mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
parent
af7f865b9d
commit
2fc48e3b38
@ -36,28 +36,9 @@ type RawResults struct {
|
|||||||
LicenseResults LicenseData
|
LicenseResults LicenseData
|
||||||
}
|
}
|
||||||
|
|
||||||
// FuzzerName represents a fuzzing service.
|
|
||||||
type FuzzerName string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// FuzzerNameCIFuzz is CIFuzz.
|
|
||||||
FuzzerNameCIFuzz FuzzerName = "CIFuzz"
|
|
||||||
// FuzzerNameOSSFuzz is OSSFuzz.
|
|
||||||
FuzzerNameOSSFuzz FuzzerName = "OSSFuzz"
|
|
||||||
// FuzzerNameGoBuiltin is the built-in Go fuzzer.
|
|
||||||
FuzzerNameGoBuiltin FuzzerName = "GoFuzzer"
|
|
||||||
)
|
|
||||||
|
|
||||||
// FuzzingData represents different fuzzing done.
|
// FuzzingData represents different fuzzing done.
|
||||||
type FuzzingData struct {
|
type FuzzingData struct {
|
||||||
Fuzzers []Fuzzer
|
Fuzzers []Tool
|
||||||
}
|
|
||||||
|
|
||||||
// Fuzzer represent the use of a fuzzer.
|
|
||||||
type Fuzzer struct {
|
|
||||||
Name FuzzerName
|
|
||||||
// TODO: CodeCoverage.
|
|
||||||
// TODO: (#1933)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// MaintainedData contains the raw results
|
// MaintainedData contains the raw results
|
||||||
@ -161,16 +142,18 @@ type BranchProtectionData struct {
|
|||||||
|
|
||||||
// Tool represents a tool.
|
// Tool represents a tool.
|
||||||
type Tool struct {
|
type Tool struct {
|
||||||
|
URL *string
|
||||||
|
Desc *string
|
||||||
|
File *File
|
||||||
|
Name string
|
||||||
// Runs of the tool.
|
// Runs of the tool.
|
||||||
Runs []Run
|
Runs []Run
|
||||||
// Issues created by the tool.
|
// Issues created by the tool.
|
||||||
Issues []Issue
|
Issues []Issue
|
||||||
// Merge requests created by the tool.
|
// Merge requests created by the tool.
|
||||||
MergeRequests []MergeRequest
|
MergeRequests []MergeRequest
|
||||||
Name string
|
|
||||||
URL string
|
// TODO: CodeCoverage, jsonWorkflowJob.
|
||||||
Desc string
|
|
||||||
ConfigFiles []File
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Run represents a run.
|
// Run represents a run.
|
||||||
|
@ -49,18 +49,17 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger,
|
|||||||
return checker.CreateRuntimeErrorResult(name, e)
|
return checker.CreateRuntimeErrorResult(name, e)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(r.Tools[0].ConfigFiles) != 1 {
|
if r.Tools[0].File == nil {
|
||||||
e := sce.WithMessage(sce.ErrScorecardInternal,
|
e := sce.WithMessage(sce.ErrScorecardInternal, "File is nil")
|
||||||
fmt.Sprintf("found %d config files, expected 1", len(r.Tools[0].ConfigFiles)))
|
|
||||||
return checker.CreateRuntimeErrorResult(name, e)
|
return checker.CreateRuntimeErrorResult(name, e)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Note: only one file per tool is present,
|
// Note: only one file per tool is present,
|
||||||
// so we do not iterate thru all entries.
|
// so we do not iterate thru all entries.
