2022-12-02 02:08:48 +03:00
|
|
|
// Copyright 2021 OpenSSF Scorecard Authors
|
2021-08-24 00:31:33 +03:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package pkg
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"fmt"
|
2021-11-12 22:34:46 +03:00
|
|
|
"os"
|
2023-12-28 18:43:13 +03:00
|
|
|
"reflect"
|
2021-08-24 00:31:33 +03:00
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
2022-02-15 21:26:06 +03:00
|
|
|
"github.com/google/go-cmp/cmp"
|
|
|
|
|
2024-04-13 00:51:50 +03:00
|
|
|
"github.com/ossf/scorecard/v5/checker"
|
:warning: Add initial Maintainers Annotation parsing (#3905)
* feat: Get maintainers annotation from repo
This commits adds functionality to read a scorecard.yml file from a repository and parse it to get the maintainers annotation. It introduces the concepts of exemptions, annotations, annotated checks, and annotation reasons.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Hand off maintainers annotation for SARIF
Hnad off maintainers annotation to SARIF formatting so it can decide to skip or not skip checks when creating the output.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: If check is annotated, skip in SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add other annotation reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add options to show maintainers annotations in output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in JSON
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param in SARIF
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in string default result
This commit changes how data is appended to the table rows. Previously, we defined the table columns size and added information to each index. To avoid complicating the calculation of the index now that we are adding another optional column, the data is appended to the row as needed.
Also, the maintainers annotation was chosen to be displayed as last column to give space for Scorecard official reasoning and documentation to appear first.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Ignore annotation if check has max score
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* doc: Add documentation for maintainers annotation
Introduce what flag should be used to show maintainers annotation and how to configure maintainers annotation for your repository.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: A maintainers annotation obj can verify if a check is exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Get annotations function can be private
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Find scorecard.yml file in the repository's root
Change to "GetFileContent" method since we're looking for a specific file instead of using "OnMatchingFileContentDo" method that looks files with a specific content.
This also removes the dependency from "checks/fileparser". This is necessary to move "IsCheckExempted" to checker.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: A check should know if it's exempted or not
Moving the verification "IsCheckExempted" from maintainers_annotation package to checker package. This way a check result will define, consulting maintainers annotation, if it is exempted or not.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Maintainers annotation can only be used in experimental mode
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Ignore if scorecard.yml does not exist
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Move complete mantainers annotation doc to feature folder
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Error logs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename AnnotationReason to Reason
Avoid repetition in variable references.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Reason documentation
Redo reason documentation as a switch case to be called when necessary instead of defining a global map. Another reason to redo this logic as switch is that switch should be more performatic then instantiating a local map.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename ScorecardYml to ScorecardConfig
This is a better generic name to reference Scorecard configuration file and leave the file format for the implementation.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Check name comparison
The EqualFold comparison is already case insensitive.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation folder/file to config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename and simplify parsing the config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Check parses its reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Is check exempted
Fix config struture renaming and collect all annotation reasons for a check. Don't stop in the first annotation that the check is exempted.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation to annotations
Renaming flags, function params, docs and fixing config renamings.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Separate annotations content from config parsing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Omit empty annotations in JSON results
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Read config file content
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: JSON2 result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: String result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Mock GetFileReader
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotation on Binary-Artifacts check
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts exempted for testing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts not exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: No checks exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exemption is outdated
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Improve reasons error comparison
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons in a single annotation
