Skip to content

Commit

Permalink
✨ Unit test for all_checks
Browse files Browse the repository at this point in the history
Addresses #435

Signed-off-by: naveen <[email protected]>
  • Loading branch information
naveensrinivasan committed Jan 12, 2022
1 parent 7710369 commit f7b329e
Show file tree
Hide file tree
Showing 21 changed files with 163 additions and 28 deletions.
13 changes: 11 additions & 2 deletions checks/all_checks.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,20 @@
// Package checks defines all Scorecard checks.
package checks

import "github.com/ossf/scorecard/v4/checker"
import (
"github.com/ossf/scorecard/v4/checker"
)

// AllChecks is the list of all security checks that will be run.
var AllChecks = checker.CheckNameToFnMap{}

func registerCheck(name string, fn checker.CheckFn) {
func registerCheck(name string, fn checker.CheckFn) error {
if name == "" {
return errInternalNameCannotBeEmpty
}
if fn == nil {
return errInternalCheckFuncCannotBeNil
}
AllChecks[name] = fn
return nil
}
70 changes: 70 additions & 0 deletions checks/all_checks_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
// Copyright 2020 Security Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Package checks defines all Scorecard checks.
package checks

import (
"testing"

"github.com/ossf/scorecard/v4/checker"
)

func Test_registerCheck(t *testing.T) {
t.Parallel()
//nolint
type args struct {
name string
fn checker.CheckFn
}
//nolint
tests := []struct {
name string
args args
wanterr bool
}{
{
name: "registerCheck",
args: args{
name: "test",
fn: func(x *checker.CheckRequest) checker.CheckResult { return checker.CheckResult{} },
},
wanterr: false,
},
{
name: "empty func",
args: args{
name: "test",
},
wanterr: true,
},
{
name: "empty name",
args: args{
name: "",
fn: func(x *checker.CheckRequest) checker.CheckResult { return checker.CheckResult{} },
},
wanterr: true,
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
if err := registerCheck(tt.args.name, tt.args.fn); (err != nil) != tt.wanterr {
t.Errorf("registerCheck() error = %v, wantErr %v", err, tt.wanterr)
}
})
}
}
5 changes: 4 additions & 1 deletion checks/binary_artifact.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,10 @@ const CheckBinaryArtifacts string = "Binary-Artifacts"

//nolint
func init() {
registerCheck(CheckBinaryArtifacts, BinaryArtifacts)
if err := registerCheck(CheckBinaryArtifacts, BinaryArtifacts); err != nil {
// this should never happen
panic(err)
}
}

// BinaryArtifacts will check the repository contains binary artifacts.
Expand Down
5 changes: 4 additions & 1 deletion checks/branch_protection.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,10 @@ const (

//nolint:gochecknoinits
func init() {
registerCheck(CheckBranchProtection, BranchProtection)
if err := registerCheck(CheckBranchProtection, BranchProtection); err != nil {
// this should never happen
panic(err)
}
}

// BranchProtection runs the Branch-Protection check.
Expand Down
5 changes: 4 additions & 1 deletion checks/ci_tests.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,10 @@ const (

//nolint:gochecknoinits
func init() {
registerCheck(CheckCITests, CITests)
if err := registerCheck(CheckCITests, CITests); err != nil {
// this should never happen
panic(err)
}
}

// CITests runs CI-Tests check.
Expand Down
5 changes: 4 additions & 1 deletion checks/cii_best_practices.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,10 @@ const (

//nolint:gochecknoinits
func init() {
registerCheck(CheckCIIBestPractices, CIIBestPractices)
if err := registerCheck(CheckCIIBestPractices, CIIBestPractices); err != nil {
// this should never happen
panic(err)
}
}

// CIIBestPractices runs CII-Best-Practices check.
Expand Down
5 changes: 4 additions & 1 deletion checks/code_review.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,10 @@ const CheckCodeReview = "Code-Review"

//nolint:gochecknoinits
func init() {
registerCheck(CheckCodeReview, DoesCodeReview)
if err := registerCheck(CheckCodeReview, DoesCodeReview); err != nil {
// this should never happen
panic(err)
}
}

// DoesCodeReview attempts to determine whether a project requires review before code gets merged.
Expand Down
5 changes: 4 additions & 1 deletion checks/contributors.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,10 @@ const (

//nolint:gochecknoinits
func init() {
registerCheck(CheckContributors, Contributors)
if err := registerCheck(CheckContributors, Contributors); err != nil {
// this should never happen
panic(err)
}
}

// Contributors run Contributors check.
Expand Down
5 changes: 4 additions & 1 deletion checks/dangerous_workflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,10 @@ func containsUntrustedContextPattern(variable string) bool {

//nolint:gochecknoinits
func init() {
registerCheck(CheckDangerousWorkflow, DangerousWorkflow)
if err := registerCheck(CheckDangerousWorkflow, DangerousWorkflow); err != nil {
// this should never happen
panic(err)
}
}

// Holds stateful data to pass thru callbacks.
Expand Down
5 changes: 4 additions & 1 deletion checks/dependency_update_tool.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,10 @@ const CheckDependencyUpdateTool = "Dependency-Update-Tool"

//nolint
func init() {
registerCheck(CheckDependencyUpdateTool, DependencyUpdateTool)
if err := registerCheck(CheckDependencyUpdateTool, DependencyUpdateTool); err != nil {
// this should never happen
panic(err)
}
}