|
||||||
dl.Info(&checker.LogMessage{
|
dl.Info(&checker.LogMessage{
|
||||||
Path: r.Tools[0].ConfigFiles[0].Path,
|
Path: r.Tools[0].File.Path,
|
||||||
Type: r.Tools[0].ConfigFiles[0].Type,
|
Type: r.Tools[0].File.Type,
|
||||||
Offset: r.Tools[0].ConfigFiles[0].Offset,
|
Offset: r.Tools[0].File.Offset,
|
||||||
Text: fmt.Sprintf("%s detected", r.Tools[0].Name),
|
Text: fmt.Sprintf("%s detected", r.Tools[0].Name),
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -88,16 +88,14 @@ func TestDependencyUpdateTool(t *testing.T) {
|
|||||||
Tools: []checker.Tool{
|
Tools: []checker.Tool{
|
||||||
{
|
{
|
||||||
Name: "DependencyUpdateTool",
|
Name: "DependencyUpdateTool",
|
||||||
ConfigFiles: []checker.File{
|
File: &checker.File{
|
||||||
{
|
Path: "/etc/dependency-update-tool.conf",
|
||||||
Path: "/etc/dependency-update-tool.conf",
|
Snippet: `
|
||||||
Snippet: `
|
|
||||||
[dependency-update-tool]
|
[dependency-update-tool]
|
||||||
enabled = true
|
enabled = true
|
||||||
`,
|
`,
|
||||||
Offset: 0,
|
Offset: 0,
|
||||||
Type: 0,
|
Type: 0,
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -15,6 +15,8 @@
|
|||||||
package evaluation
|
package evaluation
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
"github.com/ossf/scorecard/v4/checker"
|
"github.com/ossf/scorecard/v4/checker"
|
||||||
sce "github.com/ossf/scorecard/v4/errors"
|
sce "github.com/ossf/scorecard/v4/errors"
|
||||||
)
|
)
|
||||||
@ -28,15 +30,10 @@ func Fuzzing(name string, dl checker.DetailLogger,
|
|||||||
return checker.CreateRuntimeErrorResult(name, e)
|
return checker.CreateRuntimeErrorResult(name, e)
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, fuzzer := range r.Fuzzers {
|
for i := range r.Fuzzers {
|
||||||
switch fuzzer.Name {
|
fuzzer := r.Fuzzers[i]
|
||||||
case checker.FuzzerNameCIFuzz:
|
return checker.CreateMaxScoreResult(name,
|
||||||
return checker.CreateMaxScoreResult(name, "project uses ClusterFuzzLite")
|
fmt.Sprintf("project is fuzzed with %s", fuzzer.Name))
|
||||||
case checker.FuzzerNameOSSFuzz:
|
|
||||||
return checker.CreateMaxScoreResult(name, "project is fuzzed in OSS-Fuzz")
|
|
||||||
case checker.FuzzerNameGoBuiltin:
|
|
||||||
return checker.CreateMaxScoreResult(name, "project is fuzzed using Golang's fuzzing")
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return checker.CreateMinScoreResult(name, "project is not fuzzed")
|
return checker.CreateMinScoreResult(name, "project is not fuzzed")
|
||||||
|
@ -49,14 +49,12 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
|
|||||||
case ".github/dependabot.yml", ".github/dependabot.yaml":
|
case ".github/dependabot.yml", ".github/dependabot.yaml":
|
||||||
*ptools = append(*ptools, checker.Tool{
|
*ptools = append(*ptools, checker.Tool{
|
||||||
Name: "Dependabot",
|
Name: "Dependabot",
|
||||||
URL: "https://github.com/dependabot",
|
URL: asPointer("https://github.com/dependabot"),
|
||||||
Desc: "Automated dependency updates built into GitHub",
|
Desc: asPointer("Automated dependency updates built into GitHub"),
|
||||||
ConfigFiles: []checker.File{
|
File: &checker.File{
|
||||||
{
|
Path: name,
|
||||||
Path: name,
|
Type: checker.FileTypeSource,
|
||||||
Type: checker.FileTypeSource,
|
Offset: checker.OffsetDefault,
|
||||||
Offset: checker.OffsetDefault,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
@ -65,14 +63,12 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
|
|||||||
"renovate.json5", ".renovaterc":
|
"renovate.json5", ".renovaterc":
|
||||||
*ptools = append(*ptools, checker.Tool{
|
*ptools = append(*ptools, checker.Tool{
|
||||||
Name: "Renovabot",
|
Name: "Renovabot",
|
||||||
URL: "https://github.com/renovatebot/renovate",
|
URL: asPointer("https://github.com/renovatebot/renovate"),
|
||||||
Desc: "Automated dependency updates. Multi-platform and multi-language.",
|
Desc: asPointer("Automated dependency updates. Multi-platform and multi-language."),
|
||||||
ConfigFiles: []checker.File{
|
File: &checker.File{
|
||||||
{
|
Path: name,
|
||||||
Path: name,
|
Type: checker.FileTypeSource,
|
||||||
Type: checker.FileTypeSource,
|
Offset: checker.OffsetDefault,
|
||||||
Offset: checker.OffsetDefault,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
default:
|
default:
|
||||||
@ -83,3 +79,7 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
|
|||||||
// We found a file, no need to continue iterating.
|
// We found a file, no need to continue iterating.