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons across annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: cmd show annotations flag doc
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add show annotations flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary function
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations string format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations json format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter fallthrough
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter imports
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter unnecessart struct type declaration
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter append combine
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter struct memory
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter improve error msg in run scorecard
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter dynamic errors
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Disable security alerts on SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Redirect to configuration doc on main README
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid check in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid reason in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exempt check on SARIF output clears runs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add check1 annotations json
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse error return empty config file not a "dirty" one
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse config error continue execution
We log the error to the user but continue execution with empty config.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Merge conflics importing rules
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Readd is experimental enabled method
This method is necessary to validate if experimental feature is enabled so it can activate show annotations feature.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Wrap config parse under experimental flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix unit test by removing unused mock call
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2024-04-23 23:15:12 +03:00
|
|
|
"github.com/ossf/scorecard/v5/config"
|
2024-04-13 00:51:50 +03:00
|
|
|
"github.com/ossf/scorecard/v5/finding"
|
|
|
|
"github.com/ossf/scorecard/v5/log"
|
|
|
|
"github.com/ossf/scorecard/v5/options"
|
|
|
|
spol "github.com/ossf/scorecard/v5/policy"
|
2021-08-24 00:31:33 +03:00
|
|
|
)
|
|
|
|
|
2021-09-10 01:09:39 +03:00
|
|
|
func sarifMockDocRead() *mockDoc {
|
|
|
|
d := map[string]mockCheck{
|
|
|
|
"Check-Name": {
|
|
|
|
name: "Check-Name",
|
2021-10-02 01:01:46 +03:00
|
|
|
risk: "High",
|
2021-09-10 01:09:39 +03:00
|
|
|
short: "short description",
|
|
|
|
description: "long description\n other line",
|
|
|
|
url: "https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-name",
|
|
|
|
tags: []string{"tag1", "tag2"},
|
2021-11-09 02:30:37 +03:00
|
|
|
repos: []string{"GitHub", "local"},
|
2021-09-10 01:09:39 +03:00
|
|
|
remediation: []string{"not-used1", "not-used2"},
|
|
|
|
},
|
|
|
|
"Check-Name2": {
|
|
|
|
name: "Check-Name2",
|
2021-10-02 01:01:46 +03:00
|
|
|
risk: "Medium",
|
2021-09-10 01:09:39 +03:00
|
|
|
short: "short description 2",
|
|
|
|
description: "long description\n other line 2",
|
|
|
|
url: "https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-name2",
|
|
|
|
tags: []string{" tag1 ", " tag2 ", "tag3"},
|
2021-11-09 02:30:37 +03:00
|
|
|
repos: []string{"GitHub", "local"},
|
2021-09-10 01:09:39 +03:00
|
|
|
remediation: []string{"not-used1", "not-used2"},
|
|
|
|
},
|
|
|
|
"Check-Name3": {
|
|
|
|
name: "Check-Name3",
|
2021-10-02 01:01:46 +03:00
|
|
|
risk: "Low",
|
2021-09-10 01:09:39 +03:00
|
|
|
short: "short description 3",
|
|
|
|
description: "long description\n other line 3",
|
|
|
|
url: "https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-name3",
|
|
|
|
tags: []string{" tag1", " tag2", "tag3", "tag 4 "},
|
2021-11-09 02:30:37 +03:00
|
|
|
repos: []string{"GitHub", "local"},
|
|
|
|
remediation: []string{"not-used1", "not-used2"},
|
|
|
|
},
|
|
|
|
"Check-Name4": {
|
|
|
|
name: "Check-Name4",
|
|
|
|
risk: "Low",
|
|
|
|
short: "short description 4",
|
|
|
|
description: "long description\n other line 4",
|
|
|
|
url: "https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-name4",
|
|
|
|
tags: []string{" tag1", " tag2", "tag3", "tag 4 "},
|
|
|
|
repos: []string{"GitHub"},
|
|
|
|
remediation: []string{"not-used1", "not-used2"},
|
|
|
|
},
|
|
|
|
"Check-Name5": {
|
|
|
|
name: "Check-Name5",
|
|
|
|
risk: "Low",
|
|
|
|
short: "short description 5",
|
|
|
|
description: "long description\n other line 5",
|
|
|
|
url: "https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-name5",
|
|
|
|
tags: []string{" tag1", " tag2", "tag3", "tag 4 "},
|
|
|
|
repos: []string{"local"},
|
|
|
|
remediation: []string{"not-used1", "not-used2"},
|
|
|
|
},
|
|
|
|
"Check-Name6": {
|
|
|
|
name: "Check-Name6",
|
|
|
|
risk: "Low",
|
|
|
|
short: "short description 6",
|
|
|
|
description: "long description\n other line 6",
|
|
|
|
url: "https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-name6",
|
|
|
|
tags: []string{" tag1", " tag2", "tag3", "tag 4 "},
|
|
|
|
repos: []string{"Git-local"},
|
2021-09-10 01:09:39 +03:00
|
|
|
remediation: []string{"not-used1", "not-used2"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
m := mockDoc{checks: d}
|
|
|
|
return &m
|
|
|
|
}
|
|
|
|
|
2021-08-26 04:42:34 +03:00
|
|
|
func TestSARIFOutput(t *testing.T) {
|
2021-08-24 00:31:33 +03:00
|
|
|
t.Parallel()
|
|
|
|
|
2021-09-01 20:29:40 +03:00
|
|
|
repoCommit := "68bc59901773ab4c051dfcea0cc4201a1567ab32"
|
|
|
|
scorecardCommit := "ccbc59901773ab4c051dfcea0cc4201a1567abdd"
|
|
|
|
scorecardVersion := "1.2.3"
|
|
|
|
repoName := "repo not used"
|
2021-08-24 00:31:33 +03:00
|
|
|
date, e := time.Parse(time.RFC822Z, "17 Aug 21 18:57 +0000")
