Skip to content

Commit

Permalink
🌱 Add probes to main call (ossf#3688)
Browse files Browse the repository at this point in the history
* 🌱 Add probes to main call

Signed-off-by: AdamKorcz <[email protected]>

* fix linter issues

Signed-off-by: AdamKorcz <[email protected]>

* add test

Signed-off-by: AdamKorcz <[email protected]>

* add test coverage

Signed-off-by: AdamKorcz <[email protected]>

* remove

Signed-off-by: Adam Korczynski <[email protected]>

* WIP

Signed-off-by: Adam Korczynski <[email protected]>

* change comment for 'ExperimentalRunProbes'

Signed-off-by: Adam Korczynski <[email protected]>

* fix linter issues

Signed-off-by: Adam Korczynski <[email protected]>

* make only one in root.go

Signed-off-by: Adam Korczynski <[email protected]>

* relocate printing of output

Signed-off-by: Adam Korczynski <[email protected]>

* remove FormatPJSON

Signed-off-by: Adam Korczynski <[email protected]>

* reduce complexity of rootCmd

Signed-off-by: Adam Korczynski <[email protected]>

* assign findings in runEnabledProbes

Signed-off-by: Adam Korczynski <[email protected]>

* change name of probe map

Signed-off-by: Adam Korczynski <[email protected]>

* unwrap error

Signed-off-by: Adam Korczynski <[email protected]>

---------

Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: Adam Korczynski <[email protected]>
  • Loading branch information
AdamKorcz authored Dec 12, 2023
1 parent db7b6e7 commit 3ce1daa
Show file tree
Hide file tree
Showing 7 changed files with 486 additions and 28 deletions.
45 changes: 39 additions & 6 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,9 @@ func New(o *options.Options) *cobra.Command {

// rootCmd runs scorecard checks given a set of arguments.
func rootCmd(o *options.Options) error {
var err error
var repoResult pkg.ScorecardResult

p := &pmc.PackageManagerClient{}
// Set `repo` from package managers.
pkgResp, err := fetchGitRepositoryFromPackageManagers(o.NPM, o.PyPI, o.RubyGems, o.Nuget, p)
Expand Down Expand Up @@ -119,18 +122,22 @@ func rootCmd(o *options.Options) error {
return fmt.Errorf("GetEnabled: %w", err)
}

enabledProbes := o.Probes()
if o.Format == options.FormatDefault {
for checkName := range enabledChecks {
fmt.Fprintf(os.Stderr, "Starting [%s]\n", checkName)
if len(enabledProbes) > 0 {
printProbeStart(enabledProbes)
} else {
printCheckStart(enabledChecks)
}
}

repoResult, err := pkg.RunScorecard(
repoResult, err = pkg.ExperimentalRunProbes(
ctx,
repoURI,
o.Commit,
o.CommitDepth,
enabledChecks,
enabledProbes,
repoClient,
ossFuzzRepoClient,
ciiClient,
Expand All @@ -148,10 +155,11 @@ func rootCmd(o *options.Options) error {
})

if o.Format == options.FormatDefault {
for checkName := range enabledChecks {
fmt.Fprintf(os.Stderr, "Finished [%s]\n", checkName)
if len(enabledProbes) > 0 {
printProbeResults(enabledProbes)
} else {
printCheckResults(enabledChecks)
}
fmt.Fprintln(os.Stderr, "\nRESULTS\n-------")
}

resultsErr := pkg.FormatResults(
Expand All @@ -172,3 +180,28 @@ func rootCmd(o *options.Options) error {
}
return nil
}

func printProbeStart(enabledProbes []string) {
for _, probeName := range enabledProbes {
fmt.Fprintf(os.Stderr, "Starting probe [%s]\n", probeName)
}
}

func printCheckStart(enabledChecks checker.CheckNameToFnMap) {
for checkName := range enabledChecks {
fmt.Fprintf(os.Stderr, "Starting [%s]\n", checkName)
}
}

func printProbeResults(enabledProbes []string) {
for _, probeName := range enabledProbes {
fmt.Fprintf(os.Stderr, "Finished probe %s\n", probeName)
}
}

func printCheckResults(enabledChecks checker.CheckNameToFnMap) {
for checkName := range enabledChecks {
fmt.Fprintf(os.Stderr, "Finished [%s]\n", checkName)
}
fmt.Fprintln(os.Stderr, "\nRESULTS\n-------")
}
9 changes: 9 additions & 0 deletions options/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@ const (
ShorthandFlagResultsFile = "o"

FlagCommitDepth = "commit-depth"

FlagProbes = "probes"
)

// Command is an interface for handling options for command-line utilities.
Expand Down Expand Up @@ -168,6 +170,13 @@ func (o *Options) AddFlags(cmd *cobra.Command) {
fmt.Sprintf("Checks to run. Possible values are: %s", strings.Join(checkNames, ",")),
)

cmd.Flags().StringSliceVar(
&o.ProbesToRun,
FlagProbes,
o.ProbesToRun,
"Probes to run.",
)