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func asPointer(s string) *string {
|
||||||
|
return &s
|
||||||
|
}
|
||||||
|
@ -25,13 +25,20 @@ import (
|
|||||||
|
|
||||||
// Fuzzing runs Fuzzing check.
|
// Fuzzing runs Fuzzing check.
|
||||||
func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
|
func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
|
||||||
var fuzzers []checker.Fuzzer
|
var fuzzers []checker.Tool
|
||||||
usingCFLite, e := checkCFLite(c)
|
usingCFLite, e := checkCFLite(c)
|
||||||
if e != nil {
|
if e != nil {
|
||||||
return checker.FuzzingData{}, fmt.Errorf("%w", e)
|
return checker.FuzzingData{}, fmt.Errorf("%w", e)
|
||||||
}
|
}
|
||||||
if usingCFLite {
|
if usingCFLite {
|
||||||
fuzzers = append(fuzzers, checker.Fuzzer{Name: checker.FuzzerNameCIFuzz})
|
fuzzers = append(fuzzers,
|
||||||
|
checker.Tool{
|
||||||
|
Name: "ClusterFuzzLite",
|
||||||
|
URL: asPointer("https://github.com/google/clusterfuzzlite"),
|
||||||
|
Desc: asPointer("continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows"),
|
||||||
|
// TODO: File.
|
||||||
|
},
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
usingOSSFuzz, e := checkOSSFuzz(c)
|
usingOSSFuzz, e := checkOSSFuzz(c)
|
||||||
@ -39,7 +46,14 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
|
|||||||
return checker.FuzzingData{}, fmt.Errorf("%w", e)
|
return checker.FuzzingData{}, fmt.Errorf("%w", e)
|
||||||
}
|
}
|
||||||
if usingOSSFuzz {
|
if usingOSSFuzz {
|
||||||
fuzzers = append(fuzzers, checker.Fuzzer{Name: checker.FuzzerNameOSSFuzz})
|
fuzzers = append(fuzzers,
|
||||||
|
checker.Tool{
|
||||||
|
Name: "OSS-Fuzz",
|
||||||
|
URL: asPointer("https://github.com/google/oss-fuzz"),
|
||||||
|
Desc: asPointer("Continuous Fuzzing for Open Source Software"),
|
||||||
|
// TODO: File.
|
||||||
|
},
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
return checker.FuzzingData{Fuzzers: fuzzers}, nil
|
return checker.FuzzingData{Fuzzers: fuzzers}, nil
|
||||||
|
@ -40,10 +40,10 @@ type jsonFile struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type jsonTool struct {
|
type jsonTool struct {
|
||||||
Name string `json:"name"`
|
URL *string `json:"url"`
|
||||||
URL string `json:"url"`
|
Desc *string `json:"desc"`
|
||||||
Desc string `json:"desc"`
|
File *jsonFile `json:"file"`
|
||||||
ConfigFiles []jsonFile `json:"files"`
|
Name string `json:"name"`
|
||||||
// TODO: Runs, Issues, Merge requests.
|
// TODO: Runs, Issues, Merge requests.
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -201,20 +201,17 @@ func addDependencyUpdateToolRawResults(r *jsonScorecardRawResult,
|
|||||||
r.Results.DependencyUpdateTools = []jsonTool{}
|
r.Results.DependencyUpdateTools = []jsonTool{}
|
||||||
for i := range dut.Tools {
|
for i := range dut.Tools {
|
||||||
t := dut.Tools[i]
|
t := dut.Tools[i]
|
||||||
offset := len(r.Results.DependencyUpdateTools)
|
jt := jsonTool{
|
||||||
r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jsonTool{
|
|
||||||
Name: t.Name,
|
Name: t.Name,
|
||||||
URL: t.URL,
|
URL: t.URL,
|
||||||
Desc: t.Desc,
|
Desc: t.Desc,
|
||||||
})
|
|
||||||
for _, f := range t.ConfigFiles {
|
|
||||||
r.Results.DependencyUpdateTools[offset].ConfigFiles = append(
|
|
||||||
r.Results.DependencyUpdateTools[offset].ConfigFiles,
|
|
||||||
jsonFile{
|
|
||||||
Path: f.Path,
|
|
||||||
},
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
if t.File != nil {
|
||||||
|
jt.File = &jsonFile{
|
||||||
|
Path: t.File.Path,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -44,10 +44,11 @@ type jsonFile struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type jsonTool struct {
|
type jsonTool struct {
|
||||||
Name string `json:"name"`
|
URL *string `json:"url"`
|
||||||
URL string `json:"url"`
|
Desc *string `json:"desc"`
|
||||||
Desc string `json:"desc"`
|
Job *jsonWorkflowJob `json:"job,omitempty"`
|
||||||
ConfigFiles []jsonFile `json:"files"`
|
File *jsonFile `json:"file,omitempty"`
|
||||||
|
Name string `json:"name"`
|
||||||
// TODO: Runs, Issues, Merge requests.
|
// TODO: Runs, Issues, Merge requests.