|
|
|
|
if e != nil {
|
|
|
|
panic(fmt.Errorf("time.Parse: %w", e))
|
|
|
|
}
|
|
|
|
|
2021-09-10 01:09:39 +03:00
|
|
|
checkDocs := sarifMockDocRead()
|
|
|
|
|
2023-11-15 22:44:28 +03:00
|
|
|
//nolint:govet
|
2021-08-24 00:31:33 +03:00
|
|
|
tests := []struct {
|
:warning: Add initial Maintainers Annotation parsing (#3905)
* feat: Get maintainers annotation from repo
This commits adds functionality to read a scorecard.yml file from a repository and parse it to get the maintainers annotation. It introduces the concepts of exemptions, annotations, annotated checks, and annotation reasons.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Hand off maintainers annotation for SARIF
Hnad off maintainers annotation to SARIF formatting so it can decide to skip or not skip checks when creating the output.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: If check is annotated, skip in SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add other annotation reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add options to show maintainers annotations in output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in JSON
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param in SARIF
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in string default result
This commit changes how data is appended to the table rows. Previously, we defined the table columns size and added information to each index. To avoid complicating the calculation of the index now that we are adding another optional column, the data is appended to the row as needed.
Also, the maintainers annotation was chosen to be displayed as last column to give space for Scorecard official reasoning and documentation to appear first.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Ignore annotation if check has max score
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* doc: Add documentation for maintainers annotation
Introduce what flag should be used to show maintainers annotation and how to configure maintainers annotation for your repository.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: A maintainers annotation obj can verify if a check is exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Get annotations function can be private
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Find scorecard.yml file in the repository's root
Change to "GetFileContent" method since we're looking for a specific file instead of using "OnMatchingFileContentDo" method that looks files with a specific content.
This also removes the dependency from "checks/fileparser". This is necessary to move "IsCheckExempted" to checker.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: A check should know if it's exempted or not
Moving the verification "IsCheckExempted" from maintainers_annotation package to checker package. This way a check result will define, consulting maintainers annotation, if it is exempted or not.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Maintainers annotation can only be used in experimental mode
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Ignore if scorecard.yml does not exist
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Move complete mantainers annotation doc to feature folder
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Error logs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename AnnotationReason to Reason
Avoid repetition in variable references.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Reason documentation
Redo reason documentation as a switch case to be called when necessary instead of defining a global map. Another reason to redo this logic as switch is that switch should be more performatic then instantiating a local map.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename ScorecardYml to ScorecardConfig
This is a better generic name to reference Scorecard configuration file and leave the file format for the implementation.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Check name comparison
The EqualFold comparison is already case insensitive.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation folder/file to config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename and simplify parsing the config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Check parses its reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Is check exempted
Fix config struture renaming and collect all annotation reasons for a check. Don't stop in the first annotation that the check is exempted.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation to annotations
Renaming flags, function params, docs and fixing config renamings.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Separate annotations content from config parsing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Omit empty annotations in JSON results
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Read config file content
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: JSON2 result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: String result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Mock GetFileReader
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotation on Binary-Artifacts check
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts exempted for testing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts not exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: No checks exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exemption is outdated
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Improve reasons error comparison
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons in a single annotation
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons across annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: cmd show annotations flag doc
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add show annotations flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary function