// TODO(options): Extract logic
allowedFormats := []string{
FormatDefault,
Expand Down
5 changes: 5 additions & 0 deletions options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ type Options struct {
PolicyFile string
ResultsFile string
ChecksToRun []string
ProbesToRun []string
Metadata []string
CommitDepth int
ShowDetails bool
Expand Down Expand Up @@ -240,6 +241,10 @@ func (o *Options) Checks() []string {
return o.ChecksToRun
}

func (o *Options) Probes() []string {
return o.ProbesToRun
}

// isExperimentalEnabled returns true if experimental features were enabled via
// environment variable.
func (o *Options) isExperimentalEnabled() bool {
Expand Down
123 changes: 105 additions & 18 deletions pkg/scorecard.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,20 +39,11 @@ import (
var errEmptyRepository = errors.New("repository empty")

func runEnabledChecks(ctx context.Context,
repo clients.Repo, raw *checker.RawResults, checksToRun checker.CheckNameToFnMap,
repoClient clients.RepoClient, ossFuzzRepoClient clients.RepoClient, ciiClient clients.CIIBestPracticesClient,
vulnsClient clients.VulnerabilitiesClient,
repo clients.Repo,
request *checker.CheckRequest,
checksToRun checker.CheckNameToFnMap,
resultsCh chan checker.CheckResult,
) {
request := checker.CheckRequest{
Ctx: ctx,
RepoClient: repoClient,
OssFuzzRepo: ossFuzzRepoClient,
CIIClient: ciiClient,
VulnerabilitiesClient: vulnsClient,
Repo: repo,
RawResults: raw,
}
wg := sync.WaitGroup{}
for checkName, checkFn := range checksToRun {
checkName := checkName
Expand All @@ -63,7 +54,7 @@ func runEnabledChecks(ctx context.Context,
runner := checker.NewRunner(
checkName,
repo.URI(),
&request,
request,
)

resultsCh <- runner.Run(ctx, checkFn)
Expand All @@ -89,12 +80,12 @@ func getRepoCommitHash(r clients.RepoClient) (string, error) {
return commits[0].SHA, nil
}

// RunScorecard runs enabled Scorecard checks on a Repo.
func RunScorecard(ctx context.Context,
func runScorecard(ctx context.Context,
repo clients.Repo,
commitSHA string,
commitDepth int,
checksToRun checker.CheckNameToFnMap,
probesToRun []string,
repoClient clients.RepoClient,
ossFuzzRepoClient clients.RepoClient,
ciiClient clients.CIIBestPracticesClient,
Expand Down Expand Up @@ -150,9 +141,27 @@ func RunScorecard(ctx context.Context,
"repository.defaultBranch": defaultBranch,
}

go runEnabledChecks(ctx, repo, &ret.RawResults, checksToRun,
repoClient, ossFuzzRepoClient,
ciiClient, vulnsClient, resultsCh)
request := &checker.CheckRequest{
Ctx: ctx,
RepoClient: repoClient,
OssFuzzRepo: ossFuzzRepoClient,
CIIClient: ciiClient,
VulnerabilitiesClient: vulnsClient,
Repo: repo,
RawResults: &ret.RawResults,
}

// If the user runs probes
if len(probesToRun) > 0 {
err = runEnabledProbes(request, probesToRun, &ret)
if err != nil {
return ScorecardResult{}, err
}
return ret, nil
}

// If the user runs checks
go runEnabledChecks(ctx, repo, request, checksToRun, resultsCh)

for result := range resultsCh {
ret.Checks = append(ret.Checks, result)
Expand All @@ -176,3 +185,81 @@ func RunScorecard(ctx context.Context,
}
return ret, nil
}

func runEnabledProbes(request *checker.CheckRequest,
probesToRun []string,
ret *ScorecardResult,
) error {
// Add RawResults to request
err := populateRawResults(request, probesToRun, ret)
if err != nil {
return err
}

probeFindings := make([]finding.Finding, 0)
for _, probeName := range probesToRun {
// Get the probe Run func
probeRunner, err := probes.GetProbeRunner(probeName)
if err != nil {
msg := fmt.Sprintf("could not find probe: %s", probeName)
return sce.WithMessage(sce.ErrScorecardInternal, msg)
}
// Run probe
findings, _, err := probeRunner(&ret.RawResults)
if err != nil {
return sce.WithMessage(sce.ErrScorecardInternal, "ending run")
}
probeFindings = append(probeFindings, findings...)
}
ret.Findings = probeFindings
return nil
}

// RunScorecard runs enabled Scorecard checks on a Repo.
func RunScorecard(ctx context.Context,
repo clients.Repo,
commitSHA string,
commitDepth int,
checksToRun checker.CheckNameToFnMap,
repoClient clients.RepoClient,
ossFuzzRepoClient clients.RepoClient,
ciiClient clients.CIIBestPracticesClient,
vulnsClient clients.VulnerabilitiesClient,
) (ScorecardResult, error) {
return runScorecard(ctx,
repo,
commitSHA,
commitDepth,
checksToRun,
[]string{},
repoClient,
ossFuzzRepoClient,
ciiClient,
vulnsClient,
)
}

// ExperimentalRunProbes is experimental. Do not depend on it, it may be removed at any point.
func ExperimentalRunProbes(ctx context.Context,
repo clients.Repo,
commitSHA string,
commitDepth int,
checksToRun checker.CheckNameToFnMap,
probesToRun []string,
repoClient clients.RepoClient,
ossFuzzRepoClient clients.RepoClient,
ciiClient clients.CIIBestPracticesClient,
vulnsClient clients.VulnerabilitiesClient,
) (ScorecardResult, error) {
return runScorecard(ctx,
repo,
commitSHA,
commitDepth,
checksToRun,
probesToRun,
repoClient,
ossFuzzRepoClient,
ciiClient,
vulnsClient,
)
}
Loading

0 comments on commit 3ce1daa

Please sign in to comment.