Remove Version field from LogMessage (#1640)

Co-authored-by: Azeem Shaikh <azeems@google.com>

checker/check_result.go

@@ -110,8 +110,6 @@ type LogMessage struct {
 	Offset    uint     // Offset in the file of Path (line for source/text files).
 	EndOffset uint     // End of offset in the file, e.g. if the command spans multiple lines.
 	Snippet   string   // Snippet of code
-	// UPGRADEv3: to remove.
-	Version int // `3` to indicate the detail was logged using new structure.
 }
 
 // CreateProportionalScore creates a proportional score.

checks/ci_tests.go

@@ -84,8 +84,7 @@ func CITests(c *checker.CheckRequest) checker.CheckResult {
 
 		if !foundCI {
 			c.Dlogger.Debug(&checker.LogMessage{
-				Text:    fmt.Sprintf("merged PR without CI test: %d", pr.Number),
+				Text: fmt.Sprintf("merged PR without CI test: %d", pr.Number),
-				Version: 3,
 			})
 		}
 	}
@@ -115,7 +114,6 @@ func prHasSuccessStatus(pr *clients.PullRequest, c *checker.CheckRequest) (bool,
 				Type: checker.FileTypeURL,
 				Text: fmt.Sprintf("CI test found: pr: %d, context: %s", pr.Number,
 					status.Context),
-				Version: 3,
 			})
 			return true, nil
 		}
@@ -143,7 +141,6 @@ func prHasSuccessfulCheck(pr *clients.PullRequest, c *checker.CheckRequest) (boo
 				Type: checker.FileTypeURL,
 				Text: fmt.Sprintf("CI test found: pr: %d, context: %s", pr.Number,
 					cr.App.Slug),
-				Version: 3,
 			})
 			return true, nil
 		}

checks/contributors.go

@@ -74,8 +74,7 @@ func Contributors(c *checker.CheckRequest) checker.CheckResult {
 	}
 
 	c.Dlogger.Info(&checker.LogMessage{
-		Text:    fmt.Sprintf("contributors work for: %v", strings.Join(names, ",")),
+		Text: fmt.Sprintf("contributors work for: %v", strings.Join(names, ",")),
-		Version: 3,
 	})
 
 	reason := fmt.Sprintf("%d different companies found", len(companies))

checks/dangerous_workflow.go

@@ -331,11 +331,10 @@ func checkJobForUntrustedCodeCheckout(job *actionlint.Job, path string,
 		if strings.Contains(ref.Value.Value, checkoutUntrustedRef) {
 			line := fileparser.GetLineNumber(step.Pos)
 			dl.Warn(&checker.LogMessage{
-				Path:    path,
+				Path:   path,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  line,
+				Offset: line,
-				Text:    fmt.Sprintf("untrusted code checkout '%v'", ref.Value.Value),
+				Text:   fmt.Sprintf("untrusted code checkout '%v'", ref.Value.Value),
-				Version: 3,
 				// TODO: set Snippet.
 			})
 			// Detected untrusted checkout.
@@ -445,11 +444,10 @@ func checkSecretInScript(script string, pos *actionlint.Pos, path string,
 		if strings.Contains(variable, "secrets.") {
 			line := fileparser.GetLineNumber(pos)
 			dl.Warn(&checker.LogMessage{
-				Path:    path,
+				Path:   path,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  line,
+				Offset: line,
-				Text:    fmt.Sprintf("secret accessible to pull requests '%v'", variable),
+				Text:   fmt.Sprintf("secret accessible to pull requests '%v'", variable),
-				Version: 3,
 				// TODO: set Snippet.
 			})
 			pdata.workflowPattern[secretsViaPullRequests] = true
@@ -477,11 +475,10 @@ func checkVariablesInScript(script string, pos *actionlint.Pos, path string,
 		if containsUntrustedContextPattern(variable) {
 			line := fileparser.GetLineNumber(pos)
 			dl.Warn(&checker.LogMessage{
-				Path:    path,
+				Path:   path,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  line,
+				Offset: line,
-				Text:    fmt.Sprintf("script injection with untrusted input '%v'", variable),
+				Text:   fmt.Sprintf("script injection with untrusted input '%v'", variable),
-				Version: 3,
 				// TODO: set Snippet.
 			})
 			pdata.workflowPattern[scriptInjection] = true

checks/evaluation/binary_artifacts.go

@@ -36,9 +36,8 @@ func BinaryArtifacts(name string, dl checker.DetailLogger,
 	for _, f := range r.Files {
 		dl.Warn(&checker.LogMessage{
 			Path: f.Path, Type: checker.FileTypeBinary,
-			Offset:  f.Offset,
+			Offset: f.Offset,
-			Text:    "binary detected",
+			Text:   "binary detected",
-			Version: 3,
 		})
 		// We remove one point for each binary.
 		score--