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations string format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations json format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter fallthrough
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter imports
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter unnecessart struct type declaration
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter append combine
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter struct memory
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter improve error msg in run scorecard
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter dynamic errors
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Disable security alerts on SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Redirect to configuration doc on main README
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid check in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid reason in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exempt check on SARIF output clears runs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add check1 annotations json
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse error return empty config file not a "dirty" one
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse config error continue execution
We log the error to the user but continue execution with empty config.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Merge conflics importing rules
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Readd is experimental enabled method
This method is necessary to validate if experimental feature is enabled so it can activate show annotations feature.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Wrap config parse under experimental flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix unit test by removing unused mock call
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2024-04-23 23:15:12 +03:00
|
|
|
name string
|
|
|
|
expected string
|
|
|
|
showDetails bool
|
|
|
|
showAnotations bool
|
|
|
|
logLevel log.Level
|
|
|
|
result ScorecardResult
|
|
|
|
policy spol.ScorecardPolicy
|
2021-08-24 00:31:33 +03:00
|
|
|
}{
|
2022-05-06 22:52:30 +03:00
|
|
|
{
|
|
|
|
name: "check with detail remediation",
|
|
|
|
showDetails: true,
|
|
|
|
expected: "./testdata/check-remediation.sarif",
|
|
|
|
logLevel: log.DebugLevel,
|
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
|
|
|
"Check-Name": {
|
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
|
|
|
"Check-Name2": {
|
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_DISABLED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2022-05-06 22:52:30 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file1.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2022-05-06 22:52:30 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
2024-04-11 00:12:53 +03:00
|
|
|
Remediation: &finding.Remediation{
|
2023-01-31 05:41:36 +03:00
|
|
|
Markdown: "this is the custom markdown help",
|
|
|
|
Text: "this is the custom text help",
|
2022-05-06 22:52:30 +03:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 5,
|
|
|
|
Reason: "half score reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
name: "check-1",
|
|
|
|
showDetails: true,
|
|
|
|
expected: "./testdata/check1.sarif",
|
2022-01-21 02:57:39 +03:00
|
|
|
logLevel: log.DebugLevel,
|
2021-09-28 22:50:17 +03:00
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name2": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_DISABLED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file1.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 5,
|
|
|
|
Reason: "half score reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
:warning: Add initial Maintainers Annotation parsing (#3905)
* feat: Get maintainers annotation from repo
This commits adds functionality to read a scorecard.yml file from a repository and parse it to get the maintainers annotation. It introduces the concepts of exemptions, annotations, annotated checks, and annotation reasons.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Hand off maintainers annotation for SARIF
Hnad off maintainers annotation to SARIF formatting so it can decide to skip or not skip checks when creating the output.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: If check is annotated, skip in SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add other annotation reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add options to show maintainers annotations in output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in JSON
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param in SARIF
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in string default result
This commit changes how data is appended to the table rows. Previously, we defined the table columns size and added information to each index. To avoid complicating the calculation of the index now that we are adding another optional column, the data is appended to the row as needed.
Also, the maintainers annotation was chosen to be displayed as last column to give space for Scorecard official reasoning and documentation to appear first.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Ignore annotation if check has max score
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* doc: Add documentation for maintainers annotation
Introduce what flag should be used to show maintainers annotation and how to configure maintainers annotation for your repository.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: A maintainers annotation obj can verify if a check is exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Get annotations function can be private
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Find scorecard.yml file in the repository's root
Change to "GetFileContent" method since we're looking for a specific file instead of using "OnMatchingFileContentDo" method that looks files with a specific content.
