scorecard/probes/topLevelPermissions/impl_test.go

// Copyright 2024 OpenSSF Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//nolint:stylecheck
package topLevelPermissions

import (
	"testing"

	"github.com/google/go-cmp/cmp"
	"github.com/google/go-cmp/cmp/cmpopts"

	"github.com/ossf/scorecard/v5/checker"
	"github.com/ossf/scorecard/v5/probes/internal/utils/test"
)

func Test_Run(t *testing.T) {
	t.Parallel()

	tests := test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "actions")

	tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "checks")...)
	tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "contents")...)
	tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "deployments")...)
	tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "packages")...)
	tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "security-events")...)

	for _, tt := range tests {
		tt := tt // Re-initializing variable so it is not changed while executing the closure below
		t.Run(tt.Name, func(t *testing.T) {
			t.Parallel()

			findings, s, err := Run(tt.Raw)
			if !cmp.Equal(tt.Err, err, cmpopts.EquateErrors()) {
				t.Errorf("mismatch (-want +got):\n%s", cmp.Diff(tt.Err, err, cmpopts.EquateErrors()))
			}
			if err != nil {
				return
			}
			if diff := cmp.Diff(Probe, s); diff != "" {
				t.Errorf("mismatch (-want +got):\n%s", diff)
			}
			test.AssertOutcomes(t, findings, tt.Outcomes)
		})
	}
}
:seedling: migrate token permission check to probes (#3816) * :seedling: migrate token permission check to probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * combine seperate write-probes into two that combine them all Signed-off-by: AdamKorcz <adam@adalogics.com> * change write probes to read and write Signed-off-by: AdamKorcz <adam@adalogics.com> * minor nit Signed-off-by: AdamKorcz <adam@adalogics.com> * remove WritaAll probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * Merge read-perm probe with job/top probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * minor refactoring Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues and restructure code Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove hasGitHubWorkflowPermissionNone probe Signed-off-by: Adam Korczynski <adam@adalogics.com> * Remove 'hasGitHubWorkflowPermissionUndeclared' probe Signed-off-by: Adam Korczynski <adam@adalogics.com> * bit of clean up Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce code complexity and remove comment Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify file location Signed-off-by: Adam Korczynski <adam@adalogics.com> * change probe text Signed-off-by: Adam Korczynski <adam@adalogics.com> * invert name of probe Signed-off-by: Adam Korczynski <adam@adalogics.com> * OutcomeNotApplicable -> OutcomeError Signed-off-by: Adam Korczynski <adam@adalogics.com> * OutcomeNotAvailable -> OutcomeNotApplicable Signed-off-by: Adam Korczynski <adam@adalogics.com> * more OutcomeNotAvailable -> OutcomeNotApplicable Signed-off-by: Adam Korczynski <adam@adalogics.com> * change name of 'notAvailableOrNotApplicable' Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * add comments to remediation fields Signed-off-by: Adam Korczynski <adam@adalogics.com> * add check for nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove the permissionLocation finding value Signed-off-by: Adam Korczynski <adam@adalogics.com> * rename checkAndLogNotAvailableOrNotApplicable to isBothUndeclaredAndNotAvailableOrNotApplicable Signed-off-by: Adam Korczynski <adam@adalogics.com> * use raw metadata for remediation output Signed-off-by: Adam Korczynski <adam@adalogics.com> * change 'branch' to 'defaultBranch' Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove unused fields in rule Remediation Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation Signed-off-by: Adam Korczynski <adam@adalogics.com> * change 'metadata.defaultBranch' to 'metadata.repository.defaultBranch' Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: Adam Korczynski <adam@adalogics.com> Signed-off-by: AdamKorcz <adam@adalogics.com> 2024-03-22 20:38:02 +03:00			`// Copyright 2024 OpenSSF Scorecard Authors`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`//nolint:stylecheck`
			`package topLevelPermissions`