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -176,13 +177,6 @@ type jsonWorkflowJob struct {
|
|||||||
ID *string `json:"id"`
|
ID *string `json:"id"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type jsonFuzzer struct {
|
|
||||||
Job *jsonWorkflowJob `json:"job,omitempty"`
|
|
||||||
File *jsonFile `json:"file,omitempty"`
|
|
||||||
Name string `json:"name"`
|
|
||||||
// TODO: (#1933)
|
|
||||||
}
|
|
||||||
|
|
||||||
//nolint
|
//nolint
|
||||||
type jsonRawResults struct {
|
type jsonRawResults struct {
|
||||||
// Workflow results.
|
// Workflow results.
|
||||||
@ -214,24 +208,11 @@ type jsonRawResults struct {
|
|||||||
// Archived status of the repo.
|
// Archived status of the repo.
|
||||||
ArchivedStatus jsonArchivedStatus `json:"archived"`
|
ArchivedStatus jsonArchivedStatus `json:"archived"`
|
||||||
// Fuzzers.
|
// Fuzzers.
|
||||||
Fuzzers []jsonFuzzer `json:"fuzzers"`
|
Fuzzers []jsonTool `json:"fuzzers"`
|
||||||
// Releases.
|
// Releases.
|
||||||
Releases []jsonRelease `json:"releases"`
|
Releases []jsonRelease `json:"releases"`
|
||||||
}
|
}
|
||||||
|
|
||||||
//nolint:unparam
|
|
||||||
func (r *jsonScorecardRawResult) addFuzzingRawResults(fd *checker.FuzzingData) error {
|
|
||||||
r.Results.Fuzzers = []jsonFuzzer{}
|
|
||||||
for _, f := range fd.Fuzzers {
|
|
||||||
fuzzer := jsonFuzzer{
|
|
||||||
// TODO: Job, File, Coverage.
|
|
||||||
Name: string(f.Name),
|
|
||||||
}
|
|
||||||
r.Results.Fuzzers = append(r.Results.Fuzzers, fuzzer)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
//nolint:unparam
|
//nolint:unparam
|
||||||
func (r *jsonScorecardRawResult) addDangerousWorkflowRawResults(df *checker.DangerousWorkflowData) error {
|
func (r *jsonScorecardRawResult) addDangerousWorkflowRawResults(df *checker.DangerousWorkflowData) error {
|
||||||
r.Results.Workflows = []jsonWorkflow{}
|
r.Results.Workflows = []jsonWorkflow{}
|
||||||
@ -471,25 +452,42 @@ func (r *jsonScorecardRawResult) addSecurityPolicyRawResults(sp *checker.Securit
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:unparam
|
||||||
|
func (r *jsonScorecardRawResult) addFuzzingRawResults(fd *checker.FuzzingData) error {
|
||||||
|
r.Results.Fuzzers = []jsonTool{}
|
||||||
|
for i := range fd.Fuzzers {
|
||||||
|
f := fd.Fuzzers[i]
|
||||||
|
jt := jsonTool{
|
||||||
|
Name: f.Name,
|
||||||
|
URL: f.URL,
|
||||||
|
Desc: f.Desc,
|
||||||
|
}
|
||||||
|
if f.File != nil {
|
||||||
|
jt.File = &jsonFile{
|
||||||
|
Path: f.File.Path,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
r.Results.Fuzzers = append(r.Results.Fuzzers, jt)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
//nolint:unparam
|
//nolint:unparam
|
||||||
func (r *jsonScorecardRawResult) addDependencyUpdateToolRawResults(dut *checker.DependencyUpdateToolData) error {
|
func (r *jsonScorecardRawResult) addDependencyUpdateToolRawResults(dut *checker.DependencyUpdateToolData) error {
|
||||||
r.Results.DependencyUpdateTools = []jsonTool{}
|
r.Results.DependencyUpdateTools = []jsonTool{}
|
||||||
for i := range dut.Tools {
|
for i := range dut.Tools {
|
||||||
t := dut.Tools[i]
|
t := dut.Tools[i]
|
||||||
offset := len(r.Results.DependencyUpdateTools)
|
jt := jsonTool{
|
||||||
r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jsonTool{
|
|
||||||
Name: t.Name,
|
Name: t.Name,
|
||||||
URL: t.URL,
|
URL: t.URL,
|
||||||
Desc: t.Desc,
|
Desc: t.Desc,
|
||||||
})
|
|
||||||
for _, f := range t.ConfigFiles {
|
|
||||||
r.Results.DependencyUpdateTools[offset].ConfigFiles = append(
|
|
||||||
r.Results.DependencyUpdateTools[offset].ConfigFiles,
|
|
||||||
jsonFile{
|
|
||||||
Path: f.Path,
|
|
||||||
},
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
if t.File != nil {
|
||||||
|
jt.File = &jsonFile{
|
||||||
|
Path: t.File.Path,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user