mirror of
https://github.com/ossf/scorecard.git
synced 2024-10-26 10:28:10 +03:00
✨ add --nuget package manager flag (#3020)
* add nuget package manager Signed-off-by: Avishay <avishay.balter@gmail.com> * fix pat test messages (#2987) * also fix pat tests Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0 Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.51.1 to 1.51.2. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang.org/x/tools from 0.9.0 to 0.9.1 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🐛 Update osv-scanner dependency to include Vulnerabilities check fixes (#2981) * Update osv-scanner dependency to include Vulnerabilities check fixes Signed-off-by: Laurent Savaëte <laurent@where.tf> * Run go mod tidy Signed-off-by: Laurent Savaëte <laurent@where.tf> --------- Signed-off-by: Laurent Savaëte <laurent@where.tf> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/docker/distribution in /tools (#2993) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Gitlab: e2e test fixes in main (#2992) * test secret chagnes Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update score Signed-off-by: Raghav Kaul <raghavkaul@google.com> * address cr comments Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Unit tests log/log.go (#2980) - Add unit tests for the log package - Add Apache License to log_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/cloudflare/circl in /tools (#2995) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.2.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ Add releasing workflow for semantic-release (#2989) Signed-off-by: Matt Travi <programmer@travi.org> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0 Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-verifier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934) * 🌱 Additional e2e clients/githubrepo/checkruns.go - Add `net/http` and `github.com/google/go-github/v38/github` imports - Add a test for `listCheckRunsForRef` with valid ref - Add a test for `listCheckRunsForRef` with invalid ref Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Based on code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some tweaks Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 E2E for clients/githubrepo/contributors.go (#2939) * 🌱 E2E for clients/githubrepo/contributors.go - Add an end-to-end test for `contributorsHandler` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed codereview comment. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 📖 Clarify that AI/ML doesn't count as human code review (#2953) * Clarify that AI/ML doesn't count as human code review Add this clarification per the Scorecards Zoom call meeting today (2023-05-04). Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> * Tweaked per review Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> --------- Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/controller Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/worker Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `31a8f92` to `685a22e` Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/webhook Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * Clarify AI/ML not human code review - in .yml file (#3012) This clarifies that AI/ML doesn't count as human code review. This was earlier done in #2953 but that didn't modify the relevant .yml file - this does. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Unit tests for checks/raw/maintained.go (#2996) - Add tests and checks for the `Maintained` function - Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump actions/setup-go from 4.0.0 to 4.0.1 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](4d34df0c23...fac708d667
) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump codecov/codecov-action from 3.1.3 to 3.1.4 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](894ff025c7...eaaf4bedf3
) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Unit tests for Policy.go (#3003) - Included tests for policy.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump sigstore/cosign-installer from 3.0.3 to 3.0.4 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](204a51a57a...03d0fecf17
) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/google/go-containerregistry (#3025) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.1 to 0.15.2. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Included e2e tests for push to main (#2951) - Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Included directories that don't require coverage (#3002) - Included directories that don't require coverage. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Unit tests for checks/raw/contributors.go (#2998) - Add tests and fix casing for Contributors function in checks/raw/contributors_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ GitLab: Code Review check (#2764) * Add GitLab support for Code-Review check Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Remove spurious printf Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Working commit Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> * e2e test Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update: test coverage Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * gitlab: license check (#2834) Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#3031) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/google/osv-scanner Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3-0.20230509011216-baae1796eeea to 1.3.3. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.3) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#3029) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](03d0fecf17...dd6b2e2b61
) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump arduino/setup-protoc from 1.1.2 to 1.2.0 Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.1.2 to 1.2.0. - [Release notes](https://github.com/arduino/setup-protoc/releases) - [Commits](64c0c85d18...4b3578161e
) --- updated-dependencies: - dependency-name: arduino/setup-protoc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ Add support for github GHES (#2999) * ✨ adding support for github GHES Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: lint and cleanup Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: flaky test Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: address missing host Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: lint error Signed-off-by: Niket Patel <patelniket@gmail.com> * 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934) * 🌱 Additional e2e clients/githubrepo/checkruns.go - Add `net/http` and `github.com/google/go-github/v38/github` imports - Add a test for `listCheckRunsForRef` with valid ref - Add a test for `listCheckRunsForRef` with invalid ref Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Based on code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some tweaks Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel <patelniket@gmail.com> * 🌱 E2E for clients/githubrepo/contributors.go (#2939) * 🌱 E2E for clients/githubrepo/contributors.go - Add an end-to-end test for `contributorsHandler` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed codereview comment. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel <patelniket@gmail.com> * chore: add GHES instructions Signed-off-by: Niket Patel <patelniket@gmail.com> * refact: use test setenv Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: corp unit test Signed-off-by: Niket Patel <patelniket@gmail.com> --------- Signed-off-by: Niket Patel <patelniket@gmail.com> Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel <patelniketm@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * Change Facilitators to Maintainers (#3039) Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS. Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder. Signed-off-by: Jeff Mendoza <jlm@jlm.name> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🐛 Gitlab: Commit/Commitor Exceptions (#3026) * feat: Added paging for contributor/users against gitlab projects Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * refactor: Updated the bot flag for unmatched users Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * fix: Not all commit users are in the git registry instance Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * fix: Skipping check if the email is empty, as well as if the "email" doesn't contain a "." char. Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * fix: Updated to allow for commits with PRs to be accounted/added to the client.commits Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * refactor: Updated to prevent linting issue regarding nested if's Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * test: Adding coverage for commits and contributors for gitlab Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * refactor: Moved queries from the client to their own functions Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * bug: Need to pass the ProjectID value to the contributor query Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * bug: Updating project title versus projectID values for api querying Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * test: Updated tests to match expected property set for projectID Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * revert: Reverted based on feedback during review Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> --------- Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#3040) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 📖 Make all StepSecurity app endpoint references consistent (#3042) Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io> Signed-off-by: Avishay <avishay.balter@gmail.com> * 📖 Update checks.md to show the benefit of >=2 reviewers (#3013) * Update checks.yaml instead of cehcks.md Signed-off-by: Joyce <joycebrum@google.com> * feat: generate checks.md Signed-off-by: Joyce Brum <joycebrum@google.com> --------- Signed-off-by: Joyce <joycebrum@google.com> Signed-off-by: Joyce Brum <joycebrum@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Improve workflow pinning remediation tests (#3021) - Add 3 tests for workflow pinning remediation [remediation/remediations_test.go] - Add 3 tests for workflow pinning remediation Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 E2E tests for clients/githubrepo/languages_e2e_test.go (#3000) * 🌱 E2E tests for clients/githubrepo/languages_e2e_test.go - Included e2e tests for clients/githubrepo/languages_e2e_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed the token type check. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Unit tests for pkg/json_raw_results (#3044) * 🌱 Unit tests for pkg/json_raw_results.go - Unit tests for pkg/json_raw_results.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Additional tests Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ [experimental] Add probe code and support for Tool-Update-Dependency (#2944) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * add zoom link and agenda link (#3050) Signed-off-by: Amanda L Martin <hythloda@gmail.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Run E2E PAT test for push to main (#3046) - Add E2E PAT tests for push to main. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * Update main.yml (#3054) -Fixed the YAML indenting issue. Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * only run e2e pat on push (#3056) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#3057) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 📖 👻 fix anchor link to the code review section (#3058) * fix anchor link to code-review in checks.yaml Signed-off-by: dasfreak <dasfreak@users.noreply.github.com> Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com> * generate checks.md Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com> --------- Signed-off-by: dasfreak <dasfreak@users.noreply.github.com> Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🐛 Gitlab: Tests (#3027) * fix tests Signed-off-by: Raghav Kaul <raghavkaul@google.com> * use projectID instead of project where applicable Signed-off-by: Raghav Kaul <raghavkaul@google.com> * pass ref as listcommitoption Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update tests * CI-Tests: check if score > 0. pull request client is limited and can't go back to arbitrary pull requests. CI-Tests don't run on forks, so this can't be pinned either. But, for active repositories, we typically expect *some* tests to be run Signed-off-by: Raghav Kaul <raghavkaul@google.com> * fix commitshandler commitSHA tests Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update tests Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/goreleaser/nfpm/v2 in /tools (#3060) Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from 2.28.0 to 2.29.0. - [Release notes](https://github.com/goreleaser/nfpm/releases) - [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml) - [Commits](https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0) --- updated-dependencies: - dependency-name: github.com/goreleaser/nfpm/v2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ Gitlab: Add projects to cron (#2936) * cron: add gitlab projects * support gitlab client * simplify gitlab detection Signed-off-by: Raghav Kaul <raghavkaul@google.com> * fix MakeGitlabRepo * shortcut when repo url is github.com * fixes add-projects, validate-projects Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Move gitlab repos to release controller Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add csv headers Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Use gitlab.WithBaseURL Signed-off-by: Raghav Kaul <raghavkaul@google.com> * formatting & logging Signed-off-by: Raghav Kaul <raghavkaul@google.com> * remove spurious test Signed-off-by: Raghav Kaul <raghavkaul@google.com> * consolidate logic Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Turn on experimental flag Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add projects Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Update client Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Simplify caching in docker workflow (#3061) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github/codeql-action from 2.3.3 to 2.3.4 (#3064) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](29b1f65c5e...f0e3dfb303
) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump cloud.google.com/go/pubsub from 1.30.1 to 1.31.0 (#3065) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🐛 gitlab: cron (#3070) Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github/codeql-action from 2.3.4 to 2.3.5 (#3072) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.4 to 2.3.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](f0e3dfb303...0225834cc5
) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump tj-actions/changed-files from 35.9.2 to 36.0.3 (#3071) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.9.2 to 36.0.3. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](b2d17f5124...25eaddf37a
) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🐛 Gitlab status updates (#3052) * doc: Updating gitlab support validation status Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * bug: Updated logic for gitlab to prevent exceptions based on releases Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * test: Added initial tests for gitlab branches Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * doc: Updated general README Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * refactor: Cleaned up the query for pipelines to be focused on the commitID Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * feat: Allowed for a non-graphql method of retrieving MRs associated to a commit Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * doc: Updated status for the CI-Tests Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository. Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> --------- Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 in /tools (#3079) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * get nuget latest version from registration URL Signed-off-by: Avishay <avishay.balter@gmail.com> * better coverage Signed-off-by: Avishay <avishay.balter@gmail.com> * sign Signed-off-by: Avishay <avishay.balter@gmail.com> * fix tests Signed-off-by: Avishay <avishay.balter@gmail.com> * more tests Signed-off-by: Avishay <avishay.balter@gmail.com> * client tests Signed-off-by: Avishay <avishay.balter@gmail.com> * lint Signed-off-by: Avishay <avishay.balter@gmail.com> * Apply suggestions from code review Co-authored-by: Joel Verhagen <joel.verhagen@gmail.com> Signed-off-by: Avishay Balter <avishay.balter@gmail.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `685a22e` to `690e413` (#3080) Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `685a22e` to `690e413` in /cron/internal/cii Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/controller Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/worker Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/webhook Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `685a22e` to `690e413` in /cron/internal/bq Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump arduino/setup-protoc from 1.2.0 to 1.3.0 (#3089) Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/arduino/setup-protoc/releases) - [Commits](4b3578161e...149f6c87b9
) --- updated-dependencies: - dependency-name: arduino/setup-protoc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump tj-actions/changed-files from 36.0.3 to 36.0.9 (#3088) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.3 to 36.0.9. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](25eaddf37a...cf4fe8759a
) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * pr iteration 2 Signed-off-by: Avishay <avishay.balter@gmail.com> * pr iteration 3 Signed-off-by: Avishay <avishay.balter@gmail.com> * switch security policy e2e test to ossf-tests repo. (#3090) tensorflow/tensorflow is huge and was slowing down tests. Also removed the rust e2e tests because they're already present as unit tests. Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 in /tools (#3094) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#3093) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#3104) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.4 to 3.0.6. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](f46c48ed6d...1360a344cc
) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump tj-actions/changed-files from 36.0.9 to 36.0.12 (#3108) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.9 to 36.0.12. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](cf4fe8759a...5978e5a2df
) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#3106) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.83.0 to 0.84.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang.org/x/tools from 0.9.1 to 0.9.2 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.1...v0.9.2) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ GitLab: enable more checks in cron (#3097) * Enable checks * Binary-Artifacts * Code-Review * License * Vulnerabilities Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Enable more checks * CII Best Practices * Fuzzing * Maintained * Packaging * Pinned-Dependencies * Signed-Releases Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update repo name Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 📖 agenda link change (#3111) Signed-off-by: Amanda L Martin <hythloda@gmail.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github/codeql-action from 2.3.5 to 2.3.6 (#3112) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](0225834cc5...83f0fe6c49
) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump tj-actions/changed-files from 36.0.12 to 36.0.15 (#3116) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.12 to 36.0.15. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](5978e5a2df...5d2fcdb4cb
) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang.org/x/tools from 0.9.2 to 0.9.3 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.2 to 0.9.3. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.2...v0.9.3) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Unit tests for option (#3109) - Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format - Add tests for checks to run and format flags Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 GitLab: add gitlab auth token to cron worker env (#3117) Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * Don't run pat e2e on dependabot merges (#3119) Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ Detect fast-check PBT library for fuzz section (#3073) * ✨ Detect fast-check PBT library for fuzz section As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596, we add support for the detection of fast-check as a possible fuzzing solution. I also adapted the documentation related to fuzzing accordingly. Signed-off-by: Nicolas DUBIEN <github@dubien.org> * Typo Signed-off-by: Nicolas DUBIEN <github@dubien.org> * Update missing md files Signed-off-by: Nicolas DUBIEN <github@dubien.org> --------- Signed-off-by: Nicolas DUBIEN <github@dubien.org> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 temporarily disable failing e2e tests so we don't block all PRs. (#3130) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * pr comments Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#3121) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * i🌱 Ignore all pb files for test (#3127) - Update .codecov.yml to ignore additional files Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Deprecate dependencydiff package and add access token requirement (#3125) - Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function - Add a line to the `.codecov.yml` to ignore the `dependencydiff` package Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ [experimental] Support for new `--format probe` (#3048) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump distroless/base (#3122) Bumps distroless/base from `10985f0` to `c623859`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Ignore deprecation warning for dependencydiff tests. (#3136) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump tj-actions/changed-files from 36.0.15 to 36.0.18 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.15 to 36.0.18. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](5d2fcdb4cb...07e0177b72
) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 in /tools (#3135) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4 Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3 to 1.3.4. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.7 to 1.27.8. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#3139) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Increase test coverage for finding outcomes (#3142) * Increase test coverage for finding outcomes - Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Updates based on Codereview - Update `Outcome` variable in `finding/finding_test.go` - Add `t.Parallel()` for test parallelization - Add comparison using `cmp.Diff` to test for mismatches - Update test cases for various outcomes Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump tj-actions/changed-files from 36.0.18 to 36.1.0 (#3143) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.18 to 36.1.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](07e0177b72...fb20f4d248
) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Re-enable skipped e2e tests. Switch to smaller code review repo. (#3144) * re-enable skipped ci test Signed-off-by: Spencer Schrock <sschrock@google.com> * re-enable skipped attestor test. switch to ossf-tests repo Signed-off-by: Spencer Schrock <sschrock@google.com> * remove extra policies from tests that only look at code review. Signed-off-by: Spencer Schrock <sschrock@google.com> * remove unneeded policies from binary artifact tests. Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * add license header Signed-off-by: Avishay <avishay.balter@gmail.com> * pr comments Signed-off-by: Avishay <avishay.balter@gmail.com> * making the packages internal Signed-off-by: Avishay <avishay.balter@gmail.com> * generate mocks Signed-off-by: Avishay <avishay.balter@gmail.com> --------- Signed-off-by: Avishay <avishay.balter@gmail.com> Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
This commit is contained in:
parent
f928748c0e
commit
8c9e552f68
10
Makefile
10
Makefile
@ -139,7 +139,8 @@ generate-mocks: clients/mockclients/repo_client.go \
|
||||
clients/mockclients/repo.go \
|
||||
clients/mockclients/cii_client.go \
|
||||
checks/mockclients/vulnerabilities.go \
|
||||
cmd/packagemanager_mockclient.go
|
||||
cmd/internal/packagemanager/packagemanager_mockclient.go \
|
||||
cmd/internal/nuget/nuget_mockclient.go
|
||||
clients/mockclients/repo_client.go: clients/repo_client.go | $(MOCKGEN)
|
||||
# Generating MockRepoClient
|
||||
$(MOCKGEN) -source=clients/repo_client.go -destination=clients/mockclients/repo_client.go -package=mockrepo -copyright_file=clients/mockclients/license.txt
|
||||
@ -152,9 +153,12 @@ clients/mockclients/cii_client.go: clients/cii_client.go | $(MOCKGEN)
|
||||
checks/mockclients/vulnerabilities.go: clients/vulnerabilities.go | $(MOCKGEN)
|
||||
# Generating MockCIIClient
|
||||
$(MOCKGEN) -source=clients/vulnerabilities.go -destination=clients/mockclients/vulnerabilities.go -package=mockrepo -copyright_file=clients/mockclients/license.txt
|
||||
cmd/packagemanager_mockclient.go: cmd/packagemanager_client.go | $(MOCKGEN)
|
||||
cmd/internal/packagemanager/packagemanager_mockclient.go: cmd/internal/packagemanager/client.go | $(MOCKGEN)
|
||||
# Generating MockPackageManagerClient
|
||||
$(MOCKGEN) -source=cmd/packagemanager_client.go -destination=cmd/packagemanager_mockclient.go -package=cmd -copyright_file=clients/mockclients/license.txt
|
||||
$(MOCKGEN) -source=cmd/internal/packagemanager/client.go -destination=cmd/internal/packagemanager/packagemanager_mockclient.go -package=packagemanager -copyright_file=clients/mockclients/license.txt
|
||||
cmd/internal/nuget/nuget_mockclient.go: cmd/internal/nuget/client.go | $(MOCKGEN)
|
||||
# Generating MockNugetClient
|
||||
$(MOCKGEN) -source=cmd/internal/nuget/client.go -destination=cmd/internal/nuget/nuget_mockclient.go -package=nuget -copyright_file=clients/mockclients/license.txt
|
||||
|
||||
generate-docs: ## Generates docs
|
||||
generate-docs: validate-docs docs/checks.md
|
||||
|
@ -420,7 +420,7 @@ scorecard --repo=org/repo
|
||||
|
||||
##### Using a Package manager
|
||||
|
||||
For projects in the `--npm`, `--pypi`, or `--rubygems` ecosystems, you have the
|
||||
For projects in the `--npm`, `--pypi`, `--rubygems`, or `--nuget` ecosystems, you have the
|
||||
option to run Scorecard using a package manager. Provide the package name to
|
||||
run the checks on the corresponding GitHub source code.
