mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
✨ Update message for org-level security policy files (#1939)
* modified checks/evaluation/security_policy.go (issue #1908) * issue #1908 fixing temp save 05202022 * issue #1908 bug fixes * debug comments deletion * minor midifications * temp save 0524-1 * temp save 0524-2 * bug fix #1908 * bug fix #1908 (2) * bug fix #1908 (3) * #1908 * merge from upstream/main & minor changes * minor changes -2 * Update security_policy.go * Update security_policy.go * Update security_policy.go (linter error fix) Co-authored-by: Aiden Wang <aidenwang@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
This commit is contained in:
parent
d1714a289a
commit
3e2c0fa1f8
@ -28,6 +28,7 @@ func SecurityPolicy(name string, dl checker.DetailLogger, r *checker.SecurityPol
|
||||
|
||||
// Apply the policy evaluation.
|
||||
if r.Files == nil || len(r.Files) == 0 {
|
||||
// If the file is null or has zero lengths, directly return as not detected.
|
||||
return checker.CreateMinScoreResult(name, "security policy file not detected")
|
||||
}
|
||||
|
||||
@ -39,11 +40,11 @@ func SecurityPolicy(name string, dl checker.DetailLogger, r *checker.SecurityPol
|
||||
}
|
||||
if msg.Type == checker.FileTypeURL {
|
||||
msg.Text = "security policy detected in org repo"
|
||||
|
||||
} else {
|
||||
msg.Text = "security policy detected"
|
||||
msg.Text = "security policy detected in current repo"
|
||||
}
|
||||
dl.Info(&msg)
|
||||
}
|
||||
|
||||
return checker.CreateMaxScoreResult(name, "security policy file detected")
|
||||
}
|
||||
|
@ -74,7 +74,7 @@ func TestSecurityPolicy(t *testing.T) {
|
||||
{
|
||||
name: "test_security_policy_4",
|
||||
args: args{
|
||||
name: "test_security_policy_3",
|
||||
name: "test_security_policy_4",
|
||||
r: &checker.SecurityPolicyData{
|
||||
Files: []checker.File{
|
||||
{
|
||||
|
@ -17,6 +17,7 @@ package raw
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"path"
|
||||
"strings"
|
||||
|
||||
"github.com/ossf/scorecard/v4/checker"
|
||||
@ -27,17 +28,24 @@ import (
|
||||
"github.com/ossf/scorecard/v4/log"
|
||||
)
|
||||
|
||||
type securityPolicyFilesWithURI struct {
|
||||
uri string
|
||||
files []checker.File
|
||||
}
|
||||
|
||||
// SecurityPolicy checks for presence of security policy.
|
||||
func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error) {
|
||||
files := make([]checker.File, 0)
|
||||
err := fileparser.OnAllFilesDo(c.RepoClient, isSecurityPolicyFile, &files)
|
||||
data := securityPolicyFilesWithURI{
|
||||
uri: "",
|
||||
files: make([]checker.File, 0),
|
||||
}
|
||||
err := fileparser.OnAllFilesDo(c.RepoClient, isSecurityPolicyFile, &data)
|
||||
if err != nil {
|
||||
return checker.SecurityPolicyData{}, err
|
||||
}
|
||||
|
||||
// If we found files in the repo, return immediately.
|
||||
if len(files) > 0 {
|
||||
return checker.SecurityPolicyData{Files: files}, nil
|
||||
if len(data.files) > 0 {
|
||||
return checker.SecurityPolicyData{Files: data.files}, nil
|
||||
}
|
||||
|
||||
// Check if present in parent org.
|
||||
@ -49,8 +57,8 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error)
|
||||
switch {
|
||||
case err == nil:
|
||||
defer dotGitHubClient.Close()
|
||||
|
||||
err = fileparser.OnAllFilesDo(dotGitHubClient, isSecurityPolicyFile, &files)
|
||||
data.uri = dotGitHubClient.URI()
|
||||
err = fileparser.OnAllFilesDo(dotGitHubClient, isSecurityPolicyFile, &data)
|
||||
if err != nil {
|
||||
return checker.SecurityPolicyData{}, err
|
||||
}
|
||||
@ -62,7 +70,7 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error)
|
||||
}
|
||||
|
||||
// Return raw results.
|
||||
return checker.SecurityPolicyData{Files: files}, nil
|
||||
return checker.SecurityPolicyData{Files: data.files}, nil
|
||||
}
|
||||
|
||||
// Check repository for repository-specific policy.
|
||||
@ -71,14 +79,20 @@ var isSecurityPolicyFile fileparser.DoWhileTrueOnFilename = func(name string, ar
|
||||
if len(args) != 1 {
|
||||
return false, fmt.Errorf("isSecurityPolicyFile requires exactly one argument: %w", errInvalidArgLength)
|
||||
}
|
||||
pfiles, ok := args[0].(*[]checker.File)
|
||||
pdata, ok := args[0].(*securityPolicyFilesWithURI)
|
||||
if !ok {
|
||||
return false, fmt.Errorf("isSecurityPolicyFile expects arg of type: *[]checker.File: %w", errInvalidArgType)
|
||||
return false, fmt.Errorf("invalid arg type: %w", errInvalidArgType)
|
||||
}
|
||||
if isSecurityPolicyFilename(name) {
|
||||
*pfiles = append(*pfiles, checker.File{
|
||||
Path: name,
|
||||
Type: checker.FileTypeSource,
|
||||
tempPath := name
|
||||
tempType := checker.FileTypeSource
|
||||
if pdata.uri != "" {
|
||||
tempPath = path.Join(pdata.uri, tempPath)
|
||||
tempType = checker.FileTypeURL
|
||||
}
|
||||
pdata.files = append(pdata.files, checker.File{
|
||||
Path: tempPath,
|
||||
Type: tempType,
|
||||
Offset: checker.OffsetDefault,
|
||||
})
|
||||
return false, nil
|
||||
|
@ -113,6 +113,16 @@ func TestSecurityPolicy(t *testing.T) {
|
||||
NumberOfInfo: 1,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "Pass Case: Case-insensitive testing",
|
||||
files: []string{
|
||||
"dOCs/SeCuRIty.rsT",
|
||||
},
|
||||
want: scut.TestReturn{
|
||||
Score: 10,
|
||||
NumberOfInfo: 1,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
|
Loading…
Reference in New Issue
Block a user