checks/evaluation/code_review.go

@@ -53,8 +53,7 @@ func CodeReview(name string, dl checker.DetailLogger,
 		rs := getApprovedReviewSystem(&commit, dl)
 		if rs == "" {
 			dl.Warn(&checker.LogMessage{
-				Text:    fmt.Sprintf("no reviews found for commit: %s", commit.SHA),
+				Text: fmt.Sprintf("no reviews found for commit: %s", commit.SHA),
-				Version: 3,
 			})
 			continue
 		}
@@ -127,7 +126,6 @@ func isReviewedOnGitHub(c *checker.DefaultBranchCommit, dl checker.DetailLogger)
 			dl.Debug(&checker.LogMessage{
 				Text: fmt.Sprintf("commit %s was reviewed through %s #%d approved merge request",
 					c.SHA, reviewPlatformGitHub, mr.Number),
-				Version: 3,
 			})
 			return true
 		}
@@ -141,7 +139,6 @@ func isReviewedOnGitHub(c *checker.DefaultBranchCommit, dl checker.DetailLogger)
 		dl.Debug(&checker.LogMessage{
 			Text: fmt.Sprintf("commit %s was reviewed through %s #%d merge request",
 				c.SHA, reviewPlatformGitHub, mr.Number),
-			Version: 3,
 		})
 		return true
 	}
@@ -152,8 +149,7 @@ func isReviewedOnGitHub(c *checker.DefaultBranchCommit, dl checker.DetailLogger)
 func isReviewedOnProw(c *checker.DefaultBranchCommit, dl checker.DetailLogger) bool {
 	if isBot(c.Committer.Login) {
 		dl.Debug(&checker.LogMessage{
-			Text:    fmt.Sprintf("skip commit %s from bot account: %s", c.SHA, c.Committer.Login),
+			Text: fmt.Sprintf("skip commit %s from bot account: %s", c.SHA, c.Committer.Login),
-			Version: 3,
 		})
 		return true
 	}
@@ -164,7 +160,6 @@ func isReviewedOnProw(c *checker.DefaultBranchCommit, dl checker.DetailLogger) b
 				dl.Debug(&checker.LogMessage{
 					Text: fmt.Sprintf("commit %s review was through %s #%d approved merge request",
 						c.SHA, reviewPlatformProw, c.MergeRequest.Number),
-					Version: 3,
 				})
 				return true
 			}
@@ -176,8 +171,7 @@ func isReviewedOnProw(c *checker.DefaultBranchCommit, dl checker.DetailLogger) b
 func isReviewedOnGerrit(c *checker.DefaultBranchCommit, dl checker.DetailLogger) bool {
 	if isBot(c.Committer.Login) {
 		dl.Debug(&checker.LogMessage{
-			Text:    fmt.Sprintf("skip commit %s from bot account: %s", c.SHA, c.Committer.Login),
+			Text: fmt.Sprintf("skip commit %s from bot account: %s", c.SHA, c.Committer.Login),
-			Version: 3,
 		})
 		return true
 	}
@@ -186,8 +180,7 @@ func isReviewedOnGerrit(c *checker.DefaultBranchCommit, dl checker.DetailLogger)
 	if strings.Contains(m, "\nReviewed-on: ") &&
 		strings.Contains(m, "\nReviewed-by: ") {
 		dl.Debug(&checker.LogMessage{
-			Text:    fmt.Sprintf("commit %s was approved through %s", c.SHA, reviewPlatformGerrit),
+			Text: fmt.Sprintf("commit %s was approved through %s", c.SHA, reviewPlatformGerrit),
-			Version: 3,
 		})
 		return true
 	}

checks/evaluation/dependency_update_tool.go

@@ -34,12 +34,10 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger,
 		dl.Warn(&checker.LogMessage{
 			Text: `dependabot config file not detected in source location.
 			We recommend setting this configuration in code so it can be easily verified by others.`,
-			Version: 3,
 		})
 		dl.Warn(&checker.LogMessage{
 			Text: `renovatebot config file not detected in source location.
 			We recommend setting this configuration in code so it can be easily verified by others.`,
-			Version: 3,
 		})
 		return checker.CreateMinScoreResult(name, "no update tool detected")
 	}
@@ -59,11 +57,10 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger,
 	// Note: only one file per tool is present,
 	// so we do not iterate thru all entries.
 	dl.Info(&checker.LogMessage{
-		Path:    r.Tools[0].ConfigFiles[0].Path,
+		Path:   r.Tools[0].ConfigFiles[0].Path,
-		Type:    r.Tools[0].ConfigFiles[0].Type,
+		Type:   r.Tools[0].ConfigFiles[0].Type,
-		Offset:  r.Tools[0].ConfigFiles[0].Offset,
+		Offset: r.Tools[0].ConfigFiles[0].Offset,
-		Text:    fmt.Sprintf("%s detected", r.Tools[0].Name),
+		Text:   fmt.Sprintf("%s detected", r.Tools[0].Name),
-		Version: 3,
 	})
 
 	// High score result.