// DependencyUpdateTool checks if the repository uses a dependency update tool.
Expand Down
18 changes: 10 additions & 8 deletions checks/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,14 @@ import (

//nolint
var (
errInternalInvalidDockerFile = errors.New("invalid Dockerfile")
errInternalInvalidYamlFile = errors.New("invalid yaml file")
errInternalFilenameMatch = errors.New("filename match error")
errInternalEmptyFile = errors.New("empty file")
errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow")
errInternalNoReviews = errors.New("no reviews found")
errInternalNoCommits = errors.New("no commits found")
errInternalInvalidPermissions = errors.New("invalid permissions")
errInternalInvalidDockerFile = errors.New("invalid Dockerfile")
errInternalInvalidYamlFile = errors.New("invalid yaml file")
errInternalFilenameMatch = errors.New("filename match error")
errInternalEmptyFile = errors.New("empty file")
errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow")
errInternalNoReviews = errors.New("no reviews found")
errInternalNoCommits = errors.New("no commits found")
errInternalInvalidPermissions = errors.New("invalid permissions")
errInternalNameCannotBeEmpty = errors.New("name cannot be empty")
errInternalCheckFuncCannotBeNil = errors.New("checkFunc cannot be nil")
)
5 changes: 4 additions & 1 deletion checks/fuzzing.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,10 @@ const CheckFuzzing = "Fuzzing"

//nolint:gochecknoinits
func init() {
registerCheck(CheckFuzzing, Fuzzing)
if err := registerCheck(CheckFuzzing, Fuzzing); err != nil {
// this should never happen
panic(err)
}
}

func checkCFLite(c *checker.CheckRequest) (bool, error) {
Expand Down
5 changes: 4 additions & 1 deletion checks/license.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,10 @@ const CheckLicense = "License"

//nolint:gochecknoinits
func init() {
registerCheck(CheckLicense, LicenseCheck)
if err := registerCheck(CheckLicense, LicenseCheck); err != nil {
// this should never happen
panic(err)
}
}

const (
Expand Down
5 changes: 4 additions & 1 deletion checks/maintained.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,10 @@ const (

//nolint:gochecknoinits
func init() {
registerCheck(CheckMaintained, IsMaintained)
if err := registerCheck(CheckMaintained, IsMaintained); err != nil {
// this should never happen
panic(err)
}
}

// IsMaintained runs Maintained check.
Expand Down
5 changes: 4 additions & 1 deletion checks/packaging.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,10 @@ const CheckPackaging = "Packaging"

//nolint:gochecknoinits
func init() {
registerCheck(CheckPackaging, Packaging)
if err := registerCheck(CheckPackaging, Packaging); err != nil {
// this should never happen
panic(err)
}
}

func isGithubWorkflowFile(filename string) (bool, error) {
Expand Down
5 changes: 4 additions & 1 deletion checks/permissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,10 @@ var permissionsOfInterest = []permission{

//nolint:gochecknoinits
func init() {
registerCheck(CheckTokenPermissions, TokenPermissions)
if err := registerCheck(CheckTokenPermissions, TokenPermissions); err != nil {
// This should never happen.
panic(err)
}
}

// Holds stateful data to pass thru callbacks.
Expand Down
5 changes: 4 additions & 1 deletion checks/pinned_dependencies.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,10 @@ type worklowPinningResult struct {

//nolint:gochecknoinits
func init() {
registerCheck(CheckPinnedDependencies, PinnedDependencies)
if err := registerCheck(CheckPinnedDependencies, PinnedDependencies); err != nil {
// This should never happen.
panic(err)
}
}

// PinnedDependencies will check the repository if it contains frozen dependecies.
Expand Down
5 changes: 4 additions & 1 deletion checks/sast.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,10 @@ var allowedConclusions = map[string]bool{"success": true, "neutral": true}

//nolint:gochecknoinits
func init() {
registerCheck(CheckSAST, SAST)
if err := registerCheck(CheckSAST, SAST); err != nil {
// This should never happen.
panic(err)
}
}

// SAST runs SAST check.
Expand Down
5 changes: 4 additions & 1 deletion checks/security_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,10 @@ const CheckSecurityPolicy = "Security-Policy"

//nolint:gochecknoinits
func init() {
registerCheck(CheckSecurityPolicy, SecurityPolicy)
if err := registerCheck(CheckSecurityPolicy, SecurityPolicy); err != nil {
// This should never happen.
panic(err)
}
}

// SecurityPolicy runs Security-Policy check.
Expand Down
5 changes: 4 additions & 1 deletion checks/signed_releases.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,10 @@ var artifactExtensions = []string{".asc", ".minisig", ".sig", ".sign"}

//nolint:gochecknoinits
func init() {
registerCheck(CheckSignedReleases, SignedReleases)
if err := registerCheck(CheckSignedReleases, SignedReleases); err != nil {
// this should never happen
panic(err)
}
}

// SignedReleases runs Signed-Releases check.
Expand Down
5 changes: 4 additions & 1 deletion checks/vulnerabilities.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,10 @@ const (

//nolint:gochecknoinits
func init() {
registerCheck(CheckVulnerabilities, HasUnfixedVulnerabilities)
if err := registerCheck(CheckVulnerabilities, HasUnfixedVulnerabilities); err != nil {
// this should never happen
panic(err)
}
}

func getVulnerabilities(resp *clients.VulnerabilitiesResponse) []string {
Expand Down

0 comments on commit f7b329e

Please sign in to comment.