mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
66b3d8ce5c
* 🌱 Bump github.com/golangci/golangci-lint in /tools Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.44.2 to 1.45.0. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * golangci-lint: Surface and fix as many lint warnings automatically Signed-off-by: Stephen Augustus <foo@auggie.dev> * generated: Run golangci-lint with `fix: true` Signed-off-by: Stephen Augustus <foo@auggie.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stephen Augustus <foo@auggie.dev>
174 lines
5.1 KiB
Go
174 lines
5.1 KiB
Go
// Copyright 2020 Security Scorecard Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package fileparser
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"path"
|
|
"strings"
|
|
|
|
"github.com/ossf/scorecard/v4/clients"
|
|
sce "github.com/ossf/scorecard/v4/errors"
|
|
)
|
|
|
|
// isMatchingPath uses 'pattern' to shell-match the 'path' and its filename
|
|
// 'caseSensitive' indicates the match should be case-sensitive. Default: no.
|
|
func isMatchingPath(fullpath string, matchPathTo PathMatcher) (bool, error) {
|
|
pattern := matchPathTo.Pattern
|
|
if !matchPathTo.CaseSensitive {
|
|
pattern = strings.ToLower(matchPathTo.Pattern)
|
|
fullpath = strings.ToLower(fullpath)
|
|
}
|
|
|
|
filename := path.Base(fullpath)
|
|
match, err := path.Match(pattern, fullpath)
|
|
if err != nil {
|
|
return false, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("%v: %v", errInternalFilenameMatch, err))
|
|
}
|
|
|
|
// No match on the fullpath, let's try on the filename only.
|
|
if !match {
|
|
if match, err = path.Match(pattern, filename); err != nil {
|
|
return false, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("%v: %v", errInternalFilenameMatch, err))
|
|
}
|
|
}
|
|
|
|
return match, nil
|
|
}
|
|
|
|
func isTestdataFile(fullpath string) bool {
|
|
// testdata/ or /some/dir/testdata/some/other
|
|
return strings.HasPrefix(fullpath, "testdata/") ||
|
|
strings.Contains(fullpath, "/testdata/")
|
|
}
|
|
|
|
// PathMatcher represents a query for a filepath.
|
|
type PathMatcher struct {
|
|
Pattern string
|
|
CaseSensitive bool
|
|
}
|
|
|
|
// DoWhileTrueOnFileContent takes a filepath, its content and
|
|
// optional variadic args. It returns a boolean indicating whether
|
|
// iterating over next files should continue.
|
|
type DoWhileTrueOnFileContent func(path string, content []byte, args ...interface{}) (bool, error)
|
|
|
|
// OnMatchingFileContentDo matches all files listed by `repoClient` against `matchPathTo`
|
|
// and on every successful match, runs onFileContent fn on the file's contents.
|
|
// Continues iterating along the matched files until onFileContent returns
|
|
// either a false value or an error.
|
|
func OnMatchingFileContentDo(repoClient clients.RepoClient, matchPathTo PathMatcher,
|
|
onFileContent DoWhileTrueOnFileContent, args ...interface{},
|
|
) error {
|
|
predicate := func(filepath string) (bool, error) {
|
|
// Filter out test files.
|
|
if isTestdataFile(filepath) {
|
|
return false, nil
|
|
}
|
|
// Filter out files based on path/names using the pattern.
|
|
b, err := isMatchingPath(filepath, matchPathTo)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return b, nil
|
|
}
|
|
|
|
matchedFiles, err := repoClient.ListFiles(predicate)
|
|
if err != nil {
|
|
return fmt.Errorf("error during ListFiles: %w", err)
|
|
}
|
|
|
|
for _, file := range matchedFiles {
|
|
content, err := repoClient.GetFileContent(file)
|
|
if err != nil {
|
|
return fmt.Errorf("error during GetFileContent: %w", err)
|
|
}
|
|
|
|
continueIter, err := onFileContent(file, content, args...)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !continueIter {
|
|
break
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// DoWhileTrueOnFilename takes a filename and optional variadic args and returns
|
|
// true if the next filename should continue to be processed.
|
|
type DoWhileTrueOnFilename func(path string, args ...interface{}) (bool, error)
|
|
|
|
// OnAllFilesDo iterates through all files returned by `repoClient` and
|
|
// calls `onFile` fn on them until `onFile` returns error or a false value.
|
|
func OnAllFilesDo(repoClient clients.RepoClient, onFile DoWhileTrueOnFilename, args ...interface{}) error {
|
|
matchedFiles, err := repoClient.ListFiles(func(string) (bool, error) { return true, nil })
|
|
if err != nil {
|
|
return fmt.Errorf("error during ListFiles: %w", err)
|
|
}
|
|
for _, filename := range matchedFiles {
|
|
continueIter, err := onFile(filename, args...)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !continueIter {
|
|
break
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// CheckFileContainsCommands checks if the file content contains commands or not.
|
|
// `comment` is the string or character that indicates a comment:
|
|
// for example for Dockerfiles, it would be `#`.
|
|
func CheckFileContainsCommands(content []byte, comment string) bool {
|
|
if len(content) == 0 {
|
|
return false
|
|
}
|
|
|
|
r := strings.NewReader(string(content))
|
|
scanner := bufio.NewScanner(r)
|
|
for scanner.Scan() {
|
|
line := strings.TrimSpace(scanner.Text())
|
|
if len(line) > 0 && !strings.HasPrefix(line, comment) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// IsTemplateFile returns true if the file name contains a string commonly used in template files.
|
|
func IsTemplateFile(pathfn string) bool {
|
|
parts := strings.FieldsFunc(path.Base(pathfn), func(r rune) bool {
|
|
switch r {
|
|
case '.', '-', '_':
|
|
return true
|
|
default:
|
|
return false
|
|
}
|
|
})
|
|
for _, part := range parts {
|
|
switch strings.ToLower(part) {
|
|
case "template", "tmpl", "tpl":
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|