ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-11-05 05:17:00 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

🌱 Remove dead code

Browse Source 
Remove dead code which isn't being used.
This commit is contained in:
naveen 2022-01-28 17:47:49 +00:00 committed by Naveen
parent 4c266d7192
commit 70afae8b8f
1 changed files with 0 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
checks/pinned_dependencies.go
View File

@ -658,54 +658,3 @@ func addWorkflowPinnedResult(w *worklowPinningResult, to, isGitHub bool) {
addPinnedResult(&w.thirdParties, to)
}
}
// Check presence of lock files thru validatePackageManagerFile().
//nolint:unused,deadcode
func isPackageManagerLockFilePresent(c *checker.CheckRequest) (int, error) {
var r pinnedResult
err := fileparser.CheckIfFileExists(c, validatePackageManagerFile, &r)
if err != nil {
return checker.InconclusiveResultScore, fmt.Errorf("%w", err)
}
if r != pinned {
c.Dlogger.Warn("no lock files detected for a package manager")
return checker.InconclusiveResultScore, nil
}
return checker.MaxResultScore, nil
}
// validatePackageManagerFile will validate the if frozen dependecies file name exists.
// TODO(laurent): need to differentiate between libraries and programs.
// TODO(laurent): handle multi-language repos.
//nolint:unused
func validatePackageManagerFile(name string, dl checker.DetailLogger, data fileparser.FileCbData) (bool, error) {
switch strings.ToLower(name) {
// TODO(laurent): "go.mod" is for libraries
default:
return true, nil
case "go.sum":
dl.Info("go lock file detected: %s", name)
case "vendor/", "third_party/", "third-party/":
dl.Info("vendoring detected in: %s", name)
case "package-lock.json", "npm-shrinkwrap.json":
dl.Info("javascript lock file detected: %s", name)
// TODO(laurent): add check for hashbased pinning in requirements.txt - https://davidwalsh.name/hashin
// Note: because requirements.txt does not handle transitive dependencies, we consider it
// not a lock file, until we have remediation steps for pip-build.
case "pipfile.lock":
dl.Info("python lock file detected: %s", name)
case "gemfile.lock":
dl.Info("ruby lock file detected: %s", name)
case "cargo.lock":
dl.Info("rust lock file detected: %s", name)
case "yarn.lock":
dl.Info("yarn lock file detected: %s", name)
case "composer.lock":
dl.Info("composer lock file detected: %s", name)
}
pdata := dataAsResultPointer(data)
addPinnedResult(pdata, true)
return false, nil
}