Skip to content

Commit

Permalink
Merge branch 'main' into patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
spencerschrock authored Dec 12, 2023
2 parents 55b8c7e + 3ce1daa commit 6ad47ab
Show file tree
Hide file tree
Showing 134 changed files with 4,553 additions and 1,658 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/depsreview.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,4 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3
uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4
2 changes: 1 addition & 1 deletion .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
fetch-depth: 2 # needed to diff changed files
- id: files
name: Get changed files
uses: tj-actions/changed-files@25ef3926d147cd02fc7e931c1ef50772bbb0d25d #v40.1.1
uses: tj-actions/changed-files@1c938490c880156b746568a518594309cfb3f66b #v40.2.1
with:
files_ignore: '**.md'
- id: docs_only_check
Expand Down
17 changes: 6 additions & 11 deletions .github/workflows/scdiff.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,15 +49,10 @@ jobs:
https://gitlab.com/baserow/baserow
https://gitlab.com/cryptsetup/cryptsetup
EOF
# use shell syntax to escape, since the checks arg goes to CLI when calling scdiff
- name: escape comment body
id: comment
env:
BODY: ${{ github.event.comment.body }}
run: |
echo "body=$BODY" >> $GITHUB_OUTPUT
- name: configure scdiff
id: config
env:
COMMENT_BODY: ${{ github.event.comment.body }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
Expand All @@ -76,13 +71,13 @@ jobs:
core.setOutput('head', response.data.head.sha)
checks = '""'
const commentBody = '${{ steps.comment.outputs.body }}'
const commentBody = process.env.COMMENT_BODY
const regex = /\/scdiff generate ([^ ]+)/;
const found = commentBody.match(regex);
if (found && found.length == 2) {
checks = found[1]
}
core.setOutput('checks', checks)
core.exportVariable('SCORECARD_CHECKS', checks)
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ steps.config.outputs.base }}
Expand All @@ -98,7 +93,7 @@ jobs:
run: |
go run cmd/internal/scdiff/main.go generate \
--repos $HOME/repos.txt \
--checks ${{ steps.config.outputs.checks }} > $HOME/before.json
--checks $SCORECARD_CHECKS > $HOME/before.json
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ steps.config.outputs.head }}
Expand All @@ -109,7 +104,7 @@ jobs:
run: |
go run cmd/internal/scdiff/main.go generate \
--repos $HOME/repos.txt \
--checks ${{ steps.config.outputs.checks }} > $HOME/after.json
--checks $SCORECARD_CHECKS > $HOME/after.json
- name: compare results
run: |
go run cmd/internal/scdiff/main.go compare $HOME/before.json $HOME/after.json
2 changes: 1 addition & 1 deletion .github/workflows/verify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,6 @@ jobs:

- name: Verifier action
id: verifier
uses: kubernetes-sigs/kubebuilder-release-tools@3c3411345eedc489d1022288aa844691e92a9c29 # v0.4.2
uses: kubernetes-sigs/kubebuilder-release-tools@012269a88fa4c034a0acf1ba84c26b195c0dbab4 # v0.4.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
4 changes: 3 additions & 1 deletion .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ issues:
- funlen
- goconst
- gocyclo
- goerr113
- lll
- wrapcheck
skip-files:
- cron/data/request.pb.go # autogenerated
linters:
Expand Down Expand Up @@ -72,7 +75,6 @@ linters:
- wrapcheck
disable:
- exhaustruct # initializing every struct makes tests longer without much benefit (spencerschrock)
- paralleltest # need to investigate rate limit issues before re-enabling? (#2527)
- testpackage # tests don't need their own package (spencerschrock)
presets:
- bugs
Expand Down
17 changes: 11 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
- [Default Scorecard Checks](#scorecard-checks)
- [Detailed Check Documentation](docs/checks.md) (Scoring Criteria, Risks, and
Remediation)
- [Beginner's Guide to Scorecard Checks](#beginners-guide-to-scorecard-checks)

## Other Important Recommendations
- [Two-factor Authentication (2FA)](#two-factor-authentication-2fa)
Expand Down Expand Up @@ -94,14 +95,14 @@ metrics. Prominent projects that use Scorecard include:

### View a Project's Score

To see scores for projects regularly scanned by Scorecard, navigate to the webviewer, replacing the placeholder text with the platform, user/org, and repository name:
To see scores for projects regularly scanned by Scorecard, navigate to the webviewer, replacing the placeholder text with the platform, user/org, and repository name:
https://securityscorecards.dev/viewer/?uri=<github_or_gitlab>.com/<user_name_or_org>/<repository_name>.

For example:
For example:
- [https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
- [https://securityscorecards.dev/viewer/?uri=gitlab.com/fdroid/fdroidclient](https://securityscorecards.dev/viewer/?uri=gitlab.com/fdroid/fdroidclient)

To view scores for projects not included in the webviewer, use the [Scorecard CLI](#scorecard-command-line-interface).
To view scores for projects not included in the webviewer, use the [Scorecard CLI](#scorecard-command-line-interface).

