From d528b6e6262fbd8667bde1f7c8ad38078953cdb4 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 3 Jun 2021 17:12:56 -0700
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Cleanup=20code=20for=20github=20tok?=
 =?UTF-8?q?ens=20#534=20(#539)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* missed comments

* comments
---
 checks/permissions.go | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/checks/permissions.go b/checks/permissions.go
index 93df256c..77a13427 100644
--- a/checks/permissions.go
+++ b/checks/permissions.go
@@ -17,6 +17,7 @@ package checks
 import (
 	"errors"
 	"fmt"
+	"strings"
 
 	"gopkg.in/yaml.v2"
 
@@ -39,15 +40,16 @@ func leastPrivilegedTokens(c *checker.CheckRequest) checker.CheckResult {
 
 func validatePermission(key string, value interface{}, path string,
 	logf func(s string, f ...interface{})) (bool, error) {
-	switch val := value.(type) {
-	case string:
-		if val == "write" {
-			logf("!! token-permissions/github-token - %v permission set to '%v' in %v", key, val, path)
-			return false, nil
-		}
-	default:
+	val, ok := value.(string)
+	if !ok {
 		return false, ErrInvalidGitHubWorkflowFile
 	}
+
+	if strings.EqualFold(val, "write") {
+		logf("!! token-permissions/github-token - %v permission set to '%v' in %v", key, val, path)
+		return false, nil
+	}
+
 	return true, nil
 }
 
@@ -59,20 +61,18 @@ func validateMapPermissions(values map[interface{}]interface{}, path string,
 
 	// Iterate over the permission, verify keys and values are strings.
 	for k, v := range values {
-		switch key := k.(type) {
-		// String type.
-		case string:
-			if r, err = validatePermission(key, v, path, logf); err != nil {
-				return false, err
-			}
-
-			if !r {
-				permissionRead = false
-			}
-		// Invalid type.
-		default:
+		key, ok := k.(string)
+		if !ok {
 			return false, ErrInvalidGitHubWorkflowFile
 		}
+
+		if r, err = validatePermission(key, v, path, logf); err != nil {
+			return false, err
+		}
+
+		if !r {
+			permissionRead = false
+		}
 	}
 	return permissionRead, nil
 }
@@ -100,7 +100,7 @@ func validateReadPermissions(config map[interface{}]interface{}, path string,
 
 		// String type.
 		case string:
-			if val != "read-all" && val != "" {
+			if !strings.EqualFold(val, "read-all") && val != "" {
 				logf("!! token-permissions/github-token - permission set to '%v' in %v", val, path)
 				return false, nil
 			}