2020-10-26 23:22:13 +03:00
|
|
|
// Copyright 2020 Security Scorecard Authors
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2020-10-09 17:47:59 +03:00
|
|
|
package checks
|
|
|
|
|
|
|
|
import (
|
2020-10-17 09:20:46 +03:00
|
|
|
"path"
|
|
|
|
|
2020-10-09 17:47:59 +03:00
|
|
|
"github.com/dlorenc/scorecard/checker"
|
|
|
|
"github.com/google/go-github/v32/github"
|
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
2020-10-17 09:20:46 +03:00
|
|
|
registerCheck("Security-Policy", SecurityPolicy)
|
2020-10-09 17:47:59 +03:00
|
|
|
}
|
|
|
|
|
2020-10-17 09:20:46 +03:00
|
|
|
func SecurityPolicy(c checker.Checker) checker.CheckResult {
|
|
|
|
for _, securityFile := range []string{"SECURITY.md", "security.md"} {
|
|
|
|
for _, dirs := range []string{"", ".github", "docs"} {
|
|
|
|
fp := path.Join(dirs, securityFile)
|
|
|
|
dc, err := c.Client.Repositories.DownloadContents(c.Ctx, c.Owner, c.Repo, fp, &github.RepositoryContentGetOptions{})
|
|
|
|
if err != nil {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
dc.Close()
|
|
|
|
c.Logf("security policy found: %s", fp)
|
|
|
|
return checker.CheckResult{
|
|
|
|
Pass: true,
|
|
|
|
Confidence: 10,
|
|
|
|
}
|
2020-10-09 17:47:59 +03:00
|
|
|
}
|
|
|
|
}
|
2020-10-13 18:35:55 +03:00
|
|
|
return checker.CheckResult{
|
2020-10-09 17:47:59 +03:00
|
|
|
Pass: false,
|
|
|
|
Confidence: 10,
|
|
|
|
}
|
|
|
|
}
|