This also removes the dependency from "checks/fileparser". This is necessary to move "IsCheckExempted" to checker.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: A check should know if it's exempted or not
Moving the verification "IsCheckExempted" from maintainers_annotation package to checker package. This way a check result will define, consulting maintainers annotation, if it is exempted or not.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Maintainers annotation can only be used in experimental mode
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Ignore if scorecard.yml does not exist
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Move complete mantainers annotation doc to feature folder
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Error logs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename AnnotationReason to Reason
Avoid repetition in variable references.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Reason documentation
Redo reason documentation as a switch case to be called when necessary instead of defining a global map. Another reason to redo this logic as switch is that switch should be more performatic then instantiating a local map.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename ScorecardYml to ScorecardConfig
This is a better generic name to reference Scorecard configuration file and leave the file format for the implementation.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Check name comparison
The EqualFold comparison is already case insensitive.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation folder/file to config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename and simplify parsing the config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Check parses its reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Is check exempted
Fix config struture renaming and collect all annotation reasons for a check. Don't stop in the first annotation that the check is exempted.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation to annotations
Renaming flags, function params, docs and fixing config renamings.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Separate annotations content from config parsing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Omit empty annotations in JSON results
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Read config file content
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: JSON2 result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: String result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Mock GetFileReader
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotation on Binary-Artifacts check
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts exempted for testing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts not exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: No checks exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exemption is outdated
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Improve reasons error comparison
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons in a single annotation
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons across annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: cmd show annotations flag doc
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add show annotations flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary function
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations string format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations json format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter fallthrough
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter imports
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter unnecessart struct type declaration
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter append combine
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter struct memory
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter improve error msg in run scorecard
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter dynamic errors
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Disable security alerts on SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Redirect to configuration doc on main README
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid check in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid reason in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exempt check on SARIF output clears runs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add check1 annotations json
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse error return empty config file not a "dirty" one
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse config error continue execution
We log the error to the user but continue execution with empty config.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Merge conflics importing rules
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Readd is experimental enabled method
This method is necessary to validate if experimental feature is enabled so it can activate show annotations feature.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Wrap config parse under experimental flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix unit test by removing unused mock call
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2024-04-23 23:15:12 +03:00
|
|
|
{
|
2024-06-15 02:21:56 +03:00
|
|
|
name: "annotated check defined but no results",
|
:warning: Add initial Maintainers Annotation parsing (#3905)
* feat: Get maintainers annotation from repo
This commits adds functionality to read a scorecard.yml file from a repository and parse it to get the maintainers annotation. It introduces the concepts of exemptions, annotations, annotated checks, and annotation reasons.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Hand off maintainers annotation for SARIF
Hnad off maintainers annotation to SARIF formatting so it can decide to skip or not skip checks when creating the output.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: If check is annotated, skip in SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add other annotation reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add options to show maintainers annotations in output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in JSON
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param in SARIF
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in string default result
This commit changes how data is appended to the table rows. Previously, we defined the table columns size and added information to each index. To avoid complicating the calculation of the index now that we are adding another optional column, the data is appended to the row as needed.
Also, the maintainers annotation was chosen to be displayed as last column to give space for Scorecard official reasoning and documentation to appear first.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Ignore annotation if check has max score
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* doc: Add documentation for maintainers annotation
Introduce what flag should be used to show maintainers annotation and how to configure maintainers annotation for your repository.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: A maintainers annotation obj can verify if a check is exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Get annotations function can be private
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Find scorecard.yml file in the repository's root
Change to "GetFileContent" method since we're looking for a specific file instead of using "OnMatchingFileContentDo" method that looks files with a specific content.
This also removes the dependency from "checks/fileparser". This is necessary to move "IsCheckExempted" to checker.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: A check should know if it's exempted or not
Moving the verification "IsCheckExempted" from maintainers_annotation package to checker package. This way a check result will define, consulting maintainers annotation, if it is exempted or not.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Maintainers annotation can only be used in experimental mode
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Ignore if scorecard.yml does not exist
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Move complete mantainers annotation doc to feature folder
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Error logs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename AnnotationReason to Reason
Avoid repetition in variable references.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Reason documentation
Redo reason documentation as a switch case to be called when necessary instead of defining a global map. Another reason to redo this logic as switch is that switch should be more performatic then instantiating a local map.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename ScorecardYml to ScorecardConfig
This is a better generic name to reference Scorecard configuration file and leave the file format for the implementation.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Check name comparison
