✨ Use Tool for raw fuzzing results (#1935)

* updates * updates
2024-09-11 00:45:36 +03:00 · 2022-05-20 18:43:09 -07:00 · 2022-05-20 18:43:09 -07:00 · 2fc48e3b38
commit 2fc48e3b38
parent af7f865b9d
8 changed files with 100 additions and 114 deletions
--- a/checker/raw_result.go
+++ b/checker/raw_result.go
@ -36,28 +36,9 @@ type RawResults struct {
 	LicenseResults              LicenseData
 }

-// FuzzerName represents a fuzzing service.
-type FuzzerName string
-
-const (
-	// FuzzerNameCIFuzz is CIFuzz.
-	FuzzerNameCIFuzz FuzzerName = "CIFuzz"
-	// FuzzerNameOSSFuzz is OSSFuzz.
-	FuzzerNameOSSFuzz FuzzerName = "OSSFuzz"
-	// FuzzerNameGoBuiltin is the built-in Go fuzzer.
-	FuzzerNameGoBuiltin FuzzerName = "GoFuzzer"
-)
-
 // FuzzingData represents different fuzzing done.
 type FuzzingData struct {
-	Fuzzers []Fuzzer
-}
-
-// Fuzzer represent the use of a fuzzer.
-type Fuzzer struct {
-	Name FuzzerName
-	// TODO: CodeCoverage.
-	// TODO: (#1933)
+	Fuzzers []Tool
 }

 // MaintainedData contains the raw results
@ -161,16 +142,18 @@ type BranchProtectionData struct {

 // Tool represents a tool.
 type Tool struct {
+	URL  *string
+	Desc *string
+	File *File
+	Name string
 	// Runs of the tool.
 	Runs []Run
 	// Issues created by the tool.
 	Issues []Issue
 	// Merge requests created by the tool.
 	MergeRequests []MergeRequest
-	Name          string
-	URL           string
-	Desc          string
-	ConfigFiles   []File
+
+	// TODO: CodeCoverage, jsonWorkflowJob.
 }

 // Run represents a run.
--- a/checks/evaluation/dependency_update_tool.go
+++ b/checks/evaluation/dependency_update_tool.go
@ -49,18 +49,17 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger,
 		return checker.CreateRuntimeErrorResult(name, e)
 	}

-	if len(r.Tools[0].ConfigFiles) != 1 {
-		e := sce.WithMessage(sce.ErrScorecardInternal,
-			fmt.Sprintf("found %d config files, expected 1", len(r.Tools[0].ConfigFiles)))
+	if r.Tools[0].File == nil {
+		e := sce.WithMessage(sce.ErrScorecardInternal, "File is nil")
 		return checker.CreateRuntimeErrorResult(name, e)
 	}

 	// Note: only one file per tool is present,
 	// so we do not iterate thru all entries.
 	dl.Info(&checker.LogMessage{
-		Path:   r.Tools[0].ConfigFiles[0].Path,
-		Type:   r.Tools[0].ConfigFiles[0].Type,
-		Offset: r.Tools[0].ConfigFiles[0].Offset,
+		Path:   r.Tools[0].File.Path,
+		Type:   r.Tools[0].File.Type,
+		Offset: r.Tools[0].File.Offset,
 		Text:   fmt.Sprintf("%s detected", r.Tools[0].Name),
 	})

--- a/checks/evaluation/dependency_update_tool_test.go
+++ b/checks/evaluation/dependency_update_tool_test.go
@ -88,16 +88,14 @@ func TestDependencyUpdateTool(t *testing.T) {
 					Tools: []checker.Tool{
 						{
 							Name: "DependencyUpdateTool",
-							ConfigFiles: []checker.File{
-								{
-									Path: "/etc/dependency-update-tool.conf",
-									Snippet: `
+							File: &checker.File{
+								Path: "/etc/dependency-update-tool.conf",
+								Snippet: `
 										[dependency-update-tool]
 										enabled = true
 										`,
-									Offset: 0,
-									Type:   0,
-								},
+								Offset: 0,
+								Type:   0,
 							},
 						},
 					},
--- a/checks/evaluation/fuzzing.go
+++ b/checks/evaluation/fuzzing.go
@ -15,6 +15,8 @@
 package evaluation

 import (
+	"fmt"
+
 	"github.com/ossf/scorecard/v4/checker"
 	sce "github.com/ossf/scorecard/v4/errors"
 )
@ -28,15 +30,10 @@ func Fuzzing(name string, dl checker.DetailLogger,
 		return checker.CreateRuntimeErrorResult(name, e)
 	}