|
||||
|
||||
|
275
cmd/internal/nuget/client.go
Normal file
275
cmd/internal/nuget/client.go
Normal file
@ -0,0 +1,275 @@
|
||||
// Copyright 2020 OpenSSF Scorecard Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Package nuget implements Nuget API client.
|
||||
package nuget
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"encoding/xml"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/exp/slices"
|
||||
|
||||
pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager"
|
||||
sce "github.com/ossf/scorecard/v4/errors"
|
||||
)
|
||||
|
||||
type indexResults struct {
|
||||
Resources []indexResult `json:"resources"`
|
||||
}
|
||||
|
||||
func (n indexResults) findResourceByType(resultType string) (string, error) {
|
||||
resourceIndex := slices.IndexFunc(n.Resources,
|
||||
func(n indexResult) bool { return n.Type == resultType })
|
||||
if resourceIndex == -1 {
|
||||
return "", sce.WithMessage(sce.ErrScorecardInternal,
|
||||
fmt.Sprintf("failed to find %v URI at nuget index json", resultType))
|
||||
}
|
||||
|
||||
return n.Resources[resourceIndex].ID, nil
|
||||
}
|
||||
|
||||
type indexResult struct {
|
||||
ID string `json:"@id"`
|
||||
Type string `json:"@type"`
|
||||
}
|
||||
|
||||
type packageRegistrationCatalogRoot struct {
|
||||
Pages []packageRegistrationCatalogPage `json:"items"`
|
||||
}
|
||||
|
||||
func (n packageRegistrationCatalogRoot) latestVersion(manager pmc.Client) (string, error) {
|
||||
for pageIndex := len(n.Pages) - 1; pageIndex >= 0; pageIndex-- {
|
||||
page := n.Pages[pageIndex]
|
||||
if page.Packages == nil {
|
||||
err := decodeResponseFromClient(func() (*http.Response, error) {
|
||||
//nolint: wrapcheck
|
||||
return manager.GetURI(page.ID)
|
||||
},
|
||||
func(rc io.ReadCloser) error {
|
||||
//nolint: wrapcheck
|
||||
return json.NewDecoder(rc).Decode(&page)
|
||||
}, "nuget package registration page")
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
}
|
||||
for packageIndex := len(page.Packages) - 1; packageIndex >= 0; packageIndex-- {
|
||||
base, preReleaseSuffix := parseNugetSemVer(page.Packages[packageIndex].Entry.Version)
|
||||
// skipping non listed and pre-releases
|
||||
if page.Packages[packageIndex].Entry.Listed && len(strings.TrimSpace(preReleaseSuffix)) == 0 {
|
||||
return base, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
return "", sce.WithMessage(sce.ErrScorecardInternal, "failed to get a listed version for package")
|
||||
}
|
||||
|
||||
type packageRegistrationCatalogPage struct {
|
||||
ID string `json:"@id"`
|
||||
Packages []packageRegistrationCatalogItem `json:"items"`
|
||||
}
|
||||
|
||||
type packageRegistrationCatalogItem struct {
|
||||
Entry packageRegistrationCatalogEntry `json:"catalogEntry"`
|
||||
}
|
||||
|
||||
type packageRegistrationCatalogEntry struct {
|
||||
Version string `json:"version"`
|
||||
Listed bool `json:"listed"`
|
||||
}
|
||||
|
||||
func (e *packageRegistrationCatalogEntry) UnmarshalJSON(text []byte) error {
|
||||
type Alias packageRegistrationCatalogEntry
|
||||
aux := Alias{
|
||||
Listed: true, // set the default value before parsing JSON
|
||||
}
|
||||
if err := json.Unmarshal(text, &aux); err != nil {
|
||||
return fmt.Errorf("failed to unmarshal json: %w", err)
|
||||
}
|
||||
*e = packageRegistrationCatalogEntry(aux)
|
||||
return nil
|
||||
}
|
||||
|
||||
type packageNuspec struct {
|
||||
XMLName xml.Name `xml:"package"`
|
||||
Metadata nuspecMetadata `xml:"metadata"`
|
||||
}
|
||||
|
||||
func (p *packageNuspec) projectURL(packageName string) (string, error) {
|
||||
for _, projectURL := range []string{p.Metadata.Repository.URL, p.Metadata.ProjectURL} {
|
||||
projectURL = strings.TrimSpace(projectURL)
|
||||
if projectURL != "" && isSupportedProjectURL(projectURL) {
|
||||
projectURL = strings.TrimSuffix(projectURL, "/")
|
||||
projectURL = strings.TrimSuffix(projectURL, ".git")
|
||||
return projectURL, nil
|
||||
}
|
||||
}
|
||||
return "", sce.WithMessage(sce.ErrScorecardInternal,
|
||||
fmt.Sprintf("source repo is not defined for nuget package %v", packageName))
|
||||
}
|
||||
|
||||
type nuspecMetadata struct {
|
||||
XMLName xml.Name `xml:"metadata"`
|
||||
ProjectURL string `xml:"projectUrl"`
|
||||
Repository nuspecRepository `xml:"repository"`
|
||||
}
|
||||
|
||||
type nuspecRepository struct {
|
||||
XMLName xml.Name `xml:"repository"`
|
||||
URL string `xml:"url,attr"`
|
||||
}
|
||||
|
||||
type Client interface {
|
||||
GitRepositoryByPackageName(packageName string) (string, error)
|
||||
}
|
||||
|
||||
type NugetClient struct {
|
||||
Manager pmc.Client
|
||||
}
|
||||
|
||||
func (c NugetClient) GitRepositoryByPackageName(packageName string) (string, error) {
|
||||
packageBaseURL, registrationBaseURL, err := c.baseUrls()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
packageSpec, err := c.packageSpec(packageBaseURL, registrationBaseURL, packageName)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
packageURL, err := packageSpec.projectURL(packageName)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return packageURL, nil
|
||||
}
|
||||
|
||||
func (c *NugetClient) packageSpec(packageBaseURL, registrationBaseURL, packageName string) (packageNuspec, error) {
|
||||
lowerCasePackageName := strings.ToLower(packageName)
|
||||
lastPackageVersion, err := c.latestListedVersion(registrationBaseURL,
|
||||
lowerCasePackageName)
|
||||
if err != nil {
|
||||
return packageNuspec{}, err
|
||||
}
|
||||
packageSpecResults := &packageNuspec{}
|
||||
err = decodeResponseFromClient(func() (*http.Response, error) {
|
||||
//nolint: wrapcheck
|
||||
return c.Manager.Get(
|
||||
packageBaseURL+"%[1]v/"+lastPackageVersion+"/%[1]v.nuspec", lowerCasePackageName)
|
||||
},
|
||||
func(rc io.ReadCloser) error {
|
||||
//nolint: wrapcheck
|
||||
return xml.NewDecoder(rc).Decode(packageSpecResults)
|
||||
}, "nuget package spec")
|
||||
|
||||
if err != nil {
|
||||
return packageNuspec{}, err
|
||||
}
|
||||
if packageSpecResults.Metadata == (nuspecMetadata{}) {
|
||||
return packageNuspec{}, sce.WithMessage(sce.ErrScorecardInternal,
|
||||
"Nuget nuspec xml Metadata is empty")
|
||||
}
|
||||
return *packageSpecResults, nil
|
||||
}
|
||||
|
||||
func (c *NugetClient) baseUrls() (string, string, error) {
|
||||
indexURL := "https://api.nuget.org/v3/index.json"
|
||||
indexResults := &indexResults{}
|
||||
err := decodeResponseFromClient(func() (*http.Response, error) {
|
||||
//nolint: wrapcheck
|
||||
return c.Manager.GetURI(indexURL)
|
||||
},
|
||||
func(rc io.ReadCloser) error {
|
||||
//nolint: wrapcheck
|
||||
return json.NewDecoder(rc).Decode(indexResults)
|
||||
}, "nuget index json")
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
packageBaseURL, err := indexResults.findResourceByType("PackageBaseAddress/3.0.0")
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
registrationBaseURL, err := indexResults.findResourceByType("RegistrationsBaseUrl/3.6.0")
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
return packageBaseURL, registrationBaseURL, nil
|
||||
}
|
||||
|
||||
// Gets the latest listed nuget version of a package, based on the protocol defined at
|
||||
// https://learn.microsoft.com/en-us/nuget/api/package-base-address-resource#enumerate-package-versions
|
||||
func (c *NugetClient) latestListedVersion(baseURL, packageName string) (string, error) {
|
||||
packageRegistrationCatalogRoot := &packageRegistrationCatalogRoot{}
|
||||
err := decodeResponseFromClient(func() (*http.Response, error) {
|
||||
//nolint: wrapcheck
|
||||
return c.Manager.Get(baseURL+"%s/index.json", packageName)
|
||||
},
|
||||
func(rc io.ReadCloser) error {
|
||||
//nolint: wrapcheck
|
||||
return json.NewDecoder(rc).Decode(packageRegistrationCatalogRoot)
|
||||
}, "nuget package registration index json")
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return packageRegistrationCatalogRoot.latestVersion(c.Manager)
|
||||
}
|
||||
|
||||
func isSupportedProjectURL(projectURL string) bool {
|
||||
pattern := `^(?:https?://)?(?:www\.)?(?:github|gitlab)\.com/([A-Za-z0-9_\.-]+)/([A-Za-z0-9_\./-]+)$`
|
||||
regex := regexp.MustCompile(pattern)
|
||||
return regex.MatchString(projectURL)
|
||||
}
|
||||
|
||||
// Nuget semver diverges from Semantic Versioning.