The EqualFold comparison is already case insensitive.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation folder/file to config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename and simplify parsing the config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Check parses its reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Is check exempted
Fix config struture renaming and collect all annotation reasons for a check. Don't stop in the first annotation that the check is exempted.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation to annotations
Renaming flags, function params, docs and fixing config renamings.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Separate annotations content from config parsing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Omit empty annotations in JSON results
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Read config file content
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: JSON2 result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: String result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Mock GetFileReader
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotation on Binary-Artifacts check
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts exempted for testing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts not exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: No checks exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exemption is outdated
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Improve reasons error comparison
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons in a single annotation
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons across annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: cmd show annotations flag doc
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add show annotations flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary function
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations string format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations json format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter fallthrough
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter imports
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter unnecessart struct type declaration
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter append combine
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter struct memory
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter improve error msg in run scorecard
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter dynamic errors
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Disable security alerts on SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Redirect to configuration doc on main README
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid check in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid reason in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exempt check on SARIF output clears runs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add check1 annotations json
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse error return empty config file not a "dirty" one
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse config error continue execution
We log the error to the user but continue execution with empty config.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Merge conflics importing rules
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Readd is experimental enabled method
This method is necessary to validate if experimental feature is enabled so it can activate show annotations feature.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Wrap config parse under experimental flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix unit test by removing unused mock call
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2024-04-23 23:15:12 +03:00
|
|
|
showDetails: true,
|
|
|
|
showAnotations: true,
|
|
|
|
expected: "./testdata/check1_annotations.sarif",
|
|
|
|
logLevel: log.DebugLevel,
|
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
|
|
|
"Check-Name": {
|
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
|
|
|
Details: []checker.CheckDetail{
|
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file1.cpp",
|
|
|
|
Type: finding.FileTypeSource,
|
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 5,
|
|
|
|
Reason: "half score reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Config: config.Config{
|
|
|
|
Annotations: []config.Annotation{
|
|
|
|
{
|
|
|
|
Checks: []string{"Check-Name"},
|
|
|
|
Reasons: []config.ReasonGroup{
|
|
|
|
{Reason: "test-data"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
name: "check-2",
|
|
|
|
showDetails: true,
|
|
|
|
expected: "./testdata/check2.sarif",
|
2022-01-21 02:57:39 +03:00
|
|
|
logLevel: log.DebugLevel,
|
2021-09-28 22:50:17 +03:00
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name2": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_DISABLED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "bin/binary.elf",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeBinary,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 0,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.MinResultScore,
|
|
|
|
Reason: "min score reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "check-3",
|
|
|
|
showDetails: true,
|
|
|
|
expected: "./testdata/check3.sarif",
|
2022-01-21 02:57:39 +03:00
|
|
|
logLevel: log.InfoLevel,
|
2021-09-28 22:50:17 +03:00
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name2": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name3": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "bin/binary.elf",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeBinary,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 0,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.MinResultScore,
|
|
|
|
Reason: "min result reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/doc.txt",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeText,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "some text",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.MinResultScore,
|
|
|
|
Reason: "min result reason",
|
|
|
|
Name: "Check-Name2",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailInfo,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "info message",
|
|
|
|
Path: "some/path.js",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "some/path.py",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG2();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: checker.DetailDebug,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "debug message",
|
|
|
|
Path: "some/path.go",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG5();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.InconclusiveResultScore,
|
|
|
|
Reason: "inconclusive reason",
|
|
|
|
Name: "Check-Name3",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "check-4",
|
|
|
|
showDetails: true,
|
|
|
|
expected: "./testdata/check4.sarif",
|
2022-01-21 02:57:39 +03:00
|
|
|
logLevel: log.DebugLevel,
|
2021-09-28 22:50:17 +03:00
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name2": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name3": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "bin/binary.elf",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeBinary,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 0,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.MinResultScore,
|
|
|
|
Reason: "min result reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/doc.txt",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeText,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "some text",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.MinResultScore,
|
|
|
|
Reason: "min result reason",
|
|
|
|
Name: "Check-Name2",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailInfo,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "info message",
|
|
|
|
Path: "some/path.js",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "some/path.py",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG2();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: checker.DetailDebug,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "debug message",
|
|
|
|
Path: "some/path.go",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG5();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.InconclusiveResultScore,
|
|
|
|
Reason: "inconclusive reason",
|
|
|
|
Name: "Check-Name3",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "check-5",
|
|
|
|
showDetails: true,
|
|
|
|
expected: "./testdata/check5.sarif",
|
2022-01-21 02:57:39 +03:00
|
|
|
logLevel: log.WarnLevel,
|
2021-09-28 22:50:17 +03:00
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: 5,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file1.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-09-28 22:50:17 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 6,
|
|
|
|
Reason: "six score reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "check-6",
|
|
|
|
showDetails: true,
|
|
|
|
// https://github.com/github/codeql-action/issues/754
|
|
|
|
// Disabled related locations.
