Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Workflow Global Permissions Nil Check #85

Merged
merged 36 commits into from
Apr 26, 2022
Merged

Fix Workflow Global Permissions Nil Check #85

Changes from 33 commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
73a914b
post endpoint
rohankh532 Mar 30, 2022
0452748
use exported func for verifyTlogEntry
rohankh532 Mar 31, 2022
322a2f4
for trigger
rohankh532 Mar 31, 2022
c156fcc
Merge branch 'main' of https://github.com/ossf/scorecard-webapp into …
rohankh532 Mar 31, 2022
5e2fcdc
reverted go version. was breaking build
rohankh532 Mar 31, 2022
81cf3fb
Merge branch 'main' into post-endpoint
rohankh532 Mar 31, 2022
3158ee0
moved entry/cert lookup code to sep func & process jsonOutput too
rohankh532 Apr 4, 2022
442bef9
removed finished todos
rohankh532 Apr 4, 2022
6bd7ce2
fixed tests + use cert to find wkflw path
rohankh532 Apr 4, 2022
a4aaa4f
refactored if statement
rohankh532 Apr 5, 2022
8d47ee3
check for global wkflw env, defaults, permissions
rohankh532 Apr 5, 2022
1973abd
don't assume main job name
rohankh532 Apr 5, 2022
5b3c94c
verify cert SHAs too
rohankh532 Apr 5, 2022
8179ca9
Merge branch 'main' into post-endpoint
rohankh532 Apr 6, 2022
56d8c8c
Verify that branch is the repo's default branch
rohankh532 Apr 6, 2022
f85a46a
Merge branch 'post-endpoint' of https://github.com/ossf/scorecard-web…
rohankh532 Apr 6, 2022
e39014b
Merge branch 'main' into post-endpoint
rohankh532 Apr 11, 2022
3768d4b
verify cert hasn't expired
rohankh532 Apr 11, 2022
d570658
Merge branch 'post-endpoint' of https://github.com/ossf/scorecard-web…
rohankh532 Apr 11, 2022
5fafee8
merged main into post-endpoint
rohankh532 Apr 12, 2022
5adcdb1
refactored post endpoint
rohankh532 Apr 12, 2022
40aee91
Merge branch 'main' into post-endpoint
rohankh532 Apr 13, 2022
8461ce3
allow multiple jobs
rohankh532 Apr 13, 2022
f4687cf
allow other flavors of ubuntu
rohankh532 Apr 13, 2022
c576d8d
refactored VerifySignature
rohankh532 Apr 13, 2022
40d3a97
check for token-id permissions
rohankh532 Apr 14, 2022
4bc515b
remove sarif results from processing
rohankh532 Apr 15, 2022
b8616d6
Merge branch 'main' into post-endpoint
rohankh532 Apr 15, 2022
63c62c0
fixed logic for verifying wkflw perms
rohankh532 Apr 16, 2022
2666e69
simplified if statement
rohankh532 Apr 19, 2022
ef7ee68
removed unnecessary id-token checking
rohankh532 Apr 19, 2022
2a2cc11
fixed global perm nil check
rohankh532 Apr 22, 2022
5e4f8e4
merged main into post-endpoint
rohankh532 Apr 22, 2022
f0d5ead
more wkflw validation tests
rohankh532 Apr 22, 2022
d3fe120
test for empty wkflw file
rohankh532 Apr 22, 2022
b418bd6
Merge branch 'main' into post-endpoint
laurentsimon Apr 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions signing/signing.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,8 +232,8 @@ func verifyScorecardWorkflow(workflowContent string) error {
}

// Verify that the all scope, if set, isn't write-all.
globalPermAll := workflow.Permissions.All
if globalPermAll != nil && globalPermAll.Value == "write-all" {
globalPerm := workflow.Permissions
rohankh532 marked this conversation as resolved.
Show resolved Hide resolved
if globalPerm != nil && globalPerm.All != nil && globalPerm.All.Value == "write-all" {
return fmt.Errorf("global perm is set to write-all")
}

Expand Down