checks/evaluation/security_policy.go

@@ -33,10 +33,9 @@ func SecurityPolicy(name string, dl checker.DetailLogger, r *checker.SecurityPol
 
 	for _, f := range r.Files {
 		msg := checker.LogMessage{
-			Path:    f.Path,
+			Path:   f.Path,
-			Type:    f.Type,
+			Type:   f.Type,
-			Offset:  f.Offset,
+			Offset: f.Offset,
-			Version: 3,
 		}
 		if msg.Type == checker.FileTypeURL {
 			msg.Text = "security policy detected in org repo"

checks/evaluation/vulnerabilities.go

@@ -43,8 +43,7 @@ func Vulnerabilities(name string, dl checker.DetailLogger,
 
 	if len(IDs) > 0 {
 		dl.Warn(&checker.LogMessage{
-			Text:    fmt.Sprintf("HEAD is vulnerable to %s", strings.Join(IDs, ", ")),
+			Text: fmt.Sprintf("HEAD is vulnerable to %s", strings.Join(IDs, ", ")),
-			Version: 3,
 		})
 		return checker.CreateResultWithScore(name,
 			fmt.Sprintf("%v existing vulnerabilities detected", len(IDs)), score)

checks/license.go

@@ -110,10 +110,9 @@ func LicenseCheck(c *checker.CheckRequest) checker.CheckResult {
 
 		if checkLicense(name) {
 			c.Dlogger.Info(&checker.LogMessage{
-				Path:    name,
+				Path:   name,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  1,
+				Offset: 1,
-				Version: 3,
 			})
 			*pdata = true
 			return false, nil

checks/packaging.go

@@ -67,27 +67,24 @@ func Packaging(c *checker.CheckRequest) checker.CheckResult {
 		}
 		if len(runs) > 0 {
 			c.Dlogger.Info(&checker.LogMessage{
-				Path:    fp,
+				Path:   fp,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  checker.OffsetDefault,
+				Offset: checker.OffsetDefault,
-				Text:    fmt.Sprintf("GitHub publishing workflow used in run %s", runs[0].URL),
+				Text:   fmt.Sprintf("GitHub publishing workflow used in run %s", runs[0].URL),
-				Version: 3,
 			})
 			return checker.CreateMaxScoreResult(CheckPackaging,
 				"publishing workflow detected")
 		}
 		c.Dlogger.Debug(&checker.LogMessage{
-			Path:    fp,
+			Path:   fp,
-			Type:    checker.FileTypeSource,
+			Type:   checker.FileTypeSource,
-			Offset:  checker.OffsetDefault,
+			Offset: checker.OffsetDefault,
-			Text:    "GitHub publishing workflow not used in runs",
+			Text:   "GitHub publishing workflow not used in runs",
-			Version: 3,
 		})
 	}
 
 	c.Dlogger.Warn(&checker.LogMessage{
-		Text:    "no GitHub publishing workflow detected",
+		Text: "no GitHub publishing workflow detected",
-		Version: 3,
 	})
 
 	return checker.CreateInconclusiveResult(CheckPackaging,
@@ -211,22 +208,20 @@ func isPackagingWorkflow(workflow *actionlint.Workflow, fp string, dl checker.De
 			}
 
 			dl.Info(&checker.LogMessage{
-				Path:    fp,
+				Path:   fp,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  fileparser.GetLineNumber(job.Pos),
+				Offset: fileparser.GetLineNumber(job.Pos),
-				Text:    matcher.LogText,
+				Text:   matcher.LogText,
-				Version: 3,
 			})
 			return true
 		}
 	}
 
 	dl.Debug(&checker.LogMessage{
-		Path:    fp,
+		Path:   fp,
-		Type:    checker.FileTypeSource,
+		Type:   checker.FileTypeSource,
-		Offset:  checker.OffsetDefault,
+		Offset: checker.OffsetDefault,
-		Text:    "not a publishing workflow",
+		Text:   "not a publishing workflow",
-		Version: 3,
 	})
 	return false
 }

checks/permissions.go

@@ -98,11 +98,10 @@ func validatePermission(permissionKey permission, permissionValue *actionlint.Pe
 	if strings.EqualFold(val, "write") {
 		if isPermissionOfInterest(permissionKey, ignoredPermissions) {
 			dl.Warn(&checker.LogMessage{
-				Path:    path,
+				Path:   path,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  lineNumber,
+				Offset: lineNumber,
-				Text:    fmt.Sprintf("%s '%v' permission set to '%v'", permLevel, permissionKey, val),
+				Text:   fmt.Sprintf("%s '%v' permission set to '%v'", permLevel, permissionKey, val),
-				Version: 3,
 				// TODO: set Snippet.
 			})
 			recordPermissionWrite(pPermissions, permissionKey)
@@ -110,11 +109,10 @@ func validatePermission(permissionKey permission, permissionValue *actionlint.Pe
 			// Only log for debugging, otherwise
 			// it may confuse users.
 			dl.Debug(&checker.LogMessage{
-				Path:    path,
+				Path:   path,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  lineNumber,
+				Offset: lineNumber,
-				Text:    fmt.Sprintf("%s '%v' permission set to '%v'", permLevel, permissionKey, val),
+				Text:   fmt.Sprintf("%s '%v' permission set to '%v'", permLevel, permissionKey, val),
-				Version: 3,
 				// TODO: set Snippet.
 			})
 		}
@@ -122,11 +120,10 @@ func validatePermission(permissionKey permission, permissionValue *actionlint.Pe
 	}
 