### Public Data

Expand Down Expand Up @@ -506,6 +507,10 @@ Name | Description | Risk Level | Token Req
To see detailed information about each check, its scoring criteria, and
remediation steps, check out the [checks documentation page](docs/checks.md).

### Beginner's Guide to Scorecard Checks

For a guide to the checks you should use when getting started, see the [beginner's guide to scorecard checks](docs/beginner-checks.md).

## Other Important Recommendations

### Two-factor Authentication (2FA)
Expand Down Expand Up @@ -593,13 +598,13 @@ To report a security issue, please follow instructions [here](SECURITY.md).

### Join the Scorecards Project Meeting

#### Zoom
#### Zoom

We meet every other Thursday - 4p ET on this [zoom link](https://zoom.us/j/98835923979?pwd=RG5JZ3czZEtmRDlGdms0ZktmMFQvUT09).
We meet every other Thursday - 4p ET on this [zoom link](https://zoom.us/j/98835923979?pwd=RG5JZ3czZEtmRDlGdms0ZktmMFQvUT09).

#### Agenda

You can see the [agenda and meeting notes here](https://docs.google.com/document/d/1b6d3CVJLsl7YnTE7ZaZQHdkdYIvuOQ8rzAmvVdypOWM/edit?usp=sharing).
You can see the [agenda and meeting notes here](https://docs.google.com/document/d/1b6d3CVJLsl7YnTE7ZaZQHdkdYIvuOQ8rzAmvVdypOWM/edit?usp=sharing).


## Stargazers over time
Expand Down
62 changes: 30 additions & 32 deletions attestor/command/cli_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,43 +20,41 @@ import (
)

func Test_addSignFlags(t *testing.T) {
t.Parallel()
type args struct {
cmd *cobra.Command
}
testName := "Test addSignFlags"
testArgs := args{
cmd: &cobra.Command{},
}

t.Run(testName, func(t *testing.T) {
addSignFlags(testArgs.cmd)
// persistent flags of Image being set has to be tested in the integration test
if testArgs.cmd.PersistentFlags().Lookup("image") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'image'")
}
if testArgs.cmd.PersistentFlags().Lookup("attestation-project") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'attestation-project'")
}
if testArgs.cmd.PersistentFlags().Lookup("overwrite") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'overwrite'")
}
if testArgs.cmd.PersistentFlags().Lookup("kms-key-name") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'kms-key-name'")
}
if testArgs.cmd.PersistentFlags().Lookup("kms-digest-alg") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'kms-digest-alg'")
}
if testArgs.cmd.PersistentFlags().Lookup("pgp-private-key") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'pgp-private-key'")
}
if testArgs.cmd.PersistentFlags().Lookup("pgp-passphrase") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'pgp-passphrase'")
}
if testArgs.cmd.PersistentFlags().Lookup("pkix-private-key") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'pkix-private-key'")
}
if testArgs.cmd.PersistentFlags().Lookup("pkix-alg") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'pkix-alg'")
}
})
addSignFlags(testArgs.cmd)
// persistent flags of Image being set has to be tested in the integration test
if testArgs.cmd.PersistentFlags().Lookup("image") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'image'")
}
if testArgs.cmd.PersistentFlags().Lookup("attestation-project") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'attestation-project'")
}
if testArgs.cmd.PersistentFlags().Lookup("overwrite") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'overwrite'")
}
if testArgs.cmd.PersistentFlags().Lookup("kms-key-name") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'kms-key-name'")
}
if testArgs.cmd.PersistentFlags().Lookup("kms-digest-alg") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'kms-digest-alg'")
}
if testArgs.cmd.PersistentFlags().Lookup("pgp-private-key") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'pgp-private-key'")
}
if testArgs.cmd.PersistentFlags().Lookup("pgp-passphrase") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'pgp-passphrase'")
}
if testArgs.cmd.PersistentFlags().Lookup("pkix-private-key") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'pkix-private-key'")
}
if testArgs.cmd.PersistentFlags().Lookup("pkix-alg") == nil {
t.Errorf("addSignFlags() did not add persistent flag 'pkix-alg'")
}
}
14 changes: 11 additions & 3 deletions checker/check_result_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,14 @@ func TestCreateProportionalScore(t *testing.T) {
},
want: 5,
},
{
name: "2 and 5",
args: args{
success: 2,
total: 5,
},
want: 4,
},
}
for _, tt := range tests {
tt := tt
Expand Down Expand Up @@ -545,7 +553,7 @@ func TestCreateProportionalScoreResult(t *testing.T) {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
if got := CreateProportionalScoreResult(tt.args.name, tt.args.reason, tt.args.b, tt.args.t); !cmp.Equal(got, tt.want) { //nolint:lll
if got := CreateProportionalScoreResult(tt.args.name, tt.args.reason, tt.args.b, tt.args.t); !cmp.Equal(got, tt.want) {
t.Errorf("CreateProportionalScoreResult() = %v, want %v", got, cmp.Diff(got, tt.want))
}
})
Expand Down Expand Up @@ -714,14 +722,14 @@ func TestCreateRuntimeErrorResult(t *testing.T) {
name: "empty",
args: args{
name: "",
e: errors.New("runtime error"), //nolint:goerr113
e: errors.New("runtime error"),
},
want: CheckResult{
Name: "",
Reason: "runtime error",
Score: -1,
Version: 2,
Error: errors.New("runtime error"), //nolint:goerr113
Error: errors.New("runtime error"),
},
},
}
Expand Down
2 changes: 1 addition & 1 deletion checker/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func TestGetClients(t *testing.T) {
t.Setenv("GH_HOST", "github.corp.com")
t.Setenv("GH_TOKEN", "PAT")
}
got, repoClient, ossFuzzClient, ciiClient, vulnsClient, err := GetClients(tt.args.ctx, tt.args.repoURI, tt.args.localURI, tt.args.logger) //nolint:lll
got, repoClient, ossFuzzClient, ciiClient, vulnsClient, err := GetClients(tt.args.ctx, tt.args.repoURI, tt.args.localURI, tt.args.logger)
if (err != nil) != tt.wantErr {
t.Fatalf("GetClients() error = %v, wantErr %v", err, tt.wantErr)
}
Expand Down
6 changes: 6 additions & 0 deletions checker/detail_logger_impl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
)

