From 6ea9c8d2a2a30a25c30cca4321d32ac957283106 Mon Sep 17 00:00:00 2001 From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Date: Wed, 6 Dec 2023 00:08:19 +0000 Subject: [PATCH] :seedling: Pinned dependencies: create findings from processing errors (#3711) * :seedling: refactor pinned dependencies Signed-off-by: AdamKorcz * remove remediation from test Signed-off-by: AdamKorcz * :seedling: create findings from processing errors Signed-off-by: Adam Korczynski * correct style of loop Signed-off-by: Adam Korczynski --------- Signed-off-by: AdamKorcz Signed-off-by: Adam Korczynski --- checks/evaluation/pinned_dependencies.go | 41 +++++++++++++++--------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/checks/evaluation/pinned_dependencies.go b/checks/evaluation/pinned_dependencies.go index 762a4359073..5583c846054 100644 --- a/checks/evaluation/pinned_dependencies.go +++ b/checks/evaluation/pinned_dependencies.go @@ -92,10 +92,21 @@ func probeRemToRuleRem(rem *probe.Remediation) *rule.Remediation { } } -func dependenciesToFindings(deps []checker.Dependency) ([]finding.Finding, error) { +func dependenciesToFindings(r *checker.PinningDependenciesData) ([]finding.Finding, error) { findings := make([]finding.Finding, 0) - for i := range deps { - rr := deps[i] + + for i := range r.ProcessingErrors { + e := r.ProcessingErrors[i] + f := finding.Finding{ + Message: generateTextIncompleteResults(e), + Location: &e.Location, + Outcome: finding.OutcomeNotAvailable, + } + findings = append(findings, f) + } + + for i := range r.Dependencies { + rr := r.Dependencies[i] if rr.Location == nil { if rr.Msg == nil { e := sce.WithMessage(sce.ErrScorecardInternal, "empty File field") @@ -199,24 +210,15 @@ func PinningDependencies(name string, c *checker.CheckRequest, pr := make(map[checker.DependencyUseType]pinnedResult) dl := c.Dlogger - for _, e := range r.ProcessingErrors { - e := e - dl.Info(&checker.LogMessage{ - Finding: &finding.Finding{ - Message: generateTextIncompleteResults(e), - Location: &e.Location, - }, - }) - } - - findings, err := dependenciesToFindings(r.Dependencies) + findings, err := dependenciesToFindings(r) if err != nil { return checker.CreateRuntimeErrorResult(name, err) } for i := range findings { f := findings[i] - if f.Outcome == finding.OutcomeNotApplicable { + switch f.Outcome { + case finding.OutcomeNotApplicable: if f.Location != nil { dl.Debug(&checker.LogMessage{ Path: f.Location.Path, @@ -232,7 +234,7 @@ func PinningDependencies(name string, c *checker.CheckRequest, }) } continue - } else if f.Outcome == finding.OutcomeNegative { + case finding.OutcomeNegative: lm := &checker.LogMessage{ Path: f.Location.Path, Type: f.Location.Type, @@ -246,6 +248,13 @@ func PinningDependencies(name string, c *checker.CheckRequest, lm.Remediation = probeRemToRuleRem(f.Remediation) } dl.Warn(lm) + case finding.OutcomeNotAvailable: + dl.Info(&checker.LogMessage{ + Finding: &f, + }) + continue + default: + // ignore } updatePinningResults(intToDepType[f.Values["dependencyType"]], f.Outcome, f.Location.Snippet,