-	for _, fuzzer := range r.Fuzzers {
-		switch fuzzer.Name {
-		case checker.FuzzerNameCIFuzz:
-			return checker.CreateMaxScoreResult(name, "project uses ClusterFuzzLite")
-		case checker.FuzzerNameOSSFuzz:
-			return checker.CreateMaxScoreResult(name, "project is fuzzed in OSS-Fuzz")
-		case checker.FuzzerNameGoBuiltin:
-			return checker.CreateMaxScoreResult(name, "project is fuzzed using Golang's fuzzing")
-		}
+	for i := range r.Fuzzers {
+		fuzzer := r.Fuzzers[i]
+		return checker.CreateMaxScoreResult(name,
+			fmt.Sprintf("project is fuzzed with %s", fuzzer.Name))
 	}

 	return checker.CreateMinScoreResult(name, "project is not fuzzed")
--- a/checks/raw/dependency_update_tool.go
+++ b/checks/raw/dependency_update_tool.go
@ -49,14 +49,12 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
 	case ".github/dependabot.yml", ".github/dependabot.yaml":
 		*ptools = append(*ptools, checker.Tool{
 			Name: "Dependabot",
-			URL:  "https://github.com/dependabot",
-			Desc: "Automated dependency updates built into GitHub",
-			ConfigFiles: []checker.File{
-				{
-					Path:   name,
-					Type:   checker.FileTypeSource,
-					Offset: checker.OffsetDefault,
-				},
+			URL:  asPointer("https://github.com/dependabot"),
+			Desc: asPointer("Automated dependency updates built into GitHub"),
+			File: &checker.File{
+				Path:   name,
+				Type:   checker.FileTypeSource,
+				Offset: checker.OffsetDefault,
 			},
 		})

@ -65,14 +63,12 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
 		"renovate.json5", ".renovaterc":
 		*ptools = append(*ptools, checker.Tool{
 			Name: "Renovabot",
-			URL:  "https://github.com/renovatebot/renovate",
-			Desc: "Automated dependency updates. Multi-platform and multi-language.",
-			ConfigFiles: []checker.File{
-				{
-					Path:   name,
-					Type:   checker.FileTypeSource,
-					Offset: checker.OffsetDefault,
-				},
+			URL:  asPointer("https://github.com/renovatebot/renovate"),
+			Desc: asPointer("Automated dependency updates. Multi-platform and multi-language."),
+			File: &checker.File{
+				Path:   name,
+				Type:   checker.FileTypeSource,
+				Offset: checker.OffsetDefault,
 			},
 		})
 	default:
@ -83,3 +79,7 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
 	// We found a file, no need to continue iterating.
 	return false, nil
 }
+
+func asPointer(s string) *string {
+	return &s
+}
--- a/checks/raw/fuzzing.go
+++ b/checks/raw/fuzzing.go
@ -25,13 +25,20 @@ import (

 // Fuzzing runs Fuzzing check.
 func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
-	var fuzzers []checker.Fuzzer
+	var fuzzers []checker.Tool
 	usingCFLite, e := checkCFLite(c)
 	if e != nil {
 		return checker.FuzzingData{}, fmt.Errorf("%w", e)
 	}
 	if usingCFLite {
-		fuzzers = append(fuzzers, checker.Fuzzer{Name: checker.FuzzerNameCIFuzz})
+		fuzzers = append(fuzzers,
+			checker.Tool{
+				Name: "ClusterFuzzLite",
+				URL:  asPointer("https://github.com/google/clusterfuzzlite"),
+				Desc: asPointer("continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows"),
+				// TODO: File.
+			},
+		)
 	}

 	usingOSSFuzz, e := checkOSSFuzz(c)
@ -39,7 +46,14 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
 		return checker.FuzzingData{}, fmt.Errorf("%w", e)
 	}
 	if usingOSSFuzz {
-		fuzzers = append(fuzzers, checker.Fuzzer{Name: checker.FuzzerNameOSSFuzz})
+		fuzzers = append(fuzzers,
+			checker.Tool{
+				Name: "OSS-Fuzz",
+				URL:  asPointer("https://github.com/google/oss-fuzz"),
+				Desc: asPointer("Continuous Fuzzing for Open Source Software"),
+				// TODO: File.
+			},
+		)
 	}

 	return checker.FuzzingData{Fuzzers: fuzzers}, nil
--- a/cron/format/json_raw_results.go
+++ b/cron/format/json_raw_results.go
@ -40,10 +40,10 @@ type jsonFile struct {
 }

 type jsonTool struct {
-	Name        string     `json:"name"`
-	URL         string     `json:"url"`
-	Desc        string     `json:"desc"`
-	ConfigFiles []jsonFile `json:"files"`
+	URL  *string   `json:"url"`
+	Desc *string   `json:"desc"`
+	File *jsonFile `json:"file"`
+	Name string    `json:"name"`
 	// TODO: Runs, Issues, Merge requests.
 }