 	dl.Info(&checker.LogMessage{
-		Path:    path,
+		Path:   path,
-		Type:    checker.FileTypeSource,
+		Type:   checker.FileTypeSource,
-		Offset:  lineNumber,
+		Offset: lineNumber,
-		Text:    fmt.Sprintf("%s '%v' permission set to '%v'", permLevel, permissionKey, val),
+		Text:   fmt.Sprintf("%s '%v' permission set to '%v'", permLevel, permissionKey, val),
-		Version: 3,
 		// TODO: set Snippet.
 	})
 	return nil
@@ -174,11 +171,10 @@ func validatePermissions(permissions *actionlint.Permissions, permLevel, path st
 	scopeIsSet := permissions != nil && len(permissions.Scopes) > 0
 	if permissions == nil || (!allIsSet && !scopeIsSet) {
 		dl.Info(&checker.LogMessage{
-			Path:    path,
+			Path:   path,
-			Type:    checker.FileTypeSource,
+			Type:   checker.FileTypeSource,
-			Offset:  checker.OffsetDefault,
+			Offset: checker.OffsetDefault,
-			Text:    fmt.Sprintf("%s permissions set to 'none'", permLevel),
+			Text:   fmt.Sprintf("%s permissions set to 'none'", permLevel),
-			Version: 3,
 		})
 	}
 	if allIsSet {
@@ -186,11 +182,10 @@ func validatePermissions(permissions *actionlint.Permissions, permLevel, path st
 		lineNumber := fileparser.GetLineNumber(permissions.All.Pos)
 		if !strings.EqualFold(val, "read-all") && val != "" {
 			dl.Warn(&checker.LogMessage{
-				Path:    path,
+				Path:   path,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  lineNumber,
+				Offset: lineNumber,
-				Text:    fmt.Sprintf("%s permissions set to '%v'", permLevel, val),
+				Text:   fmt.Sprintf("%s permissions set to '%v'", permLevel, val),
-				Version: 3,
 				// TODO: set Snippet.
 			})
 			recordAllPermissionsWrite(pdata, permLevel, path)
@@ -198,11 +193,10 @@ func validatePermissions(permissions *actionlint.Permissions, permLevel, path st
 		}
 
