Skip to content

Commit

Permalink
add tests
Browse files Browse the repository at this point in the history 
Signed-off-by: Spencer Schrock <sschrock@google.com>
  • Loading branch information
@spencerschrock
spencerschrock committed Jan 3, 2024
1 parent 9d0ac2b commit 7aed0fc
Show file tree
Hide file tree
Showing 2 changed files with 97 additions and 0 deletions.
33 changes: 33 additions & 0 deletions checks/evaluation/signed_releases_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"testing"

"github.com/ossf/scorecard/v4/checker"
sce "github.com/ossf/scorecard/v4/errors"
"github.com/ossf/scorecard/v4/finding"
"github.com/ossf/scorecard/v4/probes/releasesAreSigned"
"github.com/ossf/scorecard/v4/probes/releasesHaveProvenance"
Expand All @@ -31,6 +32,7 @@ const (
release2 = 2
release3 = 3
release4 = 4
release5 = 5
)

const (
Expand Down Expand Up @@ -262,6 +264,37 @@ func TestSignedReleases(t *testing.T) {
NumberOfDebug: 5,
},
},
{
name: "too many releases (6 when lookback is 5)",
findings: []finding.Finding{
// Release 1:
// Release 1, Asset 1:
signedProbe(release0, asset0, finding.OutcomePositive),
provenanceProbe(release0, asset0, finding.OutcomePositive),
// Release 2:
// Release 2, Asset 1:
signedProbe(release1, asset0, finding.OutcomePositive),
provenanceProbe(release1, asset0, finding.OutcomePositive),
// Release 3, Asset 1:
signedProbe(release2, asset0, finding.OutcomePositive),
provenanceProbe(release2, asset0, finding.OutcomePositive),
// Release 4, Asset 1:
signedProbe(release3, asset0, finding.OutcomePositive),
provenanceProbe(release3, asset0, finding.OutcomePositive),
// Release 5, Asset 1:
signedProbe(release4, asset0, finding.OutcomePositive),
provenanceProbe(release4, asset0, finding.OutcomePositive),
// Release 6, Asset 1:
signedProbe(release5, asset0, finding.OutcomePositive),
provenanceProbe(release5, asset0, finding.OutcomePositive),
},
result: scut.TestReturn{
Score: checker.InconclusiveResultScore,
Error: sce.ErrScorecardInternal,
NumberOfInfo: 12, // 2 (signed + provenance) for each release
NumberOfDebug: 6, // 1 for each release
},
},
}

for _, tt := range tests {
Expand Down
64 changes: 64 additions & 0 deletions probes/releasesHaveProvenance/impl_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,70 @@ func Test_Run(t *testing.T) {
finding.OutcomeNegative,
},
},
{
name: "enforece lookback limit of 5 releases",
raw: &checker.RawResults{
SignedReleasesResults: checker.SignedReleasesData{
Releases: []clients.Release{
{
TagName: "v6.0",
Assets: []clients.ReleaseAsset{
{Name: "binary.tar.gz"},
{Name: "binary.tar.gz.sig"},
{Name: "binary.tar.gz.intoto.jsonl"},
},
},
{
TagName: "v5.0",
Assets: []clients.ReleaseAsset{
{Name: "binary.tar.gz"},
{Name: "binary.tar.gz.sig"},
{Name: "binary.tar.gz.intoto.jsonl"},
},
},
{
TagName: "v4.0",
Assets: []clients.ReleaseAsset{
{Name: "binary.tar.gz"},
{Name: "binary.tar.gz.sig"},
{Name: "binary.tar.gz.intoto.jsonl"},
},
},
{
TagName: "v3.0",
Assets: []clients.ReleaseAsset{
{Name: "binary.tar.gz"},
{Name: "binary.tar.gz.sig"},
{Name: "binary.tar.gz.intoto.jsonl"},
},
},
{
TagName: "v2.0",
Assets: []clients.ReleaseAsset{
{Name: "binary.tar.gz"},
{Name: "binary.tar.gz.sig"},
{Name: "binary.tar.gz.intoto.jsonl"},
},
},
{
TagName: "v1.0",
Assets: []clients.ReleaseAsset{
{Name: "binary.tar.gz"},
{Name: "binary.tar.gz.sig"},
{Name: "binary.tar.gz.intoto.jsonl"},
},
},
},
},
},
outcomes: []finding.Outcome{
finding.OutcomePositive,
finding.OutcomePositive,
finding.OutcomePositive,
finding.OutcomePositive,
finding.OutcomePositive,
},
},
}
for _, tt := range tests {
tt := tt // Re-initializing variable so it is not changed while executing the closure below
Expand Down

0 comments on commit 7aed0fc

Please sign in to comment.