Skip to content

Commit

Permalink
Merge branch 'main' into avbalter/support-nuget-unpinned-dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
balteravishay authored Apr 17, 2023
2 parents 40438e4 + 1c441f3 commit 3a0da40
Show file tree
Hide file tree
Showing 6 changed files with 350 additions and 3 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ jobs:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0
with:
base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
upload-assets: true # upload to a new release
2 changes: 1 addition & 1 deletion .github/workflows/slsa-goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
contents: write
actions: read
needs: args
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@bdd89e60dc5387d8f819bebc702987956bcd4913 # v1.2.0
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.5.0 # v1.2.0
with:
go-version: 1.19
evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}"
2 changes: 1 addition & 1 deletion checks/evaluation/cii_best_practices.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ const (
)

// CIIBestPractices applies the score policy for the CIIBestPractices check.
func CIIBestPractices(name string, dl checker.DetailLogger, r *checker.CIIBestPracticesData) checker.CheckResult {
func CIIBestPractices(name string, _ checker.DetailLogger, r *checker.CIIBestPracticesData) checker.CheckResult {
if r == nil {
e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
return checker.CreateRuntimeErrorResult(name, e)
Expand Down
86 changes: 86 additions & 0 deletions checks/evaluation/cii_best_practices_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
// Copyright 2023 OpenSSF Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package evaluation

import (
"testing"

"github.com/ossf/scorecard/v4/checker"
"github.com/ossf/scorecard/v4/clients"
)

func TestCIIBestPractices(t *testing.T) {
t.Run("CIIBestPractices", func(t *testing.T) {
t.Run("in progress", func(t *testing.T) {
r := &checker.CIIBestPracticesData{
Badge: clients.InProgress,
}
result := CIIBestPractices("CIIBestPractices", nil, r)
if result.Score != inProgressScore {
t.Errorf("CIIBestPractices() = %v, want %v", result.Score, inProgressScore)
}
})
t.Run("passing", func(t *testing.T) {
r := &checker.CIIBestPracticesData{
Badge: clients.Passing,
}
result := CIIBestPractices("CIIBestPractices", nil, r)
if result.Score != passingScore {
t.Errorf("CIIBestPractices() = %v, want %v", result.Score, passingScore)
}
})
t.Run("silver", func(t *testing.T) {
r := &checker.CIIBestPracticesData{
Badge: clients.Silver,
}
result := CIIBestPractices("CIIBestPractices", nil, r)
if result.Score != silverScore {
t.Errorf("CIIBestPractices() = %v, want %v", result.Score, silverScore)
}
})
t.Run("gold", func(t *testing.T) {
r := &checker.CIIBestPracticesData{
Badge: clients.Gold,
}
result := CIIBestPractices("CIIBestPractices", nil, r)
if result.Score != checker.MaxResultScore {
t.Errorf("CIIBestPractices() = %v, want %v", result.Score, checker.MaxResultScore)
}
})
t.Run("not found", func(t *testing.T) {
r := &checker.CIIBestPracticesData{
Badge: clients.NotFound,
}
result := CIIBestPractices("CIIBestPractices", nil, r)
if result.Score != checker.MinResultScore {
t.Errorf("CIIBestPractices() = %v, want %v", result.Score, checker.MinResultScore)
}
})
t.Run("error", func(t *testing.T) {
r := &checker.CIIBestPracticesData{
Badge: clients.Unknown,
}
result := CIIBestPractices("CIIBestPractices", nil, r)
if result.Score != -1 {
t.Errorf("CIIBestPractices() = %v, want %v", result.Score, -1)
}
})
t.Run("nil response", func(t *testing.T) {
result := CIIBestPractices("CIIBestPractices", nil, nil)
if result.Score != -1 {
t.Errorf("CIIBestPractices() = %v, want %v", result.Score, -1)
}
})
})
}
157 changes: 157 additions & 0 deletions checks/evaluation/dangerous_workflow_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
// Copyright 2023 OpenSSF Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package evaluation

import (
"testing"

"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"

