From 4144e4a10ff2c94ab24619e8b9a320dd56f4ef59 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Wed, 1 Jun 2022 23:57:31 +0000 Subject: [PATCH] updates --- checks/evaluation/pinned_dependencies.go | 18 +----------------- e2e/pinned_dependencies_test.go | 12 ++++++------ 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/checks/evaluation/pinned_dependencies.go b/checks/evaluation/pinned_dependencies.go index acd1395cf367..89b9b2cffe4c 100644 --- a/checks/evaluation/pinned_dependencies.go +++ b/checks/evaluation/pinned_dependencies.go @@ -121,21 +121,14 @@ func PinningDependencies(name string, dl checker.DetailLogger, return checker.CreateRuntimeErrorResult(name, err) } - // Action script downloads. - actionScriptScore, err := createReturnForIsGitHubWorkflowScriptFreeOfInsecureDownloads(pr, dl) - if err != nil { - return checker.CreateRuntimeErrorResult(name, err) - } - // Scores may be inconclusive. actionScore = maxScore(0, actionScore) dockerFromScore = maxScore(0, dockerFromScore) dockerDownloadScore = maxScore(0, dockerDownloadScore) scriptScore = maxScore(0, scriptScore) - actionScriptScore = maxScore(0, actionScriptScore) score := checker.AggregateScores(actionScore, dockerFromScore, - dockerDownloadScore, scriptScore, actionScriptScore) + dockerDownloadScore, scriptScore) if score == checker.MaxResultScore { return checker.CreateMaxScoreResult(name, "all dependencies are pinned") @@ -234,15 +227,6 @@ func addWorkflowPinnedResult(w *worklowPinningResult, to, isGitHub bool) { } } -// Create the result for scripts in GH workflows. -func createReturnForIsGitHubWorkflowScriptFreeOfInsecureDownloads(pr map[checker.DependencyUseType]pinnedResult, - dl checker.DetailLogger, -) (int, error) { - return createReturnValues(pr, checker.DependencyUseTypeDownloadThenRun, - "no insecure (not pinned by hash) dependency downloads found in GitHub workflows", - dl) -} - // Create the result for scripts. func createReturnForIsShellScriptFreeOfInsecureDownloads(pr map[checker.DependencyUseType]pinnedResult, dl checker.DetailLogger, diff --git a/e2e/pinned_dependencies_test.go b/e2e/pinned_dependencies_test.go index 3579b59dd78e..e38f7374c61a 100644 --- a/e2e/pinned_dependencies_test.go +++ b/e2e/pinned_dependencies_test.go @@ -50,9 +50,9 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { } expected := scut.TestReturn{ Error: nil, - Score: 3, + Score: 2, NumberOfWarn: 139, - NumberOfInfo: 2, + NumberOfInfo: 1, NumberOfDebug: 0, } result := checks.PinningDependencies(&req) @@ -75,9 +75,9 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { } expected := scut.TestReturn{ Error: nil, - Score: 3, + Score: 2, NumberOfWarn: 139, - NumberOfInfo: 2, + NumberOfInfo: 1, NumberOfDebug: 0, } result := checks.PinningDependencies(&req) @@ -111,9 +111,9 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { } expected := scut.TestReturn{ Error: nil, - Score: 3, + Score: 2, NumberOfWarn: 139, - NumberOfInfo: 2, + NumberOfInfo: 1, NumberOfDebug: 0, } result := checks.PinningDependencies(&req)