 		dl.Info(&checker.LogMessage{
-			Path:    path,
+			Path:   path,
-			Type:    checker.FileTypeSource,
+			Type:   checker.FileTypeSource,
-			Offset:  lineNumber,
+			Offset: lineNumber,
-			Text:    fmt.Sprintf("%s permissions set to '%v'", permLevel, val),
+			Text:   fmt.Sprintf("%s permissions set to '%v'", permLevel, val),
-			Version: 3,
 			// TODO: set Snippet.
 		})
 	} else /* scopeIsSet == true */ if err := validateMapPermissions(permissions.Scopes,
@@ -217,11 +211,10 @@ func validateTopLevelPermissions(workflow *actionlint.Workflow, path string,
 	// Check if permissions are set explicitly.
 	if workflow.Permissions == nil {
 		dl.Warn(&checker.LogMessage{
-			Path:    path,
+			Path:   path,
-			Type:    checker.FileTypeSource,
+			Type:   checker.FileTypeSource,
-			Offset:  checker.OffsetDefault,
+			Offset: checker.OffsetDefault,
-			Text:    fmt.Sprintf("no %s permission defined", topLevelPermission),
+			Text:   fmt.Sprintf("no %s permission defined", topLevelPermission),
-			Version: 3,
 		})
 		recordAllPermissionsWrite(pdata, topLevelPermission, path)
 		return nil
@@ -240,11 +233,10 @@ func validatejobLevelPermissions(workflow *actionlint.Workflow, path string,
 		// so only top-level read-only permissions need to be declared.
 		if job.Permissions == nil {
 			dl.Debug(&checker.LogMessage{
-				Path:    path,
+				Path:   path,
-				Type:    checker.FileTypeSource,
+				Type:   checker.FileTypeSource,
-				Offset:  fileparser.GetLineNumber(job.Pos),
+				Offset: fileparser.GetLineNumber(job.Pos),
-				Text:    fmt.Sprintf("no %s permission defined", jobLevelPermission),
+				Text:   fmt.Sprintf("no %s permission defined", jobLevelPermission),
-				Version: 3,
 			})
 			recordAllPermissionsWrite(pdata, jobLevelPermission, path)
 			continue
@@ -481,11 +473,10 @@ func isSARIFUploadAction(workflow *actionlint.Workflow, fp string, dl checker.De
 			}
 			if strings.HasPrefix(uses.Value, "github/codeql-action/upload-sarif@") {
 				dl.Debug(&checker.LogMessage{
-					Path:    fp,
+					Path:   fp,
-					Type:    checker.FileTypeSource,
+					Type:   checker.FileTypeSource,
-					Offset:  fileparser.GetLineNumber(uses.Pos),
+					Offset: fileparser.GetLineNumber(uses.Pos),
-					Text:    "codeql SARIF upload workflow detected",
+					Text:   "codeql SARIF upload workflow detected",
-					Version: 3,
 					// TODO: set Snippet.
 				})
 				return true
@@ -493,11 +484,10 @@ func isSARIFUploadAction(workflow *actionlint.Workflow, fp string, dl checker.De
 		}
 	}
 	dl.Debug(&checker.LogMessage{
-		Path:    fp,
+		Path:   fp,
-		Type:    checker.FileTypeSource,
+		Type:   checker.FileTypeSource,
-		Offset:  checker.OffsetDefault,
+		Offset: checker.OffsetDefault,
-		Text:    "not a codeql upload SARIF workflow",
+		Text:   "not a codeql upload SARIF workflow",
-		Version: 3,
 	})
 	return false
 }
@@ -515,11 +505,10 @@ func isCodeQlAnalysisWorkflow(workflow *actionlint.Workflow, fp string, dl check
 			}
 			if strings.HasPrefix(uses.Value, "github/codeql-action/analyze@") {
 				dl.Debug(&checker.LogMessage{
-					Path:    fp,
+					Path:   fp,
-					Type:    checker.FileTypeSource,
+					Type:   checker.FileTypeSource,
-					Offset:  fileparser.GetLineNumber(uses.Pos),
+					Offset: fileparser.GetLineNumber(uses.Pos),
-					Text:    "codeql workflow detected",
+					Text:   "codeql workflow detected",
-					Version: 3,
 					// TODO: set Snippet.
 				})
 				return true
@@ -527,11 +516,10 @@ func isCodeQlAnalysisWorkflow(workflow *actionlint.Workflow, fp string, dl check
 		}
 	}
 	dl.Debug(&checker.LogMessage{
-		Path:    fp,
+		Path:   fp,
-		Type:    checker.FileTypeSource,
+		Type:   checker.FileTypeSource,
-		Offset:  checker.OffsetDefault,
+		Offset: checker.OffsetDefault,
-		Text:    "not a codeql workflow",
+		Text:   "not a codeql workflow",
-		Version: 3,
 	})
 	return false
 }

checks/pinned_dependencies.go

@@ -162,20 +162,18 @@ func createReturnValuesForGitHubActionsWorkflowPinned(r worklowPinningResult, in
 	if r.gitHubOwned != notPinned {
 		score += 2
 		dl.Info(&checker.LogMessage{
-			Type:    checker.FileTypeSource,
+			Type:   checker.FileTypeSource,
-			Offset:  checker.OffsetDefault,
+			Offset: checker.OffsetDefault,
-			Text:    fmt.Sprintf("%s %s", "GitHub-owned", infoMsg),
+			Text:   fmt.Sprintf("%s %s", "GitHub-owned", infoMsg),
-			Version: 3,
 		})
 	}
 
 	if r.thirdParties != notPinned {
 		score += 8
 		dl.Info(&checker.LogMessage{
-			Type:    checker.FileTypeSource,
+			Type:   checker.FileTypeSource,
-			Offset:  checker.OffsetDefault,
+			Offset: checker.OffsetDefault,
-			Text:    fmt.Sprintf("%s %s", "Third-party", infoMsg),
+			Text:   fmt.Sprintf("%s %s", "Third-party", infoMsg),
-			Version: 3,
 		})
 	}
 
@@ -440,7 +438,6 @@ func validateDockerfileIsPinned(pathfn string, content []byte,
 				EndOffset: uint(child.EndLine),
 				Text:      "docker image not pinned by hash",
 				Snippet:   child.Original,
-				Version:   3,
 			})
 
 		// FROM name.
@@ -456,7 +453,6 @@ func validateDockerfileIsPinned(pathfn string, content []byte,
 					EndOffset: uint(child.EndLine),
 					Text:      "docker image not pinned by hash",
 					Snippet:   child.Original,
-					Version:   3,
 				})
 			}
 
