diff --git a/checker/check_result.go b/checker/check_result.go index 9efd2310..ffccf8ee 100644 --- a/checker/check_result.go +++ b/checker/check_result.go @@ -248,11 +248,11 @@ func LogFindings(findings []finding.Finding, dl DetailLogger) { for i := range findings { f := &findings[i] switch f.Outcome { - case finding.OutcomeNegative: + case finding.OutcomeFalse: dl.Warn(&LogMessage{ Finding: f, }) - case finding.OutcomePositive: + case finding.OutcomeTrue: dl.Info(&LogMessage{ Finding: f, }) diff --git a/checks/evaluation/binary_artifacts.go b/checks/evaluation/binary_artifacts.go index fff943fb..e536fb03 100644 --- a/checks/evaluation/binary_artifacts.go +++ b/checks/evaluation/binary_artifacts.go @@ -35,13 +35,13 @@ func BinaryArtifacts(name string, return checker.CreateRuntimeErrorResult(name, e) } - if findings[0].Outcome == finding.OutcomePositive { + if findings[0].Outcome == finding.OutcomeTrue { return checker.CreateMaxScoreResult(name, "no binaries found in the repo") } for i := range findings { f := &findings[i] - if f.Outcome != finding.OutcomeNegative { + if f.Outcome != finding.OutcomeFalse { continue } dl.Warn(&checker.LogMessage{ @@ -52,7 +52,7 @@ func BinaryArtifacts(name string, }) } - // There are only negative findings. + // There are only false findings. // Deduct the number of findings from max score numberOfBinaryFilesFound := len(findings) diff --git a/checks/evaluation/binary_artifacts_test.go b/checks/evaluation/binary_artifacts_test.go index 59cf25db..a07c1fb2 100644 --- a/checks/evaluation/binary_artifacts_test.go +++ b/checks/evaluation/binary_artifacts_test.go @@ -27,9 +27,9 @@ import ( func TestBinaryArtifacts(t *testing.T) { t.Parallel() lineStart := uint(123) - negativeFinding := finding.Finding{ + falseFinding := finding.Finding{ Probe: "freeOfUnverifiedBinaryArtifacts", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Path: "path", @@ -48,7 +48,7 @@ func TestBinaryArtifacts(t *testing.T) { findings: []finding.Finding{ { Probe: "freeOfUnverifiedBinaryArtifacts", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -58,7 +58,7 @@ func TestBinaryArtifacts(t *testing.T) { { name: "one binary artifact", findings: []finding.Finding{ - negativeFinding, + falseFinding, }, result: scut.TestReturn{ Score: 9, @@ -70,7 +70,7 @@ func TestBinaryArtifacts(t *testing.T) { findings: []finding.Finding{ { Probe: "freeOfUnverifiedBinaryArtifacts", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Path: "path", Type: finding.FileTypeBinary, @@ -79,7 +79,7 @@ func TestBinaryArtifacts(t *testing.T) { }, { Probe: "freeOfUnverifiedBinaryArtifacts", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Path: "path", Type: finding.FileTypeBinary, @@ -95,11 +95,11 @@ func TestBinaryArtifacts(t *testing.T) { { name: "five binary artifact", findings: []finding.Finding{ - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, }, result: scut.TestReturn{ Score: 5, @@ -109,18 +109,18 @@ func TestBinaryArtifacts(t *testing.T) { { name: "twelve binary artifact - ensure score doesn't drop below min", findings: []finding.Finding{ - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, - negativeFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, + falseFinding, }, result: scut.TestReturn{ Score: checker.MinResultScore, diff --git a/checks/evaluation/branch_protection.go b/checks/evaluation/branch_protection.go index 5e72958a..596c2aee 100644 --- a/checks/evaluation/branch_protection.go +++ b/checks/evaluation/branch_protection.go @@ -119,12 +119,12 @@ func BranchProtection(name string, e := sce.WithMessage(sce.ErrScorecardInternal, "probe is missing branch name") return checker.CreateRuntimeErrorResult(name, e) // Now we can check whether the branch is protected: - case f.Outcome == finding.OutcomeNegative: + case f.Outcome == finding.OutcomeFalse: protectedBranches[branchName] = false dl.Warn(&checker.LogMessage{ Text: fmt.Sprintf("branch protection not enabled for branch '%s'", branchName), }) - case f.Outcome == finding.OutcomePositive: + case f.Outcome == finding.OutcomeTrue: protectedBranches[branchName] = true default: continue @@ -177,7 +177,7 @@ func BranchProtection(name string, reviewerWeight := 2 max = reviewerWeight noOfRequiredReviewers, _ := strconv.Atoi(f.Values["numberOfRequiredReviewers"]) //nolint:errcheck - if f.Outcome == finding.OutcomePositive && noOfRequiredReviewers > 0 { + if f.Outcome == finding.OutcomeTrue && noOfRequiredReviewers > 0 { branchScores[branchName].scores.review += reviewerWeight } branchScores[branchName].maxes.review += max @@ -259,9 +259,9 @@ func logWithDebug(f *finding.Finding, doLogging bool, dl checker.DetailLogger) { switch f.Outcome { case finding.OutcomeNotAvailable: debug(dl, doLogging, f.Message) - case finding.OutcomePositive: + case finding.OutcomeTrue: info(dl, doLogging, f.Message) - case finding.OutcomeNegative: + case finding.OutcomeFalse: warn(dl, doLogging, f.Message) default: // To satisfy linter @@ -270,9 +270,9 @@ func logWithDebug(f *finding.Finding, doLogging bool, dl checker.DetailLogger) { func logWithoutDebug(f *finding.Finding, doLogging bool, dl checker.DetailLogger) { switch f.Outcome { - case finding.OutcomePositive: + case finding.OutcomeTrue: info(dl, doLogging, f.Message) - case finding.OutcomeNegative: + case finding.OutcomeFalse: warn(dl, doLogging, f.Message) default: // To satisfy linter @@ -281,7 +281,7 @@ func logWithoutDebug(f *finding.Finding, doLogging bool, dl checker.DetailLogger func logInfoOrWarn(f *finding.Finding, doLogging bool, dl checker.DetailLogger) { switch f.Outcome { - case finding.OutcomePositive: + case finding.OutcomeTrue: info(dl, doLogging, f.Message) default: warn(dl, doLogging, f.Message) @@ -384,7 +384,7 @@ func warn(dl checker.DetailLogger, doLogging bool, desc string, args ...interfac func deleteAndForcePushProtection(f *finding.Finding, doLogging bool, dl checker.DetailLogger) (int, int) { var score, max int logWithoutDebug(f, doLogging, dl) - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { score++ } max++ @@ -395,7 +395,7 @@ func deleteAndForcePushProtection(f *finding.Finding, doLogging bool, dl checker func nonAdminContextProtection(f *finding.Finding, doLogging bool, dl checker.DetailLogger) (int, int) { var score, max int logInfoOrWarn(f, doLogging, dl) - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { score++ } max++ @@ -404,7 +404,7 @@ func nonAdminContextProtection(f *finding.Finding, doLogging bool, dl checker.De func adminReviewProtection(f *finding.Finding, doLogging bool, dl checker.DetailLogger) (int, int) { var score, max int - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { score++ } logWithDebug(f, doLogging, dl) @@ -418,7 +418,7 @@ func adminThoroughReviewProtection(f *finding.Finding, doLogging bool, dl checke var score, max int logWithDebug(f, doLogging, dl) - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { score++ } if f.Outcome != finding.OutcomeNotAvailable { @@ -429,7 +429,7 @@ func adminThoroughReviewProtection(f *finding.Finding, doLogging bool, dl checke func nonAdminThoroughReviewProtection(f *finding.Finding, doLogging bool, dl checker.DetailLogger) (int, int) { var score, max int - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { noOfRequiredReviews, _ := strconv.Atoi(f.Values["numberOfRequiredReviewers"]) //nolint:errcheck if noOfRequiredReviews >= minReviews { info(dl, doLogging, f.Message) @@ -437,7 +437,7 @@ func nonAdminThoroughReviewProtection(f *finding.Finding, doLogging bool, dl che } else { warn(dl, doLogging, f.Message) } - } else if f.Outcome == finding.OutcomeNegative { + } else if f.Outcome == finding.OutcomeFalse { warn(dl, doLogging, f.Message) } max++ @@ -446,7 +446,7 @@ func nonAdminThoroughReviewProtection(f *finding.Finding, doLogging bool, dl che func codeownerBranchProtection(f *finding.Finding, doLogging bool, dl checker.DetailLogger) (int, int) { var score, max int - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { info(dl, doLogging, f.Message) score++ } else { diff --git a/checks/evaluation/branch_protection_test.go b/checks/evaluation/branch_protection_test.go index 13db1083..857cecdf 100644 --- a/checks/evaluation/branch_protection_test.go +++ b/checks/evaluation/branch_protection_test.go @@ -46,20 +46,20 @@ func TestBranchProtection(t *testing.T) { { name: "Branch name is an empty string which is not allowed and will error", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, emptyBranchName, finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, emptyBranchName, finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, emptyBranchName, finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, emptyBranchName, finding.OutcomeNegative), - branchFinding(dismissesStaleReviews.Probe, emptyBranchName, finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, emptyBranchName, finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, emptyBranchName, finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, emptyBranchName, finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, emptyBranchName, finding.OutcomeFalse), + branchFinding(dismissesStaleReviews.Probe, emptyBranchName, finding.OutcomeFalse), withValue( - branchFinding(requiresApproversForPullRequests.Probe, emptyBranchName, finding.OutcomeNegative), + branchFinding(requiresApproversForPullRequests.Probe, emptyBranchName, finding.OutcomeFalse), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), - branchFinding(requiresCodeOwnersReview.Probe, emptyBranchName, finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, emptyBranchName, finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, emptyBranchName, finding.OutcomePositive), - branchFinding(runsStatusChecksBeforeMerging.Probe, emptyBranchName, finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, emptyBranchName, finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, emptyBranchName, finding.OutcomeFalse), + branchFinding(requiresLastPushApproval.Probe, emptyBranchName, finding.OutcomeFalse), + branchFinding(requiresUpToDateBranches.Probe, emptyBranchName, finding.OutcomeTrue), + branchFinding(runsStatusChecksBeforeMerging.Probe, emptyBranchName, finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, emptyBranchName, finding.OutcomeTrue), }, result: scut.TestReturn{ Error: sce.ErrScorecardInternal, @@ -69,20 +69,20 @@ func TestBranchProtection(t *testing.T) { { name: "Required status check enabled", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeFalse), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeFalse), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeFalse), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 4, @@ -93,20 +93,20 @@ func TestBranchProtection(t *testing.T) { { name: "Required status check enabled without checking for status string", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeFalse), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeFalse), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeFalse), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeTrue), branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 4, @@ -117,20 +117,20 @@ func TestBranchProtection(t *testing.T) { { name: "Admin run only preventing force pushes and deletions", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeFalse), branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNotAvailable), withValue( branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNotAvailable), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeFalse), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeFalse), }, result: scut.TestReturn{ Score: 3, @@ -142,20 +142,20 @@ func TestBranchProtection(t *testing.T) { { name: "Admin run with all tier 2 requirements except require PRs and reviewers", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomePositive), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeTrue), branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNotAvailable), withValue( branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNotAvailable), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomePositive), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeFalse), }, result: scut.TestReturn{ Score: 4, @@ -167,20 +167,20 @@ func TestBranchProtection(t *testing.T) { { name: "Admin run on project requiring pull requests but without approver -- best a single maintainer can do", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomePositive), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomePositive), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeTrue), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeTrue), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeFalse), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomePositive), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomePositive), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 4, @@ -191,20 +191,20 @@ func TestBranchProtection(t *testing.T) { { name: "Admin run on project with all tier 2 requirements", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomePositive), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeTrue), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeFalse), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomePositive), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeTrue), requiresApproversForPullRequests.RequiredReviewersKey, "1", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomePositive), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 6, @@ -215,9 +215,9 @@ func TestBranchProtection(t *testing.T) { { name: "Non-admin run on project that require zero reviewer (or don't require PRs at all, we can't differentiate it)", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNotAvailable), branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNotAvailable), withValue( @@ -240,20 +240,20 @@ func TestBranchProtection(t *testing.T) { { name: "Non-admin run on project that require 1 reviewer", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNotAvailable), branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNotAvailable), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomePositive), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeTrue), requiresApproversForPullRequests.RequiredReviewersKey, "1", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeFalse), branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNotAvailable), branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNotAvailable), branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeNotAvailable), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 6, @@ -265,20 +265,20 @@ func TestBranchProtection(t *testing.T) { { name: "Required admin enforcement enabled", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomePositive), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeTrue), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeFalse), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeFalse), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeFalse), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 3, @@ -289,20 +289,20 @@ func TestBranchProtection(t *testing.T) { { name: "Required linear history enabled", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeFalse), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeFalse), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeFalse), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeFalse), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 3, @@ -313,20 +313,20 @@ func TestBranchProtection(t *testing.T) { { name: "Allow force push enabled", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeNegative), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeFalse), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeFalse), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeFalse), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeFalse), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeFalse), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 1, @@ -337,20 +337,20 @@ func TestBranchProtection(t *testing.T) { { name: "Allow deletions enabled", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeNegative), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeNegative), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeNegative), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeFalse), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeFalse), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeFalse), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeNegative), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeFalse), requiresApproversForPullRequests.RequiredReviewersKey, "0", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeNegative), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeNegative), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeFalse), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeFalse), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 1, @@ -361,20 +361,20 @@ func TestBranchProtection(t *testing.T) { { name: "Branches are protected", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomePositive), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomePositive), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeTrue), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeTrue), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomePositive), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeTrue), requiresApproversForPullRequests.RequiredReviewersKey, "1", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomePositive), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomePositive), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 8, @@ -385,20 +385,20 @@ func TestBranchProtection(t *testing.T) { { name: "Branches are protected and require codeowner review", findings: []finding.Finding{ - branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomePositive), - branchFinding(branchesAreProtected.Probe, "main", finding.OutcomePositive), - branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomePositive), - branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomePositive), + branchFinding(blocksDeleteOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(blocksForcePushOnBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(branchesAreProtected.Probe, "main", finding.OutcomeTrue), + branchFinding(branchProtectionAppliesToAdmins.Probe, "main", finding.OutcomeTrue), + branchFinding(dismissesStaleReviews.Probe, "main", finding.OutcomeTrue), withValue( - branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomePositive), + branchFinding(requiresApproversForPullRequests.Probe, "main", finding.OutcomeTrue), requiresApproversForPullRequests.RequiredReviewersKey, "1", ), - branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomePositive), - branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomePositive), - branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomePositive), - branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomePositive), - branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomePositive), + branchFinding(requiresCodeOwnersReview.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresLastPushApproval.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresUpToDateBranches.Probe, "main", finding.OutcomeTrue), + branchFinding(runsStatusChecksBeforeMerging.Probe, "main", finding.OutcomeTrue), + branchFinding(requiresPRsToChangeCode.Probe, "main", finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 8, diff --git a/checks/evaluation/ci_tests.go b/checks/evaluation/ci_tests.go index 4c55fcc3..28003523 100644 --- a/checks/evaluation/ci_tests.go +++ b/checks/evaluation/ci_tests.go @@ -40,7 +40,7 @@ func CITests(name string, // Debug PRs that were merged without CI tests for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomeNegative || f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeFalse || f.Outcome == finding.OutcomeTrue { dl.Debug(&checker.LogMessage{ Text: f.Message, }) @@ -70,7 +70,7 @@ func getMergedAndTested(findings []finding.Finding) (int, int) { for i := range findings { f := &findings[i] totalMerged++ - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { totalTested++ } } diff --git a/checks/evaluation/ci_tests_test.go b/checks/evaluation/ci_tests_test.go index a8fc4ecb..8bd9bfb3 100644 --- a/checks/evaluation/ci_tests_test.go +++ b/checks/evaluation/ci_tests_test.go @@ -33,7 +33,7 @@ func TestCITests(t *testing.T) { name: "Has CI tests. 1 tested out of 1 merged", findings: []finding.Finding{ { - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Probe: "testsRunInCI", Message: "CI test found: pr: 1, context: e2e", Location: &finding.Location{Type: 4}, @@ -48,25 +48,25 @@ func TestCITests(t *testing.T) { name: "Has CI tests. 3 tested out of 4 merged", findings: []finding.Finding{ { - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Probe: "testsRunInCI", Message: "CI test found: pr: 1, context: e2e", Location: &finding.Location{Type: 4}, }, { - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Probe: "testsRunInCI", Message: "CI test found: pr: 1, context: e2e", Location: &finding.Location{Type: 4}, }, { - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Probe: "testsRunInCI", Message: "CI test found: pr: 1, context: e2e", Location: &finding.Location{Type: 4}, }, { - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Probe: "testsRunInCI", Message: "CI test found: pr: 1, context: e2e", Location: &finding.Location{Type: 4}, @@ -81,19 +81,19 @@ func TestCITests(t *testing.T) { name: "Tests debugging", findings: []finding.Finding{ { - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Probe: "testsRunInCI", Message: "merged PR 1 without CI test at HEAD: 1", Location: &finding.Location{Type: 4}, }, { - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Probe: "testsRunInCI", Message: "merged PR 1 without CI test at HEAD: 1", Location: &finding.Location{Type: 4}, }, { - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Probe: "testsRunInCI", Message: "merged PR 1 without CI test at HEAD: 1", Location: &finding.Location{Type: 4}, diff --git a/checks/evaluation/cii_best_practices.go b/checks/evaluation/cii_best_practices.go index 31672d5e..ed91da20 100644 --- a/checks/evaluation/cii_best_practices.go +++ b/checks/evaluation/cii_best_practices.go @@ -52,7 +52,7 @@ func CIIBestPractices(name string, } f := &findings[0] - if f.Outcome == finding.OutcomeNegative { + if f.Outcome == finding.OutcomeFalse { text = "no effort to earn an OpenSSF best practices badge detected" return checker.CreateMinScoreResult(name, text) } diff --git a/checks/evaluation/cii_best_practices_test.go b/checks/evaluation/cii_best_practices_test.go index ca7eb518..beb58b8d 100644 --- a/checks/evaluation/cii_best_practices_test.go +++ b/checks/evaluation/cii_best_practices_test.go @@ -30,11 +30,11 @@ func TestCIIBestPractices(t *testing.T) { result scut.TestReturn }{ { - name: "Unsupported badge found with negative finding", + name: "Unsupported badge found with false finding", findings: []finding.Finding{ { Probe: "hasOpenSSFBadge", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Values: map[string]string{ hasOpenSSFBadge.LevelKey: "Unsupported", }, @@ -45,11 +45,11 @@ func TestCIIBestPractices(t *testing.T) { }, }, { - name: "Unsupported badge found with positive finding", + name: "Unsupported badge found with true finding", findings: []finding.Finding{ { Probe: "hasOpenSSFBadge", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ hasOpenSSFBadge.LevelKey: "Unsupported", }, @@ -65,7 +65,7 @@ func TestCIIBestPractices(t *testing.T) { findings: []finding.Finding{ { Probe: "hasOpenSSFBadge", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ hasOpenSSFBadge.LevelKey: hasOpenSSFBadge.InProgressLevel, }, @@ -80,7 +80,7 @@ func TestCIIBestPractices(t *testing.T) { findings: []finding.Finding{ { Probe: "hasOpenSSFBadge", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ hasOpenSSFBadge.LevelKey: hasOpenSSFBadge.PassingLevel, }, @@ -95,7 +95,7 @@ func TestCIIBestPractices(t *testing.T) { findings: []finding.Finding{ { Probe: "hasOpenSSFBadge", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ hasOpenSSFBadge.LevelKey: hasOpenSSFBadge.SilverLevel, }, @@ -110,7 +110,7 @@ func TestCIIBestPractices(t *testing.T) { findings: []finding.Finding{ { Probe: "hasOpenSSFBadge", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ hasOpenSSFBadge.LevelKey: hasOpenSSFBadge.GoldLevel, }, @@ -125,7 +125,7 @@ func TestCIIBestPractices(t *testing.T) { findings: []finding.Finding{ { Probe: "hasOpenSSFBadge", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ hasOpenSSFBadge.LevelKey: hasOpenSSFBadge.UnknownLevel, }, diff --git a/checks/evaluation/contributors.go b/checks/evaluation/contributors.go index d58653e6..cb323864 100644 --- a/checks/evaluation/contributors.go +++ b/checks/evaluation/contributors.go @@ -42,37 +42,37 @@ func Contributors(name string, return checker.CreateRuntimeErrorResult(name, e) } - numberOfPositives := getNumberOfPositives(findings) - reason := fmt.Sprintf("project has %d contributing companies or organizations", numberOfPositives) + numberOfTrue := getNumberOfTrue(findings) + reason := fmt.Sprintf("project has %d contributing companies or organizations", numberOfTrue) - if numberOfPositives > 0 { + if numberOfTrue > 0 { logFindings(findings, dl) } - if numberOfPositives > numberCompaniesForTopScore { + if numberOfTrue > numberCompaniesForTopScore { return checker.CreateMaxScoreResult(name, reason) } - return