modVulns{ |
| mod: mod, |
| vulns: vulns, |
| }) |
| } |
| return mv, nil |
| } |