ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
3b7c46f779
scorecard/checks/evaluation/dependency_update_tool.go
laurentsimon 2fc48e3b38
Use Tool for raw fuzzing results (#1935) 
* updates

* updates
2022-05-21 01:43:09 +00:00

69 lines
2.3 KiB
Go
Raw Blame History

// Copyright 2020 Security Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package evaluation
import (
"fmt"
"github.com/ossf/scorecard/v4/checker"
sce "github.com/ossf/scorecard/v4/errors"
)
// DependencyUpdateTool applies the score policy for the Dependency-Update-Tool check.
func DependencyUpdateTool(name string, dl checker.DetailLogger,
r *checker.DependencyUpdateToolData,
) checker.CheckResult {
if r == nil {
e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
return checker.CreateRuntimeErrorResult(name, e)
}
// Apply the policy evaluation.
if r.Tools == nil || len(r.Tools) == 0 {
dl.Warn(&checker.LogMessage{
Text: `dependabot config file not detected in source location.
We recommend setting this configuration in code so it can be easily verified by others.`,
})
dl.Warn(&checker.LogMessage{
Text: `renovatebot config file not detected in source location.
We recommend setting this configuration in code so it can be easily verified by others.`,
})
return checker.CreateMinScoreResult(name, "no update tool detected")
}
// Validate the input.
if len(r.Tools) != 1 {
e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("found %d tools, expected 1", len(r.Tools)))
return checker.CreateRuntimeErrorResult(name, e)
}
if r.Tools[0].File == nil {
e := sce.WithMessage(sce.ErrScorecardInternal, "File is nil")
return checker.CreateRuntimeErrorResult(name, e)
}
// Note: only one file per tool is present,
// so we do not iterate thru all entries.
dl.Info(&checker.LogMessage{
Path: r.Tools[0].File.Path,
Type: r.Tools[0].File.Type,
Offset: r.Tools[0].File.Offset,
Text: fmt.Sprintf("%s detected", r.Tools[0].Name),
})
// High score result.
return checker.CreateMaxScoreResult(name, "update tool detected")
}
Reference in New Issue View Git Blame Copy Permalink