mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-11 08:55:27 +03:00
ae75bbb70e
* 🌱 Add probe support for contributors metrics Signed-off-by: AdamKorcz <adam@adalogics.com> * fix lint issues Signed-off-by: AdamKorcz <adam@adalogics.com> * change 'contributorsWith' to 'contributorsFrom' Signed-off-by: AdamKorcz <adam@adalogics.com> * change remediation difficulty Signed-off-by: AdamKorcz <adam@adalogics.com> * fix nits Signed-off-by: AdamKorcz <adam@adalogics.com> * Updates to checks and checks/evaluation Signed-off-by: AdamKorcz <adam@adalogics.com> * fix tests like in #3409 Signed-off-by: AdamKorcz <adam@adalogics.com> * fix raw test Signed-off-by: AdamKorcz <adam@adalogics.com> * Update description in def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * move logic out of utils Signed-off-by: AdamKorcz <adam@adalogics.com> * add comment to consolidate unit test validation Signed-off-by: AdamKorcz <adam@adalogics.com> * change a couple of t.Fatal to t.Error Signed-off-by: AdamKorcz <adam@adalogics.com> * un-remove comment Signed-off-by: AdamKorcz <adam@adalogics.com> * remove map Signed-off-by: AdamKorcz <adam@adalogics.com> * fix typo Signed-off-by: AdamKorcz <adam@adalogics.com> * remove lint comment Signed-off-by: AdamKorcz <adam@adalogics.com> * fix incorrect -1/0 scoring Signed-off-by: AdamKorcz <adam@adalogics.com> * Do not specify 'Github' in def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * do not mention 'which companies' in def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * Rename tests Signed-off-by: AdamKorcz <adam@adalogics.com> * Use getRawResults and uncomment logging statement Signed-off-by: AdamKorcz <adam@adalogics.com> * Define return values of probe better Signed-off-by: AdamKorcz <adam@adalogics.com> * Use proportional score instead of min score Signed-off-by: AdamKorcz <adam@adalogics.com> * revert changed scoring Signed-off-by: AdamKorcz <adam@adalogics.com> * fix incorrect function name Signed-off-by: AdamKorcz <adam@adalogics.com> * remove utility function that finds non-positive outcomes Signed-off-by: AdamKorcz <adam@adalogics.com> * rebase with latest upstream main and fix linter issues Signed-off-by: AdamKorcz <adam@adalogics.com> * Log findings in one statements except a logging statements per finding Signed-off-by: AdamKorcz <adam@adalogics.com> * redefine conditional logic Signed-off-by: AdamKorcz <adam@adalogics.com> * rebase Signed-off-by: AdamKorcz <adam@adalogics.com> * remove unused function Signed-off-by: AdamKorcz <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com>
120 lines
4.1 KiB
Go
120 lines
4.1 KiB
Go
// Copyright 2023 OpenSSF Scorecard Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package probes
|
|
|
|
import (
|
|
"github.com/ossf/scorecard/v4/checker"
|
|
"github.com/ossf/scorecard/v4/finding"
|
|
"github.com/ossf/scorecard/v4/probes/contributorsFromOrgOrCompany"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithCLibFuzzer"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithClusterFuzzLite"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithCppLibFuzzer"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithGoNative"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithJavaJazzerFuzzer"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithOSSFuzz"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithOneFuzz"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedHaskell"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedJavascript"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithPropertyBasedTypescript"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithPythonAtheris"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithRustCargofuzz"
|
|
"github.com/ossf/scorecard/v4/probes/fuzzedWithSwiftLibFuzzer"
|
|
"github.com/ossf/scorecard/v4/probes/hasFSFOrOSIApprovedLicense"
|
|
"github.com/ossf/scorecard/v4/probes/hasLicenseFile"
|
|
"github.com/ossf/scorecard/v4/probes/hasLicenseFileAtTopDir"
|
|
"github.com/ossf/scorecard/v4/probes/packagedWithAutomatedWorkflow"
|
|
"github.com/ossf/scorecard/v4/probes/securityPolicyContainsLinks"
|
|
"github.com/ossf/scorecard/v4/probes/securityPolicyContainsText"
|
|
"github.com/ossf/scorecard/v4/probes/securityPolicyContainsVulnerabilityDisclosure"
|
|
"github.com/ossf/scorecard/v4/probes/securityPolicyPresent"
|
|
"github.com/ossf/scorecard/v4/probes/toolDependabotInstalled"
|
|
"github.com/ossf/scorecard/v4/probes/toolPyUpInstalled"
|
|
"github.com/ossf/scorecard/v4/probes/toolRenovateInstalled"
|
|
"github.com/ossf/scorecard/v4/probes/toolSonatypeLiftInstalled"
|
|
)
|
|
|
|
// ProbeImpl is the implementation of a probe.
