scorecard/checks/security_policy.go

// Copyright 2020 Security Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package checks

import (
	"github.com/ossf/scorecard/v4/checker"
	"github.com/ossf/scorecard/v4/checks/evaluation"
	"github.com/ossf/scorecard/v4/checks/raw"
	sce "github.com/ossf/scorecard/v4/errors"
)

// CheckSecurityPolicy is the registred name for SecurityPolicy.
const CheckSecurityPolicy = "Security-Policy"

//nolint:gochecknoinits
func init() {
	supportedRequestTypes := []checker.RequestType{
		checker.CommitBased,
	}
	if err := registerCheck(CheckSecurityPolicy, SecurityPolicy, supportedRequestTypes); err != nil {
		// This should never happen.
		panic(err)
	}
}

// SecurityPolicy runs Security-Policy check.
func SecurityPolicy(c *checker.CheckRequest) checker.CheckResult {
	rawData, err := raw.SecurityPolicy(c)
	if err != nil {
		e := sce.WithMessage(sce.ErrScorecardInternal, err.Error())
		return checker.CreateRuntimeErrorResult(CheckSecurityPolicy, e)
	}

	// Set the raw results.
	if c.RawResults != nil {
		c.RawResults.SecurityPolicyResults = rawData
	}

	return evaluation.SecurityPolicy(CheckSecurityPolicy, c.Dlogger, &rawData)
}
Add license header and code of conduct files. (#34) * Add license header and code of conduct files. * Fill missing field. 2020-10-26 23:22:13 +03:00			`// Copyright 2020 Security Scorecard Authors`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

Initial commit. 2020-10-09 17:47:59 +03:00			`package checks`

			`import (`
:sparkles: Migrate to v4 2022-01-12 22:49:01 +03:00			`"github.com/ossf/scorecard/v4/checker"`
			`"github.com/ossf/scorecard/v4/checks/evaluation"`
			`"github.com/ossf/scorecard/v4/checks/raw"`
			`sce "github.com/ossf/scorecard/v4/errors"`
Initial commit. 2020-10-09 17:47:59 +03:00			`)`

Export registered check names (#518) Co-authored-by: Azeem Shaikh <azeems@google.com> 2021-05-28 00:54:34 +03:00			`// CheckSecurityPolicy is the registred name for SecurityPolicy.`
			`const CheckSecurityPolicy = "Security-Policy"`
🌱 : Reduce code duplication for follow-up cron refactoring (#338) * :sparkles: Refactor to reduce code duplication * :sparkles: * Move lib/ back to checker/ * Move lib/ back to checker/ * Move lib/ back to checker/ * Address PR comments. * Addressing PR comments. * Avoid printing `ShouldRetry` and `Error` in output JSON. * Fix JSON output. Co-authored-by: Azeem Shaikh <azeems@google.com> 2021-04-10 15:26:56 +03:00
🌱Fix lint issues: gochecknoinits linter (#485) * Fix lint issues: gochecknoinits linter * Fix lint issues: gochecknoinits linter 2021-05-22 20:19:52 +03:00			`//nolint:gochecknoinits`
Initial commit. 2020-10-09 17:47:59 +03:00			`func init() {`
Only run allowed checks in different modes (#1579) Co-authored-by: Azeem Shaikh <azeems@google.com> 2022-02-08 03:49:49 +03:00			`supportedRequestTypes := []checker.RequestType{`
Mark `License`, `Security-Policy` as commit-based (#1711) Co-authored-by: Azeem Shaikh <azeems@google.com> 2022-03-04 20:24:06 +03:00			`checker.CommitBased,`
Only run allowed checks in different modes (#1579) Co-authored-by: Azeem Shaikh <azeems@google.com> 2022-02-08 03:49:49 +03:00			`}`
			`if err := registerCheck(CheckSecurityPolicy, SecurityPolicy, supportedRequestTypes); err != nil {`
:sparkles: Unit test for all_checks Addresses https://github.com/ossf/scorecard/issues/435 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> 2022-01-13 01:14:18 +03:00			`// This should never happen.`
			`panic(err)`
			`}`
Initial commit. 2020-10-09 17:47:59 +03:00			`}`

Enable revive linters which are used in google3 (#793) Co-authored-by: Azeem Shaikh <azeems@google.com> 2021-08-01 01:31:34 +03:00			`// SecurityPolicy runs Security-Policy check.`
:bug: Fix linting issues (1 of n) (#348) * Fix lint issues: whitespace linter * Fix lint issues: wrapcheck linter * Fix lint issues: errcheck linter * Fix lint issues: paralleltest linter * Fix lint issues: gocritic linter Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter. gocritic also prefers regexp.MustCompile over Compile when the pattern is a const 2021-04-19 22:18:34 +03:00			`func SecurityPolicy(c *checker.CheckRequest) checker.CheckResult {`
✨ [DRAFT: RAW]: Security policy support (#1372) * raw sec policy * missing file * fix validation of check.yml * updates * comments * dea code * comments 2021-12-15 02:51:42 +03:00			`rawData, err := raw.SecurityPolicy(c)`
✨ [migration to score] 7: CI-Test, CII Best practices, security policy file (#733) * ci, cii, sec file * linter * check doc * typo * fix * comments * linter * fix sast * fix score calc 2021-07-22 18:37:31 +03:00			`if err != nil {`
✨ [DRAFT: RAW]: Security policy support (#1372) * raw sec policy * missing file * fix validation of check.yml * updates * comments * dea code * comments 2021-12-15 02:51:42 +03:00			`e := sce.WithMessage(sce.ErrScorecardInternal, err.Error())`
			`return checker.CreateRuntimeErrorResult(CheckSecurityPolicy, e)`
Initial commit. 2020-10-09 17:47:59 +03:00			`}`
feat-Reduced GitHub API calls for security check Reduced the number of calls to GitHub API from 16 to max of 2 calls. Utilized tar ball to download and check for the contents of those files. 2021-02-26 04:49:30 +03:00
✨ [DRAFT: RAW]: Security policy support (#1372) * raw sec policy * missing file * fix validation of check.yml * updates * comments * dea code * comments 2021-12-15 02:51:42 +03:00			`// Set the raw results.`
			`if c.RawResults != nil {`
			`c.RawResults.SecurityPolicyResults = rawData`
Remove Owner/Repo strings from CheckRequest (#997) Co-authored-by: Azeem Shaikh <azeems@google.com> 2021-09-10 20:13:14 +03:00			`}`
feat-Reduced GitHub API calls for security check Reduced the number of calls to GitHub API from 16 to max of 2 calls. Utilized tar ball to download and check for the contents of those files. 2021-02-26 04:49:30 +03:00
✨ [DRAFT: RAW]: Security policy support (#1372) * raw sec policy * missing file * fix validation of check.yml * updates * comments * dea code * comments 2021-12-15 02:51:42 +03:00			`return evaluation.SecurityPolicy(CheckSecurityPolicy, c.Dlogger, &rawData)`
:sparkles: Included security.rst as SecurityPolicy * Included security.rst as name check for security policy. 2021-07-04 21:54:09 +03:00			`}`