func Test_logger_Info(t *testing.T) {
t.Parallel()
l := &logger{
logs: []CheckDetail{},
}
Expand All @@ -28,6 +29,7 @@ func Test_logger_Info(t *testing.T) {
}

func Test_logger_Warn(t *testing.T) {
t.Parallel()
l := &logger{
logs: []CheckDetail{},
}
Expand All @@ -38,6 +40,7 @@ func Test_logger_Warn(t *testing.T) {
}

func Test_logger_Flush(t *testing.T) {
t.Parallel()
l := &logger{
logs: []CheckDetail{},
}
Expand All @@ -52,6 +55,7 @@ func Test_logger_Flush(t *testing.T) {
}

func Test_logger_Logs(t *testing.T) {
t.Parallel()
l := &logger{
logs: []CheckDetail{},
}
Expand All @@ -62,6 +66,7 @@ func Test_logger_Logs(t *testing.T) {
}

func Test_logger_Debug(t *testing.T) {
t.Parallel()
l := &logger{
logs: []CheckDetail{},
}
Expand All @@ -72,6 +77,7 @@ func Test_logger_Debug(t *testing.T) {
}

func TestNewLogger(t *testing.T) {
t.Parallel()
l := NewLogger()
if l == nil {
t.Errorf("expected non-nil logger, got nil")
Expand Down
1 change: 1 addition & 0 deletions checker/raw_result_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
)

func TestFile_Location(t *testing.T) {
t.Parallel()
file := File{
Type: finding.FileTypeSource,
Path: "bar.go",
Expand Down
19 changes: 13 additions & 6 deletions checks/binary_artifact.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ import (
"github.com/ossf/scorecard/v4/checks/evaluation"
"github.com/ossf/scorecard/v4/checks/raw"
sce "github.com/ossf/scorecard/v4/errors"
"github.com/ossf/scorecard/v4/probes"
"github.com/ossf/scorecard/v4/probes/zrunner"
)

// CheckBinaryArtifacts is the exported name for Binary-Artifacts check.
Expand All @@ -38,17 +40,22 @@ func init() {

// BinaryArtifacts will check the repository contains binary artifacts.
func BinaryArtifacts(c *checker.CheckRequest) checker.CheckResult {
rawData, err := raw.BinaryArtifacts(c.RepoClient)
rawData, err := raw.BinaryArtifacts(c)
if err != nil {
e := sce.WithMessage(sce.ErrScorecardInternal, err.Error())
return checker.CreateRuntimeErrorResult(CheckBinaryArtifacts, e)
}

// Return raw results.
if c.RawResults != nil {
c.RawResults.BinaryArtifactResults = rawData
// Set the raw results.
pRawResults := getRawResults(c)
pRawResults.BinaryArtifactResults = rawData

// Evaluate the probes.
findings, err := zrunner.Run(pRawResults, probes.BinaryArtifacts)
if err != nil {
e := sce.WithMessage(sce.ErrScorecardInternal, err.Error())
return checker.CreateRuntimeErrorResult(CheckBinaryArtifacts, e)
}

// Return the score evaluation.
return evaluation.BinaryArtifacts(CheckBinaryArtifacts, c.Dlogger, &rawData)
return evaluation.BinaryArtifacts(CheckBinaryArtifacts, findings, c.Dlogger)
}
Loading

0 comments on commit 6ad47ab

Please sign in to comment.