mirror of
https://github.com/ossf/scorecard.git
synced 2024-11-10 23:50:01 +03:00
d177169ec2
* update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * comments Signed-off-by: laurentsimon <laurentsimon@google.com> * unit tests and linter Signed-off-by: laurentsimon <laurentsimon@google.com> * remove raw from check request in e2e tests Signed-off-by: laurentsimon <laurentsimon@google.com> * remove redundant finding check Signed-off-by: laurentsimon <laurentsimon@google.com> * typo Signed-off-by: laurentsimon <laurentsimon@google.com> * adress comments Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>
30 lines
1.4 KiB
YAML
30 lines
1.4 KiB
YAML
# Copyright 2023 OpenSSF Scorecard Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
id: fuzzedWithPropertyBasedJavascript
|
|
short: Check that the javascript project is fuzzed using a property-based testing framework.
|
|
motivation: >
|
|
Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs.
|
|
Regular fuzzing is important to detect vulnerabilities that may be exploited by others, especially since attackers can also use fuzzing to find the same flaws.
|
|
implementation: >
|
|
The implementations looks for direct imports of fast-check https://github.com/dubzzz/fast-check in .js files.
|
|
outcome:
|
|
- If imports are found, each finding is returned with OutcomePositive (1).
|
|
- If no import is detected, one finding with OutcomeNegative (0) is returned.
|
|
remediation:
|
|
effort: High
|
|
text:
|
|
- 'Use fast-check: https://github.com/dubzzz/fast-check'
|
|
markdown:
|
|
- 'Use [fast-check](https://github.com/dubzzz/fast-check)' |