|
||||
// This method returns the Nuget represntation of version and pre release strings.
|
||||
// nolint: lll // long URL
|
||||
// more info: https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#where-nugetversion-diverges-from-semantic-versioning
|
||||
func parseNugetSemVer(versionString string) (base, preReleaseSuffix string) {
|
||||
metadataAndVersion := strings.Split(versionString, "+")
|
||||
prereleaseAndVersions := strings.Split(metadataAndVersion[0], "-")
|
||||
if len(prereleaseAndVersions) == 1 {
|
||||
return prereleaseAndVersions[0], ""
|
||||
}
|
||||
return prereleaseAndVersions[0], prereleaseAndVersions[1]
|
||||
}
|
||||
|
||||
func decodeResponseFromClient(getFunc func() (*http.Response, error),
|
||||
decodeFunc func(io.ReadCloser) error, name string,
|
||||
) error {
|
||||
response, err := getFunc()
|
||||
if err != nil {
|
||||
return sce.WithMessage(sce.ErrScorecardInternal,
|
||||
fmt.Sprintf("failed to get %s: %v", name, err))
|
||||
}
|
||||
if response.StatusCode != http.StatusOK {
|
||||
return sce.WithMessage(sce.ErrScorecardInternal,
|
||||
fmt.Sprintf("failed to get %s with status: %v", name, response.Status))
|
||||
}
|
||||
defer response.Body.Close()
|
||||
|
||||
err = decodeFunc(response.Body)
|
||||
if err != nil {
|
||||
return sce.WithMessage(sce.ErrScorecardInternal,
|
||||
fmt.Sprintf("failed to parse %s: %v", name, err))
|
||||
}
|
||||
return nil
|
||||
}
|
623
cmd/internal/nuget/client_test.go
Normal file
623
cmd/internal/nuget/client_test.go
Normal file
@ -0,0 +1,623 @@
|
||||
// Copyright 2020 OpenSSF Scorecard Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Package nuget implements Nuget API client.
|
||||
package nuget
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/golang/mock/gomock"
|
||||
"golang.org/x/exp/slices"
|
||||
|
||||
pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager"
|
||||
)
|
||||
|
||||
type resultPackagePage struct {
|
||||
url string
|
||||
response string
|
||||
}
|
||||
type nugetTestArgs struct {
|
||||
inputPackageName string
|
||||
expectedPackageName string
|
||||
resultIndex string
|
||||
resultPackageRegistrationIndex string
|
||||
resultPackageSpec string
|
||||
version string
|
||||
resultPackageRegistrationPages []resultPackagePage
|
||||
}
|
||||
type nugetTest struct {
|
||||
name string
|
||||
want string
|
||||
args nugetTestArgs
|
||||
wantErr bool
|
||||
}
|
||||
|
||||
func Test_fetchGitRepositoryFromNuget(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []nugetTest{
|
||||
{
|
||||
name: "find latest version in single page",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find by lowercase package name",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "Nuget-Package",
|
||||
expectedPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find and remove trailing slash",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "Nuget-Package",
|
||||
expectedPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec_trailing_slash.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find and remove git ending",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec_git_ending.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find and handle four digit version",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_four_digit_version.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec_four_digit_version.xml",
|
||||
version: "1.60.0.2981",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "skip semver metadata",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_metadata_version.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "skip pre release",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_pre_release_version.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "skip pre release and metadata",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_pre_release_and_metadata_version.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find in project url if repository missing",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec_project_url.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "get github project url without git ending",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec_project_url_git_ending.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "get gitlab project url if repository url missing",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec_project_url_gitlab.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://gitlab.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "error if project url is not gitlab or github",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec_project_url_not_supported.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "internal error: source repo is not defined for nuget package nuget-package",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "find latest version in first of multiple pages",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_multiple.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find latest version in first of multiple remote pages",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{
|
||||
{
|
||||
url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page1/index.json",
|
||||
response: "package_registration_page_one.json",
|
||||
},
|
||||
{
|
||||
url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json",
|
||||
response: "package_registration_page_two.json",
|
||||
},
|
||||
},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find latest version in last of multiple pages",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_multiple_last.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find latest version in last of remote multiple pages",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{
|
||||
{
|
||||
url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page1/index.json",
|
||||
response: "package_registration_page_one.json",
|
||||
},
|
||||
{
|
||||
url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json",
|
||||
response: "package_registration_page_two_not_listed.json",
|
||||
},
|
||||
},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "3.5.2",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "find latest version with default listed value true",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_default_listed_true.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "skip not listed versions",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_with_not_listed.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec.xml",
|
||||
version: "3.5.8",
|
||||
},
|
||||
want: "https://github.com/foo/foo.net",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "error if no listed version",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_all_not_listed.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
version: "",
|
||||
},
|
||||
want: "internal error: failed to get a listed version for package",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error no index",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "",
|
||||
resultPackageRegistrationIndex: "",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
},
|
||||
want: "internal error: failed to get nuget index json: error",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error bad index",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "text",
|
||||
resultPackageRegistrationIndex: "",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
},
|
||||
want: "internal error: failed to parse nuget index json: invalid character 'e' in literal true (expecting 'r')",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error package registration index",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
},
|
||||
want: "internal error: failed to get nuget package registration index json: error",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error bad package index",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "text",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
},
|
||||
//nolint
|
||||
want: "internal error: failed to parse nuget package registration index json: invalid character 'e' in literal true (expecting 'r')",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error package registration page",
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{
|
||||
{
|
||||
url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page1/index.json",
|
||||
response: "",
|
||||
},
|
||||
{
|
||||
url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json",
|
||||
response: "",
|
||||
},
|
||||
},
|
||||
resultPackageSpec: "",
|
||||
},
|
||||
want: "internal error: failed to get nuget package registration page: error",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error in package spec",
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "internal error: failed to get nuget package spec: error",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error bad package spec",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{
|
||||
{
|
||||
url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json",
|
||||
response: "text",
|
||||
},
|
||||
},
|
||||
resultPackageSpec: "",
|
||||
},
|
||||
//nolint
|
||||
want: "internal error: failed to parse nuget package registration page: invalid character 'e' in literal true (expecting 'r')",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error package spec",
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "text",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "internal error: failed to parse nuget package spec: EOF",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "bad remote package page",
|
||||
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{
|
||||
{
|
||||
url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
response: "text",
|
||||
},
|
||||
},
|
||||
resultPackageSpec: "",
|
||||
},
|
||||
want: "internal error: failed to get nuget package registration page: error",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error no registration url",
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index_bad_registration_base.json",
|
||||
resultPackageRegistrationIndex: "",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "internal error: failed to find RegistrationsBaseUrl/3.6.0 URI at nuget index json",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error no package base url",
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index_bad_package_base.json",
|
||||
resultPackageRegistrationIndex: "",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "internal error: failed to find PackageBaseAddress/3.0.0 URI at nuget index json",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "error marhsal entry",
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_marshal_error.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "",
|
||||
version: "",
|
||||
},
|
||||
//nolint
|
||||
want: "internal error: failed to parse nuget package registration index json: failed to unmarshal json: json: cannot unmarshal number into Go struct field Alias.listed of type bool",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "empty package spec",
|
||||
args: nugetTestArgs{
|
||||
inputPackageName: "nuget-package",
|
||||
resultIndex: "index.json",
|
||||
resultPackageRegistrationIndex: "package_registration_index_single.json",
|
||||
resultPackageRegistrationPages: []resultPackagePage{},
|
||||
resultPackageSpec: "package_spec_error.xml",
|
||||
version: "4.0.1",
|
||||
},
|
||||
want: "internal error: source repo is not defined for nuget package nuget-package",
|
||||
wantErr: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
ctrl := gomock.NewController(t)
|
||||
p := pmc.NewMockClient(ctrl)
|
||||
p.EXPECT().GetURI(gomock.Any()).
|
||||
DoAndReturn(func(url string) (*http.Response, error) {
|
||||
return nugetIndexOrPageTestResults(url, &tt)
|
||||
}).AnyTimes()
|
||||
expectedPackageName := tt.args.expectedPackageName
|
||||
if strings.TrimSpace(expectedPackageName) == "" {
|
||||
expectedPackageName = tt.args.inputPackageName
|
||||
}
|
||||
|
||||
p.EXPECT().Get(gomock.Any(), expectedPackageName).
