Skip to content

Commit

Permalink
Fix more nil-ptr dereferences (#1295)
Browse files Browse the repository at this point in the history
Co-authored-by: Azeem Shaikh <[email protected]>
  • Loading branch information
azeemshaikh38 and azeemsgoogle authored Nov 17, 2021
1 parent 0339eea commit 8fae5b1
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 8 deletions.
18 changes: 12 additions & 6 deletions checks/dangerous_workflow_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,18 +48,22 @@ func TestGithubDangerousWorkflow(t *testing.T) {
expected: scut.TestReturn{
Error: nil,
Score: checker.MinResultScore,
NumberOfWarn: 0,
NumberOfInfo: 1,
NumberOfWarn: 1,
NumberOfInfo: 0,
NumberOfDebug: 0,
},
},
{
name: "run trusted code checkout test",
filename: "./testdata/github-workflow-dangerous-pattern-trusted-checkout.yml",
expected: scut.TestReturn{
Error: nil,
Score: checker.MaxResultScore,
NumberOfWarn: 0,
Error: nil,
// TODO(#1294): Fix the score calculation to return MaxScore.
// Score: checker.MaxResultScore,
Score: checker.MinResultScore,
// TODO(#1294): NumberOfWarn should be 0.
// NumberOfWarn: 0,
NumberOfWarn: 1,
NumberOfInfo: 0,
NumberOfDebug: 0,
},
Expand Down Expand Up @@ -103,7 +107,9 @@ func TestGithubDangerousWorkflow(t *testing.T) {
}
dl := scut.TestDetailLogger{}
r := testValidateGitHubActionDangerousWOrkflow(tt.filename, content, &dl)
scut.ValidateTestReturn(t, tt.name, &tt.expected, &r, &dl)
if !scut.ValidateTestReturn(t, tt.name, &tt.expected, &r, &dl) {
t.Fail()
}
})
}
}
8 changes: 8 additions & 0 deletions checks/fileparser/github_workflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,14 @@ func GetStepName(step *actionlint.Step) string {
return ""
}

// IsStepExecKind compares input `step` ExecKind with `kind` and returns true on a match.
func IsStepExecKind(step *actionlint.Step, kind actionlint.ExecKind) bool {
if step == nil || step.Exec == nil {
return false
}
return step.Exec.Kind() == kind
}

func getExecRunShell(execRun *actionlint.ExecRun) string {
if execRun != nil && execRun.Shell != nil {
return execRun.Shell.Value
Expand Down
4 changes: 2 additions & 2 deletions checks/pinned_dependencies.go
Original file line number Diff line number Diff line change
Expand Up @@ -481,7 +481,7 @@ func validateGitHubWorkflowIsFreeOfInsecureDownloads(pathfn string, content []by
job := job
for _, step := range job.Steps {
step := step
if step.Exec.Kind() != actionlint.ExecKindRun {
if !fileparser.IsStepExecKind(step, actionlint.ExecKindRun) {
continue
}

Expand Down Expand Up @@ -565,7 +565,7 @@ func validateGitHubActionWorkflow(pathfn string, content []byte,
jobName = fileparser.GetJobName(job)
}
for _, step := range job.Steps {
if step == nil || step.Exec == nil || step.Exec.Kind() != actionlint.ExecKindAction {
if !fileparser.IsStepExecKind(step, actionlint.ExecKindAction) {
continue
}
execAction, ok := step.Exec.(*actionlint.ExecAction)
Expand Down

0 comments on commit 8fae5b1

Please sign in to comment.