change 'trusted' to 'verified'

Signed-off-by: Adam Korczynski <[email protected]>
ossf · Dec 1, 2023 · 37bfaa6 · 37bfaa6
1 parent c7b8915
commit 37bfaa6
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 19 deletions.
diff --git a/checks/evaluation/binary_artifacts.go b/checks/evaluation/binary_artifacts.go
@@ -18,7 +18,7 @@ import (
 	"github.com/ossf/scorecard/v4/checker"
 	sce "github.com/ossf/scorecard/v4/errors"
 	"github.com/ossf/scorecard/v4/finding"
-	"github.com/ossf/scorecard/v4/probes/freeOfUntrustedBinaryArtifacts"
+	"github.com/ossf/scorecard/v4/probes/freeOfUnverifiedBinaryArtifacts"
 )
 
 // BinaryArtifacts applies the score policy for the Binary-Artifacts check.
@@ -27,7 +27,7 @@ func BinaryArtifacts(name string,
 	dl checker.DetailLogger,
 ) checker.CheckResult {
 	expectedProbes := []string{
-		freeOfUntrustedBinaryArtifacts.Probe,
+		freeOfUnverifiedBinaryArtifacts.Probe,
 	}
 
 	if !finding.UniqueProbesEqual(findings, expectedProbes) {

diff --git a/checks/evaluation/binary_artifacts_test.go b/checks/evaluation/binary_artifacts_test.go
@@ -27,7 +27,7 @@ func TestBinaryArtifacts(t *testing.T) {
 	t.Parallel()
 	lineStart := uint(123)
 	negativeFinding := finding.Finding{
-		Probe:   "freeOfUntrustedBinaryArtifacts",
+		Probe:   "freeOfUnverifiedBinaryArtifacts",
 		Outcome: finding.OutcomeNegative,
 
 		Location: &finding.Location{
@@ -46,7 +46,7 @@ func TestBinaryArtifacts(t *testing.T) {
 			name: "no binary artifacts",
 			findings: []finding.Finding{
 				{
-					Probe:   "freeOfUntrustedBinaryArtifacts",
+					Probe:   "freeOfUnverifiedBinaryArtifacts",
 					Outcome: finding.OutcomePositive,
 				},
 			},
@@ -68,7 +68,7 @@ func TestBinaryArtifacts(t *testing.T) {
 			name: "two binary artifact",
 			findings: []finding.Finding{
 				{
-					Probe:   "freeOfUntrustedBinaryArtifacts",
+					Probe:   "freeOfUnverifiedBinaryArtifacts",
 					Outcome: finding.OutcomeNegative,
 					Location: &finding.Location{
 						Path:      "path",
@@ -77,7 +77,7 @@ func TestBinaryArtifacts(t *testing.T) {
 					},
 				},
 				{
-					Probe:   "freeOfUntrustedBinaryArtifacts",
+					Probe:   "freeOfUnverifiedBinaryArtifacts",
 					Outcome: finding.OutcomeNegative,
 					Location: &finding.Location{
 						Path:      "path",

diff --git a/probes/entries.go b/probes/entries.go
@@ -18,7 +18,7 @@ import (
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
 	"github.com/ossf/scorecard/v4/probes/contributorsFromOrgOrCompany"
-	"github.com/ossf/scorecard/v4/probes/freeOfUntrustedBinaryArtifacts"
+	"github.com/ossf/scorecard/v4/probes/freeOfUnverifiedBinaryArtifacts"
 	"github.com/ossf/scorecard/v4/probes/fuzzedWithCLibFuzzer"
 	"github.com/ossf/scorecard/v4/probes/fuzzedWithClusterFuzzLite"
 	"github.com/ossf/scorecard/v4/probes/fuzzedWithCppLibFuzzer"
@@ -123,7 +123,7 @@ var (
 		hasOpenSSFBadge.Run,
 	}
 	BinaryArtifacts = []ProbeImpl{
-		freeOfUntrustedBinaryArtifacts.Run,
+		freeOfUnverifiedBinaryArtifacts.Run,
 	}
 )
 