|
||||
DoAndReturn(func(url, inputPackageName string) (*http.Response, error) {
|
||||
return nugetPackageIndexAndSpecResponse(t, url, &tt)
|
||||
}).AnyTimes()
|
||||
client := NugetClient{Manager: p}
|
||||
got, err := client.GitRepositoryByPackageName(tt.args.inputPackageName)
|
||||
if err != nil {
|
||||
if !tt.wantErr {
|
||||
t.Errorf("fetchGitRepositoryFromNuget() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
}
|
||||
if err.Error() != tt.want {
|
||||
t.Errorf("fetchGitRepositoryFromNuget() err.Error() = %v, wanted %v", err.Error(), tt.want)
|
||||
return
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
if got != tt.want {
|
||||
t.Errorf("fetchGitRepositoryFromNuget() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func nugetIndexOrPageTestResults(url string, test *nugetTest) (*http.Response, error) {
|
||||
if url == "https://api.nuget.org/v3/index.json" {
|
||||
return testResult(test.wantErr, test.args.resultIndex)
|
||||
}
|
||||
urlResponseIndex := slices.IndexFunc(test.args.resultPackageRegistrationPages,
|
||||
func(page resultPackagePage) bool { return page.url == url })
|
||||
if urlResponseIndex == -1 {
|
||||
//nolint
|
||||
return nil, errors.New("error")
|
||||
}
|
||||
page := test.args.resultPackageRegistrationPages[urlResponseIndex]
|
||||
return testResult(test.wantErr, page.response)
|
||||
}
|
||||
|
||||
func nugetPackageIndexAndSpecResponse(t *testing.T, url string, test *nugetTest) (*http.Response, error) {
|
||||
t.Helper()
|
||||
if strings.HasSuffix(url, "index.json") {
|
||||
return testResult(test.wantErr, test.args.resultPackageRegistrationIndex)
|
||||
} else if strings.HasSuffix(url, ".nuspec") {
|
||||
if strings.Contains(url, fmt.Sprintf("/%v/", test.args.version)) {
|
||||
return testResult(test.wantErr, test.args.resultPackageSpec)
|
||||
}
|
||||
t.Errorf("fetchGitRepositoryFromNuget() version = %v, expected version = %v", url, test.args.version)
|
||||
}
|
||||
//nolint
|
||||
return nil, errors.New("error")
|
||||
}
|
||||
|
||||
func testResult(wantErr bool, responseFileName string) (*http.Response, error) {
|
||||
if wantErr && responseFileName == "" {
|
||||
//nolint
|
||||
return nil, errors.New("error")
|
||||
}
|
||||
if wantErr && responseFileName == "text" {
|
||||
return &http.Response{
|
||||
StatusCode: 200,
|
||||
Body: io.NopCloser(bytes.NewBufferString("text")),
|
||||
}, nil
|
||||
}
|
||||
content, err := os.ReadFile("./testdata/" + responseFileName)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%w", err)
|
||||
}
|
||||
return &http.Response{
|
||||
StatusCode: 200,
|
||||
Body: io.NopCloser(bytes.NewBufferString(string(content))),
|
||||
}, nil
|
||||
}
|
64
cmd/internal/nuget/nuget_mockclient.go
Normal file
64
cmd/internal/nuget/nuget_mockclient.go
Normal file
@ -0,0 +1,64 @@
|
||||
// Copyright 2021 OpenSSF Scorecard Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
//
|
||||
|
||||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: cmd/internal/nuget/client.go
|
||||
|
||||
// Package nuget is a generated GoMock package.
|
||||
package nuget
|
||||
|
||||
import (
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
)
|
||||
|
||||
// MockClient is a mock of Client interface.
|
||||
type MockClient struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockClientMockRecorder
|
||||
}
|
||||
|
||||
// MockClientMockRecorder is the mock recorder for MockClient.
|
||||
type MockClientMockRecorder struct {
|
||||
mock *MockClient
|
||||
}
|
||||
|
||||
// NewMockClient creates a new mock instance.
|
||||
func NewMockClient(ctrl *gomock.Controller) *MockClient {
|
||||
mock := &MockClient{ctrl: ctrl}
|
||||
mock.recorder = &MockClientMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockClient) EXPECT() *MockClientMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// GitRepositoryByPackageName mocks base method.
|
||||
func (m *MockClient) GitRepositoryByPackageName(packageName string) (string, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GitRepositoryByPackageName", packageName)
|
||||
ret0, _ := ret[0].(string)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// GitRepositoryByPackageName indicates an expected call of GitRepositoryByPackageName.
|
||||
func (mr *MockClientMockRecorder) GitRepositoryByPackageName(packageName interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GitRepositoryByPackageName", reflect.TypeOf((*MockClient)(nil).GitRepositoryByPackageName), packageName)
|
||||
}
|
15
cmd/internal/nuget/testdata/index.json
vendored
Normal file
15
cmd/internal/nuget/testdata/index.json
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
{
|
||||
"version": "3.0.0",
|
||||
"resources": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3-flatcontainer/",
|
||||
"@type": "PackageBaseAddress/3.0.0",
|
||||
"comment": "Base URL of where NuGet packages are stored"
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-gz-semver1/",
|
||||
"@type": "RegistrationsBaseUrl/3.6.0",
|
||||
"comment": "Base URL of Azure storage where NuGet package registration info."
|
||||
}
|
||||
]
|
||||
}
|
15
cmd/internal/nuget/testdata/index_bad_package_base.json
vendored
Normal file
15
cmd/internal/nuget/testdata/index_bad_package_base.json
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
{
|
||||
"version": "3.0.0",
|
||||
"resources": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3-flatcontainer/",
|
||||
"@type": "PackageBaseAddress/3.1.0",
|
||||
"comment": "Base URL of where NuGet packages are stored, in the format ..."
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-gz-semver1/",
|
||||
"@type": "RegistrationsBaseUrl/3.6.0",
|
||||
"comment": "Base URL of Azure storage where NuGet package registration info."
|
||||
}
|
||||
]
|
||||
}
|
15
cmd/internal/nuget/testdata/index_bad_registration_base.json
vendored
Normal file
15
cmd/internal/nuget/testdata/index_bad_registration_base.json
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
{
|
||||
"version": "3.0.0",
|
||||
"resources": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3-flatcontainer/",
|
||||
"@type": "PackageBaseAddress/3.0.0",
|
||||
"comment": "Base URL of where NuGet packages are stored, in the format ..."
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-gz-semver1/",
|
||||
"@type": "RegistrationsBaseUrl/3.2.0",
|
||||
"comment": "Base URL of Azure storage where NuGet package registration info."
