From a29a1077222eab3f67cb30519abe69cd7eb30a0c Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 20 Dec 2021 22:26:54 +0000 Subject: [PATCH 1/4] hide sarif support --- cmd/root.go | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 5075b554f93..d1bda037378 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -75,8 +75,8 @@ const ( scorecardLong = "A program that shows security scorecard for an open source software." scorecardUse = `./scorecard [--repo=] [--local=folder] [--checks=check1,...] - [--show-details] [--policy=file] or ./scorecard --{npm,pypi,rubygems}= - [--checks=check1,...] [--show-details] [--policy=file]` + [--show-details] or ./scorecard --{npm,pypi,rubygems}= + [--checks=check1,...] [--show-details]` scorecardShort = "Security Scorecards" ) @@ -95,8 +95,6 @@ func init() { rootCmd.Flags().StringVar( &rubygems, "rubygems", "", "rubygems package to check, given that the rubygems package has a GitHub repository") - rootCmd.Flags().StringVar(&format, "format", formatDefault, - "output format. allowed values are [default, sarif, json]") rootCmd.Flags().StringSliceVar( &metaData, "metadata", []string{}, "metadata for the project. It can be multiple separated by commas") rootCmd.Flags().BoolVar(&showDetails, "show-details", false, "show extra details about each check") @@ -106,7 +104,17 @@ func init() { } rootCmd.Flags().StringSliceVar(&checksToRun, "checks", []string{}, fmt.Sprintf("Checks to run. Possible values are: %s", strings.Join(checkNames, ","))) - rootCmd.Flags().StringVar(&policyFile, "policy", "", "policy to enforce") + + var sarifEnabled bool + _, sarifEnabled = os.LookupEnv("ENABLE_SARIF") + if sarifEnabled { + rootCmd.Flags().StringVar(&policyFile, "policy", "", "policy to enforce") + rootCmd.Flags().StringVar(&format, "format", formatDefault, + "output format. allowed values are [default, sarif, json]") + } else { + rootCmd.Flags().StringVar(&format, "format", formatDefault, + "output format. allowed values are [default, json]") + } var v6 bool _, v6 = os.LookupEnv("SCORECARD_V6") @@ -126,18 +134,18 @@ func Execute() { // nolint: gocognit, gocyclo func scorecardCmd(cmd *cobra.Command, args []string) { // UPGRADEv4: remove. - var v4 bool - _, v4 = os.LookupEnv("SCORECARD_V4") + var sarifEnabled bool + _, sarifEnabled = os.LookupEnv("ENABLE_SARIF") - if format == formatSarif && !v4 { + if format == formatSarif && !sarifEnabled { log.Panic("sarif not supported yet") } - if policyFile != "" && !v4 { + if policyFile != "" && !sarifEnabled { log.Panic("policy not supported yet") } - if local != "" && !v4 { + if local != "" && !sarifEnabled { log.Panic("--local option not supported yet") } From 74010a06d6934e7ea4e15f4f98fd5ef7ea990be8 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 20 Dec 2021 22:31:31 +0000 Subject: [PATCH 2/4] use variable --- cmd/root.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index d1bda037378..0c23a0733d6 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -80,6 +80,8 @@ const ( scorecardShort = "Security Scorecards" ) +const cliEnableSarif = "ENABLE_SARIF" + //nolint:gochecknoinits func init() { // Add the zap flag manually @@ -106,7 +108,7 @@ func init() { fmt.Sprintf("Checks to run. Possible values are: %s", strings.Join(checkNames, ","))) var sarifEnabled bool - _, sarifEnabled = os.LookupEnv("ENABLE_SARIF") + _, sarifEnabled = os.LookupEnv(cliEnableSarif) if sarifEnabled { rootCmd.Flags().StringVar(&policyFile, "policy", "", "policy to enforce") rootCmd.Flags().StringVar(&format, "format", formatDefault, @@ -135,7 +137,7 @@ func Execute() { func scorecardCmd(cmd *cobra.Command, args []string) { // UPGRADEv4: remove. var sarifEnabled bool - _, sarifEnabled = os.LookupEnv("ENABLE_SARIF") + _, sarifEnabled = os.LookupEnv(cliEnableSarif) if format == formatSarif && !sarifEnabled { log.Panic("sarif not supported yet") From f2b54b3089d2277a1bfbd9b3bd804ecbd3f99897 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 20 Dec 2021 22:39:26 +0000 Subject: [PATCH 3/4] fix string --- cmd/root.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 0c23a0733d6..455d52d1b96 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -112,10 +112,10 @@ func init() { if sarifEnabled { rootCmd.Flags().StringVar(&policyFile, "policy", "", "policy to enforce") rootCmd.Flags().StringVar(&format, "format", formatDefault, - "output format. allowed values are [default, sarif, json]") + "output format allowed values are [default, sarif, json]") } else { rootCmd.Flags().StringVar(&format, "format", formatDefault, - "output format. allowed values are [default, json]") + "output format allowed values are [default, json]") } var v6 bool From 9faa8054e3b846eecfb170060aeece8cb92163f5 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 21 Dec 2021 17:03:36 +0000 Subject: [PATCH 4/4] enable local --- cmd/root.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 455d52d1b96..82f9d83b755 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -147,10 +147,6 @@ func scorecardCmd(cmd *cobra.Command, args []string) { log.Panic("policy not supported yet") } - if local != "" && !sarifEnabled { - log.Panic("--local option not supported yet") - } - var v6 bool _, v6 = os.LookupEnv("SCORECARD_V6") if raw && !v6 {