cmd/vulnreport: check for presence of symbols in fix

The "vulnreport fix" command now verifies that all symbols are present
in the vulnerable package.

The "vulnreport fix" command now only adds symbols to the derived_symbols
field if they aren't already present in the symbols field.

Change-Id: I1a1f1e44e92e66a4c3b141dbff9b8e8fea265870
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/412536
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
3 files changed
tree: 73c139035f5c56c3b17c54d4497491509eab17e2
  1. .github/
  2. cmd/
  3. deploy/
  4. devtools/
  5. doc/
  6. internal/
  7. reports/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. AUTHORS
  13. checks.bash
  14. CONTRIBUTING.md
  15. CONTRIBUTORS
  16. go.mod
  17. go.sum
  18. LICENSE
  19. PATENTS
  20. README.md
  21. tools_test.go
README.md

The Go Vulnerability Database

This repository contains the reports for the Go Vulnerability Database.

If you are interested accessing data from the Go Vulnerability Database, see x/vuln for information. This repository is only used for adding new vulnerabilities.

Reporting a vulnerability

We are not accepting new vulnerability reports at this time. We will update this README.md once we are ready to receive reports.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY 4.0 license. See x/vuln for information on how to access these entries.