|
||||
}
|
||||
]
|
||||
}
|
33
cmd/internal/nuget/testdata/package_registration_index_all_not_listed.json
vendored
Normal file
33
cmd/internal/nuget/testdata/package_registration_index_all_not_listed.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": false,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": false,
|
||||
"version": "4.0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
32
cmd/internal/nuget/testdata/package_registration_index_default_listed_true.json
vendored
Normal file
32
cmd/internal/nuget/testdata/package_registration_index_default_listed_true.json
vendored
Normal file
@ -0,0 +1,32 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"version": "4.0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
33
cmd/internal/nuget/testdata/package_registration_index_four_digit_version.json
vendored
Normal file
33
cmd/internal/nuget/testdata/package_registration_index_four_digit_version.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/1.60.0.2981.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022/Foo.NET.1.60.0.2981.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "1.60.0.2981+metadata"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
33
cmd/internal/nuget/testdata/package_registration_index_marshal_error.json
vendored
Normal file
33
cmd/internal/nuget/testdata/package_registration_index_marshal_error.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": 123,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
33
cmd/internal/nuget/testdata/package_registration_index_metadata_version.json
vendored
Normal file
33
cmd/internal/nuget/testdata/package_registration_index_metadata_version.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1+metadata"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
60
cmd/internal/nuget/testdata/package_registration_index_multiple.json
vendored
Normal file
60
cmd/internal/nuget/testdata/package_registration_index_multiple.json
vendored
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.1"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.2.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.2.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.2"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/2",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
60
cmd/internal/nuget/testdata/package_registration_index_multiple_last.json
vendored
Normal file
60
cmd/internal/nuget/testdata/package_registration_index_multiple_last.json
vendored
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/2",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": false,
|
||||
"version": "4.1"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.2.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.2.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": false,
|
||||
"version": "4.2"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
16
cmd/internal/nuget/testdata/package_registration_index_multiple_remote.json
vendored
Normal file
16
cmd/internal/nuget/testdata/package_registration_index_multiple_remote.json
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page1/index.json",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2
|
||||
}
|
||||
]
|
||||
}
|
33
cmd/internal/nuget/testdata/package_registration_index_pre_release_and_metadata_version.json
vendored
Normal file
33
cmd/internal/nuget/testdata/package_registration_index_pre_release_and_metadata_version.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1+metadata"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1-beta+meta"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
33
cmd/internal/nuget/testdata/package_registration_index_pre_release_version.json
vendored
Normal file
33
cmd/internal/nuget/testdata/package_registration_index_pre_release_version.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1-beta"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
33
cmd/internal/nuget/testdata/package_registration_index_single.json
vendored
Normal file
33
cmd/internal/nuget/testdata/package_registration_index_single.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/c-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
33
cmd/internal/nuget/testdata/package_registration_index_with_not_listed.json
vendored
Normal file
33
cmd/internal/nuget/testdata/package_registration_index_with_not_listed.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json",
|
||||
"count": 1,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": false,
|
||||
"version": "4.0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
27
cmd/internal/nuget/testdata/package_registration_page_one.json
vendored
Normal file
27
cmd/internal/nuget/testdata/package_registration_page_one.json
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.1"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.2.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.2.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.2"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
27
cmd/internal/nuget/testdata/package_registration_page_two.json
vendored
Normal file
27
cmd/internal/nuget/testdata/package_registration_page_two.json
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/2",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "3.5.8"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": true,
|
||||
"version": "4.0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
27
cmd/internal/nuget/testdata/package_registration_page_two_not_listed.json
vendored
Normal file
27
cmd/internal/nuget/testdata/package_registration_page_two_not_listed.json
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/2",
|
||||
"@type": "catalog:CatalogPage",
|
||||
"count": 2,
|
||||
"items": [
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.1.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.1.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": false,
|
||||
"version": "4.1"
|
||||
}
|
||||
},
|
||||
{
|
||||
"@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.2.json",
|
||||
"@type": "Package",
|
||||
"catalogEntry": {
|
||||
"@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.2.json",
|
||||
"@type": "PackageDetails",
|
||||
"listed": false,
|
||||
"version": "4.2"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
9
cmd/internal/nuget/testdata/package_spec.xml
vendored
Normal file
9
cmd/internal/nuget/testdata/package_spec.xml
vendored
Normal file
@ -0,0 +1,9 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>4.0.1</version>
|
||||
<title>Foo.NET</title>
|
||||
<repository type="git" url="https://github.com/foo/foo.net" commit="123"/>
|
||||
<projectUrl>foo</projectUrl>
|
||||
</metadata>
|
||||
</package>
|
7
cmd/internal/nuget/testdata/package_spec_error.xml
vendored
Normal file
7
cmd/internal/nuget/testdata/package_spec_error.xml
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>4.0.1</version>
|
||||
<title>Foo.NET</title>
|
||||
</metadata>
|
||||
</package>
|
9
cmd/internal/nuget/testdata/package_spec_four_digit_version.xml
vendored
Normal file
9
cmd/internal/nuget/testdata/package_spec_four_digit_version.xml
vendored
Normal file
@ -0,0 +1,9 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>1.60.0.2981+metadat</version>
|
||||
<title>Foo.NET</title>
|
||||
<repository type="git" url="https://github.com/foo/foo.net" commit="123"/>
|
||||
<projectUrl>foo</projectUrl>
|
||||
</metadata>
|
||||
</package>
|
9
cmd/internal/nuget/testdata/package_spec_git_ending.xml
vendored
Normal file
9
cmd/internal/nuget/testdata/package_spec_git_ending.xml
vendored
Normal file
@ -0,0 +1,9 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>4.0.1</version>
|
||||
<title>Foo.NET</title>
|
||||
<repository type="git" url="https://github.com/foo/foo.net.git" commit="123"/>
|
||||
<projectUrl>foo</projectUrl>
|
||||
</metadata>
|
||||
</package>
|
8
cmd/internal/nuget/testdata/package_spec_project_url.xml
vendored
Normal file
8
cmd/internal/nuget/testdata/package_spec_project_url.xml
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>4.0.1</version>
|
||||
<title>Foo.NET</title>
|
||||
<projectUrl>https://github.com/foo/foo.net</projectUrl>
|
||||
</metadata>
|
||||
</package>
|
8
cmd/internal/nuget/testdata/package_spec_project_url_git_ending.xml
vendored
Normal file
8
cmd/internal/nuget/testdata/package_spec_project_url_git_ending.xml
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>4.0.1</version>
|
||||
<title>Foo.NET</title>
|
||||
<projectUrl>https://github.com/foo/foo.net.git</projectUrl>
|
||||
</metadata>
|
||||
</package>
|
8
cmd/internal/nuget/testdata/package_spec_project_url_gitlab.xml
vendored
Normal file
8
cmd/internal/nuget/testdata/package_spec_project_url_gitlab.xml
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>4.0.1</version>
|
||||
<title>Foo.NET</title>
|
||||
<projectUrl>https://gitlab.com/foo/foo.net</projectUrl>
|
||||
</metadata>
|
||||
</package>
|
8
cmd/internal/nuget/testdata/package_spec_project_url_not_supported.xml
vendored
Normal file
8
cmd/internal/nuget/testdata/package_spec_project_url_not_supported.xml
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>4.0.1</version>
|
||||
<title>Foo.NET</title>
|
||||
<projectUrl>https://myserver.com/foo/foo.net</projectUrl>
|
||||
</metadata>
|
||||
</package>
|
9
cmd/internal/nuget/testdata/package_spec_trailing_slash.xml
vendored
Normal file
9
cmd/internal/nuget/testdata/package_spec_trailing_slash.xml
vendored
Normal file
@ -0,0 +1,9 @@
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
|
||||
<metadata minClientVersion="2.12">
|
||||
<id>Foo</id>
|
||||
<version>4.0.1</version>
|
||||
<title>Foo.NET</title>
|
||||
<repository type="git" url="https://github.com/foo/foo.net/" commit="123"/>
|
||||
<projectUrl>foo</projectUrl>
|
||||
</metadata>
|
||||
</package>
|
@ -12,7 +12,8 @@
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package cmd
|
||||
// Package packagemanager implements a packagemanager client
|
||||
package packagemanager
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
@ -20,18 +21,30 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
type packageManagerClient interface {
|
||||
type Client interface {
|
||||
Get(URI string, packagename string) (*http.Response, error)
|
||||
|
||||
GetURI(URI string) (*http.Response, error)
|
||||
}
|
||||
|
||||
type packageManager struct{}
|
||||
type PackageManagerClient struct{}
|
||||
|
||||
// nolint: noctx
|
||||
func (c *packageManager) Get(url, packageName string) (*http.Response, error) {
|
||||
func (c *PackageManagerClient) Get(url, packageName string) (*http.Response, error) {
|
||||
return c.getRemoteURL(fmt.Sprintf(url, packageName))
|
||||
}
|
||||
|
||||
// nolint: noctx
|
||||
func (c *PackageManagerClient) GetURI(url string) (*http.Response, error) {
|
||||
return c.getRemoteURL(url)
|
||||
}
|
||||
|
||||
// nolint: noctx
|
||||
func (c *PackageManagerClient) getRemoteURL(url string) (*http.Response, error) {
|
||||
const timeout = 10
|
||||
client := &http.Client{
|
||||
Timeout: timeout * time.Second,
|
||||
}
|
||||
//nolint
|
||||
return client.Get(fmt.Sprintf(url, packageName))
|
||||
return client.Get(url)
|
||||
}
|
131
cmd/internal/packagemanager/client_test.go
Normal file
131
cmd/internal/packagemanager/client_test.go
Normal file
@ -0,0 +1,131 @@
|
||||
// Copyright 2020 OpenSSF Scorecard Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Package packagemanager implements a packagemanager client
|
||||
package packagemanager
|
||||
|
||||
import (
|
||||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func Test_GetURI_calls_client_get_with_input(t *testing.T) {
|
||||
t.Parallel()
|
||||
type args struct {
|
||||
inputURL string
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
wantURL string
|
||||
wantResponse string
|
||||
}{
|
||||
{
|
||||
name: "GetURI_input_is_the_same_as_get_uri",
|
||||
|
||||
args: args{
|
||||
inputURL: "test",
|
||||
},
|
||||
wantURL: "/test",
|
||||
wantResponse: "test",
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != tt.wantURL {
|
||||
t.Errorf("Expected to request '%s', got: %s", tt.wantURL, r.URL.Path)
|
||||
}
|
||||
// nolint
|
||||
w.WriteHeader(http.StatusOK)
|
||||
// nolint
|
||||
w.Write([]byte(tt.wantResponse))
|
||||
}))
|
||||
defer server.Close()
|
||||
client := PackageManagerClient{}
|
||||
got, err := client.GetURI(server.URL + "/" + tt.args.inputURL)
|
||||
if err != nil {
|
||||
t.Errorf("Test_GetURI_calls_client_get_with_input() error in Get= %v", err)
|
||||
return
|
||||
}
|
||||
body, err := io.ReadAll(got.Body)
|
||||
if err != nil {
|
||||
t.Errorf("Test_GetURI_calls_client_get_with_input() error in ReadAll= %v", err)
|
||||
return
|
||||
}
|
||||
if string(body) != tt.wantResponse {
|
||||
t.Errorf("GetURI() = %v, want %v", got, tt.wantResponse)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_Get_calls_client_get_with_input(t *testing.T) {
|
||||
t.Parallel()
|
||||
type args struct {
|
||||
inputURL string
|
||||
packageName string
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
wantURL string
|
||||
wantResponse string
|
||||
}{
|
||||
{
|
||||
name: "Get_input_adds_package_name_for_get_uri",
|
||||
|
||||
args: args{
|
||||
inputURL: "test-%s-test",
|
||||
packageName: "test_package",
|
||||
},
|
||||
wantURL: "/test-test_package-test",
|
||||
wantResponse: "test",
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != tt.wantURL {
|
||||
t.Errorf("Expected to request '%s', got: %s", tt.wantURL, r.URL.Path)
|
||||
}
|
||||
// nolint
|
||||
w.WriteHeader(http.StatusOK)
|
||||
// nolint
|
||||
w.Write([]byte(tt.wantResponse))
|
||||
}))
|
||||
defer server.Close()
|
||||
client := PackageManagerClient{}
|
||||
got, err := client.Get(server.URL+"/"+tt.args.inputURL, tt.args.packageName)
|
||||
if err != nil {
|
||||
t.Errorf("Test_Get_calls_client_get_with_input() error in Get = %v", err)
|
||||
return
|
||||
}
|
||||
body, err := io.ReadAll(got.Body)
|
||||
if err != nil {
|
||||
t.Errorf("Test_Get_calls_client_get_with_input() error in ReadAll = %v", err)
|
||||
return
|
||||
}
|
||||
if string(body) != tt.wantResponse {
|
||||
t.Errorf("GetURI() = %v, want %v", got, tt.wantResponse)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
80
cmd/internal/packagemanager/packagemanager_mockclient.go
Normal file
80
cmd/internal/packagemanager/packagemanager_mockclient.go
Normal file
@ -0,0 +1,80 @@
|
||||
// Copyright 2021 OpenSSF Scorecard Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
//
|
||||
|
||||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: cmd/internal/packagemanager/client.go
|
||||
|
||||
// Package packagemanager is a generated GoMock package.