@@ -666,7 +662,6 @@ func validateGitHubActionWorkflow(pathfn string, content []byte,
 					EndOffset: uint(execAction.Uses.Pos.Line), // `Uses` always span a single line.
 					Snippet:   execAction.Uses.Value,
 					Text:      fmt.Sprintf("%s action not pinned by hash", owner),
-					Version:   3,
 				})
 			}
 

checks/sast.go

@@ -141,10 +141,9 @@ func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) {
 			}
 			if sastTools[cr.App.Slug] {
 				c.Dlogger.Debug(&checker.LogMessage{
-					Path:    cr.URL,
+					Path: cr.URL,
-					Type:    checker.FileTypeURL,
+					Type: checker.FileTypeURL,
-					Text:    "tool detected",
+					Text: "tool detected",
-					Version: 3,
 				})
 				totalTested++
 				break
@@ -153,21 +152,18 @@ func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) {
 	}
 	if totalMerged == 0 {
 		c.Dlogger.Warn(&checker.LogMessage{
-			Text:    "no pull requests merged into dev branch",
+			Text: "no pull requests merged into dev branch",
-			Version: 3,
 		})
 		return checker.InconclusiveResultScore, nil
 	}
 
 	if totalTested == totalMerged {
 		c.Dlogger.Info(&checker.LogMessage{
-			Text:    fmt.Sprintf("all commits (%v) are checked with a SAST tool", totalMerged),
+			Text: fmt.Sprintf("all commits (%v) are checked with a SAST tool", totalMerged),
-			Version: 3,
 		})
 	} else {
 		c.Dlogger.Warn(&checker.LogMessage{
-			Text:    fmt.Sprintf("%v commits out of %v are checked with a SAST tool", totalTested, totalMerged),
+			Text: fmt.Sprintf("%v commits out of %v are checked with a SAST tool", totalTested, totalMerged),
-			Version: 3,
 		})
 	}
 
@@ -188,11 +184,10 @@ func codeQLInCheckDefinitions(c *checker.CheckRequest) (int, error) {
 
 	for _, result := range resp.Results {
 		c.Dlogger.Debug(&checker.LogMessage{
-			Path:    result.Path,
+			Path:   result.Path,
-			Type:    checker.FileTypeSource,
+			Type:   checker.FileTypeSource,
-			Offset:  checker.OffsetDefault,
+			Offset: checker.OffsetDefault,
-			Text:    "CodeQL detected",
+			Text:   "CodeQL detected",
-			Version: 3,
 		})
 	}
 
@@ -200,15 +195,13 @@ func codeQLInCheckDefinitions(c *checker.CheckRequest) (int, error) {
 	// TODO: check which branches it is enabled on. We should find main.
 	if resp.Hits > 0 {
 		c.Dlogger.Info(&checker.LogMessage{
-			Text:    "SAST tool detected: CodeQL",
+			Text: "SAST tool detected: CodeQL",
-			Version: 3,
 		})
 		return checker.MaxResultScore, nil
 	}
 
 	c.Dlogger.Warn(&checker.LogMessage{
-		Text:    "CodeQL tool not detected",
+		Text: "CodeQL tool not detected",
-		Version: 3,
 	})
 	return checker.MinResultScore, nil
 }

checks/shell_download_validate.go

@@ -331,7 +331,6 @@ func isFetchPipeExecute(startLine, endLine uint, node syntax.Node, cmd, pathfn s
 		EndOffset: endLine,
 		Snippet:   cmd,
 		Text:      "insecure (not pinned by hash) download detected",
-		Version:   3,
 	})
 	return true
 }
@@ -380,7 +379,6 @@ func isExecuteFiles(startLine, endLine uint, node syntax.Node, cmd, pathfn strin
 				EndOffset: endLine,
 				Snippet:   cmd,
 				Text:      "insecure (not pinned by hash) download-then-run",
-				Version:   3,
 			})
 			ok = true
 		}
@@ -598,7 +596,6 @@ func isUnpinnedPakageManagerDownload(startLine, endLine uint, node syntax.Node,
 			EndOffset: endLine,
 			Snippet:   cmd,
 			Text:      "go installation not pinned by hash",
-			Version:   3,
 		})
 		return true
 	}
@@ -612,7 +609,6 @@ func isUnpinnedPakageManagerDownload(startLine, endLine uint, node syntax.Node,
 			EndOffset: endLine,
 			Snippet:   cmd,
 			Text:      "pip installation not pinned by hash",
-			Version:   3,
 		})
 		return true
 	}
@@ -626,7 +622,6 @@ func isUnpinnedPakageManagerDownload(startLine, endLine uint, node syntax.Node,
 			EndOffset: endLine,
 			Snippet:   cmd,
 			Text:      "npm installation not pinned by hash",
-			Version:   3,
 		})
 		return true
 	}
@@ -719,7 +714,6 @@ func isFetchProcSubsExecute(startLine, endLine uint, node syntax.Node, cmd, path
 		EndOffset: endLine,
 		Snippet:   cmd,
 		Text:      "insecure (not pinned by hash) download-then-run",
-		Version:   3,
 	})
 	return true
 }

