Merge branch 'main' into probes/code-review

Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
ossf · Jan 23, 2024 · 4c486eb · 4c486eb
2 parents 6ecc06b + 2ef20f1
commit 4c486eb
Show file tree

Hide file tree

Showing 146 changed files with 5,564 additions and 1,552 deletions.
diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml
@@ -24,4 +24,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3
+        uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -40,7 +40,7 @@ jobs:
         fetch-depth: 2 # needed to diff changed files
     - id: files
       name: Get changed files
-      uses: tj-actions/changed-files@25ef3926d147cd02fc7e931c1ef50772bbb0d25d #v40.1.1
+      uses: tj-actions/changed-files@94549999469dbfa032becf298d95c87a14c34394 #v40.2.2
       with:
         files_ignore: '**.md'
     - id: docs_only_check

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -31,12 +31,12 @@ jobs:
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-    - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v3.0.18
+    - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v3.0.18
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open for 60 days with no activity.'
         stale-pr-message: 'This pull request is stale because it has been open for 10 days with no activity'
-        exempt-issue-labels: 'priority,bug,good first issue'
+        exempt-issue-labels: 'priority,bug,good first issue,backlog,help wanted'
         exempt-issue-milestones: 'Structured results'
         exempt-pr-labels: 'awaiting-approval,work-in-progress'
         days-before-pr-stale: '10'

diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -32,6 +32,6 @@ jobs:
 
     - name: Verifier action
       id: verifier
-      uses: kubernetes-sigs/kubebuilder-release-tools@3c3411345eedc489d1022288aa844691e92a9c29 # v0.4.2
+      uses: kubernetes-sigs/kubebuilder-release-tools@012269a88fa4c034a0acf1ba84c26b195c0dbab4 # v0.4.3
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.golangci.yml b/.golangci.yml
@@ -18,6 +18,9 @@ issues:
         - funlen
         - goconst
         - gocyclo
+        - goerr113
+        - lll
+        - wrapcheck
 skip-files:
   - cron/data/request.pb.go # autogenerated
 linters:
@@ -72,7 +75,6 @@ linters:
     - wrapcheck
   disable:
     - exhaustruct # initializing every struct makes tests longer without much benefit (spencerschrock)
-    - paralleltest # need to investigate rate limit issues before re-enabling? (#2527)
     - testpackage # tests don't need their own package (spencerschrock)
   presets:
     - bugs

diff --git a/attestor/command/cli_test.go b/attestor/command/cli_test.go
@@ -20,43 +20,41 @@ import (
 )
 
 func Test_addSignFlags(t *testing.T) {
+	t.Parallel()
 	type args struct {
 		cmd *cobra.Command
 	}
-	testName := "Test addSignFlags"
 	testArgs := args{
 		cmd: &cobra.Command{},
 	}
 
