Google Git
Sign in
go/vuln/b7c0c6e7bbf4edbf8eb1c7194e444c71ef5ea9e7^!/.
commit
b7c0c6e7bbf4edbf8eb1c7194e444c71ef5ea9e7
[log] [tgz]
author
Maceo Thompson <maceothompson@google.com>
Tue Sep 05 13:54:15 2023 -0400
committer
Maceo Thompson <maceothompson@google.com>
Wed Sep 13 16:31:10 2023 +0000
tree
2ebae897163e51955a73de1c88590ae9c7437606
parent
94b71a9a659d3ee42a62029e5224cf6418180ab7 [diff]
internal/scan: add isImported function

This change adds an "isImported" function, which will return false if a
vuln is only exposed through a module required at a module level and
not from a package/symbol imported or called at a package level.

Change-Id: I7c0477fd4c96ea6f360c414daf9dcbd8492519db
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/525756
Run-TryBot: Maceo Thompson <maceothompson@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>

diff --git a/internal/scan/template.go b/internal/scan/template.go
index 953fbae..afb7b65 100644
--- a/internal/scan/template.go
+++ b/internal/scan/template.go

@@ -97,6 +97,15 @@
 	return result
 }
 
+func isImported(findings []*findingSummary) bool {
+	for _, f := range findings {
+		if f.Trace[0].Package != "" {
+			return true
+		}
+	}
+	return false
+}
+
 func isCalled(findings []*findingSummary) bool {
 	for _, f := range findings {
 		if f.Trace[0].Function != "" {