checks/signed_releases.go

@@ -53,8 +53,7 @@ func SignedReleases(c *checker.CheckRequest) checker.CheckResult {
 			continue
 		}
 		c.Dlogger.Debug(&checker.LogMessage{
-			Text:    fmt.Sprintf("GitHub release found: %s", r.TagName),
+			Text: fmt.Sprintf("GitHub release found: %s", r.TagName),
-			Version: 3,
 		})
 		totalReleases++
 		signed := false
@@ -62,10 +61,9 @@ func SignedReleases(c *checker.CheckRequest) checker.CheckResult {
 			for _, suffix := range artifactExtensions {
 				if strings.HasSuffix(asset.Name, suffix) {
 					c.Dlogger.Info(&checker.LogMessage{
-						Path:    asset.URL,
+						Path: asset.URL,
-						Type:    checker.FileTypeURL,
+						Type: checker.FileTypeURL,
-						Text:    fmt.Sprintf("signed release artifact: %s", asset.Name),
+						Text: fmt.Sprintf("signed release artifact: %s", asset.Name),
-						Version: 3,
 					})
 					signed = true
 					break
@@ -78,10 +76,9 @@ func SignedReleases(c *checker.CheckRequest) checker.CheckResult {
 		}
 		if !signed {
 			c.Dlogger.Warn(&checker.LogMessage{
-				Path:    r.URL,
+				Path: r.URL,
-				Type:    checker.FileTypeURL,
+				Type: checker.FileTypeURL,
-				Text:    fmt.Sprintf("release artifact %s not signed", r.TagName),
+				Text: fmt.Sprintf("release artifact %s not signed", r.TagName),
-				Version: 3,
 			})
 		}
 		if totalReleases >= releaseLookBack {
@@ -91,8 +88,7 @@ func SignedReleases(c *checker.CheckRequest) checker.CheckResult {
 
 	if totalReleases == 0 {
 		c.Dlogger.Warn(&checker.LogMessage{
-			Text:    "no GitHub releases found",
+			Text: "no GitHub releases found",
-			Version: 3,
 		})
 		// Generic summary.
 		return checker.CreateInconclusiveResult(CheckSignedReleases, "no releases found")

cron/format/json_test.go

@@ -113,8 +113,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  5,
 									Snippet: "if (bad) {BUG();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -151,8 +149,6 @@ func TestJSONOutput(t *testing.T) {
 									Path:   "bin/binary.elf",
 									Type:   checker.FileTypeBinary,
 									Offset: 0,
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -189,8 +185,6 @@ func TestJSONOutput(t *testing.T) {
 									Path:   "bin/binary.elf",
 									Type:   checker.FileTypeBinary,
 									Offset: 0,
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -208,8 +202,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeText,
 									Offset:  3,
 									Snippet: "some text",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -227,8 +219,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 							{
@@ -239,8 +229,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG2();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 							{
@@ -251,8 +239,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG5();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -289,8 +275,6 @@ func TestJSONOutput(t *testing.T) {
 									Path:   "bin/binary.elf",
 									Type:   checker.FileTypeBinary,
 									Offset: 0,
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -308,8 +292,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeText,
 									Offset:  3,
 									Snippet: "some text",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -327,8 +309,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 							{
@@ -339,8 +319,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG2();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 							{
@@ -351,8 +329,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG5();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -390,8 +366,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  5,
 									Snippet: "if (bad) {BUG();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -427,8 +401,6 @@ func TestJSONOutput(t *testing.T) {
 									Text: "warn message",
 									Path: "https://domain.com/something",
 									Type: checker.FileTypeURL,
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},

pkg/common.go

@@ -28,26 +28,18 @@ func textToMarkdown(s string) string {
 
 // DetailToString turns a detail information into a string.
 func DetailToString(d *checker.CheckDetail, logLevel log.Level) string {
-	// TODO(#1393): remove switch statement.
+	if d.Type == checker.DetailDebug && logLevel != log.DebugLevel {
-	switch d.Msg.Version {
+		return ""
-	case 3:
+	}
-		if d.Type == checker.DetailDebug && logLevel != log.DebugLevel {
+
-			return ""
+	switch {
-		}
+	case d.Msg.Path != "" && d.Msg.Offset != 0 && d.Msg.EndOffset != 0 && d.Msg.Offset < d.Msg.EndOffset:
-		switch {
+		return fmt.Sprintf("%s: %s: %s:%d-%d", typeToString(d.Type), d.Msg.Text, d.Msg.Path, d.Msg.Offset, d.Msg.EndOffset)
-		case d.Msg.Path != "" && d.Msg.Offset != 0 && d.Msg.EndOffset != 0 && d.Msg.Offset < d.Msg.EndOffset:
+	case d.Msg.Path != "" && d.Msg.Offset != 0:
-			return fmt.Sprintf("%s: %s: %s:%d-%d", typeToString(d.Type), d.Msg.Text, d.Msg.Path, d.Msg.Offset, d.Msg.EndOffset)
+		return fmt.Sprintf("%s: %s: %s:%d", typeToString(d.Type), d.Msg.Text, d.Msg.Path, d.Msg.Offset)
-		case d.Msg.Path != "" && d.Msg.Offset != 0:
+	case d.Msg.Path != "" && d.Msg.Offset == 0:
-			return fmt.Sprintf("%s: %s: %s:%d", typeToString(d.Type), d.Msg.Text, d.Msg.Path, d.Msg.Offset)
+		return fmt.Sprintf("%s: %s: %s", typeToString(d.Type), d.Msg.Text, d.Msg.Path)
-		case d.Msg.Path != "" && d.Msg.Offset == 0:
-			return fmt.Sprintf("%s: %s: %s", typeToString(d.Type), d.Msg.Text, d.Msg.Path)
-		default:
-			return fmt.Sprintf("%s: %s", typeToString(d.Type), d.Msg.Text)
-		}
 	default:
-		if d.Type == checker.DetailDebug && logLevel != log.DebugLevel {
-			return ""
-		}
 		return fmt.Sprintf("%s: %s", typeToString(d.Type), d.Msg.Text)
 	}
 }