diff --git a/probes/freeOfAnyBinaryArtifacts/def.yml b/probes/freeOfAnyBinaryArtifacts/def.yml
@@ -17,12 +17,12 @@ short: Checks if the project has any binary files in its source tree.
 motivation: >
   Binary files are not readable so users can't see what they do. Many programming language systems can generate executables from source code (e.g., C/C++ generated machine code, Java .class files, Python .pyc files, and minified JavaScript). Users will often directly use executables if they are included in the source repository, leading to many dangerous behaviors.
 implementation: >
-  The implementation looks for the presence of binary files. This is a more restrictive probe than "freeOfUntrustedBinaryArtifacts" which excludes trusted binary files.
+  The implementation looks for the presence of binary files. This is a more restrictive probe than "freeOfUnverifiededBinaryArtifacts" which excludes verified binary files.
 outcome:
   - If the probe finds binary files, it returns a number of negative outcomes equal to the number of binary files found. Each outcome includes a location of the file.
-  - If the probe finds no untrusted binary files, it returns a single positive outcome.
+  - If the probe finds no verified binary files, it returns a single positive outcome.
 remediation:
   effort: Medium
   text:
     - Remove the generated executable artifacts from the repository.
-    - Build from source.
+    - Build from source.
diff --git a/...es/freeOfUntrustedBinaryArtifacts/def.yml → ...s/freeOfUnverifiedBinaryArtifacts/def.yml b/...es/freeOfUntrustedBinaryArtifacts/def.yml → ...s/freeOfUnverifiedBinaryArtifacts/def.yml
@@ -12,15 +12,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-id: freeOfUntrustedBinaryArtifacts
-short: Checks if the project has binary files in its source tree. The probe skips trusted binary files which currently are gradle-wrappers.
+id: freeOfUnverifiedBinaryArtifacts
+short: Checks if the project has binary files in its source tree. The probe skips verified binary files which currently are gradle-wrappers.
 motivation: >
   Binary files are not readable so users can't see what they do. Many programming language systems can generate executables from source code (e.g., C/C++ generated machine code, Java .class files, Python .pyc files, and minified JavaScript). Users will often directly use executables if they are included in the source repository, leading to many dangerous behaviors.
 implementation: >
-  The implementation looks for the presence of binary files that are not "verified". A verified binary is one that Scorecard considers valid for building and/or releasing the project. This is a more permissive probe than "freeOfAnyBinaryArtifacts" which does not trust any binary files.
+  The implementation looks for the presence of binary files that are not "verified". A verified binary is one that Scorecard considers valid for building and/or releasing the project. This is a more permissive probe than "freeOfAnyBinaryArtifacts" which does not skip verified binary files.
 outcome:
-  - If the probe finds untrusted binary files, it returns a number of negative outcomes equal to the number of untrusted binary files found. Each outcome includes a location of the file.
-  - If the probe finds no untrusted binary files, it returns a single positive outcome.
+  - If the probe finds unverified binary files, it returns a number of negative outcomes equal to the number of unverified binary files found. Each outcome includes a location of the file.
+  - If the probe finds no unverified binary files, it returns a single positive outcome.
 remediation:
   effort: Medium
   text:

diff --git a/...es/freeOfUntrustedBinaryArtifacts/impl.go → ...s/freeOfUnverifiedBinaryArtifacts/impl.go b/...es/freeOfUntrustedBinaryArtifacts/impl.go → ...s/freeOfUnverifiedBinaryArtifacts/impl.go
@@ -13,7 +13,7 @@
 // limitations under the License.
 
 //nolint:stylecheck
-package freeOfUntrustedBinaryArtifacts
+package freeOfUnverifiedBinaryArtifacts
 
 import (
 	"embed"
@@ -27,7 +27,7 @@ import (
 //go:embed *.yml
 var fs embed.FS
 
-const Probe = "freeOfUntrustedBinaryArtifacts"
+const Probe = "freeOfUnverifiedBinaryArtifacts"
 
 func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 	if raw == nil {

diff --git a/...eeOfUntrustedBinaryArtifacts/impl_test.go → ...eOfUnverifiedBinaryArtifacts/impl_test.go b/...eeOfUntrustedBinaryArtifacts/impl_test.go → ...eOfUnverifiedBinaryArtifacts/impl_test.go
@@ -13,7 +13,7 @@
 // limitations under the License.
 
 //nolint:stylecheck
-package freeOfUntrustedBinaryArtifacts
+package freeOfUnverifiedBinaryArtifacts
 
 import (
 	"testing"