checker.CreateProportionalScoreResult(name, reason, numberOfPositives, numberCompaniesForTopScore) + return checker.CreateProportionalScoreResult(name, reason, numberOfTrue, numberCompaniesForTopScore) } -func getNumberOfPositives(findings []finding.Finding) int { - var numberOfPositives int +func getNumberOfTrue(findings []finding.Finding) int { + var numberOfTrue int for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { if f.Probe == contributorsFromOrgOrCompany.Probe { - numberOfPositives++ + numberOfTrue++ } } } - return numberOfPositives + return numberOfTrue } func logFindings(findings []finding.Finding, dl checker.DetailLogger) { var sb strings.Builder for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { sb.WriteString(fmt.Sprintf("%s, ", f.Message)) } } diff --git a/checks/evaluation/contributors_test.go b/checks/evaluation/contributors_test.go index e00db8f9..2ac11c7b 100644 --- a/checks/evaluation/contributors_test.go +++ b/checks/evaluation/contributors_test.go @@ -29,15 +29,15 @@ func TestContributors(t *testing.T) { result scut.TestReturn }{ { - name: "Only has two positive outcomes", + name: "Only has two true outcomes", findings: []finding.Finding{ { Probe: "contributorsFromOrgOrCompany", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "contributorsFromOrgOrCompany", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -49,26 +49,26 @@ func TestContributors(t *testing.T) { findings: []finding.Finding{ { Probe: "contributorsFromOrgOrCompany", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ Score: 0, }, }, { - name: "Has three positive outcomes", + name: "Has three true outcomes", findings: []finding.Finding{ { Probe: "contributorsFromOrgOrCompany", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "contributorsFromOrgOrCompany", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "contributorsFromOrgOrCompany", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ diff --git a/checks/evaluation/dangerous_workflow.go b/checks/evaluation/dangerous_workflow.go index 9abdeebd..bb74661b 100644 --- a/checks/evaluation/dangerous_workflow.go +++ b/checks/evaluation/dangerous_workflow.go @@ -43,7 +43,7 @@ func DangerousWorkflow(name string, // Log all detected dangerous workflows for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomeNegative { + if f.Outcome == finding.OutcomeFalse { if f.Location == nil { e := sce.WithMessage(sce.ErrScorecardInternal, "invalid probe results") return checker.CreateRuntimeErrorResult(name, e) @@ -82,7 +82,7 @@ func hasDWWithUntrustedCheckout(findings []finding.Finding) bool { for i := range findings { f := &findings[i] if f.Probe == hasDangerousWorkflowUntrustedCheckout.Probe { - if f.Outcome == finding.OutcomeNegative { + if f.Outcome == finding.OutcomeFalse { return true } } @@ -94,7 +94,7 @@ func hasDWWithScriptInjection(findings []finding.Finding) bool { for i := range findings { f := &findings[i] if f.Probe == hasDangerousWorkflowScriptInjection.Probe { - if f.Outcome == finding.OutcomeNegative { + if f.Outcome == finding.OutcomeFalse { return true } } diff --git a/checks/evaluation/dangerous_workflow_test.go b/checks/evaluation/dangerous_workflow_test.go index 847c6769..60b26fd7 100644 --- a/checks/evaluation/dangerous_workflow_test.go +++ b/checks/evaluation/dangerous_workflow_test.go @@ -38,10 +38,10 @@ func TestDangerousWorkflow(t *testing.T) { findings: []finding.Finding{ { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "hasDangerousWorkflowUntrustedCheckout", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow.yml", @@ -75,10 +75,10 @@ func TestDangerousWorkflow(t *testing.T) { findings: []finding.Finding{ { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "hasDangerousWorkflowUntrustedCheckout", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -90,10 +90,10 @@ func TestDangerousWorkflow(t *testing.T) { findings: []finding.Finding{ { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "hasDangerousWorkflowUntrustedCheckout", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow.yml", @@ -112,7 +112,7 @@ func TestDangerousWorkflow(t *testing.T) { findings: []finding.Finding{ { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow.yml", @@ -121,7 +121,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowUntrustedCheckout", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -134,7 +134,7 @@ func TestDangerousWorkflow(t *testing.T) { findings: []finding.Finding{ { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow.yml", @@ -143,7 +143,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow2.yml", @@ -152,7 +152,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowUntrustedCheckout", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -165,7 +165,7 @@ func TestDangerousWorkflow(t *testing.T) { findings: []finding.Finding{ { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow.yml", @@ -174,7 +174,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow2.yml", @@ -183,7 +183,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow3.yml", @@ -192,7 +192,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow4.yml", @@ -201,7 +201,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow5.yml", @@ -210,7 +210,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow6.yml", @@ -219,7 +219,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow7.yml", @@ -228,7 +228,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowScriptInjection", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "./github/workflows/dangerous-workflow8.yml", @@ -237,7 +237,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { Probe: "hasDangerousWorkflowUntrustedCheckout", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ diff --git a/checks/evaluation/dependency_update_tool.go b/checks/evaluation/dependency_update_tool.go index 409bf6f2..05cb0b72 100644 --- a/checks/evaluation/dependency_update_tool.go +++ b/checks/evaluation/dependency_update_tool.go @@ -36,9 +36,9 @@ func DependencyUpdateTool(name string, for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomePositive { - // Log all findings except the negative ones. - checker.LogFindings(nonNegativeFindings(findings), dl) + if f.Outcome == finding.OutcomeTrue { + // Log all findings except the false ones. + checker.LogFindings(nonFalseFindings(findings), dl) return checker.CreateMaxScoreResult(name, "update tool detected") } } diff --git a/checks/evaluation/dependency_update_tool_test.go b/checks/evaluation/dependency_update_tool_test.go index 5dcb7e41..c0d2a3af 100644 --- a/checks/evaluation/dependency_update_tool_test.go +++ b/checks/evaluation/dependency_update_tool_test.go @@ -57,7 +57,7 @@ func TestDependencyUpdateTool(t *testing.T) { findings: []finding.Finding{ { Probe: dependencyUpdateToolConfigured.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -70,7 +70,7 @@ func TestDependencyUpdateTool(t *testing.T) { findings: []finding.Finding{ { Probe: "notARealProbe", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -93,7 +93,7 @@ func TestDependencyUpdateTool(t *testing.T) { func depUpdateTool(name string) finding.Finding { return finding.Finding{ Probe: dependencyUpdateToolConfigured.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ dependencyUpdateToolConfigured.ToolKey: name, }, diff --git a/checks/evaluation/finding.go b/checks/evaluation/finding.go index 11d1e6f9..97e79bf0 100644 --- a/checks/evaluation/finding.go +++ b/checks/evaluation/finding.go @@ -18,11 +18,11 @@ import ( "github.com/ossf/scorecard/v4/finding" ) -func nonNegativeFindings(findings []finding.Finding) []finding.Finding { +func nonFalseFindings(findings []finding.Finding) []finding.Finding { var ff []finding.Finding for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomeNegative { + if f.Outcome == finding.OutcomeFalse { continue } ff = append(ff, *f) @@ -30,11 +30,11 @@ func nonNegativeFindings(findings []finding.Finding) []finding.Finding { return ff } -func negativeFindings(findings []finding.Finding) []finding.Finding { +func falseFindings(findings []finding.Finding) []finding.Finding { var ff []finding.Finding for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomeNegative { + if f.Outcome == finding.OutcomeFalse { ff = append(ff, *f) } } diff --git a/checks/evaluation/fuzzing.go b/checks/evaluation/fuzzing.go index ac75bbad..1995c7b3 100644 --- a/checks/evaluation/fuzzing.go +++ b/checks/evaluation/fuzzing.go @@ -39,9 +39,9 @@ func Fuzzing(name string, // Compute the score. for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomePositive { - // Log all findings except the negative ones. - checker.LogFindings(nonNegativeFindings(findings), dl) + if f.Outcome == finding.OutcomeTrue { + // Log all findings except the false ones. + checker.LogFindings(nonFalseFindings(findings), dl) return checker.CreateMaxScoreResult(name, "project is fuzzed") } } diff --git a/checks/evaluation/fuzzing_test.go b/checks/evaluation/fuzzing_test.go index b8b8f6b0..3bff2f70 100644 --- a/checks/evaluation/fuzzing_test.go +++ b/checks/evaluation/fuzzing_test.go @@ -36,7 +36,7 @@ func TestFuzzing(t *testing.T) { findings: []finding.Finding{ { Probe: fuzzed.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -71,7 +71,7 @@ func TestFuzzing(t *testing.T) { findings: []finding.Finding{ { Probe: "someUnrelatedProbe", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, fuzzTool(fuzzers.RustCargoFuzz), }, @@ -95,7 +95,7 @@ func TestFuzzing(t *testing.T) { func fuzzTool(name string) finding.Finding { return finding.Finding{ Probe: fuzzed.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ fuzzed.ToolKey: name, }, diff --git a/checks/evaluation/license.go b/checks/evaluation/license.go index 7eff4c9d..2caf3c41 100644 --- a/checks/evaluation/license.go +++ b/checks/evaluation/license.go @@ -43,7 +43,7 @@ func License(name string, m := make(map[string]bool) for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { switch f.Probe { case hasFSFOrOSIApprovedLicense.Probe: score += scoreProbeOnce(f.Probe, m, 1) diff --git a/checks/evaluation/license_test.go b/checks/evaluation/license_test.go index 8b2b4e24..751544f3 100644 --- a/checks/evaluation/license_test.go +++ b/checks/evaluation/license_test.go @@ -30,15 +30,15 @@ func TestLicense(t *testing.T) { result scut.TestReturn }{ { - name: "Positive outcome = Max Score", + name: "True outcome = Max Score", findings: []finding.Finding{ { Probe: "hasLicenseFile", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "hasFSFOrOSIApprovedLicense", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -46,15 +46,15 @@ func TestLicense(t *testing.T) { NumberOfInfo: 2, }, }, { - name: "Negative outcomes from all probes = Min score", + name: "false outcomes from all probes = Min score", findings: []finding.Finding{ { Probe: "hasLicenseFile", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasFSFOrOSIApprovedLicense", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -66,11 +66,11 @@ func TestLicense(t *testing.T) { findings: []finding.Finding{ { Probe: "hasLicenseFile", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "hasFSFOrOSIApprovedLicense", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -83,7 +83,7 @@ func TestLicense(t *testing.T) { findings: []finding.Finding{ { Probe: "hasLicenseFile", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -95,11 +95,11 @@ func TestLicense(t *testing.T) { findings: []finding.Finding{ { Probe: "hasLicenseFile", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "hasFSFOrOSIApprovedLicense", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ diff --git a/checks/evaluation/maintained.go b/checks/evaluation/maintained.go index 5ccdb0ed..fb974471 100644 --- a/checks/evaluation/maintained.go +++ b/checks/evaluation/maintained.go @@ -51,12 +51,12 @@ func Maintained(name string, } if projectIsArchived(findings) { - checker.LogFindings(negativeFindings(findings), dl) + checker.LogFindings(falseFindings(findings), dl) return checker.CreateMinScoreResult(name, "project is archived") } if projectWasCreatedInLast90Days(findings) { - checker.LogFindings(negativeFindings(findings), dl) + checker.LogFindings(falseFindings(findings), dl) return checker.CreateMinScoreResult(name, "project was created in last 90 days. please review its contents carefully") } @@ -64,7 +64,7 @@ func Maintained(name string, var err error for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { switch f.Probe { case issueActivityByProjectMember.Probe: numberOfIssuesUpdatedWithinThreshold, err = strconv.Atoi(f.Values[issueActivityByProjectMember.NumIssuesKey]) @@ -89,7 +89,7 @@ func Maintained(name string, func projectIsArchived(findings []finding.Finding) bool { for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomeNegative && f.Probe == notArchived.Probe { + if f.Outcome == finding.OutcomeFalse && f.Probe == notArchived.Probe { return true } } @@ -99,7 +99,7 @@ func projectIsArchived(findings []finding.Finding) bool { func projectWasCreatedInLast90Days(findings []finding.Finding) bool { for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomeNegative && f.Probe == notCreatedRecently.Probe { + if f.Outcome == finding.OutcomeFalse && f.Probe == notCreatedRecently.Probe { return true } } diff --git a/checks/evaluation/maintained_test.go b/checks/evaluation/maintained_test.go index 84680deb..d2ec527f 100644 --- a/checks/evaluation/maintained_test.go +++ b/checks/evaluation/maintained_test.go @@ -37,22 +37,22 @@ func TestMaintained(t *testing.T) { findings: []finding.Finding{ { Probe: hasRecentCommits.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ hasRecentCommits.NumCommitsKey: "2", }, }, { Probe: issueActivityByProjectMember.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ issueActivityByProjectMember.NumIssuesKey: "1", }, }, { Probe: notArchived.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: notCreatedRecently.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -64,16 +64,16 @@ func TestMaintained(t *testing.T) { findings: []finding.Finding{ { Probe: hasRecentCommits.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: issueActivityByProjectMember.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: notArchived.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: notCreatedRecently.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -85,16 +85,16 @@ func TestMaintained(t *testing.T) { findings: []finding.Finding{ { Probe: hasRecentCommits.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: issueActivityByProjectMember.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "archvied", /*misspelling*/ - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: notCreatedRecently.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -107,16 +107,16 @@ func TestMaintained(t *testing.T) { findings: []finding.Finding{ { Probe: hasRecentCommits.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: issueActivityByProjectMember.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: notArchived.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: notCreatedRecently.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ diff --git a/checks/evaluation/packaging.go b/checks/evaluation/packaging.go index da69d8c1..df5151af 100644 --- a/checks/evaluation/packaging.go +++ b/checks/evaluation/packaging.go @@ -36,15 +36,15 @@ func Packaging(name string, } // Currently there is only a single packaging probe that returns - // a single positive or negative outcome. As such, in this evaluation, - // we return max score if the outcome is positive and lowest score if - // the outcome is negative. + // a single true or false outcome. As such, in this evaluation, + // we return max score if the outcome is true and lowest score if + // the outcome is false. maxScore := false for _, f := range findings { f := f - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { maxScore = true - // Log all findings except the negative ones. + // Log all findings except the false ones. dl.Info(&checker.LogMessage{ Finding: &f, }) @@ -54,7 +54,7 @@ func Packaging(name string, return checker.CreateMaxScoreResult(name, "packaging workflow detected") } - checker.LogFindings(negativeFindings(findings), dl) + checker.LogFindings(falseFindings(findings), dl) return checker.CreateInconclusiveResult(name, "packaging workflow not detected") } diff --git a/checks/evaluation/packaging_test.go b/checks/evaluation/packaging_test.go index cfa52196..3d964149 100644 --- a/checks/evaluation/packaging_test.go +++ b/checks/evaluation/packaging_test.go @@ -30,11 +30,11 @@ func TestPackaging(t *testing.T) { result scut.TestReturn }{ { - name: "test positive outcome", + name: "test true outcome", findings: []finding.Finding{ { Probe: "packagedWithAutomatedWorkflow", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -43,11 +43,11 @@ func TestPackaging(t *testing.T) { }, }, { - name: "test positive outcome with wrong probes", + name: "test true outcome with wrong probes", findings: []finding.Finding{ { Probe: "wrongProbe", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -60,7 +60,7 @@ func TestPackaging(t *testing.T) { findings: []finding.Finding{ { Probe: "packagedWithAutomatedWorkflow", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -69,11 +69,11 @@ func TestPackaging(t *testing.T) { }, }, { - name: "test negative outcome with wrong probes", + name: "test false outcome with wrong probes", findings: []finding.Finding{ { Probe: "wrongProbe", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ diff --git a/checks/evaluation/permissions.go b/checks/evaluation/permissions.go index c0e3b274..91ec8a9a 100644 --- a/checks/evaluation/permissions.go +++ b/checks/evaluation/permissions.go @@ -98,7 +98,7 @@ func TokenPermissions(name string, return checker.CreateInconclusiveResult(name, "No tokens found") } - if f.Outcome != finding.OutcomeNegative { + if f.Outcome != finding.OutcomeFalse { continue } if f.Location == nil { diff --git a/checks/evaluation/pinned_dependencies.go b/checks/evaluation/pinned_dependencies.go index 2aaddff3..39a2a978 100644 --- a/checks/evaluation/pinned_dependencies.go +++ b/checks/evaluation/pinned_dependencies.go @@ -88,7 +88,7 @@ func PinningDependencies(name string, Finding: &f, }) continue - case finding.OutcomeNegative: + case finding.OutcomeFalse: // we cant use the finding if we want the remediation to show // finding.Remediation are currently suppressed (#3349) lm := &checker.LogMessage{ @@ -177,7 +177,7 @@ func generateOwnerToDisplay(gitHubOwned bool) string { } func addPinnedResult(outcome finding.Outcome, r *pinnedResult) { - if outcome == finding.OutcomePositive { + if outcome == finding.OutcomeTrue { r.pinned += 1 } r.total += 1 diff --git a/checks/evaluation/pinned_dependencies_test.go b/checks/evaluation/pinned_dependencies_test.go index cd9259a1..5c1e5e6d 100644 --- a/checks/evaluation/pinned_dependencies_test.go +++ b/checks/evaluation/pinned_dependencies_test.go @@ -243,7 +243,7 @@ func Test_PinningDependencies(t *testing.T) { findings: []finding.Finding{ { Probe: "pinsDependencies", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Location: &finding.Location{ Type: finding.FileTypeText, Path: "test-file", @@ -265,7 +265,7 @@ func Test_PinningDependencies(t *testing.T) { findings: []finding.Finding{ { Probe: "pinsDependencies", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "test-file", @@ -312,7 +312,7 @@ func Test_PinningDependencies(t *testing.T) { findings: []finding.Finding{ { Probe: "pinsDependencies", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "test-file", @@ -326,7 +326,7 @@ func Test_PinningDependencies(t *testing.T) { }, { Probe: "pinsDependencies", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "test-file", @@ -350,7 +350,7 @@ func Test_PinningDependencies(t *testing.T) { findings: []finding.Finding{ { Probe: "pinsDependencies", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "test-file", @@ -364,7 +364,7 @@ func Test_PinningDependencies(t *testing.T) { }, { Probe: "pinsDependencies", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Location: &finding.Location{ Type: finding.FileTypeText, Path: "test-file", @@ -388,7 +388,7 @@ func Test_PinningDependencies(t *testing.T) { findings: []finding.Finding{ { Probe: "pinsDependencies", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Location: &finding.Location{ Type: finding.FileTypeText, Path: "test-file", @@ -440,7 +440,7 @@ func Test_PinningDependencies(t *testing.T) { }, { Probe: pinsDependencies.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Location: &finding.Location{ Type: finding.FileTypeText, Path: "test-file", @@ -489,7 +489,7 @@ func Test_addWorkflowPinnedResult(t *testing.T) { { name: "add pinned GitHub-owned action dependency", args: args{ - outcome: finding.OutcomePositive, + outcome: finding.OutcomeTrue, w: &workflowPinningResult{}, isGitHub: true, }, @@ -507,7 +507,7 @@ func Test_addWorkflowPinnedResult(t *testing.T) { { name: "add unpinned GitHub-owned action dependency", args: args{ - outcome: finding.OutcomeNegative, + outcome: finding.OutcomeFalse, w: &workflowPinningResult{}, isGitHub: true, }, @@ -525,7 +525,7 @@ func Test_addWorkflowPinnedResult(t *testing.T) { { name: "add pinned Third-Party action dependency", args: args{ - outcome: finding.OutcomePositive, + outcome: finding.OutcomeTrue, w: &workflowPinningResult{}, isGitHub: false, }, @@ -543,7 +543,7 @@ func Test_addWorkflowPinnedResult(t *testing.T) { { name: "add unpinned Third-Party action dependency", args: args{ - outcome: finding.OutcomeNegative, + outcome: finding.OutcomeFalse, w: &workflowPinningResult{}, isGitHub: false, }, @@ -602,7 +602,7 @@ func TestUpdatePinningResults(t *testing.T) { name: "add pinned GitHub-owned action", args: args{ dependencyType: checker.DependencyUseTypeGHAction, - outcome: finding.OutcomePositive, + outcome: finding.OutcomeTrue, snippet: stringAsPointer("actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675"), w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), @@ -625,7 +625,7 @@ func TestUpdatePinningResults(t *testing.T) { name: "add unpinned GitHub-owned action", args: args{ dependencyType: checker.DependencyUseTypeGHAction, - outcome: finding.OutcomeNegative, + outcome: finding.OutcomeFalse, snippet: stringAsPointer("actions/checkout@v2"), w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), @@ -648,7 +648,7 @@ func TestUpdatePinningResults(t *testing.T) { name: "add pinned Third-party action", args: args{ dependencyType: checker.DependencyUseTypeGHAction, - outcome: finding.OutcomePositive, + outcome: finding.OutcomeTrue, w: &workflowPinningResult{}, snippet: stringAsPointer("other/checkout@ffa6706ff2127a749973072756f83c532e43ed02"), pr: make(map[checker.DependencyUseType]pinnedResult), @@ -672,7 +672,7 @@ func TestUpdatePinningResults(t *testing.T) { args: args{ dependencyType: checker.DependencyUseTypeGHAction, snippet: stringAsPointer("other/checkout@v2"), - outcome: finding.OutcomeNegative, + outcome: finding.OutcomeFalse, w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, @@ -694,7 +694,7 @@ func TestUpdatePinningResults(t *testing.T) { name: "add pinned pip install", args: args{ dependencyType: checker.DependencyUseTypePipCommand, - outcome: finding.OutcomePositive, + outcome: finding.OutcomeTrue, w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, @@ -712,7 +712,7 @@ func TestUpdatePinningResults(t *testing.T) { name: "add unpinned pip install", args: args{ dependencyType: checker.DependencyUseTypePipCommand, - outcome: finding.OutcomeNegative, + outcome: finding.OutcomeFalse, w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, diff --git a/checks/evaluation/sast.go b/checks/evaluation/sast.go index 95fd6e85..78c71b6e 100644 --- a/checks/evaluation/sast.go +++ b/checks/evaluation/sast.go @@ -52,7 +52,7 @@ func SAST(name string, } case sastToolConfigured.Probe: tool, ok := f.Values[sastToolConfigured.ToolKey] - if f.Outcome == finding.OutcomePositive && !ok { + if f.Outcome == finding.OutcomeTrue && !ok { return checker.CreateRuntimeErrorResult(name, sce.WithMessage(sce.ErrScorecardInternal, "missing SAST tool")) } score := getSastToolScore(f, dl) @@ -133,11 +133,11 @@ func getSASTScore(f *finding.Finding, dl checker.DetailLogger) (int, error) { Text: f.Message, }) return checker.InconclusiveResultScore, nil - case finding.OutcomePositive: + case finding.OutcomeTrue: dl.Info(&checker.LogMessage{ Text: f.Message, }) - case finding.OutcomeNegative: + case finding.OutcomeFalse: dl.Warn(&checker.LogMessage{ Text: f.Message, }) @@ -154,16 +154,16 @@ func getSASTScore(f *finding.Finding, dl checker.DetailLogger) (int, error) { return checker.CreateProportionalScore(analyzed, total), nil } -// getSastToolScore returns positive if the project runs the Sast tool -// and negative if it doesn't. +// getSastToolScore returns true if the project runs the Sast tool +// and false if it doesn't. func getSastToolScore(f *finding.Finding, dl checker.DetailLogger) int { switch f.Outcome { - case finding.OutcomePositive: + case finding.OutcomeTrue: dl.Info(&checker.LogMessage{ Text: f.Message, }) return checker.MaxResultScore - case finding.OutcomeNegative: + case finding.OutcomeFalse: return checker.MinResultScore default: return checker.InconclusiveResultScore diff --git a/checks/evaluation/sast_test.go b/checks/evaluation/sast_test.go index 004f7ece..e712f839 100644 --- a/checks/evaluation/sast_test.go +++ b/checks/evaluation/sast_test.go @@ -36,7 +36,7 @@ func TestSAST(t *testing.T) { findings: []finding.Finding{ { Probe: sastToolRunsOnAllCommits.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -51,7 +51,7 @@ func TestSAST(t *testing.T) { tool(checker.CodeQLWorkflow), { Probe: sastToolRunsOnAllCommits.