pkg/json_test.go

@@ -112,8 +112,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  5,
 									Snippet: "if (bad) {BUG();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -150,8 +148,6 @@ func TestJSONOutput(t *testing.T) {
 									Path:   "bin/binary.elf",
 									Type:   checker.FileTypeBinary,
 									Offset: 0,
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -188,8 +184,6 @@ func TestJSONOutput(t *testing.T) {
 									Path:   "bin/binary.elf",
 									Type:   checker.FileTypeBinary,
 									Offset: 0,
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -207,8 +201,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeText,
 									Offset:  3,
 									Snippet: "some text",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -226,8 +218,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 							{
@@ -238,8 +228,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG2();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 							{
@@ -250,8 +238,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG5();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -288,8 +274,6 @@ func TestJSONOutput(t *testing.T) {
 									Path:   "bin/binary.elf",
 									Type:   checker.FileTypeBinary,
 									Offset: 0,
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -307,8 +291,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeText,
 									Offset:  3,
 									Snippet: "some text",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -326,8 +308,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 							{
@@ -338,8 +318,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG2();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 							{
@@ -350,8 +328,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  3,
 									Snippet: "if (bad) {BUG5();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -389,8 +365,6 @@ func TestJSONOutput(t *testing.T) {
 									Type:    checker.FileTypeSource,
 									Offset:  5,
 									Snippet: "if (bad) {BUG();}",
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},
@@ -426,8 +400,6 @@ func TestJSONOutput(t *testing.T) {
 									Text: "warn message",
 									Path: "https://domain.com/something",
 									Type: checker.FileTypeURL,
-									// UPGRADEv3: to remove.
-									Version: 3,
 								},
 							},
 						},

pkg/sarif_test.go

@@ -21,6 +21,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/google/go-cmp/cmp"
+
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/log"
 	spol "github.com/ossf/scorecard/v4/policy"
@@ -767,8 +769,8 @@ func TestSARIFOutput(t *testing.T) {
 			},
 		},
 	}
-	for _, tt := range tests {
+	for i := range tests {
-		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		tt := &tests[i] // Re-initializing variable so it is not changed while executing the closure below
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			var content []byte
@@ -796,7 +798,7 @@ func TestSARIFOutput(t *testing.T) {
 
 			r := bytes.Compare(expected.Bytes(), result.Bytes())
 			if r != 0 {
-				t.Fatalf("%s: invalid result: %d", tt.name, r)
+				t.Fatalf("%s: invalid result: %d, %s", tt.name, r, cmp.Diff(expected.Bytes(), result.Bytes()))
 			}
 		})
 	}

pkg/testdata/check6.sarif

@@ -47,7 +47,7 @@
                "ruleId": "CheckNameID",
                "ruleIndex": 0,
                "message": {
-                  "text": "score is 6: six score reason:\nWarn: warn message\nClick Remediation section below to solve this issue"
+                  "text": "score is 6: six score reason:\nWarn: warn message: https://domain.com/something\nClick Remediation section below to solve this issue"
                },
                "locations": [
                   {

utests/utlib.go

@@ -46,7 +46,6 @@ func (l *TestDetailLogger) Info(msg *checker.LogMessage) {
 		Type: checker.DetailInfo,
 		Msg:  *msg,
 	}
-	cd.Msg.Version = 3
 	l.messages = append(l.messages, cd)
 }
 
@@ -56,7 +55,6 @@ func (l *TestDetailLogger) Warn(msg *checker.LogMessage) {
 		Type: checker.DetailWarn,
 		Msg:  *msg,
 	}
-	cd.Msg.Version = 3
 	l.messages = append(l.messages, cd)
 }
 
@@ -66,7 +64,6 @@ func (l *TestDetailLogger) Debug(msg *checker.LogMessage) {
 		Type: checker.DetailDebug,
 		Msg:  *msg,
 	}
-	cd.Msg.Version = 3
 	l.messages = append(l.messages, cd)
 }