Skip to content

Commit

Permalink
Ignore users called sponsors for github repos. Remove the set and jus…
Browse files Browse the repository at this point in the history
…t check there is a single valid url

Signed-off-by: Josh Cogan <[email protected]>
  • Loading branch information
joshgc committed Aug 24, 2023
1 parent 2dba072 commit 17857e0
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 31 deletions.
95 changes: 64 additions & 31 deletions cmd/package_managers.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,39 @@ import (
sce "github.com/ossf/scorecard/v4/errors"
)

var _GITHUB_DOMAIN_REGEXP = regexp.MustCompile(`^https?://github.com/([^/]+)/([^/.]+)`)
var _GITHUB_SUBDOMAIN_REGEXP = regexp.MustCompile(`^https?://([^.]+).github.io/([^/.]+).*`)
var _GITLAB_DOMAIN_REGEXP = regexp.MustCompile(`^https?://gitlab.com/([^/]+)/([^/.]+)`)
var _GITHUB_DOMAIN_REGEXP = regexp.MustCompile(`^https?://github[.]com/([^/]+)/([^/.]+)`)
var _GITHUB_SUBDOMAIN_REGEXP = regexp.MustCompile(`^https?://([^.]+)[.]github[.]io/([^/.]+).*`)
var _GITLAB_DOMAIN_REGEXP = regexp.MustCompile(`^https?://gitlab[.]com/([^/]+)/([^/.]+)`)

func makeGithubRepo(urlAndPathParts []string) string {
if len(urlAndPathParts) < 3 {
return ""
}
if urlAndPathParts[1] == "sponsors" {
return ""
}
return fmt.Sprintf("https://github.com/%s/%s", urlAndPathParts[1], urlAndPathParts[2])
}

var _PYPI_MATCHERS = []func(string) string{
func(url string) string {
match := _GITHUB_DOMAIN_REGEXP.FindStringSubmatch(url)
return makeGithubRepo(match)
},

func(url string) string {
match := _GITHUB_SUBDOMAIN_REGEXP.FindStringSubmatch(url)
return makeGithubRepo(match)
},

func(url string) string {
match := _GITLAB_DOMAIN_REGEXP.FindStringSubmatch(url)
if len(match) >= 3 {
return fmt.Sprintf("https://gitlab.com/%s/%s", match[1], match[2])
}
return ""
},
}

type packageMangerResponse struct {
associatedRepo string
Expand Down Expand Up @@ -113,23 +143,23 @@ func fetchGitRepositoryFromNPM(packageName string, packageManager pmc.Client) (s
return v.Objects[0].Package.Links.Repository, nil
}

func repoIfValid(url string) string {
match := _GITHUB_DOMAIN_REGEXP.FindStringSubmatch(url)
if len(match) >= 3 {
return fmt.Sprintf("https://github.com/%s/%s", match[1], match[2])
}

match = _GITHUB_SUBDOMAIN_REGEXP.FindStringSubmatch(url)
if len(match) >= 3 {
return fmt.Sprintf("https://github.com/%s/%s", match[1], match[2])
}

match = _GITLAB_DOMAIN_REGEXP.FindStringSubmatch(url)
if len(match) >= 3 {
return fmt.Sprintf("https://gitlab.com/%s/%s", match[1], match[2])
}
return ""
}
// func repoIfValid(url string) string {
// match := _GITHUB_DOMAIN_REGEXP.FindStringSubmatch(url)
// if len(match) >= 3 {
// return fmt.Sprintf("https://github.com/%s/%s", match[1], match[2])
// }
//
// match = _GITHUB_SUBDOMAIN_REGEXP.FindStringSubmatch(url)
// if len(match) >= 3 {
// return fmt.Sprintf("https://github.com/%s/%s", match[1], match[2])
// }
//
// match = _GITLAB_DOMAIN_REGEXP.FindStringSubmatch(url)
// if len(match) >= 3 {
// return fmt.Sprintf("https://gitlab.com/%s/%s", match[1], match[2])
// }
// return ""
// }

func findGitRepositoryInPYPIResponse(packageName string, response io.Reader) (string, error) {
v := &pypiSearchResults{}
Expand All @@ -139,23 +169,26 @@ func findGitRepositoryInPYPIResponse(packageName string, response io.Reader) (st
}

v.Info.ProjectURLs["key_not_used"] = v.Info.ProjectURL
validURLs := make(map[string]any)
validURL := ""
for _, url := range v.Info.ProjectURLs {
if repo := repoIfValid(url); repo != "" {
validURLs[repo] = nil
for _, matcher := range _PYPI_MATCHERS {
if repo := matcher(url); repo != "" {
if validURL == "" {
validURL = repo
} else if validURL != repo {
return "", sce.WithMessage(sce.ErrScorecardInternal,
fmt.Sprintf("found too many possible source repos for pypi package: %s", packageName))
}
}
}
}

if len(validURLs) > 1 {
if validURL == "" {
return "", sce.WithMessage(sce.ErrScorecardInternal,
fmt.Sprintf("found too many possible source repos for pypi package: %s", packageName))
}

for url, _ := range validURLs {
return url, nil
fmt.Sprintf("could not find source repo for pypi package: %s", packageName))
} else {
return validURL, nil
}
return "", sce.WithMessage(sce.ErrScorecardInternal,
fmt.Sprintf("could not find source repo for pypi package: %s", packageName))
}

// Gets the GitHub repository URL for the pypi package.
Expand Down
1 change: 1 addition & 0 deletions cmd/package_managers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,7 @@ func Test_findGitRepositoryInPYPIResponse(t *testing.T) {
"project_url": "http://git_NOT_VALID_hub.com/htaslan/color",
"project_urls": {
"RandomKey": "https://github.com/htaslan/color/",
"SponsorsIgnored": "https://github.com/sponsors/htaslan",
"AnotherRandomKey": "http://git_NOT_VALID_hub.com/htaslan/color"
}
}
Expand Down

0 comments on commit 17857e0

Please sign in to comment.