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ sastToolRunsOnAllCommits.AnalyzedPRsKey: "1", sastToolRunsOnAllCommits.TotalPRsKey: "2", @@ -70,7 +70,7 @@ func TestSAST(t *testing.T) { tool(checker.PysaWorkflow), { Probe: sastToolRunsOnAllCommits.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ sastToolRunsOnAllCommits.AnalyzedPRsKey: "1", sastToolRunsOnAllCommits.TotalPRsKey: "2", @@ -105,11 +105,11 @@ func TestSAST(t *testing.T) { findings: []finding.Finding{ { Probe: sastToolConfigured.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: sastToolRunsOnAllCommits.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Values: map[string]string{ sastToolRunsOnAllCommits.AnalyzedPRsKey: "1", sastToolRunsOnAllCommits.TotalPRsKey: "3", @@ -128,7 +128,7 @@ func TestSAST(t *testing.T) { tool(checker.SnykWorkflow), { Probe: sastToolRunsOnAllCommits.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ sastToolRunsOnAllCommits.AnalyzedPRsKey: "1", sastToolRunsOnAllCommits.TotalPRsKey: "3", @@ -147,7 +147,7 @@ func TestSAST(t *testing.T) { tool(checker.QodanaWorkflow), { Probe: sastToolRunsOnAllCommits.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ sastToolRunsOnAllCommits.AnalyzedPRsKey: "1", sastToolRunsOnAllCommits.TotalPRsKey: "3", @@ -175,7 +175,7 @@ func TestSAST(t *testing.T) { func tool(name checker.SASTWorkflowType) finding.Finding { return finding.Finding{ Probe: sastToolConfigured.Probe, - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ sastToolConfigured.ToolKey: string(name), }, diff --git a/checks/evaluation/security_policy.go b/checks/evaluation/security_policy.go index 10125c6a..8ec3356d 100644 --- a/checks/evaluation/security_policy.go +++ b/checks/evaluation/security_policy.go @@ -42,7 +42,7 @@ func SecurityPolicy(name string, findings []finding.Finding, dl checker.DetailLo m := make(map[string]bool) for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomePositive { + if f.Outcome == finding.OutcomeTrue { switch f.Probe { case securityPolicyContainsVulnerabilityDisclosure.Probe: score += scoreProbeOnce(f.Probe, m, 1) @@ -71,9 +71,9 @@ func SecurityPolicy(name string, findings []finding.Finding, dl checker.DetailLo } // Log all findings. - // NOTE: if the score is checker.MaxResultScore, then all findings are positive. - // If the score is less than checker.MaxResultScore, some findings are negative, - // so we log both positive and negative findings. + // NOTE: if the score is checker.MaxResultScore, then all findings are true. + // If the score is less than checker.MaxResultScore, some findings are false, + // so we log both true and false findings. checker.LogFindings(findings, dl) return checker.CreateResultWithScore(name, "security policy file detected", score) diff --git a/checks/evaluation/security_policy_test.go b/checks/evaluation/security_policy_test.go index ac55f707..ccaa7512 100644 --- a/checks/evaluation/security_policy_test.go +++ b/checks/evaluation/security_policy_test.go @@ -35,15 +35,15 @@ func TestSecurityPolicy(t *testing.T) { findings: []finding.Finding{ { Probe: "securityPolicyContainsVulnerabilityDisclosure", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyContainsText", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyPresent", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -56,23 +56,23 @@ func TestSecurityPolicy(t *testing.T) { findings: []finding.Finding{ { Probe: "securityPolicyContainsVulnerabilityDisclosure", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyContainsLinks", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyContainsText", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyPresent", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyInvalidProbeName", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -85,19 +85,19 @@ func TestSecurityPolicy(t *testing.T) { findings: []finding.Finding{ { Probe: "securityPolicyContainsVulnerabilityDisclosure", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyContainsLinks", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyContainsText", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyPresent", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -107,23 +107,23 @@ func TestSecurityPolicy(t *testing.T) { }, }, { - name: "file not found with positive probes", + name: "file not found with true probes", findings: []finding.Finding{ { Probe: "securityPolicyContainsVulnerabilityDisclosure", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "securityPolicyContainsLinks", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "securityPolicyContainsText", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "securityPolicyPresent", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -136,19 +136,19 @@ func TestSecurityPolicy(t *testing.T) { findings: []finding.Finding{ { Probe: "securityPolicyContainsVulnerabilityDisclosure", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyContainsLinks", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "securityPolicyContainsText", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "securityPolicyPresent", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -158,23 +158,23 @@ func TestSecurityPolicy(t *testing.T) { }, }, { - name: "file found all positive", + name: "file found all true", findings: []finding.Finding{ { Probe: "securityPolicyContainsVulnerabilityDisclosure", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "securityPolicyContainsLinks", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "securityPolicyContainsText", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "securityPolicyPresent", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ diff --git a/checks/evaluation/signed_releases.go b/checks/evaluation/signed_releases.go index c580a561..5b7c06ca 100644 --- a/checks/evaluation/signed_releases.go +++ b/checks/evaluation/signed_releases.go @@ -70,7 +70,7 @@ func SignedReleases(name string, // Check if outcome is NotApplicable } - totalPositive := 0 + totalTrue := 0 releaseMap := make(map[string]int) uniqueReleaseTags := make([]string, 0) checker.LogFindings(findings, dl) @@ -86,8 +86,8 @@ func SignedReleases(name string, uniqueReleaseTags = append(uniqueReleaseTags, releaseName) } - if f.Outcome == finding.OutcomePositive { - totalPositive++ + if f.Outcome == finding.OutcomeTrue { + totalTrue++ switch f.Probe { case releasesAreSigned.Probe: @@ -100,7 +100,7 @@ func SignedReleases(name string, } } - if totalPositive == 0 { + if totalTrue == 0 { return checker.CreateMinScoreResult(name, "Project has not signed or included provenance with any releases.") } @@ -125,7 +125,7 @@ func SignedReleases(name string, score = int(math.Floor(float64(score) / float64(totalReleases))) reason := fmt.Sprintf("%d out of the last %d releases have a total of %d signed artifacts.", - len(releaseMap), totalReleases, totalPositive) + len(releaseMap), totalReleases, totalTrue) return checker.CreateResultWithScore(name, reason, score) } diff --git a/checks/evaluation/signed_releases_test.go b/checks/evaluation/signed_releases_test.go index e4d359c1..bf32161d 100644 --- a/checks/evaluation/signed_releases_test.go +++ b/checks/evaluation/signed_releases_test.go @@ -74,8 +74,8 @@ func TestSignedReleases(t *testing.T) { { name: "Has one release that is signed but no provenance", findings: []finding.Finding{ - signedProbe(0, 0, finding.OutcomePositive), - provenanceProbe(0, 0, finding.OutcomeNegative), + signedProbe(0, 0, finding.OutcomeTrue), + provenanceProbe(0, 0, finding.OutcomeFalse), }, result: scut.TestReturn{ Score: 8, @@ -87,8 +87,8 @@ func TestSignedReleases(t *testing.T) { { name: "Has one release that is signed and has provenance", findings: []finding.Finding{ - signedProbe(0, 0, finding.OutcomePositive), - provenanceProbe(0, 0, finding.OutcomePositive), + signedProbe(0, 0, finding.OutcomeTrue), + provenanceProbe(0, 0, finding.OutcomeTrue), }, result: scut.TestReturn{ Score: 10, @@ -99,8 +99,8 @@ func TestSignedReleases(t *testing.T) { { name: "Has one release that is not signed but has provenance", findings: []finding.Finding{ - signedProbe(0, 0, finding.OutcomeNegative), - provenanceProbe(0, 0, finding.OutcomePositive), + signedProbe(0, 0, finding.OutcomeFalse), + provenanceProbe(0, 0, finding.OutcomeTrue), }, result: scut.TestReturn{ Score: checker.MaxResultScore, @@ -115,33 +115,33 @@ func TestSignedReleases(t *testing.T) { findings: []finding.Finding{ // Release 1: // Asset 1: - signedProbe(release0, asset0, finding.OutcomeNegative), - provenanceProbe(release0, asset0, finding.OutcomeNegative), + signedProbe(release0, asset0, finding.OutcomeFalse), + provenanceProbe(release0, asset0, finding.OutcomeFalse), // Asset 2: - signedProbe(release0, asset1, finding.OutcomePositive), - provenanceProbe(release0, asset1, finding.OutcomeNegative), + signedProbe(release0, asset1, finding.OutcomeTrue), + provenanceProbe(release0, asset1, finding.OutcomeFalse), // Release 2 // Asset 1: - signedProbe(release1, asset0, finding.OutcomeNegative), - provenanceProbe(release1, asset0, finding.OutcomeNegative), + signedProbe(release1, asset0, finding.OutcomeFalse), + provenanceProbe(release1, asset0, finding.OutcomeFalse), // Release 2 // Asset 2: - signedProbe(release1, asset1, finding.OutcomeNegative), - provenanceProbe(release1, asset1, finding.OutcomeNegative), + signedProbe(release1, asset1, finding.OutcomeFalse), + provenanceProbe(release1, asset1, finding.OutcomeFalse), // Release 2 // Asset 3: - signedProbe(release1, asset2, finding.OutcomeNegative), - provenanceProbe(release1, asset2, finding.OutcomeNegative), + signedProbe(release1, asset2, finding.OutcomeFalse), + provenanceProbe(release1, asset2, finding.OutcomeFalse), // Release 3 // Asset 1: - signedProbe(release2, asset0, finding.OutcomeNegative), - provenanceProbe(release2, asset0, finding.OutcomePositive), + signedProbe(release2, asset0, finding.OutcomeFalse), + provenanceProbe(release2, asset0, finding.OutcomeTrue), // Asset 2: - signedProbe(release2, asset1, finding.OutcomeNegative), - provenanceProbe(release2, asset1, finding.OutcomePositive), + signedProbe(release2, asset1, finding.OutcomeFalse), + provenanceProbe(release2, asset1, finding.OutcomeTrue), // Asset 3: - signedProbe(release2, asset2, finding.OutcomeNegative), - provenanceProbe(release2, asset2, finding.OutcomeNegative), + signedProbe(release2, asset2, finding.OutcomeFalse), + provenanceProbe(release2, asset2, finding.OutcomeFalse), }, result: scut.TestReturn{ Score: 6, @@ -155,50 +155,50 @@ func TestSignedReleases(t *testing.T) { findings: []finding.Finding{ // Release 1: // Release 1, Asset 1: - signedProbe(release0, asset0, finding.OutcomeNegative), - provenanceProbe(release0, asset0, finding.OutcomeNegative), - signedProbe(release0, asset1, finding.OutcomePositive), - provenanceProbe(release0, asset1, finding.OutcomeNegative), + signedProbe(release0, asset0, finding.OutcomeFalse), + provenanceProbe(release0, asset0, finding.OutcomeFalse), + signedProbe(release0, asset1, finding.OutcomeTrue), + provenanceProbe(release0, asset1, finding.OutcomeFalse), // Release 2: // Release 2, Asset 1: - signedProbe(release1, asset1, finding.OutcomePositive), - provenanceProbe(release1, asset0, finding.OutcomeNegative), + signedProbe(release1, asset1, finding.OutcomeTrue), + provenanceProbe(release1, asset0, finding.OutcomeFalse), // Release 2, Asset 2: - signedProbe(release1, asset1, finding.OutcomeNegative), - provenanceProbe(release1, asset1, finding.OutcomeNegative), + signedProbe(release1, asset1, finding.OutcomeFalse), + provenanceProbe(release1, asset1, finding.OutcomeFalse), // Release 2, Asset 3: - signedProbe(release1, asset2, finding.OutcomeNegative), - provenanceProbe(release1, asset2, finding.OutcomeNegative), + signedProbe(release1, asset2, finding.OutcomeFalse), + provenanceProbe(release1, asset2, finding.OutcomeFalse), // Release 3, Asset 1: - signedProbe(release2, asset0, finding.OutcomeNegative), - provenanceProbe(release2, asset0, finding.OutcomePositive), + signedProbe(release2, asset0, finding.OutcomeFalse), + provenanceProbe(release2, asset0, finding.OutcomeTrue), // Release 3, Asset 2: - signedProbe(release2, asset1, finding.OutcomeNegative), - provenanceProbe(release2, asset1, finding.OutcomeNegative), + signedProbe(release2, asset1, finding.OutcomeFalse), + provenanceProbe(release2, asset1, finding.OutcomeFalse), // Release 3, Asset 3: - signedProbe(release2, asset2, finding.OutcomeNegative), - provenanceProbe(release2, asset2, finding.OutcomeNegative), + signedProbe(release2, asset2, finding.OutcomeFalse), + provenanceProbe(release2, asset2, finding.OutcomeFalse), // Release 4, Asset 1: - signedProbe(release3, asset0, finding.OutcomeNegative), - provenanceProbe(release3, asset0, finding.OutcomePositive), + signedProbe(release3, asset0, finding.OutcomeFalse), + provenanceProbe(release3, asset0, finding.OutcomeTrue), // Release 4, Asset 2: - signedProbe(release3, asset1, finding.OutcomeNegative), - provenanceProbe(release3, asset1, finding.OutcomeNegative), + signedProbe(release3, asset1, finding.OutcomeFalse), + provenanceProbe(release3, asset1, finding.OutcomeFalse), // Release 4, Asset 3: - signedProbe(release3, asset2, finding.OutcomeNegative), - provenanceProbe(release3, asset2, finding.OutcomeNegative), + signedProbe(release3, asset2, finding.OutcomeFalse), + provenanceProbe(release3, asset2, finding.OutcomeFalse), // Release 5, Asset 1: - signedProbe(release4, asset0, finding.OutcomeNegative), - provenanceProbe(release4, asset0, finding.OutcomeNegative), + signedProbe(release4, asset0, finding.OutcomeFalse), + provenanceProbe(release4, asset0, finding.OutcomeFalse), // Release 5, Asset 2: - signedProbe(release4, asset1, finding.OutcomeNegative), - provenanceProbe(release4, asset1, finding.OutcomeNegative), + signedProbe(release4, asset1, finding.OutcomeFalse), + provenanceProbe(release4, asset1, finding.OutcomeFalse), // Release 5, Asset 3: - signedProbe(release4, asset2, finding.OutcomeNegative), - provenanceProbe(release4, asset2, finding.OutcomeNegative), + signedProbe(release4, asset2, finding.OutcomeFalse), + provenanceProbe(release4, asset2, finding.OutcomeFalse), // Release 5, Asset 4: - signedProbe(release4, asset3, finding.OutcomeNegative), - provenanceProbe(release4, asset3, finding.OutcomeNegative), + signedProbe(release4, asset3, finding.OutcomeFalse), + provenanceProbe(release4, asset3, finding.OutcomeFalse), }, result: scut.TestReturn{ Score: 7, @@ -212,50 +212,50 @@ func TestSignedReleases(t *testing.T) { findings: []finding.Finding{ // Release 1: // Release 1, Asset 1: - signedProbe(release0, asset0, finding.OutcomeNegative), - provenanceProbe(release0, asset0, finding.OutcomeNegative), - signedProbe(release0, asset1, finding.OutcomePositive), - provenanceProbe(release0, asset1, finding.OutcomeNegative), + signedProbe(release0, asset0, finding.OutcomeFalse), + provenanceProbe(release0, asset0, finding.OutcomeFalse), + signedProbe(release0, asset1, finding.OutcomeTrue), + provenanceProbe(release0, asset1, finding.OutcomeFalse), // Release 2: // Release 2, Asset 1: - signedProbe(release1, asset0, finding.OutcomePositive), - provenanceProbe(release1, asset0, finding.OutcomeNegative), + signedProbe(release1, asset0, finding.OutcomeTrue), + provenanceProbe(release1, asset0, finding.OutcomeFalse), // Release 2, Asset 2: - signedProbe(release1, asset1, finding.OutcomeNegative), - provenanceProbe(release1, asset1, finding.OutcomeNegative), + signedProbe(release1, asset1, finding.OutcomeFalse), + provenanceProbe(release1, asset1, finding.OutcomeFalse), // Release 2, Asset 3: - signedProbe(release1, asset2, finding.OutcomeNegative), - provenanceProbe(release1, asset2, finding.OutcomeNegative), + signedProbe(release1, asset2, finding.OutcomeFalse), + provenanceProbe(release1, asset2, finding.OutcomeFalse), // Release 3, Asset 1: - signedProbe(release2, asset0, finding.OutcomePositive), - provenanceProbe(release2, asset0, finding.OutcomePositive), + signedProbe(release2, asset0, finding.OutcomeTrue), + provenanceProbe(release2, asset0, finding.OutcomeTrue), // Release 3, Asset 2: - signedProbe(release2, asset1, finding.OutcomeNegative), - provenanceProbe(release2, asset1, finding.OutcomeNegative), + signedProbe(release2, asset1, finding.OutcomeFalse), + provenanceProbe(release2, asset1, finding.OutcomeFalse), // Release 3, Asset 3: - signedProbe(release2, asset2, finding.OutcomeNegative), - provenanceProbe(release2, asset2, finding.OutcomeNegative), + signedProbe(release2, asset2, finding.OutcomeFalse), + provenanceProbe(release2, asset2, finding.OutcomeFalse), // Release 4, Asset 1: - signedProbe(release3, asset0, finding.OutcomePositive), - provenanceProbe(release3, asset0, finding.OutcomePositive), + signedProbe(release3, asset0, finding.OutcomeTrue), + provenanceProbe(release3, asset0, finding.OutcomeTrue), // Release 4, Asset 2: - signedProbe(release3, asset1, finding.OutcomeNegative), - provenanceProbe(release3, asset1, finding.OutcomeNegative), + signedProbe(release3, asset1, finding.OutcomeFalse), + provenanceProbe(release3, asset1, finding.OutcomeFalse), // Release 4, Asset 3: - signedProbe(release3, asset2, finding.OutcomeNegative), - provenanceProbe(release3, asset2, finding.OutcomeNegative), + signedProbe(release3, asset2, finding.OutcomeFalse), + provenanceProbe(release3, asset2, finding.OutcomeFalse), // Release 5, Asset 1: - signedProbe(release4, asset0, finding.OutcomePositive), - provenanceProbe(release4, asset0, finding.OutcomeNegative), + signedProbe(release4, asset0, finding.OutcomeTrue), + provenanceProbe(release4, asset0, finding.OutcomeFalse), // Release 5, Asset 2: - signedProbe(release4, asset1, finding.OutcomeNegative), - provenanceProbe(release4, asset1, finding.OutcomeNegative), + signedProbe(release4, asset1, finding.OutcomeFalse), + provenanceProbe(release4, asset1, finding.OutcomeFalse), // Release 5, Asset 3: - signedProbe(release4, asset2, finding.OutcomeNegative), - provenanceProbe(release4, asset2, finding.OutcomeNegative), + signedProbe(release4, asset2, finding.OutcomeFalse), + provenanceProbe(release4, asset2, finding.OutcomeFalse), // Release 5, Asset 4: - signedProbe(release4, asset3, finding.OutcomeNegative), - provenanceProbe(release4, asset3, finding.OutcomeNegative), + signedProbe(release4, asset3, finding.OutcomeFalse), + provenanceProbe(release4, asset3, finding.OutcomeFalse), }, result: scut.TestReturn{ Score: 8, @@ -269,24 +269,24 @@ func TestSignedReleases(t *testing.T) { findings: []finding.Finding{ // Release 1: // Release 1, Asset 1: - signedProbe(release0, asset0, finding.OutcomePositive), - provenanceProbe(release0, asset0, finding.OutcomePositive), + signedProbe(release0, asset0, finding.OutcomeTrue), + provenanceProbe(release0, asset0, finding.OutcomeTrue), // Release 2: // Release 2, Asset 1: - signedProbe(release1, asset0, finding.OutcomePositive), - provenanceProbe(release1, asset0, finding.OutcomePositive), + signedProbe(release1, asset0, finding.OutcomeTrue), + provenanceProbe(release1, asset0, finding.OutcomeTrue), // Release 3, Asset 1: - signedProbe(release2, asset0, finding.OutcomePositive), - provenanceProbe(release2, asset0, finding.OutcomePositive), + signedProbe(release2, asset0, finding.OutcomeTrue), + provenanceProbe(release2, asset0, finding.OutcomeTrue), // Release 4, Asset 1: - signedProbe(release3, asset0, finding.OutcomePositive), - provenanceProbe(release3, asset0, finding.OutcomePositive), + signedProbe(release3, asset0, finding.OutcomeTrue), + provenanceProbe(release3, asset0, finding.OutcomeTrue), // Release 5, Asset 1: - signedProbe(release4, asset0, finding.OutcomePositive), - provenanceProbe(release4, asset0, finding.OutcomePositive), + signedProbe(release4, asset0, finding.OutcomeTrue), + provenanceProbe(release4, asset0, finding.OutcomeTrue), // Release 6, Asset 1: - signedProbe(release5, asset0, finding.OutcomePositive), - provenanceProbe(release5, asset0, finding.OutcomePositive), + signedProbe(release5, asset0, finding.OutcomeTrue), + provenanceProbe(release5, asset0, finding.OutcomeTrue), }, result: scut.TestReturn{ Score: checker.InconclusiveResultScore, diff --git a/checks/evaluation/vulnerabilities.go b/checks/evaluation/vulnerabilities.go index 0f5c91da..fc5e1e60 100644 --- a/checks/evaluation/vulnerabilities.go +++ b/checks/evaluation/vulnerabilities.go @@ -37,7 +37,7 @@ func Vulnerabilities(name string, return checker.CreateRuntimeErrorResult(name, e) } - vulnsFound := negativeFindings(findings) + vulnsFound := falseFindings(findings) numVulnsFound := len(vulnsFound) checker.LogFindings(vulnsFound, dl) diff --git a/checks/evaluation/vulnerabilities_test.go b/checks/evaluation/vulnerabilities_test.go index 382a44b3..c15beb8e 100644 --- a/checks/evaluation/vulnerabilities_test.go +++ b/checks/evaluation/vulnerabilities_test.go @@ -39,7 +39,7 @@ func TestVulnerabilities(t *testing.T) { findings: []finding.Finding{ { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -51,15 +51,15 @@ func TestVulnerabilities(t *testing.T) { findings: []finding.Finding{ { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -72,51 +72,51 @@ func TestVulnerabilities(t *testing.T) { findings: []finding.Finding{ { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "hasOSVVulnerabilities", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ diff --git a/checks/evaluation/webhooks.go b/checks/evaluation/webhooks.go index 37ed12c5..54760fc7 100644 --- a/checks/evaluation/webhooks.go +++ b/checks/evaluation/webhooks.go @@ -46,7 +46,7 @@ func Webhooks(name string, for i := range findings { f := &findings[i] - if f.Outcome == finding.OutcomeNegative { + if f.Outcome == finding.OutcomeFalse { webhooksWithNoSecret++ } } diff --git a/checks/evaluation/webhooks_test.go b/checks/evaluation/webhooks_test.go index a6de4ec5..e8713c30 100644 --- a/checks/evaluation/webhooks_test.go +++ b/checks/evaluation/webhooks_test.go @@ -47,7 +47,7 @@ func TestWebhooks(t *testing.T) { findings: []finding.Finding{ { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -59,7 +59,7 @@ func TestWebhooks(t *testing.T) { findings: []finding.Finding{ { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -71,11 +71,11 @@ func TestWebhooks(t *testing.T) { findings: []finding.Finding{ { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -87,23 +87,23 @@ func TestWebhooks(t *testing.T) { findings: []finding.Finding{ { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ @@ -115,51 +115,51 @@ func TestWebhooks(t *testing.T) { findings: []finding.Finding{ { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, result: scut.TestReturn{ @@ -171,51 +171,51 @@ func TestWebhooks(t *testing.T) { findings: []finding.Finding{ { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, { Probe: "webhooksUseSecrets", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, result: scut.TestReturn{ diff --git a/finding/finding.go b/finding/finding.go index 50594a32..0f699a95 100644 --- a/finding/finding.go +++ b/finding/finding.go @@ -58,16 +58,16 @@ type Outcome string // TODO(#2928): re-visit the finding definitions. const ( - // OutcomeNegative indicates a negative outcome. - OutcomeNegative Outcome = "Negative" + // OutcomeFalse indicates the answer to the probe's question is "false" or "no". + OutcomeFalse Outcome = "False" // OutcomeNotAvailable indicates an unavailable outcome, // typically because an API call did not return an answer. OutcomeNotAvailable Outcome = "NotAvailable" // OutcomeError indicates an errors while running. // The results could not be determined. OutcomeError Outcome = "Error" - // OutcomePositive indicates a positive outcome. - OutcomePositive Outcome = "Positive" + // OutcomeTrue indicates the answer to the probe's question is "true" or "yes". + OutcomeTrue Outcome = "True" // OutcomeNotSupported indicates a non-supported outcome. OutcomeNotSupported Outcome = "NotSupported" // OutcomeNotApplicable indicates if a finding should not @@ -102,7 +102,7 @@ func FromBytes(content []byte, probeID string) (*Finding, error) { } f := &Finding{ Probe: p.ID, - Outcome: OutcomeNegative, + Outcome: OutcomeFalse, Remediation: p.Remediation, } return f, nil @@ -117,7 +117,7 @@ func New(loc embed.FS, probeID string) (*Finding, error) { f := &Finding{ Probe: p.ID, - Outcome: OutcomeNegative, + Outcome: OutcomeFalse, Remediation: p.Remediation, } return f, nil @@ -136,10 +136,10 @@ func NewWith(efs embed.FS, probeID, text string, loc *Location, return f, nil } -// NewWith create a negative finding with the desired location. -func NewNegative(efs embed.FS, probeID, text string, loc *Location, +// NewFalse create a false finding with the desired location. +func NewFalse(efs embed.FS, probeID, text string, loc *Location, ) (*Finding, error) { - return NewWith(efs, probeID, text, loc, OutcomeNegative) + return NewWith(efs, probeID, text, loc, OutcomeFalse) } // NewNotAvailable create a finding with a NotAvailable outcome and the desired location. @@ -148,10 +148,10 @@ func NewNotAvailable(efs embed.FS, probeID, text string, loc *Location, return NewWith(efs, probeID, text, loc, OutcomeNotAvailable) } -// NewPositive create a positive finding with the desired location. -func NewPositive(efs embed.FS, probeID, text string, loc *Location, +// NewTrue create a true finding with the desired location. +func NewTrue(efs embed.FS, probeID, text string, loc *Location, ) (*Finding, error) { - return NewWith(efs, probeID, text, loc, OutcomePositive) + return NewWith(efs, probeID, text, loc, OutcomeTrue) } // Anonymize removes the probe ID and outcome @@ -222,8 +222,9 @@ func (f *Finding) WithPatch(patch *string) *Finding { // WARNING: this function should be called at most once for a finding. func (f *Finding) WithOutcome(o Outcome) *Finding { f.Outcome = o - // Positive is not negative, remove the remediation. - if o != OutcomeNegative { + // Currently only false probes have remediations. + // TODO(#3654) this is a temporary mechanical conversion. + if o != OutcomeFalse { f.Remediation = nil } @@ -265,10 +266,10 @@ func (o *Outcome) UnmarshalYAML(n *yaml.Node) error { } switch n.Value { - case "Negative": - *o = OutcomeNegative - case "Positive": - *o = OutcomePositive + case "False": + *o = OutcomeFalse + case "True": + *o = OutcomeTrue case "NotAvailable": *o = OutcomeNotAvailable case "NotSupported": diff --git a/finding/finding_test.go b/finding/finding_test.go index 94d80455..eab4a20e 100644 --- a/finding/finding_test.go +++ b/finding/finding_test.go @@ -35,8 +35,8 @@ func Test_FromBytes(t *testing.T) { patch := "some patch values" sline := uint(10) eline := uint(46) - positiveOutcome := OutcomePositive - negativeOutcome := OutcomeNegative + trueOutcome := OutcomeTrue + falseOutcome := OutcomeFalse t.Parallel() tests := []struct { err error @@ -51,10 +51,10 @@ func Test_FromBytes(t *testing.T) { name: "effort low", id: "effort-low", path: "testdata/effort-low.yml", - outcome: &negativeOutcome, + outcome: &falseOutcome, finding: &Finding{ Probe: "effort-low", - Outcome: OutcomeNegative, + Outcome: OutcomeFalse, Remediation: &probe.Remediation{ Text: "step1\nstep2 https://www.google.com/something", Markdown: "step1\nstep2 [google.com](https://www.google.com/something)", @@ -66,10 +66,10 @@ func Test_FromBytes(t *testing.T) { name: "effort high", id: "effort-high", path: "testdata/effort-high.yml", - outcome: &negativeOutcome, + outcome: &falseOutcome, finding: &Finding{ Probe: "effort-high", - Outcome: OutcomeNegative, + Outcome: OutcomeFalse, Remediation: &probe.Remediation{ Text: "step1\nstep2 https://www.google.com/something", Markdown: "step1\nstep2 [google.com](https://www.google.com/something)", @@ -81,11 +81,11 @@ func Test_FromBytes(t *testing.T) { name: "env variables", id: "metadata-variables", path: "testdata/metadata-variables.yml", - outcome: &negativeOutcome, + outcome: &falseOutcome, metadata: map[string]string{"branch": "master", "repo": "ossf/scorecard"}, finding: &Finding{ Probe: "metadata-variables", - Outcome: OutcomeNegative, + Outcome: OutcomeFalse, Remediation: &probe.Remediation{ Text: "step1\nstep2 google.com/ossf/scorecard@master", Markdown: "step1\nstep2 [google.com/ossf/scorecard@master](google.com/ossf/scorecard@master)", @@ -97,11 +97,11 @@ func Test_FromBytes(t *testing.T) { name: "patch", id: "metadata-variables", path: "testdata/metadata-variables.yml", - outcome: &negativeOutcome, + outcome: &falseOutcome, metadata: map[string]string{"branch": "master", "repo": "ossf/scorecard"}, finding: &Finding{ Probe: "metadata-variables", - Outcome: OutcomeNegative, + Outcome: OutcomeFalse, Remediation: &probe.Remediation{ Text: "step1\nstep2 google.com/ossf/scorecard@master", Markdown: "step1\nstep2 [google.com/ossf/scorecard@master](google.com/ossf/scorecard@master)", @@ -114,11 +114,11 @@ func Test_FromBytes(t *testing.T) { name: "location", id: "metadata-variables", path: "testdata/metadata-variables.yml", - outcome: &negativeOutcome, + outcome: &falseOutcome, metadata: map[string]string{"branch": "master", "repo": "ossf/scorecard"}, finding: &Finding{ Probe: "metadata-variables", - Outcome: OutcomeNegative, + Outcome: OutcomeFalse, Remediation: &probe.Remediation{ Text: "step1\nstep2 google.com/ossf/scorecard@master", Markdown: "step1\nstep2 [google.com/ossf/scorecard@master](google.com/ossf/scorecard@master)", @@ -137,11 +137,11 @@ func Test_FromBytes(t *testing.T) { name: "text", id: "metadata-variables", path: "testdata/metadata-variables.yml", - outcome: &negativeOutcome, + outcome: &falseOutcome, metadata: map[string]string{"branch": "master", "repo": "ossf/scorecard"}, finding: &Finding{ Probe: "metadata-variables", - Outcome: OutcomeNegative, + Outcome: OutcomeFalse, Remediation: &probe.Remediation{ Text: "step1\nstep2 google.com/ossf/scorecard@master", Markdown: "step1\nstep2 [google.com/ossf/scorecard@master](google.com/ossf/scorecard@master)", @@ -151,13 +151,13 @@ func Test_FromBytes(t *testing.T) { }, }, { - name: "positive outcome", + name: "true outcome", id: "metadata-variables", path: "testdata/metadata-variables.yml", - outcome: &positiveOutcome, + outcome: &trueOutcome, finding: &Finding{ Probe: "metadata-variables", - Outcome: OutcomePositive, + Outcome: OutcomeTrue, Message: "some text", }, }, @@ -211,23 +211,23 @@ func TestOutcome_UnmarshalYAML(t *testing.T) { wantErr bool }{ { - name: "positive outcome", - wantOutcome: OutcomePositive, + name: "true outcome", + wantOutcome: OutcomeTrue, args: args{ n: &yaml.Node{ Kind: yaml.ScalarNode, - Value: "Positive", + Value: "True", }, }, wantErr: false, }, { - name: "negative outcome", - wantOutcome: OutcomeNegative, + name: "false outcome", + wantOutcome: OutcomeFalse, args: args{ n: &yaml.Node{ Kind: yaml.ScalarNode, - Value: "Negative", + Value: "False", }, }, wantErr: false, diff --git a/pkg/probe_test.go b/pkg/probe_test.go index b89450f5..71a9c3ad 100644 --- a/pkg/probe_test.go +++ b/pkg/probe_test.go @@ -48,7 +48,7 @@ func Test_AsPJSON(t *testing.T) { Findings: []finding.Finding{ { Probe: "check for X", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Message: "found X", Location: &finding.Location{ Path: "some/path/to/file", @@ -57,7 +57,7 @@ func Test_AsPJSON(t *testing.T) { }, { Probe: "check for Y", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Message: "did not find Y", }, }, diff --git a/pkg/scorecard_test.go b/pkg/scorecard_test.go index 4b4ad1b2..75dcee60 100644 --- a/pkg/scorecard_test.go +++ b/pkg/scorecard_test.go @@ -235,7 +235,7 @@ func TestExperimentalRunProbes(t *testing.T) { Findings: []finding.Finding{ { Probe: fuzzed.Probe, - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Message: "no fuzzer integrations found", Remediation: &probe.Remediation{ Effort: probe.RemediationEffortHigh, diff --git a/pkg/testdata/probe1.json b/pkg/testdata/probe1.json index 09c9a7a5..7aa6e32e 100644 --- a/pkg/testdata/probe1.json +++ b/pkg/testdata/probe1.json @@ -16,12 +16,12 @@ }, "probe": "check for X", "message": "found X", - "outcome": "Positive" + "outcome": "True" }, { "probe": "check for Y", "message": "did not find Y", - "outcome": "Negative" + "outcome": "False" } ] } diff --git a/probes/blocksDeleteOnBranches/def.yml b/probes/blocksDeleteOnBranches/def.yml index f1e60c59..9b508004 100644 --- a/probes/blocksDeleteOnBranches/def.yml +++ b/probes/blocksDeleteOnBranches/def.yml @@ -19,11 +19,11 @@ motivation: > implementation: > Checks the protection rules of default and release branches. outcome: - - The probe returns one OutcomePositive for each branch that is disallowed from users deleting it, and one OutcomeNegative for branches where users are able to delete it. Scorecard only considers default and releases branches. + - The probe returns one OutcomeTrue for each branch that is disallowed from users deleting it, and one OutcomeFalse for branches where users are able to delete it. Scorecard only considers default and releases branches. remediation: effort: Low text: - - Disallow deletion of branches in your project to remove negative outcomes. + - Disallow deletion of branches in your project to remove false outcomes. - GitHub and GitLab by default disable deleting a protected branch. ecosystem: languages: diff --git a/probes/blocksDeleteOnBranches/impl.go b/probes/blocksDeleteOnBranches/impl.go index 71818241..1ac4755b 100644 --- a/probes/blocksDeleteOnBranches/impl.go +++ b/probes/blocksDeleteOnBranches/impl.go @@ -65,10 +65,10 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { outcome = finding.OutcomeNotAvailable case *branch.BranchProtectionRule.AllowDeletions: text = fmt.Sprintf("'allow deletion' enabled on branch '%s'", *branch.Name) - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse case !*branch.BranchProtectionRule.AllowDeletions: text = fmt.Sprintf("'allow deletion' disabled on branch '%s'", *branch.Name) - outcome = finding.OutcomePositive + outcome = finding.OutcomeTrue default: } f, err := finding.NewWith(fs, Probe, text, nil, outcome) diff --git a/probes/blocksDeleteOnBranches/impl_test.go b/probes/blocksDeleteOnBranches/impl_test.go index 8c59921b..94e57ed2 100644 --- a/probes/blocksDeleteOnBranches/impl_test.go +++ b/probes/blocksDeleteOnBranches/impl_test.go @@ -42,7 +42,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "One branch blocks branch deletion should result in one positive outcome", + name: "One branch blocks branch deletion should result in one true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -56,11 +56,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "Two branches that block branch deletions should result in two positive outcomes", + name: "Two branches that block branch deletions should result in two true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -80,11 +80,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "Two branches in total: One blocks branch deletion and one doesn't = 1 positive & 1 negative", + name: "Two branches in total: One blocks branch deletion and one doesn't = 1 true & 1 false", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -104,11 +104,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "Two branches in total: One blocks branch deletion and one doesn't = 1 negative & 1 positive", + name: "Two branches in total: One blocks branch deletion and one doesn't = 1 false & 1 true", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -128,11 +128,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "Two branches in total: One blocks branch deletion and one lacks data = 1 negative & 1 unavailable", + name: "Two branches in total: One blocks branch deletion and one lacks data = 1 false & 1 unavailable", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -152,7 +152,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/blocksForcePushOnBranches/def.yml b/probes/blocksForcePushOnBranches/def.yml index 1750d74a..732c507a 100644 --- a/probes/blocksForcePushOnBranches/def.yml +++ b/probes/blocksForcePushOnBranches/def.yml @@ -19,16 +19,16 @@ motivation: > implementation: > Checks the protection rules of default and release branches. outcome: - - The probe returns one OutcomePositive for each branch that is blocked from force pushes, and one OutcomeNegative for branches that allows force push. + - The probe returns one OutcomeTrue for each branch that is blocked from force pushes, and one OutcomeFalse for branches that allows force push. - Returns OutcomeNotAvailable if Scorecard cannot fetch the data from the repository. remediation: effort: Low text: - - Disallow force pushes branches in your project to remove negative outcomes. + - Disallow force pushes branches in your project to remove false outcomes. - For GitHub-hosted projects, force pushes are disabled by default. To make sure it has not been enabled, see ["Allow force pushes"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#allow-force-pushes). - For GitLab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. markdown: - - Disallow force pushes branches in your project to remove negative outcomes. + - Disallow force pushes branches in your project to remove false outcomes. - For GitHub-hosted projects, force pushes are disabled by default. To make sure it has not been enabled, see ["Allow force pushes"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#allow-force-pushes). - For GitLab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. ecosystem: diff --git a/probes/blocksForcePushOnBranches/impl.go b/probes/blocksForcePushOnBranches/impl.go index 0b9335cb..7c7f11a5 100644 --- a/probes/blocksForcePushOnBranches/impl.go +++ b/probes/blocksForcePushOnBranches/impl.go @@ -65,10 +65,10 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { outcome = finding.OutcomeNotAvailable case *branch.BranchProtectionRule.AllowForcePushes: text = fmt.Sprintf("'force pushes' enabled on branch '%s'", *branch.Name) - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse case !*branch.BranchProtectionRule.AllowForcePushes: text = fmt.Sprintf("'force pushes' disabled on branch '%s'", *branch.Name) - outcome = finding.OutcomePositive + outcome = finding.OutcomeTrue default: } f, err := finding.NewWith(fs, Probe, text, nil, outcome) diff --git a/probes/blocksForcePushOnBranches/impl_test.go b/probes/blocksForcePushOnBranches/impl_test.go index d3579daa..f5fddf67 100644 --- a/probes/blocksForcePushOnBranches/impl_test.go +++ b/probes/blocksForcePushOnBranches/impl_test.go @@ -42,7 +42,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "Blocks Force Push on 1/1 branches = 1 positive outcome", + name: "Blocks Force Push on 1/1 branches = 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -56,11 +56,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "Blocks Force Push on 2/2 branches = 2 positive outcomes", + name: "Blocks Force Push on 2/2 branches = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -80,11 +80,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "Blocks Force Push on 1/2 branches = 1 positive and 1 negative outcome", + name: "Blocks Force Push on 1/2 branches = 1 true and 1 false outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -104,11 +104,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "Blocks Force Push on 1/2 branches = 1 negative and 1 positive outcome", + name: "Blocks Force Push on 1/2 branches = 1 false and 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -128,11 +128,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "Blocks Force Push on 0/2 branches, 1 branch lacks data = 1 negative and 1 unavailable", + name: "Blocks Force Push on 0/2 branches, 1 branch lacks data = 1 false and 1 unavailable", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -152,7 +152,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/branchProtectionAppliesToAdmins/def.yml b/probes/branchProtectionAppliesToAdmins/def.yml index 6984a8c3..9caf2ccd 100644 --- a/probes/branchProtectionAppliesToAdmins/def.yml +++ b/probes/branchProtectionAppliesToAdmins/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > Checks the protection rules of default and release branches. outcome: - - The probe returns one OutcomePositive for each branch that enforces branch protection rules on admins, and one OutcomeNegative for branches that don't. + - The probe returns one OutcomeTrue for each branch that enforces branch protection rules on admins, and one OutcomeFalse for branches that don't. remediation: effort: Medium text: diff --git a/probes/branchProtectionAppliesToAdmins/impl_test.go b/probes/branchProtectionAppliesToAdmins/impl_test.go index 49e9092e..b0474a75 100644 --- a/probes/branchProtectionAppliesToAdmins/impl_test.go +++ b/probes/branchProtectionAppliesToAdmins/impl_test.go @@ -42,7 +42,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "1 branch enforces protection rules on admins = 1 positive outcome", + name: "1 branch enforces protection rules on admins = 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -56,11 +56,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "1 branch enforces protection rules on admins = 2 positive outcomes", + name: "1 branch enforces protection rules on admins = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -80,11 +80,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "1 branch enforces protection rules on admins and 1 doesn't = 1 positive & 1 negative", + name: "1 branch enforces protection rules on admins and 1 doesn't = 1 true & 1 false", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -104,11 +104,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "1 branch does not enforce protection rules on admins and 1 does = 1 negative & 1 positive", + name: "1 branch does not enforce protection rules on admins and 1 does = 1 false & 1 true", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -128,11 +128,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "1 branch does not enforce protection rules on admins and 1 doesn't have data = 1 negative & 1 unavailable", + name: "1 branch does not enforce protection rules on admins and 1 doesn't have data = 1 false & 1 unavailable", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -152,7 +152,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/branchesAreProtected/def.yml b/probes/branchesAreProtected/def.yml index ddbb00a8..2551be63 100644 --- a/probes/branchesAreProtected/def.yml +++ b/probes/branchesAreProtected/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > Checks the protection rules of default and release branches. outcome: - - The probe returns one OutcomePositive for each branch that is protected, and one OutcomeNegative for branches that are not protected. Scorecard only considers default and releases branches. + - The probe returns one OutcomeTrue for each branch that is protected, and one OutcomeFalse for branches that are not protected. Scorecard only considers default and releases branches. remediation: effort: Low text: diff --git a/probes/branchesAreProtected/impl.go b/probes/branchesAreProtected/impl.go index 0ca40063..0e87d5d0 100644 --- a/probes/branchesAreProtected/impl.go +++ b/probes/branchesAreProtected/impl.go @@ -62,10 +62,10 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { var outcome finding.Outcome if protected { text = fmt.Sprintf("branch '%s' is protected", *branch.Name) - outcome = finding.OutcomePositive + outcome = finding.OutcomeTrue } else { text = fmt.Sprintf("branch '%s' is not protected", *branch.Name) - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse } f, err := finding.NewWith(fs, Probe, text, nil, outcome) if err != nil { diff --git a/probes/branchesAreProtected/impl_test.go b/probes/branchesAreProtected/impl_test.go index 823f888d..b7025130 100644 --- a/probes/branchesAreProtected/impl_test.go +++ b/probes/branchesAreProtected/impl_test.go @@ -53,7 +53,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -73,7 +73,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { @@ -93,7 +93,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { @@ -113,7 +113,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { @@ -135,7 +135,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNegative, + finding.OutcomeFalse, finding.OutcomeFalse, }, }, } diff --git a/probes/codeApproved/def.yml b/probes/codeApproved/def.yml index 2ba1154b..d1e6f5e4 100644 --- a/probes/codeApproved/def.yml +++ b/probes/codeApproved/def.yml @@ -23,8 +23,8 @@ implementation: > Commits are grouped by the changeset they were introduced in, and each changesets must have at least one approval. Reviewed, bot authored changesets (e.g. dependabot) are not counted. outcome: - - If all commits were approved, the probe returns OutcomePositive - - If any commits were not approved, the probe returns OutcomeNegative + - If all commits were approved, the probe returns OutcomeTrue + - If any commits were not approved, the probe returns OutcomeFalse - If there are no changes, the probe returns OutcomeNotApplicable remediation: effort: Low diff --git a/probes/codeApproved/impl.go b/probes/codeApproved/impl.go index a6bfc152..00271564 100644 --- a/probes/codeApproved/impl.go +++ b/probes/codeApproved/impl.go @@ -100,13 +100,13 @@ func approvedRun(reviewData *checker.CodeReviewData, fs embed.FS, probeID string var reason string switch { case nApproved != nChanges: - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse reason = fmt.Sprintf("Found %d/%d approved changesets", nApproved, nChanges) case !foundHumanActivity: outcome = finding.OutcomeNotApplicable reason = fmt.Sprintf("Found no human activity in the last %d changesets", nChangesets) default: - outcome = finding.OutcomePositive + outcome = finding.OutcomeTrue reason = "All changesets approved" } f, err := finding.NewWith(fs, probeID, reason, nil, outcome) diff --git a/probes/codeApproved/impl_test.go b/probes/codeApproved/impl_test.go index 7defde37..20732f2b 100644 --- a/probes/codeApproved/impl_test.go +++ b/probes/codeApproved/impl_test.go @@ -140,7 +140,7 @@ func TestProbeCodeApproved(t *testing.T) { }, }, expectedOutcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -225,7 +225,7 @@ func TestProbeCodeApproved(t *testing.T) { }, }, expectedOutcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -266,7 +266,7 @@ func TestProbeCodeApproved(t *testing.T) { }, }, expectedOutcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -299,11 +299,11 @@ func TestProbeCodeApproved(t *testing.T) { }, }, expectedOutcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "only unreviewed bot changesets gives negative outcome", + name: "only unreviewed bot changesets gives false outcome", rawResults: &checker.RawResults{ CodeReviewResults: checker.CodeReviewData{ DefaultBranchChangesets: []checker.Changeset{ @@ -326,7 +326,7 @@ func TestProbeCodeApproved(t *testing.T) { }, }, expectedOutcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, } diff --git a/probes/codeReviewOneReviewers/def.yml b/probes/codeReviewOneReviewers/def.yml index 8a9b930f..bb647d89 100644 --- a/probes/codeReviewOneReviewers/def.yml +++ b/probes/codeReviewOneReviewers/def.yml @@ -22,8 +22,8 @@ implementation: > Commits are grouped by the Pull Request they were introduced in. Only unique reviewer logins that aren't the same as the changeset author are counted. outcome: - - If all the changes had at least one reviewers, the probe returns OutcomePositive (1) - - If the changes had fewer than one reviewers, the prove returns OutcomeNegative (0) + - If all the changes had at least one reviewers, the probe returns OutcomeTrue (1) + - If the changes had fewer than one reviewers, the prove returns OutcomeFalse (0) remediation: effort: Low text: diff --git a/probes/codeReviewOneReviewers/impl.go b/probes/codeReviewOneReviewers/impl.go index 13a7a5a1..aaee9e27 100644 --- a/probes/codeReviewOneReviewers/impl.go +++ b/probes/codeReviewOneReviewers/impl.go @@ -43,16 +43,15 @@ const ( func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { rawReviewData := &raw.CodeReviewResults - return codeReviewRun(rawReviewData, fs, Probe, finding.OutcomePositive, finding.OutcomeNegative) + return codeReviewRun(rawReviewData, fs, Probe, finding.OutcomeTrue, finding.OutcomeFalse) } // Looks through the data and validates author and reviewers of a changeset -// Scorecard currently only supports GitHub revisions and generates a positive +// Scorecard currently only supports GitHub revisions and generates a true // score in the case of other platforms. This probe is created to ensure that // there are a number of unique reviewers for each changeset. - func codeReviewRun(reviewData *checker.CodeReviewData, fs embed.FS, probeID string, - positiveOutcome, negativeOutcome finding.Outcome, + trueOutcome, falseOutcome finding.Outcome, ) ([]finding.Finding, string, error) { changesets := reviewData.DefaultBranchChangesets var findings []finding.Finding @@ -99,17 +98,17 @@ func codeReviewRun(reviewData *checker.CodeReviewData, fs embed.FS, probeID stri findings = append(findings, *f) return findings, probeID, nil case leastFoundReviewers < minimumReviewers: - // returns NegativeOutcome if even a single changeset was reviewed by fewer than minimumReviewers (1). + // returns FalseOutcome if even a single changeset was reviewed by fewer than minimumReviewers (1). f, err := finding.NewWith(fs, probeID, fmt.Sprintf("some changesets had <%d reviewers", - minimumReviewers), nil, negativeOutcome) + minimumReviewers), nil, falseOutcome) if err != nil { return nil, probeID, fmt.Errorf("create finding: %w", err) } findings = append(findings, *f) default: - // returns PositiveOutcome if the lowest number of unique reviewers is at least as high as minimumReviewers (1). + // returns TrueOutcome if the lowest number of unique reviewers is at least as high as minimumReviewers (1). f, err := finding.NewWith(fs, probeID, fmt.Sprintf(">%d reviewers found for all changesets", - minimumReviewers), nil, positiveOutcome) + minimumReviewers), nil, trueOutcome) if err != nil { return nil, probeID, fmt.Errorf("create finding: %w", err) } diff --git a/probes/codeReviewOneReviewers/impl_test.go b/probes/codeReviewOneReviewers/impl_test.go index e6630744..d73508c1 100644 --- a/probes/codeReviewOneReviewers/impl_test.go +++ b/probes/codeReviewOneReviewers/impl_test.go @@ -113,7 +113,7 @@ func TestProbeCodeReviewOneReviewers(t *testing.T) { expectedFindings: []finding.Finding{ { Probe: "codeReviewOneReviewers", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, }, @@ -194,7 +194,7 @@ func TestProbeCodeReviewOneReviewers(t *testing.T) { expectedFindings: []finding.Finding{ { Probe: "codeReviewOneReviewers", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, }, @@ -238,7 +238,7 @@ func TestProbeCodeReviewOneReviewers(t *testing.T) { expectedFindings: []finding.Finding{ { Probe: "codeReviewOneReviewers", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, }, @@ -270,7 +270,7 @@ func TestProbeCodeReviewOneReviewers(t *testing.T) { expectedFindings: []finding.Finding{ { Probe: "codeReviewOneReviewers", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, }, }, }, @@ -306,7 +306,7 @@ func TestProbeCodeReviewOneReviewers(t *testing.T) { expectedFindings: []finding.Finding{ { Probe: "codeReviewOneReviewers", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, }, }, }, diff --git a/probes/contributorsFromOrgOrCompany/def.yml