"github.com/ossf/scorecard/v4/checker"
scut "github.com/ossf/scorecard/v4/utests"
)

func TestDangerousWorkflow(t *testing.T) {
t.Parallel()
type args struct { //nolint:govet
name string
dl checker.DetailLogger
r *checker.DangerousWorkflowData
}
tests := []struct {
name string
args args
want checker.CheckResult
}{
{
name: "DangerousWorkflow - empty",
args: args{
name: "DangerousWorkflow",
dl: &scut.TestDetailLogger{},
r: &checker.DangerousWorkflowData{},
},
want: checker.CheckResult{
Score: 10,
Reason: "no dangerous workflow patterns detected",
Version: 2,
Name: "DangerousWorkflow",
},
},
{
name: "DangerousWorkflow - Dangerous workflow detected",
args: args{
name: "DangerousWorkflow",
dl: &scut.TestDetailLogger{},
r: &checker.DangerousWorkflowData{
Workflows: []checker.DangerousWorkflow{
{
Type: checker.DangerousWorkflowUntrustedCheckout,
File: checker.File{
Path: "a",
Snippet: "a",
Offset: 0,
EndOffset: 0,
Type: 0,
},
},
},
},
},
want: checker.CheckResult{
Score: 0,
Reason: "dangerous workflow patterns detected",
Version: 2,
Name: "DangerousWorkflow",
},
},
{
name: "DangerousWorkflow - Script injection detected",
args: args{
name: "DangerousWorkflow",
dl: &scut.TestDetailLogger{},
r: &checker.DangerousWorkflowData{
Workflows: []checker.DangerousWorkflow{
{
Type: checker.DangerousWorkflowScriptInjection,
File: checker.File{
Path: "a",
Snippet: "a",
Offset: 0,
EndOffset: 0,
Type: 0,
},
},
},
},
},
want: checker.CheckResult{
Score: 0,
Reason: "dangerous workflow patterns detected",
Version: 2,
Name: "DangerousWorkflow",
},
},
{
name: "DangerousWorkflow - unknown type",
args: args{
name: "DangerousWorkflow",
dl: &scut.TestDetailLogger{},
r: &checker.DangerousWorkflowData{
Workflows: []checker.DangerousWorkflow{
{
Type: "foobar",
File: checker.File{
Path: "a",
Snippet: "a",
Offset: 0,
EndOffset: 0,
Type: 0,
},
},
},
},
},
want: checker.CheckResult{
Score: -1,
Reason: "internal error: invalid type",
Version: 2,
Name: "DangerousWorkflow",
},
},
{
name: "DangerousWorkflow - nil data",
args: args{
name: "DangerousWorkflow",
dl: &scut.TestDetailLogger{},
r: nil,
},
want: checker.CheckResult{
Score: -1,
Reason: "internal error: empty raw data",
Name: "DangerousWorkflow",
Version: 2,
},
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
if got := DangerousWorkflow(tt.args.name, tt.args.dl, tt.args.r); !cmp.Equal(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { //nolint:lll
t.Errorf("DangerousWorkflow() = %v, want %v", got, cmp.Diff(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) //nolint:lll
}
})
}
}
104 changes: 104 additions & 0 deletions checks/evaluation/fuzzing_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
// Copyright 2023 OpenSSF Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package evaluation

import (
"testing"

"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"

"github.com/ossf/scorecard/v4/checker"
scut "github.com/ossf/scorecard/v4/utests"
)

func TestFuzzing(t *testing.T) {
t.Parallel()
type args struct { //nolint
name string
dl checker.DetailLogger
r *checker.FuzzingData
}
tests := []struct {
name string
args args
want checker.CheckResult
}{
{
name: "Fuzzing - no fuzzing",
args: args{
name: "Fuzzing",
dl: &scut.TestDetailLogger{},
r: &checker.FuzzingData{},
},
want: checker.CheckResult{
Score: 0,
Name: "Fuzzing",
Version: 2,
Reason: "project is not fuzzed",
},
},
{
name: "Fuzzing - fuzzing",
args: args{
name: "Fuzzing",
dl: &scut.TestDetailLogger{},
r: &checker.FuzzingData{
Fuzzers: []checker.Tool{
{
Name: "Fuzzing",
Files: []checker.File{
{
Path: "Fuzzing",
Type: 0,
Offset: 1,
Snippet: "Fuzzing",
},
},
},
},
},
},
want: checker.CheckResult{
Score: 10,
Name: "Fuzzing",
Version: 2,
Reason: "project is fuzzed with [Fuzzing]",
},
},
{
name: "Fuzzing - fuzzing data nil",
args: args{
name: "Fuzzing",
dl: &scut.TestDetailLogger{},
r: nil,
},
want: checker.CheckResult{
Score: -1,
Name: "Fuzzing",
Version: 2,
Reason: "internal error: empty raw data",
},
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
if got := Fuzzing(tt.args.name, tt.args.dl, tt.args.r); !cmp.Equal(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { //nolint:lll
t.Errorf("Fuzzing() = %v, want %v", got, cmp.Diff(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) //nolint:lll
}
})
}
}

0 comments on commit 3a0da40

Please sign in to comment.