diff --git a/checker/raw_result.go b/checker/raw_result.go index 1d72620f916..e615e51f1ce 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -301,14 +301,9 @@ type DangerousWorkflowData struct { // DangerousWorkflow represents a dangerous workflow. type DangerousWorkflow struct { - Workflow Workflow - Type DangerousWorkflowType -} - -// Workflow represents a workflow. -type Workflow struct { Job *WorkflowJob File File + Type DangerousWorkflowType } // WorkflowJob reprresents a workflow job. diff --git a/checks/evaluation/dangerous_workflow.go b/checks/evaluation/dangerous_workflow.go index 36fcf850ab6..faf9ce8f28c 100644 --- a/checks/evaluation/dangerous_workflow.go +++ b/checks/evaluation/dangerous_workflow.go @@ -34,20 +34,20 @@ func DangerousWorkflow(name string, dl checker.DetailLogger, var text string switch e.Type { case checker.DangerousWorkflowUntrustedCheckout: - text = fmt.Sprintf("untrusted code checkout '%v'", e.Workflow.File.Snippet) + text = fmt.Sprintf("untrusted code checkout '%v'", e.File.Snippet) case checker.DangerousWorkflowScriptInjection: - text = fmt.Sprintf("script injection with untrusted input '%v'", e.Workflow.File.Snippet) + text = fmt.Sprintf("script injection with untrusted input '%v'", e.File.Snippet) default: err := sce.WithMessage(sce.ErrScorecardInternal, "invalid type") return checker.CreateRuntimeErrorResult(name, err) } dl.Warn(&checker.LogMessage{ - Path: e.Workflow.File.Path, - Type: e.Workflow.File.Type, - Offset: e.Workflow.File.Offset, + Path: e.File.Path, + Type: e.File.Type, + Offset: e.File.Offset, Text: text, - Snippet: e.Workflow.File.Snippet, + Snippet: e.File.Snippet, }) } diff --git a/checks/raw/dangerous_workflow.go b/checks/raw/dangerous_workflow.go index c96ae5a443d..d6d47189704 100644 --- a/checks/raw/dangerous_workflow.go +++ b/checks/raw/dangerous_workflow.go @@ -194,15 +194,13 @@ func checkJobForUntrustedCodeCheckout(job *actionlint.Job, path string, pdata.Workflows = append(pdata.Workflows, checker.DangerousWorkflow{ Type: checker.DangerousWorkflowUntrustedCheckout, - Workflow: checker.Workflow{ - File: checker.File{ - Path: path, - Type: checker.FileTypeSource, - Offset: line, - Snippet: ref.Value.Value, - }, - Job: createJob(job), + File: checker.File{ + Path: path, + Type: checker.FileTypeSource, + Offset: line, + Snippet: ref.Value.Value, }, + Job: createJob(job), }, ) } @@ -255,15 +253,13 @@ func checkVariablesInScript(script string, pos *actionlint.Pos, line := fileparser.GetLineNumber(pos) pdata.Workflows = append(pdata.Workflows, checker.DangerousWorkflow{ - Workflow: checker.Workflow{ - File: checker.File{ - Path: path, - Type: checker.FileTypeSource, - Offset: line, - Snippet: variable, - }, - Job: createJob(job), + File: checker.File{ + Path: path, + Type: checker.FileTypeSource, + Offset: line, + Snippet: variable, }, + Job: createJob(job), Type: checker.DangerousWorkflowScriptInjection, }, ) diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index 3cf89805c1a..e435116a9e5 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -156,10 +156,10 @@ const ( ) type jsonWorkflow struct { - Job *jsonWorkflowJob `json:"job"` + Job *jsonWorkflowJob `json:"job"` + File *jsonFile `json:"file"` // Type is a string to allow different types for permissions, unpinned dependencies, etc. - Type string `json:"type"` - File jsonFile `json:"file"` + Type string `json:"type"` } type jsonWorkflowJob struct { @@ -201,18 +201,18 @@ func (r *jsonScorecardRawResult) addDangerousWorkflowRawResults(df *checker.Dang r.Results.Workflows = []jsonWorkflow{} for _, e := range df.Workflows { v := jsonWorkflow{ - File: jsonFile{ - Path: e.Workflow.File.Path, - Offset: int(e.Workflow.File.Offset), + File: &jsonFile{ + Path: e.File.Path, + Offset: int(e.File.Offset), }, } - if e.Workflow.File.Snippet != "" { - v.File.Snippet = &e.Workflow.File.Snippet + if e.File.Snippet != "" { + v.File.Snippet = &e.File.Snippet } - if e.Workflow.Job != nil { + if e.Job != nil { v.Job = &jsonWorkflowJob{ - Name: e.Workflow.Job.Name, - ID: e.Workflow.Job.ID, + Name: e.Job.Name, + ID: e.Job.ID, } }