b/probes/contributorsFromOrgOrCompany/def.yml index e0f297e0..bfc09127 100644 --- a/probes/contributorsFromOrgOrCompany/def.yml +++ b/probes/contributorsFromOrgOrCompany/def.yml @@ -22,7 +22,7 @@ motivation: > implementation: > The probe looks at the Company field on the user profile for authors of recent commits. To receive the highest score, the project must have had contributors from at least 3 different companies in the last 30 commits. outcome: - - If the project has no contributing organizations or companies, the probe returns 1 OutcomeNegative + - If the project has no contributing organizations or companies, the probe returns 1 OutcomeFalse - If the project has contributing organizations or companies, the probe returns 1 Outcome per org or company. - If the probe fails to process the raw results, it returns nil instead of the findings slice as well as an error. remediation: diff --git a/probes/contributorsFromOrgOrCompany/impl.go b/probes/contributorsFromOrgOrCompany/impl.go index 04675e57..15910b52 100644 --- a/probes/contributorsFromOrgOrCompany/impl.go +++ b/probes/contributorsFromOrgOrCompany/impl.go @@ -49,7 +49,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if len(users) == 0 { f, err := finding.NewWith(fs, Probe, "Project does not have contributors.", nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -77,7 +77,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if len(entities) == 0 { f, err := finding.NewWith(fs, Probe, "No companies/organizations have contributed to the project.", nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -90,7 +90,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { for e := range entities { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("%s contributor org/company found", e), nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/contributorsFromOrgOrCompany/impl_test.go b/probes/contributorsFromOrgOrCompany/impl_test.go index 648f7218..244fe039 100644 --- a/probes/contributorsFromOrgOrCompany/impl_test.go +++ b/probes/contributorsFromOrgOrCompany/impl_test.go @@ -65,9 +65,9 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, { name: "Test multiple users", @@ -98,12 +98,12 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, { name: "Test multiple users where one user has insufficient contributions.", @@ -134,9 +134,9 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, } diff --git a/probes/dependencyUpdateToolConfigured/def.yml b/probes/dependencyUpdateToolConfigured/def.yml index d750ea5a..883278fe 100644 --- a/probes/dependencyUpdateToolConfigured/def.yml +++ b/probes/dependencyUpdateToolConfigured/def.yml @@ -20,8 +20,8 @@ motivation: > implementation: > The implementation looks for the presence of various config files for different dependency update tools. outcome: - - If a dependency update tool is configured, the probe returns OutcomePositive for each configuration. - - If no tool is detected, the probe returns OutcomeNegative. + - If a dependency update tool is configured, the probe returns OutcomeTrue for each configuration. + - If no tool is detected, the probe returns OutcomeFalse. remediation: effort: Low text: diff --git a/probes/dependencyUpdateToolConfigured/impl.go b/probes/dependencyUpdateToolConfigured/impl.go index 46588573..7b2cd04e 100644 --- a/probes/dependencyUpdateToolConfigured/impl.go +++ b/probes/dependencyUpdateToolConfigured/impl.go @@ -44,7 +44,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { tools := raw.DependencyUpdateToolResults.Tools if len(tools) == 0 { - f, err := finding.NewNegative(fs, Probe, "no dependency update tool configurations found", nil) + f, err := finding.NewFalse(fs, Probe, "no dependency update tool configurations found", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -60,7 +60,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { loc = tool.Files[0].Location() } - f, err := finding.NewPositive(fs, Probe, "detected update tool: "+tool.Name, loc) + f, err := finding.NewTrue(fs, Probe, "detected update tool: "+tool.Name, loc) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/dependencyUpdateToolConfigured/impl_test.go b/probes/dependencyUpdateToolConfigured/impl_test.go index ea0b6958..5087a4e5 100644 --- a/probes/dependencyUpdateToolConfigured/impl_test.go +++ b/probes/dependencyUpdateToolConfigured/impl_test.go @@ -41,18 +41,18 @@ func TestRun(t *testing.T) { err: uerror.ErrNil, }, { - name: "negative outcome from no update tools", + name: "false outcome from no update tools", raw: &checker.RawResults{ DependencyUpdateToolResults: checker.DependencyUpdateToolData{ Tools: []checker.Tool{}, }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { - name: "one update tool is a positive outcomes", + name: "one update tool is a true outcomes", raw: &checker.RawResults{ DependencyUpdateToolResults: checker.DependencyUpdateToolData{ Tools: []checker.Tool{ @@ -63,7 +63,7 @@ func TestRun(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } @@ -112,7 +112,7 @@ func TestRun_Detailed(t *testing.T) { { Probe: Probe, Message: "detected update tool: Dependabot", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ ToolKey: "Dependabot", }, @@ -138,7 +138,7 @@ func TestRun_Detailed(t *testing.T) { { Probe: Probe, Message: "detected update tool: some update tool", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ ToolKey: "some update tool", }, diff --git a/probes/dismissesStaleReviews/def.yml b/probes/dismissesStaleReviews/def.yml index f4d90d2c..5636ef48 100644 --- a/probes/dismissesStaleReviews/def.yml +++ b/probes/dismissesStaleReviews/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > Checks the protection rules of default and release branches. outcome: - - The probe returns one OutcomePositive for each branch that dismisses the stale status of PRs, and one OutcomeNegative for branches that don't. + - The probe returns one OutcomeTrue for each branch that dismisses the stale status of PRs, and one OutcomeFalse for branches that don't. remediation: effort: High text: diff --git a/probes/dismissesStaleReviews/impl_test.go b/probes/dismissesStaleReviews/impl_test.go index c8ca4d4d..3c868a81 100644 --- a/probes/dismissesStaleReviews/impl_test.go +++ b/probes/dismissesStaleReviews/impl_test.go @@ -58,7 +58,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -86,7 +86,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { @@ -114,7 +114,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { @@ -142,7 +142,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { @@ -170,7 +170,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/freeOfAnyBinaryArtifacts/def.yml b/probes/freeOfAnyBinaryArtifacts/def.yml index 2fe33f20..4fa5b9e0 100644 --- a/probes/freeOfAnyBinaryArtifacts/def.yml +++ b/probes/freeOfAnyBinaryArtifacts/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation looks for the presence of binary files. This is a more restrictive probe than "freeOfUnverifiedBinaryArtifacts" which excludes verified binary files. outcome: - - If the probe finds binary files, it returns a number of negative outcomes equal to the number of binary files found. Each outcome includes a location of the file. - - If the probe finds no verified binary files, it returns a single positive outcome. + - If the probe finds binary files, it returns a number of false outcomes equal to the number of binary files found. Each outcome includes a location of the file. + - If the probe finds no verified binary files, it returns a single true outcome. remediation: effort: Medium text: diff --git a/probes/freeOfAnyBinaryArtifacts/impl.go b/probes/freeOfAnyBinaryArtifacts/impl.go index bf1b12c0..97bd2c88 100644 --- a/probes/freeOfAnyBinaryArtifacts/impl.go +++ b/probes/freeOfAnyBinaryArtifacts/impl.go @@ -46,7 +46,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if len(r.Files) == 0 { f, err := finding.NewWith(fs, Probe, "Repository does not have any binary artifacts.", nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -55,7 +55,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { for i := range r.Files { file := &r.Files[i] f, err := finding.NewWith(fs, Probe, "binary artifact detected", - nil, finding.OutcomeNegative) + nil, finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/freeOfAnyBinaryArtifacts/impl_test.go b/probes/freeOfAnyBinaryArtifacts/impl_test.go index 51eaf81f..26babcee 100644 --- a/probes/freeOfAnyBinaryArtifacts/impl_test.go +++ b/probes/freeOfAnyBinaryArtifacts/impl_test.go @@ -48,7 +48,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -57,7 +57,7 @@ func Test_Run(t *testing.T) { BinaryArtifactResults: checker.BinaryArtifactData{}, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -81,9 +81,9 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -111,10 +111,10 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -125,7 +125,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/freeOfUnverifiedBinaryArtifacts/def.yml b/probes/freeOfUnverifiedBinaryArtifacts/def.yml index 3649a92f..2b501ca5 100644 --- a/probes/freeOfUnverifiedBinaryArtifacts/def.yml +++ b/probes/freeOfUnverifiedBinaryArtifacts/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation looks for the presence of binary files that are not "verified". A verified binary is one that Scorecard considers valid for building and/or releasing the project. This is a more permissive probe than "freeOfAnyBinaryArtifacts" which does not skip verified binary files. outcome: - - If the probe finds unverified binary files, it returns a number of negative outcomes equal to the number of unverified binary files found. Each outcome includes a location of the file. - - If the probe finds no unverified binary files, it returns a single positive outcome. + - If the probe finds unverified binary files, it returns a number of false outcomes equal to the number of unverified binary files found. Each outcome includes a location of the file. + - If the probe finds no unverified binary files, it returns a single true outcome. remediation: effort: Medium text: diff --git a/probes/freeOfUnverifiedBinaryArtifacts/impl.go b/probes/freeOfUnverifiedBinaryArtifacts/impl.go index bc10cd09..b309f9ae 100644 --- a/probes/freeOfUnverifiedBinaryArtifacts/impl.go +++ b/probes/freeOfUnverifiedBinaryArtifacts/impl.go @@ -49,7 +49,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { continue } f, err := finding.NewWith(fs, Probe, "binary artifact detected", - nil, finding.OutcomeNegative) + nil, finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -64,7 +64,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if len(findings) == 0 { f, err := finding.NewWith(fs, Probe, "Repository does not have binary artifacts.", nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/freeOfUnverifiedBinaryArtifacts/impl_test.go b/probes/freeOfUnverifiedBinaryArtifacts/impl_test.go index 48bd1eaa..1317b4d6 100644 --- a/probes/freeOfUnverifiedBinaryArtifacts/impl_test.go +++ b/probes/freeOfUnverifiedBinaryArtifacts/impl_test.go @@ -49,7 +49,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -73,8 +73,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -90,7 +90,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/fuzzed/def.yml b/probes/fuzzed/def.yml index ffcfa803..f0a26a16 100644 --- a/probes/fuzzed/def.yml +++ b/probes/fuzzed/def.yml @@ -20,8 +20,8 @@ motivation: > implementation: > The implementation looks for various fuzzing function signatures, imports, configuration files, and external integration data. outcome: - - If a fuzzing tool is found, one finding per tool with OutcomePositive is returned. - - If no fuzzing tool is found, or the project uses a tool we don't detect, one finding with OutcomeNegative is returned. + - If a fuzzing tool is found, one finding per tool with OutcomeTrue is returned. + - If no fuzzing tool is found, or the project uses a tool we don't detect, one finding with OutcomeFalse is returned. remediation: effort: High text: diff --git a/probes/fuzzed/impl.go b/probes/fuzzed/impl.go index c5c074eb..f161a9ed 100644 --- a/probes/fuzzed/impl.go +++ b/probes/fuzzed/impl.go @@ -44,7 +44,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { fuzzers := raw.FuzzingResults.Fuzzers if len(fuzzers) == 0 { - f, err := finding.NewNegative(fs, Probe, "no fuzzer integrations found", nil) + f, err := finding.NewFalse(fs, Probe, "no fuzzer integrations found", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -57,7 +57,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { // The current implementation does not provide file location // for all fuzzers. Check this first. if len(fuzzer.Files) == 0 { - f, err := finding.NewPositive(fs, Probe, fuzzer.Name+" integration found", nil) + f, err := finding.NewTrue(fs, Probe, fuzzer.Name+" integration found", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -67,7 +67,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { // Files are present. Create one results for each file location. for _, file := range fuzzer.Files { - f, err := finding.NewPositive(fs, Probe, fuzzer.Name+" integration found", file.Location()) + f, err := finding.NewTrue(fs, Probe, fuzzer.Name+" integration found", file.Location()) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/fuzzed/impl_test.go b/probes/fuzzed/impl_test.go index 082cd013..14b1c42c 100644 --- a/probes/fuzzed/impl_test.go +++ b/probes/fuzzed/impl_test.go @@ -41,18 +41,18 @@ func Test_Run(t *testing.T) { err: uerror.ErrNil, }, { - name: "negative outcome from no fuzzers", + name: "false outcome from no fuzzers", raw: &checker.RawResults{ FuzzingResults: checker.FuzzingData{ Fuzzers: []checker.Tool{}, }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { - name: "one fuzzer is a positive outcomes", + name: "one fuzzer is a true outcomes", raw: &checker.RawResults{ FuzzingResults: checker.FuzzingData{ Fuzzers: []checker.Tool{ @@ -63,7 +63,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -81,8 +81,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, } @@ -131,7 +131,7 @@ func TestRun_Detailed(t *testing.T) { { Probe: Probe, Message: "GoBuiltInFuzzer integration found", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ ToolKey: fuzzers.BuiltInGo, }, @@ -157,7 +157,7 @@ func TestRun_Detailed(t *testing.T) { { Probe: Probe, Message: "some fuzzer integration found", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ ToolKey: "some fuzzer", }, diff --git a/probes/hasDangerousWorkflowScriptInjection/def.yml b/probes/hasDangerousWorkflowScriptInjection/def.yml index ebd86253..50c60698 100644 --- a/probes/hasDangerousWorkflowScriptInjection/def.yml +++ b/probes/hasDangerousWorkflowScriptInjection/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe iterates through the workflows from the raw results and checks the workflow type. If it finds a workflow of the type `DangerousWorkflowScriptInjection`, it returns. outcome: - - If the project has at least one workflow with possibility of script injection, the probe returns one finding with OutcomeNegative (0). - - If the project does not have a single workflow with possibility of script injection, the probe returns one finding with OutcomePositive (1). + - If the project has at least one workflow with possibility of script injection, the probe returns one finding with OutcomeFalse (0). + - If the project does not have a single workflow with possibility of script injection, the probe returns one finding with OutcomeTrue (1). remediation: effort: Low text: diff --git a/probes/hasDangerousWorkflowScriptInjection/impl.go b/probes/hasDangerousWorkflowScriptInjection/impl.go index 688205d8..cea40226 100644 --- a/probes/hasDangerousWorkflowScriptInjection/impl.go +++ b/probes/hasDangerousWorkflowScriptInjection/impl.go @@ -57,7 +57,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if e.Type == checker.DangerousWorkflowScriptInjection { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("script injection with untrusted input '%v'", e.File.Snippet), - nil, finding.OutcomeNegative) + nil, finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -72,16 +72,16 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } if len(findings) == 0 { - return positiveOutcome() + return trueOutcome() } return findings, Probe, nil } -func positiveOutcome() ([]finding.Finding, string, error) { +func trueOutcome() ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, "Project does not have dangerous workflow(s) with possibility of script injection.", nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/hasDangerousWorkflowScriptInjection/impl_test.go b/probes/hasDangerousWorkflowScriptInjection/impl_test.go index 3b87341f..8c33906c 100644 --- a/probes/hasDangerousWorkflowScriptInjection/impl_test.go +++ b/probes/hasDangerousWorkflowScriptInjection/impl_test.go @@ -48,7 +48,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -64,7 +64,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/hasDangerousWorkflowUntrustedCheckout/def.yml b/probes/hasDangerousWorkflowUntrustedCheckout/def.yml index 701fe560..51e0f3ac 100644 --- a/probes/hasDangerousWorkflowUntrustedCheckout/def.yml +++ b/probes/hasDangerousWorkflowUntrustedCheckout/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe iterates through the workflows from the raw results and checks the workflow type. If it finds a workflow of the type `DangerousWorkflowUntrustedCheckout`, it returns. outcome: - - If the project has at least one workflow with possibility of untrusted code checkout, the probe returns one finding with OutcomeNegative (0). - - If the project does not have a single workflow with possibility of untrusted code checkout, the probe returns one finding with OutcomePositive (1). + - If the project has at least one workflow with possibility of untrusted code checkout, the probe returns one finding with OutcomeFalse (0). + - If the project does not have a single workflow with possibility of untrusted code checkout, the probe returns one finding with OutcomeTrue (1). remediation: effort: Low text: diff --git a/probes/hasDangerousWorkflowUntrustedCheckout/impl.go b/probes/hasDangerousWorkflowUntrustedCheckout/impl.go index 3fa3df8a..0a1f2816 100644 --- a/probes/hasDangerousWorkflowUntrustedCheckout/impl.go +++ b/probes/hasDangerousWorkflowUntrustedCheckout/impl.go @@ -32,6 +32,8 @@ func init() { //go:embed *.yml var fs embed.FS +// TODO(#3654) fix this probe. true/false positive/negative swap made this confusing. + const Probe = "hasDangerousWorkflowUntrustedCheckout" func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { @@ -57,7 +59,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if e.Type == checker.DangerousWorkflowUntrustedCheckout { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("untrusted code checkout '%v'", e.File.Snippet), - nil, finding.OutcomeNegative) + nil, finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -71,25 +73,25 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } } if len(findings) == 0 { - return positiveOutcome() + return trueOutcome() } return findings, Probe, nil } -func positiveOutcome() ([]finding.Finding, string, error) { +func trueOutcome() ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, "Project does not have workflow(s) with untrusted checkout.", nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } return []finding.Finding{*f}, Probe, nil } -/*func negativeOutcome() ([]finding.Finding, string, error) { +/*func falseOutcome() ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, "Project has workflow(s) with untrusted checkout.", nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/hasDangerousWorkflowUntrustedCheckout/impl_test.go b/probes/hasDangerousWorkflowUntrustedCheckout/impl_test.go index fb905af3..e769696a 100644 --- a/probes/hasDangerousWorkflowUntrustedCheckout/impl_test.go +++ b/probes/hasDangerousWorkflowUntrustedCheckout/impl_test.go @@ -48,7 +48,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -64,7 +64,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, } diff --git a/probes/hasFSFOrOSIApprovedLicense/def.yml b/probes/hasFSFOrOSIApprovedLicense/def.yml index f612ca99..9ab6f59a 100644 --- a/probes/hasFSFOrOSIApprovedLicense/def.yml +++ b/probes/hasFSFOrOSIApprovedLicense/def.yml @@ -19,9 +19,9 @@ motivation: > implementation: > The implementation checks whether a license file is present and is of an approved format outcome: - - If a license file is found and is of an approved format, the probe returns a single OutcomePositive. + - If a license file is found and is of an approved format, the probe returns a single OutcomeTrue. - If a license file is missing the probe returns a single OutcomeNotApplicable. - - If the license is not of an approved format, the probe returns a single OutcomeNegative. + - If the license is not of an approved format, the probe returns a single OutcomeFalse. remediation: effort: Low text: diff --git a/probes/hasFSFOrOSIApprovedLicense/impl.go b/probes/hasFSFOrOSIApprovedLicense/impl.go index 1e3c6877..6e9a3f2d 100644 --- a/probes/hasFSFOrOSIApprovedLicense/impl.go +++ b/probes/hasFSFOrOSIApprovedLicense/impl.go @@ -55,7 +55,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } licenseFile := licenseFile loc := licenseFile.File.Location() - f, err := finding.NewPositive(fs, Probe, "FSF or OSI recognized license: "+licenseFile.LicenseInformation.Name, loc) + f, err := finding.NewTrue(fs, Probe, "FSF or OSI recognized license: "+licenseFile.LicenseInformation.Name, loc) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -64,7 +64,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, "project license file does not contain an FSF or OSI license.", nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/hasFSFOrOSIApprovedLicense/impl_test.go b/probes/hasFSFOrOSIApprovedLicense/impl_test.go index ea915d14..0b49e0e6 100644 --- a/probes/hasFSFOrOSIApprovedLicense/impl_test.go +++ b/probes/hasFSFOrOSIApprovedLicense/impl_test.go @@ -36,7 +36,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "License file found and is approved: outcome should be positive", + name: "License file found and is approved: outcome should be true", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: []checker.LicenseFile{ @@ -52,11 +52,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "License file found and is not approved: outcome should be negative", + name: "License file found and is not approved: outcome should be false", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: []checker.LicenseFile{ @@ -72,11 +72,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { - name: "License file not found and outcome should be negative", + name: "License file not found and outcome should be false", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: []checker.LicenseFile{}, @@ -87,7 +87,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "License file found but is not approved. Outcome should be Negative", + name: "License file found but is not approved. Outcome should be False", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: []checker.LicenseFile{ @@ -111,11 +111,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { - name: "nil license files and outcome should be negative", + name: "nil license files and outcome should be false", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: nil, @@ -126,7 +126,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "0 license files and outcome should be negative", + name: "0 license files and outcome should be false", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: []checker.LicenseFile{}, diff --git a/probes/hasLicenseFile/def.yml b/probes/hasLicenseFile/def.yml index c9666ca0..efe48a32 100644 --- a/probes/hasLicenseFile/def.yml +++ b/probes/hasLicenseFile/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation checks whether a license file is present. outcome: - - If license files are found, the probe returns OutcomePositive for each license file. - - If a license file is not found, the probe returns a single OutcomeNegative. + - If license files are found, the probe returns OutcomeTrue for each license file. + - If a license file is not found, the probe returns a single OutcomeFalse. remediation: effort: Low text: diff --git a/probes/hasLicenseFile/impl.go b/probes/hasLicenseFile/impl.go index 6e8a5cfc..82a24180 100644 --- a/probes/hasLicenseFile/impl.go +++ b/probes/hasLicenseFile/impl.go @@ -44,7 +44,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { licenseFiles := raw.LicenseResults.LicenseFiles if len(licenseFiles) == 0 { - f, err := finding.NewNegative(fs, Probe, "project does not have a license file", nil) + f, err := finding.NewFalse(fs, Probe, "project does not have a license file", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -54,7 +54,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { for _, licenseFile := range licenseFiles { licenseFile := licenseFile loc := licenseFile.File.Location() - f, err := finding.NewPositive(fs, Probe, "project has a license file", loc) + f, err := finding.NewTrue(fs, Probe, "project has a license file", loc) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/hasLicenseFile/impl_test.go b/probes/hasLicenseFile/impl_test.go index 47ecda85..74e683b6 100644 --- a/probes/hasLicenseFile/impl_test.go +++ b/probes/hasLicenseFile/impl_test.go @@ -36,7 +36,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "License file found and outcome should be positive", + name: "License file found and outcome should be true", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: []checker.LicenseFile{ @@ -49,40 +49,40 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "License file not found and outcome should be negative", + name: "License file not found and outcome should be false", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: []checker.LicenseFile{}, }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { - name: "nil license files and outcome should be negative", + name: "nil license files and outcome should be false", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: nil, }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { - name: "0 license files and outcome should be negative", + name: "0 license files and outcome should be false", raw: &checker.RawResults{ LicenseResults: checker.LicenseData{ LicenseFiles: []checker.LicenseFile{}, }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -93,7 +93,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, } diff --git a/probes/hasNoGitHubWorkflowPermissionUnknown/def.yml b/probes/hasNoGitHubWorkflowPermissionUnknown/def.yml index 5f2b8593..2cb75e42 100644 --- a/probes/hasNoGitHubWorkflowPermissionUnknown/def.yml +++ b/probes/hasNoGitHubWorkflowPermissionUnknown/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe checks the permission levels of a projects workflows and collects the workflows that have unknown permissions. outcome: - - The probe returns 1 negative outcome per workflow without unknown permission level(s). - - The probe returns 1 positive outcome if the project has no workflows with unknown permission levels. + - The probe returns 1 false outcome per workflow without unknown permission level(s). + - The probe returns 1 true outcome if the project has no workflows with unknown permission levels. remediation: effort: Low text: diff --git a/probes/hasNoGitHubWorkflowPermissionUnknown/impl.go b/probes/hasNoGitHubWorkflowPermissionUnknown/impl.go index 0c6aad3e..e41e7042 100644 --- a/probes/hasNoGitHubWorkflowPermissionUnknown/impl.go +++ b/probes/hasNoGitHubWorkflowPermissionUnknown/impl.go @@ -55,7 +55,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } // Create finding - f, err := permissions.CreateNegativeFinding(r, Probe, fs, raw.Metadata.Metadata) + f, err := permissions.CreateFalseFinding(r, Probe, fs, raw.Metadata.Metadata) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -65,7 +65,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if len(findings) == 0 { f, err := finding.NewWith(fs, Probe, "no workflows with unknown permissions", - nil, finding.OutcomePositive) + nil, finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/hasNoGitHubWorkflowPermissionUnknown/impl_test.go b/probes/hasNoGitHubWorkflowPermissionUnknown/impl_test.go index 97603167..c921f01e 100644 --- a/probes/hasNoGitHubWorkflowPermissionUnknown/impl_test.go +++ b/probes/hasNoGitHubWorkflowPermissionUnknown/impl_test.go @@ -57,7 +57,7 @@ func Test_Run(t *testing.T) { }, }, Outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -73,7 +73,7 @@ func Test_Run(t *testing.T) { }, }, Outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/hasOSVVulnerabilities/def.yml b/probes/hasOSVVulnerabilities/def.yml index c6506573..b7592753 100644 --- a/probes/hasOSVVulnerabilities/def.yml +++ b/probes/hasOSVVulnerabilities/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation fetches data from OSV.dev about the project which shows whether a given project has known, unfixed vulnerabilities. The implementation uses the number of known, unfixed vulnerabilities to score. outcome: - - The probe returns one negative outcome for each vulnerability found in OSV. - - If there are no known vulnerabilities from the raw results, the probe returns one positive outcome. + - The probe returns one false outcome for each vulnerability found in OSV. + - If there are no known vulnerabilities from the raw results, the probe returns one true outcome. remediation: effort: High text: diff --git a/probes/hasOSVVulnerabilities/impl.go b/probes/hasOSVVulnerabilities/impl.go index 00944fff..2e72cbc6 100644 --- a/probes/hasOSVVulnerabilities/impl.go +++ b/probes/hasOSVVulnerabilities/impl.go @@ -51,7 +51,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if len(raw.VulnerabilitiesResults.Vulnerabilities) == 0 { f, err := finding.NewWith(fs, Probe, "Project does not contain OSV vulnerabilities", nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -72,7 +72,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } f, err := finding.NewWith(fs, Probe, "Project contains OSV vulnerabilities", nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/hasOSVVulnerabilities/impl_test.go b/probes/hasOSVVulnerabilities/impl_test.go index 6e68ae84..1b0ac4b5 100644 --- a/probes/hasOSVVulnerabilities/impl_test.go +++ b/probes/hasOSVVulnerabilities/impl_test.go @@ -47,7 +47,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -58,7 +58,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/hasOpenSSFBadge/def.yml b/probes/hasOpenSSFBadge/def.yml index 4cacc254..6f7f08b0 100644 --- a/probes/hasOpenSSFBadge/def.yml +++ b/probes/hasOpenSSFBadge/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe checks the type of the badge from the raw results. outcome: - - If the project has a badge, the probe returns one OutcomePositive (1). The finding includes an entry in the `Values` map with the key describing the badge level. - - If the project does not have a badge, the probe returns one OutcomeNegative (0). + - If the project has a badge, the probe returns one OutcomeTrue (1). The finding includes an entry in the `Values` map with the key describing the badge level. + - If the project does not have a badge, the probe returns one OutcomeFalse (0). remediation: effort: High text: diff --git a/probes/hasOpenSSFBadge/impl.go b/probes/hasOpenSSFBadge/impl.go index 3c525feb..bb998a5f 100644 --- a/probes/hasOpenSSFBadge/impl.go +++ b/probes/hasOpenSSFBadge/impl.go @@ -65,7 +65,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { default: f, err := finding.NewWith(fs, Probe, "Project does not have an OpenSSF badge", nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -74,7 +74,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("OpenSSF best practice badge found at %s level.", badgeLevel), - nil, finding.OutcomePositive) + nil, finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/hasOpenSSFBadge/impl_test.go b/probes/hasOpenSSFBadge/impl_test.go index a860d8ec..a7a45fc5 100644 --- a/probes/hasOpenSSFBadge/impl_test.go +++ b/probes/hasOpenSSFBadge/impl_test.go @@ -44,7 +44,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -55,7 +55,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -66,7 +66,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -77,7 +77,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -88,7 +88,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/hasRecentCommits/def.yml b/probes/hasRecentCommits/def.yml index ddea2aae..e9820886 100644 --- a/probes/hasRecentCommits/def.yml +++ b/probes/hasRecentCommits/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation checks the number of commits made in the last 90 days by any user type. outcome: - - If the project has commits from the last 90 days, the probe returns one OutcomePositive with a "commitsWithinThreshold" value which contains the number of commits that the probe found within the threshold. The probe will also return a "lookBackDays" value which is the number of days that the probe includes in its threshold - which is 90. - - If the project does not have commits in the last 90 days, the probe returns a single OutcomeNegative. + - If the project has commits from the last 90 days, the probe returns one OutcomeTrue with a "commitsWithinThreshold" value which contains the number of commits that the probe found within the threshold. The probe will also return a "lookBackDays" value which is the number of days that the probe includes in its threshold - which is 90. + - If the project does not have commits in the last 90 days, the probe returns a single OutcomeFalse. remediation: effort: Low text: diff --git a/probes/hasRecentCommits/impl.go b/probes/hasRecentCommits/impl.go index 660c7ecc..1c7ca553 100644 --- a/probes/hasRecentCommits/impl.go +++ b/probes/hasRecentCommits/impl.go @@ -63,10 +63,10 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { var outcome finding.Outcome if commitsWithinThreshold > 0 { text = "Found a contribution within the threshold." - outcome = finding.OutcomePositive + outcome = finding.OutcomeTrue } else { text = "Did not find contribution within the threshold." - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse } f, err := finding.NewWith(fs, Probe, text, nil, outcome) if err != nil { diff --git a/probes/hasRecentCommits/impl_test.go b/probes/hasRecentCommits/impl_test.go index 8d7d72a1..8cceaa98 100644 --- a/probes/hasRecentCommits/impl_test.go +++ b/probes/hasRecentCommits/impl_test.go @@ -67,7 +67,7 @@ func Test_Run(t *testing.T) { Issues: []clients.Issue{}, }, }, - outcomes: []finding.Outcome{finding.OutcomeNegative}, + outcomes: []finding.Outcome{finding.OutcomeFalse}, }, { name: "Has five commits in threshold", @@ -80,7 +80,7 @@ func Test_Run(t *testing.T) { NumCommitsKey: "5", LookbackDayKey: strconv.Itoa(lookBackDays), }, - outcomes: []finding.Outcome{finding.OutcomePositive}, + outcomes: []finding.Outcome{finding.OutcomeTrue}, }, { name: "Has twenty in threshold", @@ -93,7 +93,7 @@ func Test_Run(t *testing.T) { NumCommitsKey: "20", LookbackDayKey: strconv.Itoa(lookBackDays), }, - outcomes: []finding.Outcome{finding.OutcomePositive}, + outcomes: []finding.Outcome{finding.OutcomeTrue}, }, } for _, tt := range tests { diff --git a/probes/internal/utils/branchprotection/branchProtection.go b/probes/internal/utils/branchprotection/branchProtection.go index 507e7f20..f213b16b 100644 --- a/probes/internal/utils/branchprotection/branchProtection.go +++ b/probes/internal/utils/branchprotection/branchProtection.go @@ -30,10 +30,10 @@ func GetTextOutcomeFromBool(b *bool, rule, branchName string) (string, finding.O return msg, finding.OutcomeNotAvailable, nil case *b: msg := fmt.Sprintf("'%s' is required to merge on branch '%s'", rule, branchName) - return msg, finding.OutcomePositive, nil + return msg, finding.OutcomeTrue, nil case !*b: msg := fmt.Sprintf("'%s' is disable on branch '%s'", rule, branchName) - return msg, finding.OutcomeNegative, nil + return msg, finding.OutcomeFalse, nil } return "", finding.OutcomeError, errWrongValue } diff --git a/probes/internal/utils/permissions/permissions.go b/probes/internal/utils/permissions/permissions.go index bc22f904..d7bae9dc 100644 --- a/probes/internal/utils/permissions/permissions.go +++ b/probes/internal/utils/permissions/permissions.go @@ -53,7 +53,7 @@ func createText(t checker.TokenPermission) (string, error) { *t.Name, *t.Value), nil } -func CreateNegativeFinding(r checker.TokenPermission, +func CreateFalseFinding(r checker.TokenPermission, probe string, fs embed.FS, metadata map[string]string, @@ -64,7 +64,7 @@ func CreateNegativeFinding(r checker.TokenPermission, return nil, fmt.Errorf("create finding: %w", err) } f, err := finding.NewWith(fs, probe, - text, nil, finding.OutcomeNegative) + text, nil, finding.OutcomeFalse) if err != nil { return nil, fmt.Errorf("create finding: %w", err) } @@ -85,14 +85,14 @@ func CreateNegativeFinding(r checker.TokenPermission, return f, nil } -func ReadPositiveLevelFinding(probe string, +func ReadTrueLevelFinding(probe string, fs embed.FS, r checker.TokenPermission, metadata map[string]string, ) (*finding.Finding, error) { f, err := finding.NewWith(fs, probe, "found token with 'read' permissions", - nil, finding.OutcomePositive) + nil, finding.OutcomeTrue) if err != nil { return nil, fmt.Errorf("%w", err) } @@ -117,7 +117,7 @@ func CreateNoneFinding(probe string, // Create finding f, err := finding.NewWith(fs, probe, "found token with 'none' permissions", - nil, finding.OutcomeNegative) + nil, finding.OutcomeFalse) if err != nil { return nil, fmt.Errorf("create finding: %w", err) } @@ -152,7 +152,7 @@ func CreateUndeclaredFinding(probe string, case *r.LocationType == checker.PermissionLocationTop, *r.LocationType == checker.PermissionLocationJob: // Create finding - f, err = CreateNegativeFinding(r, probe, fs, metadata) + f, err = CreateFalseFinding(r, probe, fs, metadata) if err != nil { return nil, fmt.Errorf("create finding: %w", err) } diff --git a/probes/internal/utils/test/test.go b/probes/internal/utils/test/test.go index 9d1d150b..491873f1 100644 --- a/probes/internal/utils/test/test.go +++ b/probes/internal/utils/test/test.go @@ -85,7 +85,7 @@ func GetTests(locationType checker.PermissionLocation, }, }, Outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -112,7 +112,7 @@ func GetTests(locationType checker.PermissionLocation, }, }, Outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNegative, + finding.OutcomeFalse, finding.OutcomeFalse, }, }, { @@ -132,7 +132,7 @@ func GetTests(locationType checker.PermissionLocation, }, }, Outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, Err: sce.ErrScorecardInternal, }, @@ -153,7 +153,7 @@ func GetTests(locationType checker.PermissionLocation, }, }, Outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -173,7 +173,7 @@ func GetTests(locationType checker.PermissionLocation, }, }, Outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/issueActivityByProjectMember/def.yml b/probes/issueActivityByProjectMember/def.yml index 9a88c4af..2d9e4e46 100644 --- a/probes/issueActivityByProjectMember/def.yml +++ b/probes/issueActivityByProjectMember/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe checks whether collaborators, members or owners of a project have participated in issues in the last 90 days. outcome: - - If collaborators, members or owners have participated in issues in the last 90 days, the probe returns one OutcomePositive. The probe also returns a "numberOfIssuesUpdatedWithinThreshold" value with represents the number of issues on the repository which project collaborators, members or owners have shown activity in. - - If collaborators, members or owners have NOT participated in issues in the last 90 days, the probe returns a single OutcomeNegative. + - If collaborators, members or owners have participated in issues in the last 90 days, the probe returns one OutcomeTrue. The probe also returns a "numberOfIssuesUpdatedWithinThreshold" value with represents the number of issues on the repository which project collaborators, members or owners have shown activity in. + - If collaborators, members or owners have NOT participated in issues in the last 90 days, the probe returns a single OutcomeFalse. remediation: effort: High text: diff --git a/probes/issueActivityByProjectMember/impl.go b/probes/issueActivityByProjectMember/impl.go index e07fee11..42bc3471 100644 --- a/probes/issueActivityByProjectMember/impl.go +++ b/probes/issueActivityByProjectMember/impl.go @@ -63,10 +63,10 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { var outcome finding.Outcome if numberOfIssuesUpdatedWithinThreshold > 0 { text = "Found a issue within the threshold." - outcome = finding.OutcomePositive + outcome = finding.OutcomeTrue } else { text = "Did not find issues within the threshold." - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse } f, err := finding.NewWith(fs, Probe, text, nil, outcome) diff --git a/probes/issueActivityByProjectMember/impl_test.go b/probes/issueActivityByProjectMember/impl_test.go index d43dd704..d8be337a 100644 --- a/probes/issueActivityByProjectMember/impl_test.go +++ b/probes/issueActivityByProjectMember/impl_test.go @@ -93,7 +93,7 @@ func Test_Run(t *testing.T) { Issues: []clients.Issue{}, }, }, - outcomes: []finding.Outcome{finding.OutcomeNegative}, + outcomes: []finding.Outcome{finding.OutcomeFalse}, }, { name: "Has 5 issues in threshold", @@ -106,7 +106,7 @@ func Test_Run(t *testing.T) { LookbackDayKey: strconv.Itoa(lookBackDays), NumIssuesKey: "5", }, - outcomes: []finding.Outcome{finding.OutcomePositive}, + outcomes: []finding.Outcome{finding.OutcomeTrue}, }, { name: "Has 20 issues in threshold", @@ -119,7 +119,7 @@ func Test_Run(t *testing.T) { LookbackDayKey: strconv.Itoa(lookBackDays), NumIssuesKey: "20", }, - outcomes: []finding.Outcome{finding.OutcomePositive}, + outcomes: []finding.Outcome{finding.OutcomeTrue}, }, { name: "Has 5 issues by collaborator and 5 by first time user", @@ -132,7 +132,7 @@ func Test_Run(t *testing.T) { LookbackDayKey: strconv.Itoa(lookBackDays), NumIssuesKey: "5", }, - outcomes: []finding.Outcome{finding.OutcomePositive}, + outcomes: []finding.Outcome{finding.OutcomeTrue}, }, } for _, tt := range tests { diff --git a/probes/jobLevelPermissions/def.yml b/probes/jobLevelPermissions/def.yml index 706c183c..fed3e3b9 100644 --- a/probes/jobLevelPermissions/def.yml +++ b/probes/jobLevelPermissions/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe checks the permission level, the workflow type and the permission type of each workflow in the project. outcome: - - The probe returns 1 negative outcome per workflow with "write" permissions at the "job" level. - - The probe returns 1 positive outcome if the project has no workflows "write" permissions a the "job" level. + - The probe returns 1 false outcome per workflow with "write" permissions at the "job" level. + - The probe returns 1 true outcome if the project has no workflows "write" permissions a the "job" level. remediation: effort: Low text: diff --git a/probes/jobLevelPermissions/impl.go b/probes/jobLevelPermissions/impl.go index e4a5b030..c8f3c01c 100644 --- a/probes/jobLevelPermissions/impl.go +++ b/probes/jobLevelPermissions/impl.go @@ -73,7 +73,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { findings = append(findings, *f) continue case checker.PermissionLevelRead: - f, err := permissions.ReadPositiveLevelFinding(Probe, fs, r, raw.Metadata.Metadata) + f, err := permissions.ReadTrueLevelFinding(Probe, fs, r, raw.Metadata.Metadata) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -87,7 +87,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { continue } - f, err := permissions.CreateNegativeFinding(r, Probe, fs, raw.Metadata.Metadata) + f, err := permissions.CreateFalseFinding(r, Probe, fs, raw.Metadata.Metadata) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -99,7 +99,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if len(findings) == 0 { f, err := finding.NewWith(fs, Probe, "no job-level permissions found", - nil, finding.OutcomePositive) + nil, finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/notArchived/def.yml b/probes/notArchived/def.yml index 0926199b..cea3119d 100644 --- a/probes/notArchived/def.yml +++ b/probes/notArchived/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe checks the Archived Status of a project. outcome: - - If the project is archived, the outcome is OutcomeNegative. - - If the project is not archived, the outcome is OutcomePositive. + - If the project is archived, the outcome is OutcomeFalse. + - If the project is not archived, the outcome is OutcomeTrue. remediation: effort: High text: diff --git a/probes/notArchived/impl.go b/probes/notArchived/impl.go index 5839cba4..28777fcd 100644 --- a/probes/notArchived/impl.go +++ b/probes/notArchived/impl.go @@ -42,25 +42,25 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { r := raw.MaintainedResults if r.ArchivedStatus.Status { - return negativeOutcome() + return falseOutcome() } - return positiveOutcome() + return trueOutcome() } -func negativeOutcome() ([]finding.Finding, string, error) { +func falseOutcome() ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, "Repository is archived.", nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } return []finding.Finding{*f}, Probe, nil } -func positiveOutcome() ([]finding.Finding, string, error) { +func trueOutcome() ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, "Repository is not archived.", nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/notArchived/impl_test.go b/probes/notArchived/impl_test.go index 52142df7..12e54d36 100644 --- a/probes/notArchived/impl_test.go +++ b/probes/notArchived/impl_test.go @@ -45,7 +45,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -58,7 +58,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/notCreatedRecently/def.yml b/probes/notCreatedRecently/def.yml index 62b1d3e9..8feff828 100644 --- a/probes/notCreatedRecently/def.yml +++ b/probes/notCreatedRecently/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation checks the creation date is within the last 90 days. outcome: - - If the project was created within the last 90 days, the outcome is OutcomeNegative (0). - - If the project was created before the last 90 days, the outcome is OutcomePositive (1). The finding will include a "lookBackDays" value which is the time period that the probe looks back in. + - If the project was created within the last 90 days, the outcome is OutcomeFalse (0). + - If the project was created before the last 90 days, the outcome is OutcomeTrue (1). The finding will include a "lookBackDays" value which is the time period that the probe looks back in. remediation: effort: Low text: diff --git a/probes/notCreatedRecently/impl.go b/probes/notCreatedRecently/impl.go index afe160f4..3ede217d 100644 --- a/probes/notCreatedRecently/impl.go +++ b/probes/notCreatedRecently/impl.go @@ -54,10 +54,10 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { var outcome finding.Outcome if r.CreatedAt.After(recencyThreshold) { text = fmt.Sprintf("Repository was created in last %d days.", lookBackDays) - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse } else { text = fmt.Sprintf("Repository was not created in last %d days.", lookBackDays) - outcome = finding.OutcomePositive + outcome = finding.OutcomeTrue } f, err := finding.NewWith(fs, Probe, text, nil, outcome) if err != nil { diff --git a/probes/notCreatedRecently/impl_test.go b/probes/notCreatedRecently/impl_test.go index 4309adb7..d13e1fb8 100644 --- a/probes/notCreatedRecently/impl_test.go +++ b/probes/notCreatedRecently/impl_test.go @@ -44,7 +44,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -55,7 +55,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, } diff --git a/probes/packagedWithAutomatedWorkflow/def.yml b/probes/packagedWithAutomatedWorkflow/def.yml index b8e4cd6f..db326cb3 100644 --- a/probes/packagedWithAutomatedWorkflow/def.yml +++ b/probes/packagedWithAutomatedWorkflow/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation checks whether a project uses common patterns for packaging across multiple ecosystems. Scorecard gets this by checking the projects workflows for specific uses of actions and build commands such as `docker push` or `mvn deploy`. outcome: - - If the project has a package without a debug message, the outcome is positive. - - If the project has a package with a debug message, the outcome is negative. + - If the project has a package without a debug message, the outcome is true. + - If the project has a package with a debug message, the outcome is false. remediation: effort: Low text: diff --git a/probes/packagedWithAutomatedWorkflow/impl.go b/probes/packagedWithAutomatedWorkflow/impl.go index 448ababc..275a2bca 100644 --- a/probes/packagedWithAutomatedWorkflow/impl.go +++ b/probes/packagedWithAutomatedWorkflow/impl.go @@ -50,7 +50,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { // check passes. f, err := finding.NewWith(fs, Probe, "Project packages its releases by way of GitHub Actions.", nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -70,7 +70,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, "no GitHub/GitLab publishing workflow detected.", nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/packagedWithAutomatedWorkflow/impl_test.go b/probes/packagedWithAutomatedWorkflow/impl_test.go index 7e8246a6..d9fdbce9 100644 --- a/probes/packagedWithAutomatedWorkflow/impl_test.go +++ b/probes/packagedWithAutomatedWorkflow/impl_test.go @@ -46,7 +46,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -61,7 +61,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, } diff --git a/probes/pinsDependencies/def.yml b/probes/pinsDependencies/def.yml index 55e95233..3d318fda 100644 --- a/probes/pinsDependencies/def.yml +++ b/probes/pinsDependencies/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe works by looking for unpinned dependencies in Dockerfiles, shell scripts, and GitHub workflows which are used during the build and release process of a project. Special considerations for Go modules treat full semantic versions as pinned due to how the Go tool verifies downloaded content against the hashes when anyone first downloaded the module. outcome: - - For supported ecosystem, the probe returns OutcomePositive per pinned dependency. - - For supported ecosystem, the probe returns OutcomeNegative per unpinned dependency. + - For supported ecosystem, the probe returns OutcomeTrue per pinned dependency. + - For supported ecosystem, the probe returns OutcomeFalse per unpinned dependency. - If the project has no supported dependencies, the probe returns OutcomeNotApplicable. remediation: effort: Medium diff --git a/probes/pinsDependencies/impl.go b/probes/pinsDependencies/impl.go index d000a441..96d75f67 100644 --- a/probes/pinsDependencies/impl.go +++ b/probes/pinsDependencies/impl.go @@ -89,7 +89,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } if !