|
||||
package packagemanager
|
||||
|
||||
import (
|
||||
http "net/http"
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
)
|
||||
|
||||
// MockClient is a mock of Client interface.
|
||||
type MockClient struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockClientMockRecorder
|
||||
}
|
||||
|
||||
// MockClientMockRecorder is the mock recorder for MockClient.
|
||||
type MockClientMockRecorder struct {
|
||||
mock *MockClient
|
||||
}
|
||||
|
||||
// NewMockClient creates a new mock instance.
|
||||
func NewMockClient(ctrl *gomock.Controller) *MockClient {
|
||||
mock := &MockClient{ctrl: ctrl}
|
||||
mock.recorder = &MockClientMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockClient) EXPECT() *MockClientMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// Get mocks base method.
|
||||
func (m *MockClient) Get(URI, packagename string) (*http.Response, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "Get", URI, packagename)
|
||||
ret0, _ := ret[0].(*http.Response)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// Get indicates an expected call of Get.
|
||||
func (mr *MockClientMockRecorder) Get(URI, packagename interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockClient)(nil).Get), URI, packagename)
|
||||
}
|
||||
|
||||
// GetURI mocks base method.
|
||||
func (m *MockClient) GetURI(URI string) (*http.Response, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetURI", URI)
|
||||
ret0, _ := ret[0].(*http.Response)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// GetURI indicates an expected call of GetURI.
|
||||
func (mr *MockClientMockRecorder) GetURI(URI interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetURI", reflect.TypeOf((*MockClient)(nil).GetURI), URI)
|
||||
}
|
@ -19,6 +19,8 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
ngt "github.com/ossf/scorecard/v4/cmd/internal/nuget"
|
||||
pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager"
|
||||
sce "github.com/ossf/scorecard/v4/errors"
|
||||
)
|
||||
|
||||
@ -27,8 +29,8 @@ type packageMangerResponse struct {
|
||||
exists bool
|
||||
}
|
||||
|
||||
func fetchGitRepositoryFromPackageManagers(npm, pypi, rubygems string,
|
||||
manager packageManagerClient,
|
||||
func fetchGitRepositoryFromPackageManagers(npm, pypi, rubygems, nuget string,
|
||||
manager pmc.Client,
|
||||
) (packageMangerResponse, error) {
|
||||
if npm != "" {
|
||||
gitRepo, err := fetchGitRepositoryFromNPM(npm, manager)
|
||||
@ -51,6 +53,14 @@ func fetchGitRepositoryFromPackageManagers(npm, pypi, rubygems string,
|
||||
associatedRepo: gitRepo,
|
||||
}, err
|
||||
}
|
||||
if nuget != "" {
|
||||
nugetClient := ngt.NugetClient{Manager: manager}
|
||||
gitRepo, err := fetchGitRepositoryFromNuget(nuget, nugetClient)
|
||||
return packageMangerResponse{
|
||||
exists: true,
|
||||
associatedRepo: gitRepo,
|
||||
}, err
|
||||
}
|
||||
|
||||
return packageMangerResponse{}, nil
|
||||
}
|
||||
@ -78,7 +88,7 @@ type rubyGemsSearchResults struct {
|
||||
}
|
||||
|
||||
// Gets the GitHub repository URL for the npm package.
|
||||
func fetchGitRepositoryFromNPM(packageName string, packageManager packageManagerClient) (string, error) {
|
||||
func fetchGitRepositoryFromNPM(packageName string, packageManager pmc.Client) (string, error) {
|
||||
npmSearchURL := "https://registry.npmjs.org/-/v1/search?text=%s&size=1"
|
||||
resp, err := packageManager.Get(npmSearchURL, packageName)
|
||||
if err != nil {
|
||||
@ -99,7 +109,7 @@ func fetchGitRepositoryFromNPM(packageName string, packageManager packageManager
|
||||
}
|
||||
|
||||
// Gets the GitHub repository URL for the pypi package.
|
||||
func fetchGitRepositoryFromPYPI(packageName string, manager packageManagerClient) (string, error) {
|
||||
func fetchGitRepositoryFromPYPI(packageName string, manager pmc.Client) (string, error) {
|
||||
pypiSearchURL := "https://pypi.org/pypi/%s/json"
|
||||
resp, err := manager.Get(pypiSearchURL, packageName)
|
||||
if err != nil {
|
||||
@ -120,7 +130,7 @@ func fetchGitRepositoryFromPYPI(packageName string, manager packageManagerClient
|
||||
}
|
||||
|
||||
// Gets the GitHub repository URL for the rubygems package.
|
||||
func fetchGitRepositoryFromRubyGems(packageName string, manager packageManagerClient) (string, error) {
|
||||
func fetchGitRepositoryFromRubyGems(packageName string, manager pmc.Client) (string, error) {
|
||||
rubyGemsSearchURL := "https://rubygems.org/api/v1/gems/%s.json"
|
||||
resp, err := manager.Get(rubyGemsSearchURL, packageName)
|
||||
if err != nil {
|
||||
@ -138,3 +148,13 @@ func fetchGitRepositoryFromRubyGems(packageName string, manager packageManagerCl
|
||||
}
|
||||
return v.SourceCodeURI, nil
|
||||
}
|
||||
|
||||
// Gets the GitHub repository URL for the nuget package.
|
||||
func fetchGitRepositoryFromNuget(packageName string, nugetClient ngt.Client) (string, error) {
|
||||
repositoryURI, err := nugetClient.GitRepositoryByPackageName(packageName)
|
||||
if err != nil {
|
||||
return "", sce.WithMessage(sce.ErrScorecardInternal,
|
||||
fmt.Sprintf("could not find source repo for nuget package: %v", err))
|
||||
}
|
||||
return repositoryURI, nil
|
||||
}
|
||||
|
@ -23,6 +23,9 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/golang/mock/gomock"
|
||||
|
||||
ngt "github.com/ossf/scorecard/v4/cmd/internal/nuget"
|
||||
pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager"
|
||||
)
|
||||
|
||||
func Test_fetchGitRepositoryFromNPM(t *testing.T) {
|
||||
@ -133,7 +136,7 @@ func Test_fetchGitRepositoryFromNPM(t *testing.T) {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
ctrl := gomock.NewController(t)
|
||||
p := NewMockpackageManagerClient(ctrl)
|
||||
p := pmc.NewMockClient(ctrl)
|
||||
p.EXPECT().Get(gomock.Any(), tt.args.packageName).
|
||||
DoAndReturn(func(url, packageName string) (*http.Response, error) {
|
||||
if tt.wantErr && tt.args.result == "" {
|
||||
@ -413,7 +416,7 @@ func Test_fetchGitRepositoryFromPYPI(t *testing.T) {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
ctrl := gomock.NewController(t)
|
||||
p := NewMockpackageManagerClient(ctrl)
|
||||
p := pmc.NewMockClient(ctrl)
|
||||
p.EXPECT().Get(gomock.Any(), tt.args.packageName).
|
||||
DoAndReturn(func(url, packageName string) (*http.Response, error) {
|
||||
if tt.wantErr && tt.args.result == "" {
|
||||
@ -682,7 +685,7 @@ func Test_fetchGitRepositoryFromRubyGems(t *testing.T) {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
ctrl := gomock.NewController(t)
|
||||
p := NewMockpackageManagerClient(ctrl)
|
||||
p := pmc.NewMockClient(ctrl)
|
||||
p.EXPECT().Get(gomock.Any(), tt.args.packageName).