			`import (`
			`"testing"`

			`"github.com/google/go-cmp/cmp"`
			`"github.com/google/go-cmp/cmp/cmpopts"`

:warning: Replace v4 module references with v5 (#4027) Signed-off-by: Spencer Schrock <sschrock@google.com> 2024-04-13 00:51:50 +03:00			`"github.com/ossf/scorecard/v5/checker"`
			`"github.com/ossf/scorecard/v5/probes/internal/utils/test"`
:seedling: migrate token permission check to probes (#3816) * :seedling: migrate token permission check to probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * combine seperate write-probes into two that combine them all Signed-off-by: AdamKorcz <adam@adalogics.com> * change write probes to read and write Signed-off-by: AdamKorcz <adam@adalogics.com> * minor nit Signed-off-by: AdamKorcz <adam@adalogics.com> * remove WritaAll probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * Merge read-perm probe with job/top probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * minor refactoring Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues and restructure code Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove hasGitHubWorkflowPermissionNone probe Signed-off-by: Adam Korczynski <adam@adalogics.com> * Remove 'hasGitHubWorkflowPermissionUndeclared' probe Signed-off-by: Adam Korczynski <adam@adalogics.com> * bit of clean up Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce code complexity and remove comment Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify file location Signed-off-by: Adam Korczynski <adam@adalogics.com> * change probe text Signed-off-by: Adam Korczynski <adam@adalogics.com> * invert name of probe Signed-off-by: Adam Korczynski <adam@adalogics.com> * OutcomeNotApplicable -> OutcomeError Signed-off-by: Adam Korczynski <adam@adalogics.com> * OutcomeNotAvailable -> OutcomeNotApplicable Signed-off-by: Adam Korczynski <adam@adalogics.com> * more OutcomeNotAvailable -> OutcomeNotApplicable Signed-off-by: Adam Korczynski <adam@adalogics.com> * change name of 'notAvailableOrNotApplicable' Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * add comments to remediation fields Signed-off-by: Adam Korczynski <adam@adalogics.com> * add check for nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove the permissionLocation finding value Signed-off-by: Adam Korczynski <adam@adalogics.com> * rename checkAndLogNotAvailableOrNotApplicable to isBothUndeclaredAndNotAvailableOrNotApplicable Signed-off-by: Adam Korczynski <adam@adalogics.com> * use raw metadata for remediation output Signed-off-by: Adam Korczynski <adam@adalogics.com> * change 'branch' to 'defaultBranch' Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove unused fields in rule Remediation Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation Signed-off-by: Adam Korczynski <adam@adalogics.com> * change 'metadata.defaultBranch' to 'metadata.repository.defaultBranch' Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: Adam Korczynski <adam@adalogics.com> Signed-off-by: AdamKorcz <adam@adalogics.com> 2024-03-22 20:38:02 +03:00			`)`

			`func Test_Run(t *testing.T) {`
			`t.Parallel()`

			`tests := test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "actions")`

			`tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "checks")...)`
			`tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "contents")...)`
			`tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "deployments")...)`
			`tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "packages")...)`
			`tests = append(tests, test.GetTests(checker.PermissionLocationTop, checker.PermissionLevelWrite, "security-events")...)`

			`for _, tt := range tests {`
			`tt := tt // Re-initializing variable so it is not changed while executing the closure below`
			`t.Run(tt.Name, func(t *testing.T) {`
			`t.Parallel()`

			`findings, s, err := Run(tt.Raw)`
			`if !cmp.Equal(tt.Err, err, cmpopts.EquateErrors()) {`
			`t.Errorf("mismatch (-want +got):\n%s", cmp.Diff(tt.Err, err, cmpopts.EquateErrors()))`
			`}`
			`if err != nil {`
			`return`
			`}`
			`if diff := cmp.Diff(Probe, s); diff != "" {`
			`t.Errorf("mismatch (-want +got):\n%s", diff)`
			`}`
			`test.AssertOutcomes(t, findings, tt.Outcomes)`
			`})`
			`}`
			`}`