@ -201,20 +201,17 @@ func addDependencyUpdateToolRawResults(r *jsonScorecardRawResult,
 	r.Results.DependencyUpdateTools = []jsonTool{}
 	for i := range dut.Tools {
 		t := dut.Tools[i]
-		offset := len(r.Results.DependencyUpdateTools)
-		r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jsonTool{
+		jt := jsonTool{
 			Name: t.Name,
 			URL:  t.URL,
 			Desc: t.Desc,
-		})
-		for _, f := range t.ConfigFiles {
-			r.Results.DependencyUpdateTools[offset].ConfigFiles = append(
-				r.Results.DependencyUpdateTools[offset].ConfigFiles,
-				jsonFile{
-					Path: f.Path,
-				},
-			)
 		}
+		if t.File != nil {
+			jt.File = &jsonFile{
+				Path: t.File.Path,
+			}
+		}
+		r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt)
 	}
 	return nil
 }
--- a/pkg/json_raw_results.go
+++ b/pkg/json_raw_results.go
@ -44,10 +44,11 @@ type jsonFile struct {
 }

 type jsonTool struct {
-	Name        string     `json:"name"`
-	URL         string     `json:"url"`
-	Desc        string     `json:"desc"`
-	ConfigFiles []jsonFile `json:"files"`
+	URL  *string          `json:"url"`
+	Desc *string          `json:"desc"`
+	Job  *jsonWorkflowJob `json:"job,omitempty"`
+	File *jsonFile        `json:"file,omitempty"`
+	Name string           `json:"name"`
 	// TODO: Runs, Issues, Merge requests.
 }

@ -176,13 +177,6 @@ type jsonWorkflowJob struct {
 	ID   *string `json:"id"`
 }

-type jsonFuzzer struct {
-	Job  *jsonWorkflowJob `json:"job,omitempty"`
-	File *jsonFile        `json:"file,omitempty"`
-	Name string           `json:"name"`
-	// TODO: (#1933)
-}
-
 //nolint
 type jsonRawResults struct {
 	// Workflow results.
@ -214,24 +208,11 @@ type jsonRawResults struct {
 	// Archived status of the repo.
 	ArchivedStatus jsonArchivedStatus `json:"archived"`
 	// Fuzzers.
-	Fuzzers []jsonFuzzer `json:"fuzzers"`
+	Fuzzers []jsonTool `json:"fuzzers"`
 	// Releases.
 	Releases []jsonRelease `json:"releases"`
 }

-//nolint:unparam
-func (r *jsonScorecardRawResult) addFuzzingRawResults(fd *checker.FuzzingData) error {
-	r.Results.Fuzzers = []jsonFuzzer{}
-	for _, f := range fd.Fuzzers {
-		fuzzer := jsonFuzzer{
-			// TODO: Job, File, Coverage.
-			Name: string(f.Name),
-		}
-		r.Results.Fuzzers = append(r.Results.Fuzzers, fuzzer)
-	}
-	return nil
-}
-
 //nolint:unparam
 func (r *jsonScorecardRawResult) addDangerousWorkflowRawResults(df *checker.DangerousWorkflowData) error {
 	r.Results.Workflows = []jsonWorkflow{}
@ -471,25 +452,42 @@ func (r *jsonScorecardRawResult) addSecurityPolicyRawResults(sp *checker.Securit
 	return nil
 }

+//nolint:unparam
+func (r *jsonScorecardRawResult) addFuzzingRawResults(fd *checker.FuzzingData) error {
+	r.Results.Fuzzers = []jsonTool{}
+	for i := range fd.Fuzzers {
+		f := fd.Fuzzers[i]
+		jt := jsonTool{
+			Name: f.Name,
+			URL:  f.URL,
+			Desc: f.Desc,
+		}
+		if f.File != nil {
+			jt.File = &jsonFile{
+				Path: f.File.Path,
+			}
+		}
+		r.Results.Fuzzers = append(r.Results.Fuzzers, jt)
+	}
+	return nil
+}
+
 //nolint:unparam
 func (r *jsonScorecardRawResult) addDependencyUpdateToolRawResults(dut *checker.DependencyUpdateToolData) error {
 	r.Results.DependencyUpdateTools = []jsonTool{}
 	for i := range dut.Tools {
 		t := dut.Tools[i]
-		offset := len(r.Results.DependencyUpdateTools)
-		r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jsonTool{
+		jt := jsonTool{
 			Name: t.Name,
 			URL:  t.URL,
 			Desc: t.Desc,
-		})
-		for _, f := range t.ConfigFiles {
-			r.Results.DependencyUpdateTools[offset].ConfigFiles = append(
-				r.Results.DependencyUpdateTools[offset].ConfigFiles,
-				jsonFile{
-					Path: f.Path,
-				},
-			)
 		}
+		if t.File != nil {
+			jt.File = &jsonFile{
+				Path: t.File.Path,
+			}
+		}
+		r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt)
 	}
 	return nil
 }