*rr.Pinned { f = f.WithMessage(generateTextUnpinned(&rr)). - WithOutcome(finding.OutcomeNegative) + WithOutcome(finding.OutcomeFalse) if rr.Remediation != nil { f.Remediation = ruleRemToProbeRem(rr.Remediation) } @@ -98,7 +98,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { }) findings = append(findings, *f) } else { - f = f.WithMessage("").WithOutcome(finding.OutcomePositive) + f = f.WithMessage("").WithOutcome(finding.OutcomeTrue) f = f.WithValues(map[string]string{ DepTypeKey: string(rr.Type), }) diff --git a/probes/pinsDependencies/impl_test.go b/probes/pinsDependencies/impl_test.go index 2f306501..fb4da4c1 100644 --- a/probes/pinsDependencies/impl_test.go +++ b/probes/pinsDependencies/impl_test.go @@ -86,13 +86,13 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, { @@ -143,13 +143,13 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, - finding.OutcomeNegative, - finding.OutcomeNegative, - finding.OutcomeNegative, - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, + finding.OutcomeFalse, + finding.OutcomeFalse, + finding.OutcomeFalse, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -171,8 +171,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomePositive, + finding.OutcomeFalse, + finding.OutcomeTrue, }, }, { @@ -194,8 +194,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomePositive, + finding.OutcomeFalse, + finding.OutcomeTrue, }, }, { @@ -223,7 +223,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -240,7 +240,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -257,7 +257,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -274,7 +274,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -291,7 +291,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -308,7 +308,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -325,7 +325,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -344,7 +344,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -370,8 +370,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, { @@ -397,8 +397,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -424,8 +424,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomeNegative, + finding.OutcomeTrue, + finding.OutcomeFalse, }, }, { @@ -451,8 +451,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomePositive, + finding.OutcomeFalse, + finding.OutcomeTrue, }, }, { @@ -474,8 +474,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { diff --git a/probes/releasesAreSigned/def.yml b/probes/releasesAreSigned/def.yml index a120864b..9ca7c3f5 100644 --- a/probes/releasesAreSigned/def.yml +++ b/probes/releasesAreSigned/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation checks whether a signature file is present in release assets. The probe checks the last 5 releases on GitHub and GitLab. outcome: - - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a signature file in the release assets. - - For each of the last 5 releases, the probe returns OutcomeNegative, if the release does not have a signature file in the release assets. + - For each of the last 5 releases, the probe returns OutcomeTrue, if the release has a signature file in the release assets. + - For each of the last 5 releases, the probe returns OutcomeFalse, if the release does not have a signature file in the release assets. - If the project has no releases, the probe returns OutcomeNotApplicable. remediation: effort: Medium diff --git a/probes/releasesAreSigned/impl.go b/probes/releasesAreSigned/impl.go index 3aba76f1..489ffdf2 100644 --- a/probes/releasesAreSigned/impl.go +++ b/probes/releasesAreSigned/impl.go @@ -69,7 +69,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if !strings.HasSuffix(asset.Name, suffix) { continue } - // Create Positive Finding + // Create True Finding // with file info loc := &finding.Location{ Type: finding.FileTypeURL, @@ -78,7 +78,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("signed release artifact: %s", asset.Name), loc, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -106,7 +106,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("release artifact %s not signed", release.TagName), loc, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/releasesAreSigned/impl_test.go b/probes/releasesAreSigned/impl_test.go index 85104c53..2dead23e 100644 --- a/probes/releasesAreSigned/impl_test.go +++ b/probes/releasesAreSigned/impl_test.go @@ -54,7 +54,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -82,8 +82,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, { @@ -111,8 +111,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -149,9 +149,9 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomePositive, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeTrue, + finding.OutcomeFalse, }, }, { @@ -182,11 +182,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, } diff --git a/probes/releasesHaveProvenance/def.yml b/probes/releasesHaveProvenance/def.yml index 8fb14ea2..fb9ffd7d 100644 --- a/probes/releasesHaveProvenance/def.yml +++ b/probes/releasesHaveProvenance/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe checks whether any of the assets in any of the last five releases on GitHub or GitLab have a provenance file. outcome: - - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a provenance file in the release assets. - - For each of the last 5 releases, the probe returns OutcomeNegative, if the release does not have a provenance file in the release assets. + - For each of the last 5 releases, the probe returns OutcomeTrue, if the release has a provenance file in the release assets. + - For each of the last 5 releases, the probe returns OutcomeFalse, if the release does not have a provenance file in the release assets. - If the project has no releases, the probe returns OutcomeNotApplicable. remediation: effort: Medium diff --git a/probes/releasesHaveProvenance/impl.go b/probes/releasesHaveProvenance/impl.go index a8f6b742..7b2c034c 100644 --- a/probes/releasesHaveProvenance/impl.go +++ b/probes/releasesHaveProvenance/impl.go @@ -70,7 +70,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if !strings.HasSuffix(asset.Name, suffix) { continue } - // Create Positive Finding + // Create True Finding // with file info loc := &finding.Location{ Type: finding.FileTypeURL, @@ -79,7 +79,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("provenance for release artifact: %s", asset.Name), loc, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -107,7 +107,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("release artifact %s does not have provenance", release.TagName), loc, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/releasesHaveProvenance/impl_test.go b/probes/releasesHaveProvenance/impl_test.go index 5202f505..524d0e24 100644 --- a/probes/releasesHaveProvenance/impl_test.go +++ b/probes/releasesHaveProvenance/impl_test.go @@ -53,7 +53,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -81,8 +81,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, { @@ -110,8 +110,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -148,9 +148,9 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomePositive, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeTrue, + finding.OutcomeFalse, }, }, { @@ -210,11 +210,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, } diff --git a/probes/requiresApproversForPullRequests/def.yml b/probes/requiresApproversForPullRequests/def.yml index 8766284e..7fa8ae5f 100644 --- a/probes/requiresApproversForPullRequests/def.yml +++ b/probes/requiresApproversForPullRequests/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > The probe checks the number of required approvers in default and release branches of the project. outcome: - - The probe returns one OutcomePositive for each branch that requires approval for PRs, and one OutcomeNegative for branches that don't. + - The probe returns one OutcomeTrue for each branch that requires approval for PRs, and one OutcomeFalse for branches that don't. remediation: effort: High text: diff --git a/probes/requiresApproversForPullRequests/impl.go b/probes/requiresApproversForPullRequests/impl.go index 1e4ed23f..29578aac 100644 --- a/probes/requiresApproversForPullRequests/impl.go +++ b/probes/requiresApproversForPullRequests/impl.go @@ -77,10 +77,10 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f = f.WithMessage(nilMsg).WithOutcome(finding.OutcomeNotAvailable) case *p > 0: msg := fmt.Sprintf("required approving review count is %d on branch '%s'", *p, *branch.Name) - f = f.WithMessage(msg).WithOutcome(finding.OutcomePositive) + f = f.WithMessage(msg).WithOutcome(finding.OutcomeTrue) f = f.WithValue(RequiredReviewersKey, strconv.Itoa(int(*p))) case *p == 0: - f = f.WithMessage(falseMsg).WithOutcome(finding.OutcomeNegative) + f = f.WithMessage(falseMsg).WithOutcome(finding.OutcomeFalse) f = f.WithValue(RequiredReviewersKey, strconv.Itoa(int(*p))) default: return nil, Probe, fmt.Errorf("create finding: %w", errWrongValue) diff --git a/probes/requiresApproversForPullRequests/impl_test.go b/probes/requiresApproversForPullRequests/impl_test.go index db5fa9c4..7b555f17 100644 --- a/probes/requiresApproversForPullRequests/impl_test.go +++ b/probes/requiresApproversForPullRequests/impl_test.go @@ -42,7 +42,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "1 branch requires 1 reviewer = 1 positive outcome = 1 positive outcome", + name: "1 branch requires 1 reviewer = 1 true outcome = 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -58,11 +58,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "2 branch require 1 reviewer each = 2 positive outcomes = 2 positive outcomes", + name: "2 branch require 1 reviewer each = 2 true outcomes = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -86,11 +86,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "1 branch requires 1 reviewer and 1 branch requires 0 reviewers = 1 positive and 1 negative", + name: "1 branch requires 1 reviewer and 1 branch requires 0 reviewers = 1 true and 1 false", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -114,11 +114,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "1 branch requires 0 reviewers and 1 branch requires 1 reviewer = 1 negative and 1 positive", + name: "1 branch requires 0 reviewers and 1 branch requires 1 reviewer = 1 false and 1 true", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -142,11 +142,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "1 branch requires 0 reviewers and 1 branch lacks data = 1 negative and 1 unavailable", + name: "1 branch requires 0 reviewers and 1 branch lacks data = 1 false and 1 unavailable", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -170,7 +170,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/requiresCodeOwnersReview/def.yml b/probes/requiresCodeOwnersReview/def.yml index ccb9fa74..aa829863 100644 --- a/probes/requiresCodeOwnersReview/def.yml +++ b/probes/requiresCodeOwnersReview/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > The probe checks which branches require code owner reviews. The probe only considers default and release branches. outcome: - - The probe returns one OutcomePositive for each branch that requires code owner review for PRs, and one OutcomeNegative for branches that don't. + - The probe returns one OutcomeTrue for each branch that requires code owner review for PRs, and one OutcomeFalse for branches that don't. remediation: effort: High text: diff --git a/probes/requiresCodeOwnersReview/impl.go b/probes/requiresCodeOwnersReview/impl.go index bb959629..11e37d24 100644 --- a/probes/requiresCodeOwnersReview/impl.go +++ b/probes/requiresCodeOwnersReview/impl.go @@ -67,13 +67,13 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { outcome = finding.OutcomeNotAvailable case !*reqOwnerReviews: text = fmt.Sprintf("codeowners review is not required on branch '%s'", *branch.Name) - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse case len(r.CodeownersFiles) == 0: text = "codeowners review is required - but no codeowners file found in repo" - outcome = finding.OutcomeNegative + outcome = finding.OutcomeFalse default: text = fmt.Sprintf("codeowner review is required on branch '%s'", *branch.Name) - outcome = finding.OutcomePositive + outcome = finding.OutcomeTrue } f, err := finding.NewWith(fs, Probe, text, nil, outcome) if err != nil { diff --git a/probes/requiresCodeOwnersReview/impl_test.go b/probes/requiresCodeOwnersReview/impl_test.go index a1917ebe..b98fe9ad 100644 --- a/probes/requiresCodeOwnersReview/impl_test.go +++ b/probes/requiresCodeOwnersReview/impl_test.go @@ -41,7 +41,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "1 branch requires code owner reviews with files = 1 positive outcome", + name: "1 branch requires code owner reviews with files = 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -58,11 +58,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "1 branch requires code owner reviews without files = 1 negative outcome", + name: "1 branch requires code owner reviews without files = 1 false outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -79,11 +79,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { - name: "2 branches require code owner reviews with files = 2 positive outcomes", + name: "2 branches require code owner reviews with files = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -108,11 +108,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "2 branches require code owner reviews with files = 2 positive outcomes", + name: "2 branches require code owner reviews with files = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -137,11 +137,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "1 branches require code owner reviews and 1 branch doesn't with files = 1 positive 1 negative", + name: "1 branches require code owner reviews and 1 branch doesn't with files = 1 true 1 false", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -166,11 +166,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "Requires code owner reviews on 1/2 branches - without files = 1 positive and 1 negative", + name: "Requires code owner reviews on 1/2 branches - without files = 1 true and 1 false", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -195,11 +195,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "Requires code owner reviews on 1/2 branches - with files = 1 negative and 1 positive", + name: "Requires code owner reviews on 1/2 branches - with files = 1 false and 1 true", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -224,11 +224,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "Requires code owner reviews on 1/2 branches - without files = 2 negative", + name: "Requires code owner reviews on 1/2 branches - without files = 2 false", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -253,11 +253,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNegative, + finding.OutcomeFalse, finding.OutcomeFalse, }, }, { - name: "1 branch does not require code owner review and 1 lacks data = 1 negative and 1 unavailable", + name: "1 branch does not require code owner review and 1 lacks data = 1 false and 1 unavailable", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -282,7 +282,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/requiresLastPushApproval/def.yml b/probes/requiresLastPushApproval/def.yml index d8c7e288..82070b8d 100644 --- a/probes/requiresLastPushApproval/def.yml +++ b/probes/requiresLastPushApproval/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > The probe checks the protection rules of default and release branches branches. outcome: - - The probe returns one OutcomePositive for each branch that requires approval of the most recent push, and one OutcomeNegative for branches that don't. + - The probe returns one OutcomeTrue for each branch that requires approval of the most recent push, and one OutcomeFalse for branches that don't. remediation: effort: High text: diff --git a/probes/requiresLastPushApproval/impl_test.go b/probes/requiresLastPushApproval/impl_test.go index 3864797c..66932144 100644 --- a/probes/requiresLastPushApproval/impl_test.go +++ b/probes/requiresLastPushApproval/impl_test.go @@ -41,7 +41,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "1 branch requires last push approval = 1 positive outcome", + name: "1 branch requires last push approval = 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -55,11 +55,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "2 branches requires last push approval = 2 positive outcomes", + name: "2 branches requires last push approval = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -79,11 +79,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "Last push approval enabled on 1/2 branches = 1 positive and 1 negative outcomes", + name: "Last push approval enabled on 1/2 branches = 1 true and 1 false outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -103,11 +103,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "Last push approval enabled on 1/2 branches = 1 negative and 1 positive outcomes", + name: "Last push approval enabled on 1/2 branches = 1 false and 1 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -127,11 +127,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "1 branch does not require last push approval and 1 lacks data = 1 negative and 1 unavailable", + name: "1 branch does not require last push approval and 1 lacks data = 1 false and 1 unavailable", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -151,7 +151,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/requiresPRsToChangeCode/def.yml b/probes/requiresPRsToChangeCode/def.yml index 01bdeb8a..3cf1a0ab 100644 --- a/probes/requiresPRsToChangeCode/def.yml +++ b/probes/requiresPRsToChangeCode/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > The probe checks which branches require pull requests to change the branches' code. The probe only considers default and release branches. outcome: - - The probe returns one OutcomePositive for each branch that requires pull requests to change code, and one OutcomeNegative for branches that don't. + - The probe returns one OutcomeTrue for each branch that requires pull requests to change code, and one OutcomeFalse for branches that don't. remediation: effort: Low text: diff --git a/probes/requiresPRsToChangeCode/impl.go b/probes/requiresPRsToChangeCode/impl.go index f35381eb..67d08448 100644 --- a/probes/requiresPRsToChangeCode/impl.go +++ b/probes/requiresPRsToChangeCode/impl.go @@ -78,9 +78,9 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { case p == nil: f = f.WithMessage(nilMsg).WithOutcome(finding.OutcomeNotAvailable) case *p: - f = f.WithMessage(trueMsg).WithOutcome(finding.OutcomePositive) + f = f.WithMessage(trueMsg).WithOutcome(finding.OutcomeTrue) case !*p: - f = f.WithMessage(falseMsg).WithOutcome(finding.OutcomeNegative) + f = f.WithMessage(falseMsg).WithOutcome(finding.OutcomeFalse) default: return nil, Probe, fmt.Errorf("create finding: %w", errWrongValue) } diff --git a/probes/requiresPRsToChangeCode/impl_test.go b/probes/requiresPRsToChangeCode/impl_test.go index eba250df..4dcbfb3b 100644 --- a/probes/requiresPRsToChangeCode/impl_test.go +++ b/probes/requiresPRsToChangeCode/impl_test.go @@ -56,11 +56,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "2 branches require PRs to change code = 2 positive outcomes", + name: "2 branches require PRs to change code = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -84,11 +84,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "1 branches require PRs to change code and 1 branch doesn't = 1 positive 1 negative", + name: "1 branches require PRs to change code and 1 branch doesn't = 1 true 1 false", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -112,11 +112,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "Requires PRs to change code on 1/2 branches = 1 negative and 1 positive", + name: "Requires PRs to change code on 1/2 branches = 1 false and 1 true", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -140,11 +140,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "1 branch does not require PRs to change code and 1 lacks data = 1 negative and 1 unavailable", + name: "1 branch does not require PRs to change code and 1 lacks data = 1 false and 1 unavailable", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -168,7 +168,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/requiresUpToDateBranches/def.yml b/probes/requiresUpToDateBranches/def.yml index 4c27b2f6..710a404c 100644 --- a/probes/requiresUpToDateBranches/def.yml +++ b/probes/requiresUpToDateBranches/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > The probe checks the branch protection rules of default and release branches in the repository. outcome: - - The probe returns one OutcomePositive for each branch that requires PRs to be in sync with the base branch, and one OutcomeNegative for branches that don't. + - The probe returns one OutcomeTrue for each branch that requires PRs to be in sync with the base branch, and one OutcomeFalse for branches that don't. remediation: effort: High text: diff --git a/probes/requiresUpToDateBranches/impl_test.go b/probes/requiresUpToDateBranches/impl_test.go index a2cd6ee5..4ac3f47c 100644 --- a/probes/requiresUpToDateBranches/impl_test.go +++ b/probes/requiresUpToDateBranches/impl_test.go @@ -41,7 +41,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "1 branch requires up-to-date before merge = 1 positive outcome", + name: "1 branch requires up-to-date before merge = 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -57,11 +57,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "2 branches require up-to-date before merge = 2 positive outcomes", + name: "2 branches require up-to-date before merge = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -85,11 +85,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "Requires up to date branches on 1/2 branches = 1 positive and 1 negative outcomes", + name: "Requires up to date branches on 1/2 branches = 1 true and 1 false outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -113,11 +113,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "Requires up to date branches on 1/2 branches = 1 negative and 1 positive outcomes", + name: "Requires up to date branches on 1/2 branches = 1 false and 1 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -141,11 +141,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "1 branch does no require up-to-date before merge and 1 branch lacks data= 1 positive & 1 unavailable", + name: "1 branch does no require up-to-date before merge and 1 branch lacks data= 1 true & 1 unavailable", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -169,7 +169,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNotAvailable, + finding.OutcomeFalse, finding.OutcomeNotAvailable, }, }, } diff --git a/probes/runsStatusChecksBeforeMerging/def.yml b/probes/runsStatusChecksBeforeMerging/def.yml index 9a55d13f..88d0ce68 100644 --- a/probes/runsStatusChecksBeforeMerging/def.yml +++ b/probes/runsStatusChecksBeforeMerging/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > The probe checks the rules for default and release branches in the projects repository. outcome: - - The probe returns one OutcomePositive for each branch that runs required status checks, and one OutcomeNegative for branches that don't. + - The probe returns one OutcomeTrue for each branch that runs required status checks, and one OutcomeFalse for branches that don't. remediation: effort: Medium text: diff --git a/probes/runsStatusChecksBeforeMerging/impl.go b/probes/runsStatusChecksBeforeMerging/impl.go index c42001b6..6b8c6a5a 100644 --- a/probes/runsStatusChecksBeforeMerging/impl.go +++ b/probes/runsStatusChecksBeforeMerging/impl.go @@ -63,14 +63,14 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { case len(branch.BranchProtectionRule.CheckRules.Contexts) > 0: f, err = finding.NewWith(fs, Probe, fmt.Sprintf("status check found to merge onto on branch '%s'", *branch.Name), nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } default: f, err = finding.NewWith(fs, Probe, fmt.Sprintf("no status checks found to merge onto branch '%s'", *branch.Name), nil, - finding.OutcomeNegative) + finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/runsStatusChecksBeforeMerging/impl_test.go b/probes/runsStatusChecksBeforeMerging/impl_test.go index 13472f27..d0c61021 100644 --- a/probes/runsStatusChecksBeforeMerging/impl_test.go +++ b/probes/runsStatusChecksBeforeMerging/impl_test.go @@ -40,7 +40,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "Runs status checks on 1/1 branches with contexts = 1 positive outcome", + name: "Runs status checks on 1/1 branches with contexts = 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -56,11 +56,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { - name: "Runs status checks on 2/2 branches with contexts = 2 positive outcomes", + name: "Runs status checks on 2/2 branches with contexts = 2 true outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -84,11 +84,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeTrue, finding.OutcomeTrue, }, }, { - name: "Runs status checks on 1/2 branches = 1 positive and 1 negative outcome", + name: "Runs status checks on 1/2 branches = 1 true and 1 false outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -112,11 +112,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, { - name: "Runs status checks on 1/2 branches = 1 negative and 1 positive outcome", + name: "Runs status checks on 1/2 branches = 1 false and 1 true outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -140,11 +140,11 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, }, }, { - name: "Runs status checks on 0/2 branches = 2 negative outcomes", + name: "Runs status checks on 0/2 branches = 2 false outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ @@ -168,7 +168,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomeNegative, + finding.OutcomeFalse, finding.OutcomeFalse, }, }, } diff --git a/probes/sastToolConfigured/def.yml b/probes/sastToolConfigured/def.yml index 71e6ed8f..aea134c5 100644 --- a/probes/sastToolConfigured/def.yml +++ b/probes/sastToolConfigured/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The implementation checks for evidence of various SAST tools. This includes configuration files, GitHub Action workflows, and GitHub PR check annotations. outcome: - - If the project uses a SAST tool we can detect, the probe returns one finding per tool with OutcomePositive. - - If the project does not use a SAST tool, or uses a tool we dont currently detect, the probe returns one finding with OutcomeNegative. + - If the project uses a SAST tool we can detect, the probe returns one finding per tool with OutcomeTrue. + - If the project does not use a SAST tool, or uses a tool we dont currently detect, the probe returns one finding with OutcomeFalse. remediation: effort: Medium text: diff --git a/probes/sastToolConfigured/impl.go b/probes/sastToolConfigured/impl.go index 0cebfae7..7e3d12f2 100644 --- a/probes/sastToolConfigured/impl.go +++ b/probes/sastToolConfigured/impl.go @@ -45,7 +45,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { r := raw.SASTResults if len(r.Workflows) == 0 { - f, err := finding.NewWith(fs, Probe, "no SAST configuration files detected", nil, finding.OutcomeNegative) + f, err := finding.NewWith(fs, Probe, "no SAST configuration files detected", nil, finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -56,7 +56,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { for i := range r.Workflows { tool := string(r.Workflows[i].Type) loc := r.Workflows[i].File.Location() - f, err := finding.NewWith(fs, Probe, "SAST configuration detected: "+tool, loc, finding.OutcomePositive) + f, err := finding.NewWith(fs, Probe, "SAST configuration detected: "+tool, loc, finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/sastToolConfigured/impl_test.go b/probes/sastToolConfigured/impl_test.go index 7b4ea658..2f976b3d 100644 --- a/probes/sastToolConfigured/impl_test.go +++ b/probes/sastToolConfigured/impl_test.go @@ -49,7 +49,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -71,9 +71,9 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, } @@ -172,7 +172,7 @@ func assertTools(tb testing.TB, findings []finding.Finding, tools []string) { tb.Fatalf("mismatch between number of finding (%d) and tools (%d)", len(findings), len(tools)) } for i, f := range findings { - if f.Outcome != finding.OutcomePositive { + if f.Outcome != finding.OutcomeTrue { tb.Errorf("outcome (%v) shouldn't have a tool field", f.Outcome) } tool, ok := f.Values[ToolKey] diff --git a/probes/sastToolRunsOnAllCommits/def.yml b/probes/sastToolRunsOnAllCommits/def.yml index 1720a9ad..6f964a25 100644 --- a/probes/sastToolRunsOnAllCommits/def.yml +++ b/probes/sastToolRunsOnAllCommits/def.yml @@ -20,8 +20,8 @@ implementation: > The implementation iterates through the projects commits and checks whether any of the check runs for the commits associated merge request was any of the SAST tools that Scorecard supports. outcome: - If the project had no commits merged, the probe returns a finding with OutcomeNotApplicable. - - If the project runs SAST tools successfully on every pull request before merging, the probe returns one finding with OutcomePositive (1). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. - - If the project does not run any SAST tools successfully on every pull request before merging, the probe returns one finding with OutcomeNegative (0). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. + - If the project runs SAST tools successfully on every pull request before merging, the probe returns one finding with OutcomeTrue (1). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. + - If the project does not run any SAST tools successfully on every pull request before merging, the probe returns one finding with OutcomeFalse (0). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. remediation: effort: Low text: diff --git a/probes/sastToolRunsOnAllCommits/impl.go b/probes/sastToolRunsOnAllCommits/impl.go index 08bc3716..e2d655ef 100644 --- a/probes/sastToolRunsOnAllCommits/impl.go +++ b/probes/sastToolRunsOnAllCommits/impl.go @@ -50,7 +50,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { f, err := finding.NewWith(fs, Probe, "", nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -76,11 +76,11 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if totalPullRequestsAnalyzed == totalPullRequestsMerged { msg := fmt.Sprintf("all commits (%v) are checked with a SAST tool", totalPullRequestsMerged) - f = f.WithOutcome(finding.OutcomePositive).WithMessage(msg) + f = f.WithOutcome(finding.OutcomeTrue).WithMessage(msg) } else { msg := fmt.Sprintf("%v commits out of %v are checked with a SAST tool", totalPullRequestsAnalyzed, totalPullRequestsMerged) - f = f.WithOutcome(finding.OutcomeNegative).WithMessage(msg) + f = f.WithOutcome(finding.OutcomeFalse).WithMessage(msg) } return []finding.Finding{*f}, Probe, nil } diff --git a/probes/sastToolRunsOnAllCommits/impl_test.go b/probes/sastToolRunsOnAllCommits/impl_test.go index 050de598..9c9b6cb3 100644 --- a/probes/sastToolRunsOnAllCommits/impl_test.go +++ b/probes/sastToolRunsOnAllCommits/impl_test.go @@ -36,7 +36,7 @@ func Test_Run(t *testing.T) { expectedFindings []finding.Finding }{ { - name: "any unchecked commits leads to negative outcome", + name: "any unchecked commits leads to false outcome", err: nil, raw: &checker.RawResults{ SASTResults: checker.SASTData{ @@ -51,13 +51,13 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, expectedFindings: []finding.Finding{ { Probe: Probe, Message: "1 commits out of 2 are checked with a SAST tool", - Outcome: finding.OutcomeNegative, + Outcome: finding.OutcomeFalse, Values: map[string]string{ AnalyzedPRsKey: "1", TotalPRsKey: "2", @@ -66,7 +66,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "all commits checked is positive outcome", + name: "all commits checked is true outcome", err: nil, raw: &checker.RawResults{ SASTResults: checker.SASTData{ @@ -81,13 +81,13 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, expectedFindings: []finding.Finding{ { Probe: Probe, Message: "all commits (2) are checked with a SAST tool", - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Values: map[string]string{ AnalyzedPRsKey: "2", TotalPRsKey: "2", diff --git a/probes/securityPolicyContainsLinks/def.yml b/probes/securityPolicyContainsLinks/def.yml index 4f5502a9..9c34ddd8 100644 --- a/probes/securityPolicyContainsLinks/def.yml +++ b/probes/securityPolicyContainsLinks/def.yml @@ -19,9 +19,9 @@ motivation: > implementation: > The implementation looks for strings "http(s)://" to find URLs; and for strings "...@..." for email addresses. outcome: - - If links are found, one finding with OutcomePositive (1) is returned for each file. - - If no links are found, one finding with OutcomeNegative (0) is returned for each file. - - If no file is found, one finding with OutcomeNegative (0) is returned. + - If links are found, one finding with OutcomeTrue (1) is returned for each file. + - If no links are found, one finding with OutcomeFalse (0) is returned for each file. + - If no file is found, one finding with OutcomeFalse (0) is returned. remediation: effort: Low text: diff --git a/probes/securityPolicyContainsLinks/impl.go b/probes/securityPolicyContainsLinks/impl.go index 6f180b95..65debdaf 100644 --- a/probes/securityPolicyContainsLinks/impl.go +++ b/probes/securityPolicyContainsLinks/impl.go @@ -47,14 +47,14 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { urls := secpolicy.CountSecInfo(policy.Information, checker.SecurityPolicyInformationTypeLink, true) if (urls + emails) > 0 { - f, err := finding.NewPositive(fs, Probe, + f, err := finding.NewTrue(fs, Probe, "Found linked content", policy.File.Location()) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } findings = append(findings, *f) } else { - f, err := finding.NewNegative(fs, Probe, + f, err := finding.NewFalse(fs, Probe, "no linked content found", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) @@ -64,7 +64,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } if len(findings) == 0 { - f, err := finding.NewNegative(fs, Probe, "no security file to analyze", nil) + f, err := finding.NewFalse(fs, Probe, "no security file to analyze", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/securityPolicyContainsLinks/impl_test.go b/probes/securityPolicyContainsLinks/impl_test.go index 67e3bd45..4973f586 100644 --- a/probes/securityPolicyContainsLinks/impl_test.go +++ b/probes/securityPolicyContainsLinks/impl_test.go @@ -51,7 +51,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -77,7 +77,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -103,7 +103,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -121,7 +121,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -147,7 +147,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -173,7 +173,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -197,8 +197,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -230,8 +230,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomeNegative, + finding.OutcomeTrue, + finding.OutcomeFalse, }, }, { @@ -263,15 +263,15 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomeNegative, + finding.OutcomeTrue, + finding.OutcomeFalse, }, }, { name: "file not present", raw: &checker.RawResults{}, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { diff --git a/probes/securityPolicyContainsText/def.yml b/probes/securityPolicyContainsText/def.yml index 8b9b3564..4e4995d3 100644 --- a/probes/securityPolicyContainsText/def.yml +++ b/probes/securityPolicyContainsText/def.yml @@ -19,9 +19,9 @@ motivation: > implementation: > The implementation checks that the content of the SECURITY.md contains more than just a link or an email address. It does this by comparing the length of the content to the lengths of the links and email addresses. outcome: - - If links are found, one finding with OutcomePositive (1) is returned for each file. - - If no links are found, one finding with OutcomeNegative (0) is returned for each file. - - If no file is found, one finding with OutcomeNegative (0) is returned. + - If links are found, one finding with OutcomeTrue (1) is returned for each file. + - If no links are found, one finding with OutcomeFalse (0) is returned for each file. + - If no file is found, one finding with OutcomeFalse (0) is returned. remediation: effort: Low text: diff --git a/probes/securityPolicyContainsText/impl.go b/probes/securityPolicyContainsText/impl.go index f731a251..309f7a8e 100644 --- a/probes/securityPolicyContainsText/impl.go +++ b/probes/securityPolicyContainsText/impl.go @@ -54,14 +54,14 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } if policy.File.FileSize > 1 && (policy.File.FileSize > uint(linkedContentLen+((urls+emails)*2))) { - f, err := finding.NewPositive(fs, Probe, + f, err := finding.NewTrue(fs, Probe, "Found text in security policy", policy.File.Location()) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } findings = append(findings, *f) } else { - f, err := finding.NewNegative(fs, Probe, + f, err := finding.NewFalse(fs, Probe, "No text (besides links / emails) found in security policy", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) @@ -71,7 +71,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } if len(findings) == 0 { - f, err := finding.NewNegative(fs, Probe, "no security file to analyze", nil) + f, err := finding.NewFalse(fs, Probe, "no security file to analyze", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/securityPolicyContainsText/impl_test.go b/probes/securityPolicyContainsText/impl_test.go index bc2a472b..3eeebaa1 100644 --- a/probes/securityPolicyContainsText/impl_test.go +++ b/probes/securityPolicyContainsText/impl_test.go @@ -51,7 +51,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -83,7 +83,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -116,7 +116,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -149,7 +149,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -167,7 +167,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -199,7 +199,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -232,7 +232,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -265,7 +265,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -289,8 +289,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -329,8 +329,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -369,15 +369,15 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomeNegative, + finding.OutcomeTrue, + finding.OutcomeFalse, }, }, { name: "file not present", raw: &checker.RawResults{}, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { diff --git a/probes/securityPolicyContainsVulnerabilityDisclosure/def.yml b/probes/securityPolicyContainsVulnerabilityDisclosure/def.yml index dd4b57f9..117447ea 100644 --- a/probes/securityPolicyContainsVulnerabilityDisclosure/def.yml +++ b/probes/securityPolicyContainsVulnerabilityDisclosure/def.yml @@ -19,9 +19,9 @@ motivation: > implementation: > The implementation looks for strings "Disclos" and "Vuln". outcome: - - If information about the disclosure process is found in a security policy file, the probe returns one finding with OutcomePositive (1) for each file. - - If no information about the disclosure process is found, the probe returns one finding with OutcomeNegative (0) for each file. - - if no file is present, the probe returns one finding with OutcomeNegative (0). + - If information about the disclosure process is found in a security policy file, the probe returns one finding with OutcomeTrue (1) for each file. + - If no information about the disclosure process is found, the probe returns one finding with OutcomeFalse (0) for each file. + - if no file is present, the probe returns one finding with OutcomeFalse (0). remediation: effort: Low text: diff --git a/probes/securityPolicyContainsVulnerabilityDisclosure/impl.go b/probes/securityPolicyContainsVulnerabilityDisclosure/impl.go index e122c751..d5656fd7 100644 --- a/probes/securityPolicyContainsVulnerabilityDisclosure/impl.go +++ b/probes/securityPolicyContainsVulnerabilityDisclosure/impl.go @@ -45,14 +45,14 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { policy := &policies[i] discvuls := secpolicy.CountSecInfo(policy.Information, checker.SecurityPolicyInformationTypeText, false) if discvuls > 1 { - f, err := finding.NewPositive(fs, Probe, + f, err := finding.NewTrue(fs, Probe, "Found disclosure, vulnerability, and/or timelines in security policy", policy.File.Location()) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } findings = append(findings, *f) } else { - f, err := finding.NewNegative(fs, Probe, + f, err := finding.NewFalse(fs, Probe, "One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) @@ -62,7 +62,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } if len(findings) == 0 { - f, err := finding.NewNegative(fs, Probe, "no security file to analyze", nil) + f, err := finding.NewFalse(fs, Probe, "no security file to analyze", nil) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/securityPolicyContainsVulnerabilityDisclosure/impl_test.go b/probes/securityPolicyContainsVulnerabilityDisclosure/impl_test.go index 7d926ab4..1efe1bba 100644 --- a/probes/securityPolicyContainsVulnerabilityDisclosure/impl_test.go +++ b/probes/securityPolicyContainsVulnerabilityDisclosure/impl_test.go @@ -51,7 +51,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -77,7 +77,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -100,7 +100,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -118,7 +118,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -144,7 +144,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -167,7 +167,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -191,8 +191,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, - finding.OutcomeNegative, + finding.OutcomeFalse, + finding.OutcomeFalse, }, }, { @@ -224,15 +224,15 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomeNegative, + finding.OutcomeTrue, + finding.OutcomeFalse, }, }, { name: "file not present", raw: &checker.RawResults{}, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { diff --git a/probes/securityPolicyPresent/def.yml b/probes/securityPolicyPresent/def.yml index 21491712..521156ed 100644 --- a/probes/securityPolicyPresent/def.yml +++ b/probes/securityPolicyPresent/def.yml @@ -20,8 +20,8 @@ motivation: > implementation: > The implementation looks for the presence of security policy files in the repository or in '/.github' repository. See https://github.com/ossf/scorecard/blob/main/checks/raw/security_policy.go#L139 for a detailed list of filenames. outcome: - - If a security policy file is found, one finding with OutcomePositive (1) is returned. - - If no security file is found, one finding with OutcomeNegative (0) is returned. + - If a security policy file is found, one finding with OutcomeTrue (1) is returned. + - If no security file is found, one finding with OutcomeFalse (0) is returned. remediation: effort: Medium text: diff --git a/probes/securityPolicyPresent/impl.go b/probes/securityPolicyPresent/impl.go index 9cc9feb5..f0d2ec97 100644 --- a/probes/securityPolicyPresent/impl.go +++ b/probes/securityPolicyPresent/impl.go @@ -47,7 +47,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { for i := range files { file := &files[i] f, err := finding.NewWith(fs, Probe, "security policy file detected", - file.Location(), finding.OutcomePositive) + file.Location(), finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -58,7 +58,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { // No file found. if len(findings) == 0 { f, err := finding.NewWith(fs, Probe, "no security policy file detected", - nil, finding.OutcomeNegative) + nil, finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/securityPolicyPresent/impl_test.go b/probes/securityPolicyPresent/impl_test.go index c1f79a2e..fdc9bf70 100644 --- a/probes/securityPolicyPresent/impl_test.go +++ b/probes/securityPolicyPresent/impl_test.go @@ -51,7 +51,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -69,7 +69,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -93,15 +93,15 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, - finding.OutcomePositive, + finding.OutcomeTrue, + finding.OutcomeTrue, }, }, { name: "file not present", raw: &checker.RawResults{}, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { diff --git a/probes/testsRunInCI/def.yml b/probes/testsRunInCI/def.yml index fc3b9d03..09fc88e7 100644 --- a/probes/testsRunInCI/def.yml +++ b/probes/testsRunInCI/def.yml @@ -19,7 +19,7 @@ motivation: > implementation: > The probe checks for tests in the projects CI jobs in the recent commits (~30). outcome: - - The probe returns one OutcomePositive for each PR that ran CI tests and one OutcomeNegative for each PR that did not run CI tests. + - The probe returns one OutcomeTrue for each PR that ran CI tests and one OutcomeFalse for each PR that did not run CI tests. - The probe returns a single OutcomeNotApplicable if the projects has had no pull requests. remediation: effort: Medium diff --git a/probes/testsRunInCI/impl.go b/probes/testsRunInCI/impl.go index b4a81c85..dc7c3e60 100644 --- a/probes/testsRunInCI/impl.go +++ b/probes/testsRunInCI/impl.go @@ -82,7 +82,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if !prSuccessStatus && !prCheckSuccessful { f, err := finding.NewWith(fs, Probe, fmt.Sprintf("merged PR %d without CI test at HEAD: %s", r.PullRequestNumber, r.HeadSHA), - nil, finding.OutcomeNegative) + nil, finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -107,7 +107,7 @@ func prHasSuccessStatus(r checker.RevisionCIInfo) (bool, *finding.Finding, error f, err := finding.NewWith(fs, Probe, msg, nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return false, nil, fmt.Errorf("create finding: %w", err) } @@ -140,7 +140,7 @@ func prHasSuccessfulCheck(r checker.RevisionCIInfo) (bool, *finding.Finding, err f, err := finding.NewWith(fs, Probe, msg, nil, - finding.OutcomePositive) + finding.OutcomeTrue) if err != nil { return false, nil, fmt.Errorf("create finding: %w", err) } diff --git a/probes/testsRunInCI/impl_test.go b/probes/testsRunInCI/impl_test.go index 2569e167..889f2efe 100644 --- a/probes/testsRunInCI/impl_test.go +++ b/probes/testsRunInCI/impl_test.go @@ -72,7 +72,7 @@ func Test_Run(t *testing.T) { }, findings: []*finding.Finding{ { - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Probe: Probe, Message: "CI test found: pr: 1, context: e2e", Location: &finding.Location{Type: 4}, @@ -107,7 +107,7 @@ func Test_Run(t *testing.T) { }, findings: []*finding.Finding{ { - Outcome: finding.OutcomePositive, + Outcome: finding.OutcomeTrue, Probe: Probe, Message: "CI test found: pr: HeadSHA, context: CI-Tests", Location: &finding.Location{Type: 4}, diff --git a/probes/topLevelPermissions/def.yml b/probes/topLevelPermissions/def.yml index 44c122f8..8a0ee5e0 100644 --- a/probes/topLevelPermissions/def.yml +++ b/probes/topLevelPermissions/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe checks the permission level, the workflow type and the permission type of each workflow in the project. outcome: - - The probe returns 1 negative outcome per workflow with "write" permissions at the "top" level. - - The probe returns 1 positive outcome if the project has no workflows "write" permissions a the "top" level. + - The probe returns 1 false outcome per workflow with "write" permissions at the "top" level. + - The probe returns 1 true outcome if the project has no workflows "write" permissions a the "top" level. remediation: effort: Low text: diff --git a/probes/topLevelPermissions/impl.go b/probes/topLevelPermissions/impl.go index 41425f28..9749fe81 100644 --- a/probes/topLevelPermissions/impl.go +++ b/probes/topLevelPermissions/impl.go @@ -73,7 +73,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { findings = append(findings, *f) continue case checker.PermissionLevelRead: - f, err := permissions.ReadPositiveLevelFinding(Probe, fs, r, raw.Metadata.Metadata) + f, err := permissions.ReadTrueLevelFinding(Probe, fs, r, raw.Metadata.Metadata) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -96,7 +96,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } // Create finding - f, err := permissions.CreateNegativeFinding(r, Probe, fs, raw.Metadata.Metadata) + f, err := permissions.CreateFalseFinding(r, Probe, fs, raw.Metadata.Metadata) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -108,7 +108,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if len(findings) == 0 { f, err := finding.NewWith(fs, Probe, "no job-level permissions found", - nil, finding.OutcomePositive) + nil, finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/webhooksUseSecrets/def.yml b/probes/webhooksUseSecrets/def.yml index 3ac580cd..b168df9a 100644 --- a/probes/webhooksUseSecrets/def.yml +++ b/probes/webhooksUseSecrets/def.yml @@ -19,8 +19,8 @@ motivation: > implementation: > The probe checks all webhooks of a project and checks whether each uses secret authentication. outcome: - - If the project has any webhooks without secret authorization, the probe returns as many OutcomeNegative (0) as the project has webhooks without secret authorization and as many OutcomePositive as there are webhooks with secret authorization. All findings include the path to the webhook. - - If the project does not have any webhooks without secret authorization, the probe returns one OutcomePositive (1). + - If the project has any webhooks without secret authorization, the probe returns as many OutcomeFalse (0) as the project has webhooks without secret authorization and as many OutcomeTrue as there are webhooks with secret authorization. All findings include the path to the webhook. + - If the project does not have any webhooks without secret authorization, the probe returns one OutcomeTrue (1). remediation: effort: Low text: diff --git a/probes/webhooksUseSecrets/impl.go b/probes/webhooksUseSecrets/impl.go index ac0e3dce..a4d7726e 100644 --- a/probes/webhooksUseSecrets/impl.go +++ b/probes/webhooksUseSecrets/impl.go @@ -57,7 +57,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { if hook.UsesAuthSecret { msg := "Webhook with token authorization found." f, err := finding.NewWith(fs, Probe, - msg, nil, finding.OutcomePositive) + msg, nil, finding.OutcomeTrue) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } @@ -68,7 +68,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { } else { msg := "Webhook without token authorization found." f, err := finding.NewWith(fs, Probe, - msg, nil, finding.OutcomeNegative) + msg, nil, finding.OutcomeFalse) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) } diff --git a/probes/webhooksUseSecrets/impl_test.go b/probes/webhooksUseSecrets/impl_test.go index fd3d723a..3394132e 100644 --- a/probes/webhooksUseSecrets/impl_test.go +++ b/probes/webhooksUseSecrets/impl_test.go @@ -61,7 +61,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomePositive, + finding.OutcomeTrue, }, }, { @@ -78,7 +78,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, + finding.OutcomeFalse, }, }, { @@ -105,7 +105,7 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, finding.OutcomePositive, + finding.OutcomeFalse, finding.OutcomeTrue, finding.OutcomeTrue, }, }, { @@ -137,8 +137,8 @@ func Test_Run(t *testing.T) { }, }, outcomes: []finding.Outcome{ - finding.OutcomeNegative, finding.OutcomePositive, - finding.OutcomePositive, finding.OutcomeNegative, + finding.OutcomeFalse, finding.OutcomeTrue, + finding.OutcomeTrue, finding.OutcomeFalse, }, }, }