-	t.Run(testName, func(t *testing.T) {
-		addSignFlags(testArgs.cmd)
-		// persistent flags of Image being set has to be tested in the integration test
-		if testArgs.cmd.PersistentFlags().Lookup("image") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'image'")
-		}
-		if testArgs.cmd.PersistentFlags().Lookup("attestation-project") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'attestation-project'")
-		}
-		if testArgs.cmd.PersistentFlags().Lookup("overwrite") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'overwrite'")
-		}
-		if testArgs.cmd.PersistentFlags().Lookup("kms-key-name") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'kms-key-name'")
-		}
-		if testArgs.cmd.PersistentFlags().Lookup("kms-digest-alg") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'kms-digest-alg'")
-		}
-		if testArgs.cmd.PersistentFlags().Lookup("pgp-private-key") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'pgp-private-key'")
-		}
-		if testArgs.cmd.PersistentFlags().Lookup("pgp-passphrase") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'pgp-passphrase'")
-		}
-		if testArgs.cmd.PersistentFlags().Lookup("pkix-private-key") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'pkix-private-key'")
-		}
-		if testArgs.cmd.PersistentFlags().Lookup("pkix-alg") == nil {
-			t.Errorf("addSignFlags() did not add persistent flag 'pkix-alg'")
-		}
-	})
+	addSignFlags(testArgs.cmd)
+	// persistent flags of Image being set has to be tested in the integration test
+	if testArgs.cmd.PersistentFlags().Lookup("image") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'image'")
+	}
+	if testArgs.cmd.PersistentFlags().Lookup("attestation-project") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'attestation-project'")
+	}
+	if testArgs.cmd.PersistentFlags().Lookup("overwrite") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'overwrite'")
+	}
+	if testArgs.cmd.PersistentFlags().Lookup("kms-key-name") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'kms-key-name'")
+	}
+	if testArgs.cmd.PersistentFlags().Lookup("kms-digest-alg") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'kms-digest-alg'")
+	}
+	if testArgs.cmd.PersistentFlags().Lookup("pgp-private-key") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'pgp-private-key'")
+	}
+	if testArgs.cmd.PersistentFlags().Lookup("pgp-passphrase") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'pgp-passphrase'")
+	}
+	if testArgs.cmd.PersistentFlags().Lookup("pkix-private-key") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'pkix-private-key'")
+	}
+	if testArgs.cmd.PersistentFlags().Lookup("pkix-alg") == nil {
+		t.Errorf("addSignFlags() did not add persistent flag 'pkix-alg'")
+	}
 }
diff --git a/checker/check_result_test.go b/checker/check_result_test.go
@@ -127,6 +127,14 @@ func TestCreateProportionalScore(t *testing.T) {
 			},
 			want: 5,
 		},
+		{
+			name: "2 and 5",
+			args: args{
+				success: 2,
+				total:   5,
+			},
+			want: 4,
+		},
 	}
 	for _, tt := range tests {
 		tt := tt
@@ -545,7 +553,7 @@ func TestCreateProportionalScoreResult(t *testing.T) {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
-			if got := CreateProportionalScoreResult(tt.args.name, tt.args.reason, tt.args.b, tt.args.t); !cmp.Equal(got, tt.want) { //nolint:lll
+			if got := CreateProportionalScoreResult(tt.args.name, tt.args.reason, tt.args.b, tt.args.t); !cmp.Equal(got, tt.want) {
 				t.Errorf("CreateProportionalScoreResult() = %v, want %v", got, cmp.Diff(got, tt.want))
 			}
 		})
@@ -714,14 +722,14 @@ func TestCreateRuntimeErrorResult(t *testing.T) {
 			name: "empty",
 			args: args{
 				name: "",
-				e:    errors.New("runtime error"), //nolint:goerr113
+				e:    errors.New("runtime error"),
 			},
 			want: CheckResult{
 				Name:    "",
 				Reason:  "runtime error",
 				Score:   -1,
 				Version: 2,
-				Error:   errors.New("runtime error"), //nolint:goerr113
+				Error:   errors.New("runtime error"),
 			},
 		},
 	}

diff --git a/checker/client_test.go b/checker/client_test.go
@@ -106,7 +106,7 @@ func TestGetClients(t *testing.T) {
 				t.Setenv("GH_HOST", "github.corp.com")
 				t.Setenv("GH_TOKEN", "PAT")
 			}
-			got, repoClient, ossFuzzClient, ciiClient, vulnsClient, err := GetClients(tt.args.ctx, tt.args.repoURI, tt.args.localURI, tt.args.logger) //nolint:lll
+			got, repoClient, ossFuzzClient, ciiClient, vulnsClient, err := GetClients(tt.args.ctx, tt.args.repoURI, tt.args.localURI, tt.args.logger)
 			if (err != nil) != tt.wantErr {
 				t.Fatalf("GetClients() error = %v, wantErr %v", err, tt.wantErr)
 			}

diff --git a/checker/detail_logger_impl_test.go b/checker/detail_logger_impl_test.go
@@ -18,6 +18,7 @@ import (
 )
 
 func Test_logger_Info(t *testing.T) {
+	t.Parallel()
 	l := &logger{
 		logs: []CheckDetail{},
 	}
@@ -28,6 +29,7 @@ func Test_logger_Info(t *testing.T) {
 }
 
