remove the 'totalWebhooks' value from findings

Signed-off-by: Adam Korczynski <[email protected]>
ossf · Dec 5, 2023 · 2dc1b1e · 2dc1b1e
1 parent d59047a
commit 2dc1b1e
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 60 deletions.
diff --git a/checks/evaluation/webhooks.go b/checks/evaluation/webhooks.go
@@ -42,7 +42,7 @@ func Webhooks(name string,
 
 	var webhooksWithNoSecret int
 
-	totalWebhooks := findings[0].Values["totalWebhooks"]
+	totalWebhooks := len(findings)
 
 	for i := range findings {
 		f := &findings[i]

diff --git a/checks/evaluation/webhooks_test.go b/checks/evaluation/webhooks_test.go
@@ -60,9 +60,6 @@ func TestWebhooks(t *testing.T) {
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomePositive,
-					Values: map[string]int{
-						"totalWebhooks": 1,
-					},
 				},
 			},
 			result: scut.TestReturn{
@@ -75,9 +72,10 @@ func TestWebhooks(t *testing.T) {
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 2,
-					},
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
 				},
 			},
 			result: scut.TestReturn{
@@ -90,16 +88,22 @@ func TestWebhooks(t *testing.T) {
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 5,
-					},
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 5,
-					},
 				},
 			},
 			result: scut.TestReturn{
@@ -112,9 +116,50 @@ func TestWebhooks(t *testing.T) {
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
+				},
+				{
+					Probe:   "webhooksUseSecrets",
+					Outcome: finding.OutcomePositive,
 				},
 			},
 			result: scut.TestReturn{
@@ -127,86 +172,50 @@ func TestWebhooks(t *testing.T) {
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 				{
 					Probe:   "webhooksUseSecrets",
 					Outcome: finding.OutcomeNegative,
-					Values: map[string]int{
-						"totalWebhooks": 12,
-					},
 				},
 			},
 			result: scut.TestReturn{

diff --git a/probes/webhooksUseSecrets/def.yml b/probes/webhooksUseSecrets/def.yml
@@ -19,7 +19,7 @@ motivation: >
 implementation: >
   The probe checks all webhooks of a project and checks whether each uses secret authentication.
 outcome:
-  - If the project has any webhooks without secret authorization, the probe returns as many OutcomeNegative (0) as the project has webhooks without secret authorization. All findings include the value "totalWebhooks" which is the total number of webhooks that the project has. The finding also includes the path to the webhook.
+  - If the project has any webhooks without secret authorization, the probe returns as many OutcomeNegative (0) as the project has webhooks without secret authorization and as many OutcomePositive as there are webhooks with secret authorization. All findings include the path to the webhook.
   - If the project does not have any webhooks without secret authorization, the probe returns one OutcomePositive (1).
 remediation:
   effort: Low

diff --git a/probes/webhooksUseSecrets/impl.go b/probes/webhooksUseSecrets/impl.go
@@ -35,7 +35,6 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 	}
 
 	r := raw.WebhookResults
-	totalWebhooks := len(r.Webhooks)
 	var findings []finding.Finding
 
 	if len(r.Webhooks) == 0 {
@@ -57,9 +56,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 			if err != nil {
 				return nil, Probe, fmt.Errorf("create finding: %w", err)
 			}
-			f = f.WithValues(map[string]int{
-				"totalWebhooks": totalWebhooks,
-			}).WithLocation(&finding.Location{
+			f = f.WithLocation(&finding.Location{
 				Path: hook.Path,
 			})
 			findings = append(findings, *f)
@@ -70,9 +67,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 			if err != nil {
 				return nil, Probe, fmt.Errorf("create finding: %w", err)
 			}
-			f = f.WithValues(map[string]int{
-				"totalWebhooks": totalWebhooks,
-			}).WithLocation(&finding.Location{
+			f = f.WithLocation(&finding.Location{
 				Path: hook.Path,
 			})
 			findings = append(findings, *f)