✨ Update message for org-level security policy files (#1939)

* modified checks/evaluation/security_policy.go (issue #1908) * issue #1908 fixing temp save 05202022 * issue #1908 bug fixes * debug comments deletion * minor midifications * temp save 0524-1 * temp save 0524-2 * bug fix #1908 * bug fix #1908 (2) * bug fix #1908 (3) * #1908 * merge from upstream/main & minor changes * minor changes -2 * Update security_policy.go * Update security_policy.go * Update security_policy.go (linter error fix) Co-authored-by: Aiden Wang <aidenwang@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2024-09-11 00:45:36 +03:00 · 2022-05-26 08:22:30 -07:00 · 2022-05-26 08:22:30 -07:00 · 3e2c0fa1f8
commit 3e2c0fa1f8
parent d1714a289a
4 changed files with 41 additions and 16 deletions
--- a/checks/evaluation/security_policy.go
+++ b/checks/evaluation/security_policy.go
@ -28,6 +28,7 @@ func SecurityPolicy(name string, dl checker.DetailLogger, r *checker.SecurityPol

 	// Apply the policy evaluation.
 	if r.Files == nil || len(r.Files) == 0 {
+		// If the file is null or has zero lengths, directly return as not detected.
 		return checker.CreateMinScoreResult(name, "security policy file not detected")
 	}

@ -39,11 +40,11 @@ func SecurityPolicy(name string, dl checker.DetailLogger, r *checker.SecurityPol
 		}
 		if msg.Type == checker.FileTypeURL {
 			msg.Text = "security policy detected in org repo"
+
 		} else {
-			msg.Text = "security policy detected"
+			msg.Text = "security policy detected in current repo"
 		}
 		dl.Info(&msg)
 	}
-
 	return checker.CreateMaxScoreResult(name, "security policy file detected")
 }
--- a/checks/evaluation/security_policy_test.go
+++ b/checks/evaluation/security_policy_test.go
@ -74,7 +74,7 @@ func TestSecurityPolicy(t *testing.T) {
 		{
 			name: "test_security_policy_4",
 			args: args{
-				name: "test_security_policy_3",
+				name: "test_security_policy_4",
 				r: &checker.SecurityPolicyData{
 					Files: []checker.File{
 						{
--- a/checks/raw/security_policy.go
+++ b/checks/raw/security_policy.go
@ -17,6 +17,7 @@ package raw
 import (
 	"errors"
 	"fmt"
+	"path"
 	"strings"

 	"github.com/ossf/scorecard/v4/checker"
@ -27,17 +28,24 @@ import (
 	"github.com/ossf/scorecard/v4/log"
 )

+type securityPolicyFilesWithURI struct {
+	uri   string
+	files []checker.File
+}
+
 // SecurityPolicy checks for presence of security policy.
 func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error) {
-	files := make([]checker.File, 0)
-	err := fileparser.OnAllFilesDo(c.RepoClient, isSecurityPolicyFile, &files)
+	data := securityPolicyFilesWithURI{
+		uri:   "",
+		files: make([]checker.File, 0),
+	}
+	err := fileparser.OnAllFilesDo(c.RepoClient, isSecurityPolicyFile, &data)
 	if err != nil {
 		return checker.SecurityPolicyData{}, err
 	}
-
 	// If we found files in the repo, return immediately.
-	if len(files) > 0 {
-		return checker.SecurityPolicyData{Files: files}, nil
+	if len(data.files) > 0 {
+		return checker.SecurityPolicyData{Files: data.files}, nil
 	}

 	// Check if present in parent org.
@ -49,8 +57,8 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error)
 	switch {
 	case err == nil:
 		defer dotGitHubClient.Close()
-
-		err = fileparser.OnAllFilesDo(dotGitHubClient, isSecurityPolicyFile, &files)
+		data.uri = dotGitHubClient.URI()
+		err = fileparser.OnAllFilesDo(dotGitHubClient, isSecurityPolicyFile, &data)
 		if err != nil {
 			return checker.SecurityPolicyData{}, err
 		}
@ -62,7 +70,7 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error)
 	}

 	// Return raw results.
-	return checker.SecurityPolicyData{Files: files}, nil
+	return checker.SecurityPolicyData{Files: data.files}, nil
 }

 // Check repository for repository-specific policy.
@ -71,14 +79,20 @@ var isSecurityPolicyFile fileparser.DoWhileTrueOnFilename = func(name string, ar
 	if len(args) != 1 {
 		return false, fmt.Errorf("isSecurityPolicyFile requires exactly one argument: %w", errInvalidArgLength)
 	}
-	pfiles, ok := args[0].(*[]checker.File)
+	pdata, ok := args[0].(*securityPolicyFilesWithURI)
 	if !ok {
-		return false, fmt.Errorf("isSecurityPolicyFile expects arg of type: *[]checker.File: %w", errInvalidArgType)
+		return false, fmt.Errorf("invalid arg type: %w", errInvalidArgType)
 	}
 	if isSecurityPolicyFilename(name) {
-		*pfiles = append(*pfiles, checker.File{
-			Path:   name,
-			Type:   checker.FileTypeSource,
+		tempPath := name
+		tempType := checker.FileTypeSource
+		if pdata.uri != "" {
+			tempPath = path.Join(pdata.uri, tempPath)
+			tempType = checker.FileTypeURL
+		}
+		pdata.files = append(pdata.files, checker.File{
+			Path:   tempPath,
+			Type:   tempType,
 			Offset: checker.OffsetDefault,
 		})
 		return false, nil
--- a/checks/security_policy_test.go
+++ b/checks/security_policy_test.go
@ -113,6 +113,16 @@ func TestSecurityPolicy(t *testing.T) {
 				NumberOfInfo: 1,
 			},
 		},
+		{
+			name: "Pass Case: Case-insensitive testing",
+			files: []string{
+				"dOCs/SeCuRIty.rsT",
+			},
+			want: scut.TestReturn{
+				Score:        10,
+				NumberOfInfo: 1,
+			},
+		},
 	}
 	for _, tt := range tests {
 		tt := tt