|
|
type ProbeImpl func(*checker.RawResults) ([]finding.Finding, string, error)
|
|
|
|
var (
|
|
// All represents all the probes.
|
|
All []ProbeImpl
|
|
// SecurityPolicy is all the probes for the
|
|
// SecurityPolicy check.
|
|
SecurityPolicy = []ProbeImpl{
|
|
securityPolicyPresent.Run,
|
|
securityPolicyContainsLinks.Run,
|
|
securityPolicyContainsVulnerabilityDisclosure.Run,
|
|
securityPolicyContainsText.Run,
|
|
}
|
|
// DependencyToolUpdates is all the probes for the
|
|
// DpendencyUpdateTool check.
|
|
DependencyToolUpdates = []ProbeImpl{
|
|
toolRenovateInstalled.Run,
|
|
toolDependabotInstalled.Run,
|
|
toolPyUpInstalled.Run,
|
|
toolSonatypeLiftInstalled.Run,
|
|
}
|
|
Fuzzing = []ProbeImpl{
|
|
fuzzedWithOSSFuzz.Run,
|
|
fuzzedWithOneFuzz.Run,
|
|
fuzzedWithGoNative.Run,
|
|
fuzzedWithPythonAtheris.Run,
|
|
fuzzedWithCLibFuzzer.Run,
|
|
fuzzedWithCppLibFuzzer.Run,
|
|
fuzzedWithSwiftLibFuzzer.Run,
|
|
fuzzedWithRustCargofuzz.Run,
|
|
fuzzedWithJavaJazzerFuzzer.Run,
|
|
fuzzedWithClusterFuzzLite.Run,
|
|
fuzzedWithPropertyBasedHaskell.Run,
|
|
fuzzedWithPropertyBasedTypescript.Run,
|
|
fuzzedWithPropertyBasedJavascript.Run,
|
|
}
|
|
Packaging = []ProbeImpl{
|
|
packagedWithAutomatedWorkflow.Run,
|
|
}
|
|
License = []ProbeImpl{
|
|
hasLicenseFile.Run,
|
|
hasFSFOrOSIApprovedLicense.Run,
|
|
hasLicenseFileAtTopDir.Run,
|
|
}
|
|
Contributors = []ProbeImpl{
|
|
contributorsFromOrgOrCompany.Run,
|
|
}
|
|
)
|
|
|
|
//nolint:gochecknoinits
|
|
func init() {
|
|
All = concatMultipleProbes([][]ProbeImpl{
|
|
DependencyToolUpdates,
|
|
SecurityPolicy,
|
|
Fuzzing,
|
|
License,
|
|
Contributors,
|
|
})
|
|
}
|
|
|
|
func concatMultipleProbes(slices [][]ProbeImpl) []ProbeImpl {
|
|
var totalLen int
|
|
for _, s := range slices {
|
|
totalLen += len(s)
|
|
}
|
|
tmp := make([]ProbeImpl, 0, totalLen)
|
|
for _, s := range slices {
|
|
tmp = append(tmp, s...)
|
|
}
|
|
return tmp
|
|
}
|