|
||||
DoAndReturn(func(url, packageName string) (*http.Response, error) {
|
||||
if tt.wantErr && tt.args.result == "" {
|
||||
@ -706,3 +709,65 @@ func Test_fetchGitRepositoryFromRubyGems(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_fetchGitRepositoryFromNuget(t *testing.T) {
|
||||
t.Parallel()
|
||||
type args struct {
|
||||
packageName string
|
||||
result string
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
want string
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "Return repository from nuget client",
|
||||
//nolint
|
||||
args: args{
|
||||
packageName: "nuget-package",
|
||||
//nolint
|
||||
result: "nuget",
|
||||
},
|
||||
want: "nuget",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "Error from nuget client",
|
||||
//nolint
|
||||
args: args{
|
||||
packageName: "nuget-package",
|
||||
//nolint
|
||||
result: "",
|
||||
},
|
||||
want: "",
|
||||
wantErr: true,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
ctrl := gomock.NewController(t)
|
||||
n := ngt.NewMockClient(ctrl)
|
||||
n.EXPECT().GitRepositoryByPackageName(tt.args.packageName).
|
||||
DoAndReturn(func(packageName string) (string, error) {
|
||||
if tt.wantErr && tt.args.result == "" {
|
||||
//nolint
|
||||
return "", errors.New("error")
|
||||
}
|
||||
|
||||
return tt.args.result, nil
|
||||
}).AnyTimes()
|
||||
got, err := fetchGitRepositoryFromNuget(tt.args.packageName, n)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("fetchGitRepositoryFromNuget() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
}
|
||||
if got != tt.want {
|
||||
t.Errorf("fetchGitRepositoryFromNuget() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
@ -1,65 +0,0 @@
|
||||
// Copyright 2021 OpenSSF Scorecard Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
//
|
||||
|
||||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: cmd/packagemanager_client.go
|
||||
|
||||
// Package cmd is a generated GoMock package.
|
||||
package cmd
|
||||
|
||||
import (
|
||||
http "net/http"
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
)
|
||||
|
||||
// MockpackageManagerClient is a mock of packageManagerClient interface.
|
||||
type MockpackageManagerClient struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockpackageManagerClientMockRecorder
|
||||
}
|
||||
|
||||
// MockpackageManagerClientMockRecorder is the mock recorder for MockpackageManagerClient.
|
||||
type MockpackageManagerClientMockRecorder struct {
|
||||
mock *MockpackageManagerClient
|
||||
}
|
||||
|
||||
// NewMockpackageManagerClient creates a new mock instance.
|
||||
func NewMockpackageManagerClient(ctrl *gomock.Controller) *MockpackageManagerClient {
|
||||
mock := &MockpackageManagerClient{ctrl: ctrl}
|
||||
mock.recorder = &MockpackageManagerClientMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockpackageManagerClient) EXPECT() *MockpackageManagerClientMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// Get mocks base method.
|
||||
func (m *MockpackageManagerClient) Get(URI, packagename string) (*http.Response, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "Get", URI, packagename)
|
||||
ret0, _ := ret[0].(*http.Response)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// Get indicates an expected call of Get.
|
||||
func (mr *MockpackageManagerClientMockRecorder) Get(URI, packagename interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockpackageManagerClient)(nil).Get), URI, packagename)
|
||||
}
|
@ -27,6 +27,7 @@ import (
|
||||
|
||||
"github.com/ossf/scorecard/v4/checker"
|
||||
"github.com/ossf/scorecard/v4/clients"
|
||||
pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager"
|
||||
docs "github.com/ossf/scorecard/v4/docs/checks"
|
||||
sce "github.com/ossf/scorecard/v4/errors"
|
||||
sclog "github.com/ossf/scorecard/v4/log"
|
||||
@ -37,7 +38,7 @@ import (
|
||||
|
||||
const (
|
||||
scorecardLong = "A program that shows the OpenSSF scorecard for an open source software."
|
||||
scorecardUse = `./scorecard (--repo=<repo> | --local=<folder> | --{npm,pypi,rubygems}=<package_name>)
|
||||
scorecardUse = `./scorecard (--repo=<repo> | --local=<folder> | --{npm,pypi,rubygems,nuget}=<package_name>)
|
||||
[--checks=check1,...] [--show-details]`
|
||||
scorecardShort = "OpenSSF Scorecard"
|
||||
)
|
||||
@ -72,9 +73,9 @@ func New(o *options.Options) *cobra.Command {
|
||||
|
||||
// rootCmd runs scorecard checks given a set of arguments.
|
||||
func rootCmd(o *options.Options) error {
|
||||
p := &packageManager{}
|
||||
p := &pmc.PackageManagerClient{}
|
||||
// Set `repo` from package managers.
|
||||
pkgResp, err := fetchGitRepositoryFromPackageManagers(o.NPM, o.PyPI, o.RubyGems, p)
|
||||
pkgResp, err := fetchGitRepositoryFromPackageManagers(o.NPM, o.PyPI, o.RubyGems, o.Nuget, p)
|
||||
if err != nil {
|
||||
return fmt.Errorf("fetchGitRepositoryFromPackageManagers: %w", err)
|
||||
}
|
||||
|
@ -45,6 +45,9 @@ const (
|
||||
// FlagRubyGems is the flag name for specifying a RubyGems repository.
|
||||
FlagRubyGems = "rubygems"
|
||||
|
||||
// FlagNuget is the flag name for specifying a Nuget repository.
|
||||
FlagNuget = "nuget"
|
||||
|
||||
// FlagMetadata is the flag name for specifying metadata for the project.
|
||||
FlagMetadata = "metadata"
|
||||
|
||||
@ -120,6 +123,13 @@ func (o *Options) AddFlags(cmd *cobra.Command) {
|
||||
"rubygems package to check, given that the rubygems package has a GitHub repository",
|
||||
)
|
||||
|
||||
cmd.Flags().StringVar(
|
||||
&o.Nuget,
|
||||
FlagNuget,
|
||||
o.Nuget,
|
||||
"nuget package to check, given that the nuget package has a GitHub repository",
|
||||
)
|
||||
|
||||
cmd.Flags().StringSliceVar(
|
||||
&o.Metadata,
|
||||
FlagMetadata,
|
||||
|
@ -37,6 +37,7 @@ type Options struct {
|
||||
NPM string
|
||||
PyPI string
|
||||
RubyGems string
|
||||
Nuget string
|
||||
PolicyFile string
|
||||
// TODO(action): Add logic for writing results to file
|
||||
ResultsFile string
|
||||
@ -113,7 +114,7 @@ var (
|
||||
errPolicyFileNotSupported = errors.New("policy file is not supported yet")
|
||||
errRawOptionNotSupported = errors.New("raw option is not supported yet")
|
||||
errRepoOptionMustBeSet = errors.New(
|
||||
"exactly one of `repo`, `npm`, `pypi`, `rubygems` or `local` must be set",
|
||||
"exactly one of `repo`, `npm`, `pypi`, `rubygems`, `nuget` or `local` must be set",
|
||||
)
|
||||
errSARIFNotSupported = errors.New("SARIF format is not supported yet")
|
||||
errValidate = errors.New("some options could not be validated")
|
||||
@ -124,11 +125,12 @@ var (
|
||||
func (o *Options) Validate() error {
|
||||
var errs []error
|
||||
|
||||
// Validate exactly one of `--repo`, `--npm`, `--pypi`, `--rubygems`, `--local` is enabled.
|
||||
// Validate exactly one of `--repo`, `--npm`, `--pypi`, `--rubygems`, `--nuget`, `--local` is enabled.
|
||||
if boolSum(o.Repo != "",
|
||||
o.NPM != "",
|
||||
o.PyPI != "",
|
||||
o.RubyGems != "",
|
||||
o.Nuget != "",
|
||||
o.Local != "") != 1 {
|
||||
errs = append(
|
||||
errs,
|
||||
|
@ -21,7 +21,7 @@ import (
|
||||
)
|
||||
|
||||
// Cannot run parallel tests because of the ENV variables.
|
||||
//nolint
|
||||
// nolint
|
||||
func TestOptions_Validate(t *testing.T) {
|
||||
type fields struct {
|
||||
Repo string
|
||||
@ -32,6 +32,7 @@ func TestOptions_Validate(t *testing.T) {
|
||||
NPM string
|
||||
PyPI string
|
||||
RubyGems string
|
||||
Nuget string
|
||||
PolicyFile string
|
||||
ResultsFile string
|
||||
ChecksToRun []string
|
||||
@ -99,6 +100,7 @@ func TestOptions_Validate(t *testing.T) {
|
||||
NPM: tt.fields.NPM,
|
||||
PyPI: tt.fields.PyPI,
|
||||
RubyGems: tt.fields.RubyGems,
|
||||
Nuget: tt.fields.Nuget,
|
||||
PolicyFile: tt.fields.PolicyFile,
|
||||
ResultsFile: tt.fields.ResultsFile,
|
||||
ChecksToRun: tt.fields.ChecksToRun,
|
||||
|
Loading…
Reference in New Issue
Block a user