 func Test_logger_Warn(t *testing.T) {
+	t.Parallel()
 	l := &logger{
 		logs: []CheckDetail{},
 	}
@@ -38,6 +40,7 @@ func Test_logger_Warn(t *testing.T) {
 }
 
 func Test_logger_Flush(t *testing.T) {
+	t.Parallel()
 	l := &logger{
 		logs: []CheckDetail{},
 	}
@@ -52,6 +55,7 @@ func Test_logger_Flush(t *testing.T) {
 }
 
 func Test_logger_Logs(t *testing.T) {
+	t.Parallel()
 	l := &logger{
 		logs: []CheckDetail{},
 	}
@@ -62,6 +66,7 @@ func Test_logger_Logs(t *testing.T) {
 }
 
 func Test_logger_Debug(t *testing.T) {
+	t.Parallel()
 	l := &logger{
 		logs: []CheckDetail{},
 	}
@@ -72,6 +77,7 @@ func Test_logger_Debug(t *testing.T) {
 }
 
 func TestNewLogger(t *testing.T) {
+	t.Parallel()
 	l := NewLogger()
 	if l == nil {
 		t.Errorf("expected non-nil logger, got nil")

diff --git a/checker/raw_result.go b/checker/raw_result.go
@@ -257,6 +257,8 @@ const (
 	CodeQLWorkflow SASTWorkflowType = "CodeQL"
 	// SonarWorkflow represents a workflow that runs Sonar.
 	SonarWorkflow SASTWorkflowType = "Sonar"
+	// SnykWorkflow represents a workflow that runs Snyk.
+	SnykWorkflow SASTWorkflowType = "Snyk"
 )
 
 // SASTWorkflow represents a SAST workflow.

diff --git a/checker/raw_result_test.go b/checker/raw_result_test.go
@@ -20,6 +20,7 @@ import (
 )
 
 func TestFile_Location(t *testing.T) {
+	t.Parallel()
 	file := File{
 		Type:      finding.FileTypeSource,
 		Path:      "bar.go",

diff --git a/checks/binary_artifact.go b/checks/binary_artifact.go
@@ -19,6 +19,8 @@ import (
 	"github.com/ossf/scorecard/v4/checks/evaluation"
 	"github.com/ossf/scorecard/v4/checks/raw"
 	sce "github.com/ossf/scorecard/v4/errors"
+	"github.com/ossf/scorecard/v4/probes"
+	"github.com/ossf/scorecard/v4/probes/zrunner"
 )
 
 // CheckBinaryArtifacts is the exported name for Binary-Artifacts check.
@@ -38,17 +40,22 @@ func init() {
 
 // BinaryArtifacts  will check the repository contains binary artifacts.
 func BinaryArtifacts(c *checker.CheckRequest) checker.CheckResult {
-	rawData, err := raw.BinaryArtifacts(c.RepoClient)
+	rawData, err := raw.BinaryArtifacts(c)
 	if err != nil {
 		e := sce.WithMessage(sce.ErrScorecardInternal, err.Error())
 		return checker.CreateRuntimeErrorResult(CheckBinaryArtifacts, e)
 	}
 
-	// Return raw results.
-	if c.RawResults != nil {
-		c.RawResults.BinaryArtifactResults = rawData
+	// Set the raw results.
+	pRawResults := getRawResults(c)
+	pRawResults.BinaryArtifactResults = rawData
+
+	// Evaluate the probes.
+	findings, err := zrunner.Run(pRawResults, probes.BinaryArtifacts)
+	if err != nil {
+		e := sce.WithMessage(sce.ErrScorecardInternal, err.Error())
+		return checker.CreateRuntimeErrorResult(CheckBinaryArtifacts, e)
 	}
 
-	// Return the score evaluation.
-	return evaluation.BinaryArtifacts(CheckBinaryArtifacts, c.Dlogger, &rawData)
+	return evaluation.BinaryArtifacts(CheckBinaryArtifacts, findings, c.Dlogger)
 }