mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-19 21:18:09 +03:00
47e04c102a
* Convert SAST checks to probes Signed-off-by: AdamKorcz <adam@adalogics.com> * Update checks/evaluation/sast.go Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> * preserve file info when logging positive Sonar findings Signed-off-by: AdamKorcz <adam@adalogics.com> * rebase Signed-off-by: AdamKorcz <adam@adalogics.com> * Remove warning logging Signed-off-by: AdamKorcz <adam@adalogics.com> * add outcome and message to finding on the same line Signed-off-by: AdamKorcz <adam@adalogics.com> * codeql workflow -> codeql action Signed-off-by: AdamKorcz <adam@adalogics.com> * 'the Sonar' -> 'Sonar' in probe def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * fix typo Signed-off-by: AdamKorcz <adam@adalogics.com> * Change how probe creates location Signed-off-by: AdamKorcz <adam@adalogics.com> * Change names of values Signed-off-by: AdamKorcz <adam@adalogics.com> * change 'SAST tool detected: xx' to 'SAST tool installed: xx' Signed-off-by: AdamKorcz <adam@adalogics.com> * make text in probe def.yml easier to read Signed-off-by: AdamKorcz <adam@adalogics.com> * Change 'to' to 'two' Signed-off-by: AdamKorcz <adam@adalogics.com> * Minor change Signed-off-by: AdamKorcz <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
59 lines
1.8 KiB
Go
59 lines
1.8 KiB
Go
// Copyright 2021 OpenSSF Scorecard Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package e2e
|
|
|
|
import (
|
|
"context"
|
|
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
|
|
"github.com/ossf/scorecard/v4/checker"
|
|
"github.com/ossf/scorecard/v4/checks"
|
|
"github.com/ossf/scorecard/v4/clients"
|
|
"github.com/ossf/scorecard/v4/clients/githubrepo"
|
|
scut "github.com/ossf/scorecard/v4/utests"
|
|
)
|
|
|
|
var _ = Describe("E2E TEST:"+checks.CheckSAST, func() {
|
|
Context("E2E TEST:Validating use of SAST tools", func() {
|
|
It("Should return use of SAST tools", func() {
|
|
dl := scut.TestDetailLogger{}
|
|
repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow")
|
|
Expect(err).Should(BeNil())
|
|
repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger)
|
|
err = repoClient.InitRepo(repo, clients.HeadSHA, 0)
|
|
Expect(err).Should(BeNil())
|
|
req := checker.CheckRequest{
|
|
Ctx: context.Background(),
|
|
RepoClient: repoClient,
|
|
Repo: repo,
|
|
Dlogger: &dl,
|
|
}
|
|
expected := scut.TestReturn{
|
|
Error: nil,
|
|
Score: 10,
|
|
NumberOfWarn: 1,
|
|
NumberOfInfo: 1,
|
|
NumberOfDebug: 0,
|
|
}
|
|
result := checks.SAST(&req)
|
|
// New version.
|
|
Expect(scut.ValidateTestReturn(nil, "sast used", &expected, &result, &dl)).Should(BeTrue())
|
|
Expect(repoClient.Close()).Should(BeNil())
|
|
})
|
|
})
|
|
})
|