|
2021-10-02 01:01:46 +03:00
|
|
|
expected: "./testdata/check6.sarif",
|
2022-01-21 02:57:39 +03:00
|
|
|
logLevel: log.WarnLevel,
|
2021-09-28 22:50:17 +03:00
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name": {
|
2021-09-28 22:50:17 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-09-28 22:50:17 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "https://domain.com/something",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeURL,
|
2021-09-28 22:50:17 +03:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 6,
|
|
|
|
Reason: "six score reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
2021-08-24 00:31:33 +03:00
|
|
|
{
|
2021-09-24 02:55:41 +03:00
|
|
|
name: "check-7",
|
2021-08-24 00:31:33 +03:00
|
|
|
showDetails: true,
|
2021-09-24 02:55:41 +03:00
|
|
|
expected: "./testdata/check7.sarif",
|
2022-01-21 02:57:39 +03:00
|
|
|
logLevel: log.DebugLevel,
|
2021-09-24 02:55:41 +03:00
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name": {
|
2021-09-24 02:55:41 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
2021-08-24 00:31:33 +03:00
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name2": {
|
2021-09-24 02:55:41 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_DISABLED,
|
2021-08-24 00:31:33 +03:00
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name3": {
|
2021-09-24 02:55:41 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_DISABLED,
|
2021-08-24 00:31:33 +03:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
2021-09-01 20:29:40 +03:00
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
2021-08-24 00:31:33 +03:00
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-08-24 00:31:33 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "bin/binary.elf",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeBinary,
|
2021-08-24 00:31:33 +03:00
|
|
|
Offset: 0,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.MinResultScore,
|
|
|
|
Reason: "min result reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-08-24 00:31:33 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/doc.txt",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeText,
|
2021-08-24 00:31:33 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "some text",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.MinResultScore,
|
|
|
|
Reason: "min result reason",
|
|
|
|
Name: "Check-Name2",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-08-24 00:31:33 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailInfo,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "info message",
|
|
|
|
Path: "some/path.js",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-08-24 00:31:33 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "some/path.py",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-08-24 00:31:33 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG2();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: checker.DetailDebug,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "debug message",
|
|
|
|
Path: "some/path.go",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-08-24 00:31:33 +03:00
|
|
|
Offset: 3,
|
|
|
|
Snippet: "if (bad) {BUG5();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: checker.InconclusiveResultScore,
|
|
|
|
Reason: "inconclusive reason",
|
|
|
|
Name: "Check-Name3",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
2021-11-09 02:30:37 +03:00
|
|
|
{
|
|
|
|
name: "check-8",
|
|
|
|
showDetails: true,
|
|
|
|
expected: "./testdata/check8.sarif",
|
2022-01-21 02:57:39 +03:00
|
|
|
logLevel: log.DebugLevel,
|
2021-11-09 02:30:37 +03:00
|
|
|
policy: spol.ScorecardPolicy{
|
|
|
|
Version: 1,
|
|
|
|
Policies: map[string]*spol.CheckPolicy{
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name4": {
|
2021-11-09 02:30:37 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name": {
|
2021-11-09 02:30:37 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name5": {
|
2021-11-09 02:30:37 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
2022-05-06 22:52:30 +03:00
|
|
|
"Check-Name6": {
|
2021-11-09 02:30:37 +03:00
|
|
|
Score: checker.MaxResultScore,
|
|
|
|
Mode: spol.CheckPolicy_ENFORCED,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
result: ScorecardResult{
|
|
|
|
Repo: RepoInfo{
|
|
|
|
Name: repoName,
|
|
|
|
CommitSHA: repoCommit,
|
|
|
|
},
|
|
|
|
Scorecard: ScorecardInfo{
|
|
|
|
Version: scorecardVersion,
|
|
|
|
CommitSHA: scorecardCommit,
|
|
|
|
},
|
|
|
|
Date: date,
|
|
|
|
Checks: []checker.CheckResult{
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-11-09 02:30:37 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file1.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-11-09 02:30:37 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 5,
|
|
|
|
Reason: "half score reason",
|
|
|
|
