Merge branch 'main' into naveen/feat/changescope

checker/check_runner.go

@@ -36,6 +36,30 @@ type Runner struct {
 	CheckRequest CheckRequest
 }
 
+// NewRunner creates a new instance of `Runner`.
+func NewRunner(checkName, repo string, checkReq *CheckRequest) *Runner {
+	return &Runner{
+		CheckName:    checkName,
+		Repo:         repo,
+		CheckRequest: *checkReq,
+	}
+}
+
+// SetCheckName sets the check name.
+func (r *Runner) SetCheckName(check string) {
+	r.CheckName = check
+}
+
+// SetRepo sets the repository.
+func (r *Runner) SetRepo(repo string) {
+	r.Repo = repo
+}
+
+// SetCheckRequest sets the check request.
+func (r *Runner) SetCheckRequest(checkReq *CheckRequest) {
+	r.CheckRequest = *checkReq
+}
+
 // CheckFn defined for convenience.
 type CheckFn func(*CheckRequest) CheckResult
 
@@ -79,12 +103,11 @@ func (r *Runner) Run(ctx context.Context, c Check) CheckResult {
 	startTime := time.Now()
 
 	var res CheckResult
-	var l logger
+	l := NewLogger()
 	for retriesRemaining := checkRetries; retriesRemaining > 0; retriesRemaining-- {
 		checkRequest := r.CheckRequest
 		checkRequest.Ctx = ctx
-		l = logger{}
-		checkRequest.Dlogger = &l
+		checkRequest.Dlogger = l
 		res = c.Fn(&checkRequest)
 		if res.Error2 != nil && errors.Is(res.Error2, sce.ErrRepoUnreachable) {
 			checkRequest.Dlogger.Warn(&LogMessage{

checker/client.go

@@ -0,0 +1,66 @@
+// Copyright 2022 Security Scorecard Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package checker
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/ossf/scorecard/v4/clients"
+	ghrepo "github.com/ossf/scorecard/v4/clients/githubrepo"
+	"github.com/ossf/scorecard/v4/clients/localdir"
+	"github.com/ossf/scorecard/v4/log"
+)
+
+// GetClients returns a list of clients for running scorecard checks.
+// TODO(repo): Pass a `http.RoundTripper` here.
+func GetClients(ctx context.Context, repoURI, localURI string, logger *log.Logger) (
+	clients.Repo, // repo
+	clients.RepoClient, // repoClient
+	clients.RepoClient, // ossFuzzClient
+	clients.CIIBestPracticesClient, // ciiClient
+	clients.VulnerabilitiesClient, // vulnClient
+	error) {
+	var githubRepo clients.Repo
+	if localURI != "" {
+		localRepo, errLocal := localdir.MakeLocalDirRepo(localURI)
+		return localRepo, /*repo*/
+			localdir.CreateLocalDirClient(ctx, logger), /*repoClient*/
+			nil, /*ossFuzzClient*/
+			nil, /*ciiClient*/
+			nil, /*vulnClient*/
+			fmt.Errorf("getting local directory client: %w", errLocal)
+	}
+
+	githubRepo, errGitHub := ghrepo.MakeGithubRepo(repoURI)
+	if errGitHub != nil {
+		return githubRepo,
+			nil,
+			nil,
+			nil,
+			nil,
+			fmt.Errorf("getting local directory client: %w", errGitHub)
+	}
+
+	ossFuzzRepoClient, errOssFuzz := ghrepo.CreateOssFuzzRepoClient(ctx, logger)
+
+	// TODO(repo): Should we be handling the OSS-Fuzz client error like this?
+	return githubRepo, /*repo*/
+		ghrepo.CreateGithubRepoClient(ctx, logger), /*repoClient*/
+		ossFuzzRepoClient, /*ossFuzzClient*/
+		clients.DefaultCIIBestPracticesClient(), /*ciiClient*/
+		clients.DefaultVulnerabilitiesClient(), /*vulnClient*/
+		fmt.Errorf("getting OSS-Fuzz repo client: %w", errOssFuzz)
+}

checker/detail_logger_impl.go

@@ -14,10 +14,17 @@
 
 package checker
 
+// Logger is an implementation of the `DetailLogger` interface.
 type logger struct {
 	logs []CheckDetail
 }
 
+// NewLogger creates a new instance of `DetailLogger`.
+func NewLogger() DetailLogger {
+	return &logger{}
+}
+
+// Info emits info level logs.
 func (l *logger) Info(msg *LogMessage) {
 	cd := CheckDetail{
 		Type: DetailInfo,
@@ -26,6 +33,7 @@ func (l *logger) Info(msg *LogMessage) {
 	l.logs = append(l.logs, cd)
 }
 
+// Warn emits warn level logs.
 func (l *logger) Warn(msg *LogMessage) {
 	cd := CheckDetail{
 		Type: DetailWarn,
@@ -34,6 +42,7 @@ func (l *logger) Warn(msg *LogMessage) {
 	l.logs = append(l.logs, cd)
 }
 
+// Debug emits debug level logs.
 func (l *logger) Debug(msg *LogMessage) {
 	cd := CheckDetail{
 		Type: DetailDebug,
@@ -42,8 +51,14 @@ func (l *logger) Debug(msg *LogMessage) {
 	l.logs = append(l.logs, cd)
 }
 
+// Flush returns existing logs and resets the logger instance.
 func (l *logger) Flush() []CheckDetail {
-	ret := l.logs
+	ret := l.Logs()
 	l.logs = nil
 	return ret
 }
+
+// Logs returns existing logs.
+func (l *logger) Logs() []CheckDetail {
+	return l.logs
+}

checks/all_checks.go

@@ -22,6 +22,14 @@ import (
 // AllChecks is the list of all security checks that will be run.
 var AllChecks = checker.CheckNameToFnMap{}
 
+// GetAll returns the full list of checks, given any environment variable
+// constraints.
+// TODO(checks): Is this actually necessary given `AllChecks` exists?
+func GetAll() checker.CheckNameToFnMap {
+	possibleChecks := AllChecks
+	return possibleChecks
+}
+
 func registerCheck(name string, fn checker.CheckFn, supportedRequestTypes []checker.RequestType) error {
 	if name == "" {
 		return errInternalNameCannotBeEmpty

clients/githubrepo/client.go

@@ -228,7 +228,7 @@ func CreateGithubRepoClient(ctx context.Context, logger *log.Logger) clients.Rep
 func CreateOssFuzzRepoClient(ctx context.Context, logger *log.Logger) (clients.RepoClient, error) {
 	ossFuzzRepo, err := MakeGithubRepo("google/oss-fuzz")
 	if err != nil {
-		return nil, fmt.Errorf("error during githubrepo.MakeGithubRepo: %w", err)
+		return nil, fmt.Errorf("error during MakeGithubRepo: %w", err)
 	}
 
 	ossFuzzRepoClient := CreateGithubRepoClient(ctx, logger)