blob: b5dd324adce6ac09c5d59b63a748243b752aa8b4 [file] [log] [blame]
// Copyright 2021 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package audit
import (
"fmt"
)
// VulnerablePackageSymbols returns a list of vulnerability findings for per-package symbols
// in packageSymbols, given the vulnerability and platform info captured in env.
//
// Returned Findings only have Symbol, Type, and Vulns fields set.
func VulnerablePackageSymbols(packageSymbols map[string][]string, env Env) []Finding {
symVulns := createSymVulns(env.Vulns)
var findings []Finding
for pkg, symbols := range packageSymbols {
for _, symbol := range symbols {
if vulns := querySymbolVulns(symbol, pkg, symVulns, env); len(vulns) > 0 {
findings = append(findings,
Finding{
Symbol: fmt.Sprintf("%s.%s", pkg, symbol),
Type: GlobalType,
Vulns: serialize(vulns),
})
}
}
}
return findings
}