Name: "Check-Name4",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-11-09 02:30:37 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file1.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-11-09 02:30:37 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file2.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-11-09 02:30:37 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad2) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 5,
|
|
|
|
Reason: "half score reason",
|
|
|
|
Name: "Check-Name",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-11-09 02:30:37 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file1.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-11-09 02:30:37 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file2.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-11-09 02:30:37 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad2) {BUG2();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 8,
|
|
|
|
Reason: "half score reason",
|
|
|
|
Name: "Check-Name5",
|
|
|
|
},
|
|
|
|
{
|
2022-05-12 22:58:12 +03:00
|
|
|
Details: []checker.CheckDetail{
|
2021-11-09 02:30:37 +03:00
|
|
|
{
|
|
|
|
Type: checker.DetailWarn,
|
|
|
|
Msg: checker.LogMessage{
|
|
|
|
Text: "warn message",
|
|
|
|
Path: "src/file1.cpp",
|
2023-01-31 05:41:36 +03:00
|
|
|
Type: finding.FileTypeSource,
|
2021-11-09 02:30:37 +03:00
|
|
|
Offset: 5,
|
|
|
|
Snippet: "if (bad) {BUG();}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Score: 9,
|
|
|
|
Reason: "half score reason",
|
|
|
|
Name: "Check-Name6",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Metadata: []string{},
|
|
|
|
},
|
|
|
|
},
|
2021-08-24 00:31:33 +03:00
|
|
|
}
|
2022-02-15 21:26:06 +03:00
|
|
|
for i := range tests {
|
|
|
|
tt := &tests[i] // Re-initializing variable so it is not changed while executing the closure below
|
2021-08-24 00:31:33 +03:00
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
var content []byte
|
|
|
|
var err error
|
2021-11-12 22:34:46 +03:00
|
|
|
content, err = os.ReadFile(tt.expected)
|
2021-08-24 00:31:33 +03:00
|
|
|
if err != nil {
|
2021-09-01 20:29:40 +03:00
|
|
|
t.Fatalf("%s: cannot read file: %v", tt.name, err)
|
2021-08-24 00:31:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
var expected bytes.Buffer
|
|
|
|
n, err := expected.Write(content)
|
|
|
|
if err != nil {
|
2021-09-01 20:29:40 +03:00
|
|
|
t.Fatalf("%s: cannot write buffer: %v", tt.name, err)
|
2021-08-24 00:31:33 +03:00
|
|
|
}
|
|
|
|
if n != len(content) {
|
2021-09-01 20:29:40 +03:00
|
|
|
t.Fatalf("%s: write %d bytes but expected %d", tt.name, n, len(content))
|
2021-08-24 00:31:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
var result bytes.Buffer
|
2021-09-24 02:55:41 +03:00
|
|
|
err = tt.result.AsSARIF(tt.showDetails, tt.logLevel, &result,
|
2023-03-23 00:40:00 +03:00
|
|
|
checkDocs, &tt.policy, &options.Options{})
|
2021-08-24 00:31:33 +03:00
|
|
|
if err != nil {
|
2021-09-01 20:29:40 +03:00
|
|
|
t.Fatalf("%s: AsSARIF: %v", tt.name, err)
|
2021-08-24 00:31:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
r := bytes.Compare(expected.Bytes(), result.Bytes())
|
|
|
|
if r != 0 {
|
2022-02-15 21:26:06 +03:00
|
|
|
t.Fatalf("%s: invalid result: %d, %s", tt.name, r, cmp.Diff(expected.Bytes(), result.Bytes()))
|
2021-08-24 00:31:33 +03:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2023-12-28 18:43:13 +03:00
|
|
|
|
|
|
|
func Test_createSARIFRuns(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
type args struct {
|
|
|
|
runs map[string]*run
|
|
|
|
}
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
args args
|
|
|
|
want []run
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "empty runs",
|
|
|
|
args: args{
|
|
|
|
runs: map[string]*run{},
|
|
|
|
},
|
|
|
|
want: []run{},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nil runs are skipped",
|
|
|
|
args: args{
|
|
|
|
runs: map[string]*run{
|
|
|
|
"run1": nil,
|
|
|
|
"run2": {
|
|
|
|
Tool: tool{
|
|
|
|
Driver: driver{
|
|
|
|
Name: "name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
want: []run{
|
|
|
|
{
|
|
|
|
Tool: tool{
|
|
|
|
Driver: driver{
|
|
|
|
Name: "name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "one run",
|
|
|
|
args: args{
|
|
|
|
runs: map[string]*run{
|
|
|
|
"run1": {
|
|
|
|
Tool: tool{
|
|
|
|
Driver: driver{
|
|
|
|
Name: "name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
want: []run{
|
|
|
|
{
|
|
|
|
Tool: tool{
|
|
|
|
Driver: driver{
|
|
|
|
Name: "name",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
tt := tt
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
if got := createSARIFRuns(tt.args.runs); !reflect.DeepEqual(got, tt.want) {
|
|
|
|
t.Errorf("createSARIFRuns() = %v, want %v", got, tt.want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|