internal/scan: add isImported function This change adds an "isImported" function, which will return false if a vuln is only exposed through a module required at a module level and not from a package/symbol imported or called at a package level. Change-Id: I7c0477fd4c96ea6f360c414daf9dcbd8492519db Reviewed-on: https://go-review.googlesource.com/c/vuln/+/525756 Run-TryBot: Maceo Thompson <maceothompson@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>

commit: b7c0c6e7bbf4edbf8eb1c7194e444c71ef5ea9e7 [log] [tgz]
author: Maceo Thompson <maceothompson@google.com> Tue Sep 05 13:54:15 2023 -0400
committer: Maceo Thompson <maceothompson@google.com> Wed Sep 13 16:31:10 2023 +0000
tree: 2ebae897163e51955a73de1c88590ae9c7437606
parent: 94b71a9a659d3ee42a62029e5224cf6418180ab7 [diff]
diff --git a/internal/scan/template.go b/internal/scan/template.go
index 953fbae..afb7b65 100644
--- a/internal/scan/template.go
+++ b/internal/scan/template.go

@@ -97,6 +97,15 @@
 	return result
 }
 
+func isImported(findings []*findingSummary) bool {
+	for _, f := range findings {
+		if f.Trace[0].Package != "" {
+			return true
+		}
+	}
+	return false
+}
+
 func isCalled(findings []*findingSummary) bool {
 	for _, f := range findings {
 		if f.Trace[0].Function != "" {
commit	b7c0c6e7bbf4edbf8eb1c7194e444c71ef5ea9e7	[log] [tgz]
author	Maceo Thompson <maceothompson@google.com>	Tue Sep 05 13:54:15 2023 -0400
committer	Maceo Thompson <maceothompson@google.com>	Wed Sep 13 16:31:10 2023 +0000
tree	2ebae897163e51955a73de1c88590ae9c7437606
parent	94b71a9a659d3ee42a62029e5224cf6418180ab7 [diff]