diff --git a/checks/evaluation/webhooks.go b/checks/evaluation/webhooks.go index 6923c9572e0..c0672608a92 100644 --- a/checks/evaluation/webhooks.go +++ b/checks/evaluation/webhooks.go @@ -20,7 +20,7 @@ import ( "github.com/ossf/scorecard/v4/checker" sce "github.com/ossf/scorecard/v4/errors" "github.com/ossf/scorecard/v4/finding" - "github.com/ossf/scorecard/v4/probes/webhooksWithoutSecret" + "github.com/ossf/scorecard/v4/probes/webhooksUseSecrets" ) // Webhooks applies the score policy for the Webhooks check. @@ -28,7 +28,7 @@ func Webhooks(name string, findings []finding.Finding, dl checker.DetailLogger, ) checker.CheckResult { expectedProbes := []string{ - webhooksWithoutSecret.Probe, + webhooksUseSecrets.Probe, } if !finding.UniqueProbesEqual(findings, expectedProbes) { diff --git a/checks/evaluation/webhooks_test.go b/checks/evaluation/webhooks_test.go index fb0bafc9bf4..69db1de7b4b 100644 --- a/checks/evaluation/webhooks_test.go +++ b/checks/evaluation/webhooks_test.go @@ -34,7 +34,7 @@ func TestWebhooks(t *testing.T) { name: "no webhooks", findings: []finding.Finding{ { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNotApplicable, }, }, @@ -46,7 +46,7 @@ func TestWebhooks(t *testing.T) { name: "1 webhook with no secret", findings: []finding.Finding{ { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, }, }, @@ -58,7 +58,7 @@ func TestWebhooks(t *testing.T) { name: "1 webhook with secret", findings: []finding.Finding{ { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomePositive, Values: map[string]int{ "totalWebhooks": 1, @@ -73,7 +73,7 @@ func TestWebhooks(t *testing.T) { name: "2 webhooks one of which has secret", findings: []finding.Finding{ { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 2, @@ -88,14 +88,14 @@ func TestWebhooks(t *testing.T) { name: "Five webhooks three of which have secrets", findings: []finding.Finding{ { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 5, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 5, @@ -110,7 +110,7 @@ func TestWebhooks(t *testing.T) { name: "One of 12 webhooks does not have secrets", findings: []finding.Finding{ { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, @@ -125,84 +125,84 @@ func TestWebhooks(t *testing.T) { name: "Score should not drop below min score", findings: []finding.Finding{ { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, }, }, { - Probe: "webhooksWithoutSecret", + Probe: "webhooksUseSecrets", Outcome: finding.OutcomeNegative, Values: map[string]int{ "totalWebhooks": 12, diff --git a/probes/entries.go b/probes/entries.go index 29fa98ef118..4486ecd8913 100644 --- a/probes/entries.go +++ b/probes/entries.go @@ -53,7 +53,7 @@ import ( "github.com/ossf/scorecard/v4/probes/toolDependabotInstalled" "github.com/ossf/scorecard/v4/probes/toolPyUpInstalled" "github.com/ossf/scorecard/v4/probes/toolRenovateInstalled" - "github.com/ossf/scorecard/v4/probes/webhooksWithoutSecret" + "github.com/ossf/scorecard/v4/probes/webhooksUseSecrets" ) // ProbeImpl is the implementation of a probe. @@ -127,7 +127,7 @@ var ( freeOfUnverifiedBinaryArtifacts.Run, } Webhook = []ProbeImpl{ - webhooksWithoutSecret.Run, + webhooksUseSecrets.Run, } ) diff --git a/probes/webhooksWithoutSecret/def.yml b/probes/webhooksUseSecrets/def.yml similarity index 99% rename from probes/webhooksWithoutSecret/def.yml rename to probes/webhooksUseSecrets/def.yml index 9af352233f1..74db82cc2c5 100644 --- a/probes/webhooksWithoutSecret/def.yml +++ b/probes/webhooksUseSecrets/def.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -id: webhooksWithoutSecret +id: webhooksUseSecrets short: This check determines whether the webhooks defined in the repository have secrets configured to authenticate the origins of requests. motivation: > Webhooks without secret authorization have the potential to make projects accessible to third-parties. diff --git a/probes/webhooksWithoutSecret/impl.go b/probes/webhooksUseSecrets/impl.go similarity index 97% rename from probes/webhooksWithoutSecret/impl.go rename to probes/webhooksUseSecrets/impl.go index e568dff1615..e21dfd766b8 100644 --- a/probes/webhooksWithoutSecret/impl.go +++ b/probes/webhooksUseSecrets/impl.go @@ -13,7 +13,7 @@ // limitations under the License. //nolint:stylecheck -package webhooksWithoutSecret +package webhooksUseSecrets import ( "embed" @@ -27,7 +27,7 @@ import ( //go:embed *.yml var fs embed.FS -const Probe = "webhooksWithoutSecret" +const Probe = "webhooksUseSecrets" func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if raw == nil { diff --git a/probes/webhooksWithoutSecret/impl_test.go b/probes/webhooksUseSecrets/impl_test.go similarity index 99% rename from probes/webhooksWithoutSecret/impl_test.go rename to probes/webhooksUseSecrets/impl_test.go index 2fc5a1d27eb..eaf073d1f35 100644 --- a/probes/webhooksWithoutSecret/impl_test.go +++ b/probes/webhooksUseSecrets/impl_test.go @@ -13,7 +13,7 @@ // limitations under the License. //nolint:stylecheck -package webhooksWithoutSecret +package webhooksUseSecrets import ( "testing"