🌱 use a single source of truth for fuzzer names (#3786)

Signed-off-by: Spencer Schrock <sschrock@google.com>
ossf · Jan 11, 2024 · 8c21a49 · 8c21a49
1 parent e15264d
commit 8c21a49
Show file tree

Hide file tree

Showing 26 changed files with 134 additions and 93 deletions.
diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go
@@ -25,22 +25,7 @@ import (
 	"github.com/ossf/scorecard/v4/clients"
 	sce "github.com/ossf/scorecard/v4/errors"
 	"github.com/ossf/scorecard/v4/finding"
-)
-
-const (
-	fuzzerOSSFuzz                 = "OSSFuzz"
-	fuzzerClusterFuzzLite         = "ClusterFuzzLite"
-	fuzzerBuiltInGo               = "GoBuiltInFuzzer"
-	fuzzerPropertyBasedHaskell    = "HaskellPropertyBasedTesting"
-	fuzzerPropertyBasedJavaScript = "JavaScriptPropertyBasedTesting"
-	fuzzerPropertyBasedTypeScript = "TypeScriptPropertyBasedTesting"
-	fuzzerPythonAtheris           = "PythonAtherisFuzzer"
-	fuzzerCLibFuzzer              = "CLibFuzzer"
-	fuzzerCppLibFuzzer            = "CppLibFuzzer"
-	fuzzerSwiftLibFuzzer          = "SwiftLibFuzzer"
-	fuzzerRustCargoFuzz           = "RustCargoFuzzer"
-	fuzzerJavaJazzerFuzzer        = "JavaJazzerFuzzer"
-	// TODO: add more fuzzing check supports.
+	"github.com/ossf/scorecard/v4/internal/fuzzers"
 )
 
 type filesWithPatternStr struct {
@@ -66,7 +51,7 @@ var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{
 	clients.Go: {
 		filePatterns: []string{"*_test.go"},
 		funcPattern:  `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`,
-		Name:         fuzzerBuiltInGo,
+		Name:         fuzzers.BuiltInGo,
 		URL:          asPointer("https://go.dev/doc/fuzz/"),
 		Desc: asPointer(
 			"Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."),
@@ -89,7 +74,7 @@ var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{
 		// Look for direct imports of QuickCheck, Hedgehog, validity, or SmallCheck,
 		// or their indirect imports through the higher-level Hspec or Tasty testing frameworks.
 		funcPattern: `import\s+(qualified\s+)?Test\.((Hspec|Tasty)\.)?(QuickCheck|Hedgehog|Validity|SmallCheck)`,
-		Name:        fuzzerPropertyBasedHaskell,
+		Name:        fuzzers.PropertyBasedHaskell,
 		Desc:        propertyBasedDescription("Haskell"),
 	},
 	// Fuzz patterns for JavaScript and TypeScript based on property-based testing.
@@ -106,56 +91,56 @@ var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{
 		// Look for direct imports of fast-check and its test runners integrations.
 		funcPattern: `(from\s+['"](fast-check|@fast-check/(ava|jest|vitest))['"]|` +
 			`require\(\s*['"](fast-check|@fast-check/(ava|jest|vitest))['"]\s*\))`,
-		Name: fuzzerPropertyBasedJavaScript,
+		Name: fuzzers.PropertyBasedJavaScript,
 		Desc: propertyBasedDescription("JavaScript"),
 	},
 	clients.TypeScript: {
 		filePatterns: []string{"*.ts"},
 		// Look for direct imports of fast-check and its test runners integrations.
 		funcPattern: `(from\s+['"](fast-check|@fast-check/(ava|jest|vitest))['"]|` +
 			`require\(\s*['"](fast-check|@fast-check/(ava|jest|vitest))['"]\s*\))`,
-		Name: fuzzerPropertyBasedTypeScript,
+		Name: fuzzers.PropertyBasedTypeScript,
 		Desc: propertyBasedDescription("TypeScript"),
 	},
 	clients.Python: {
 		filePatterns: []string{"*.py"},
 		funcPattern:  `import atheris`,
-		Name:         fuzzerPythonAtheris,
+		Name:         fuzzers.PythonAtheris,
 		Desc: asPointer(
 			"Python fuzzing by way of Atheris"),
 	},
 	clients.C: {
 		filePatterns: []string{"*.c"},
 		funcPattern:  `LLVMFuzzerTestOneInput`,
-		Name:         fuzzerCLibFuzzer,
+		Name:         fuzzers.CLibFuzzer,
 		Desc: asPointer(
 			"Fuzzed with C LibFuzzer"),
 	},
 	clients.Cpp: {
 		filePatterns: []string{"*.cc", "*.cpp"},
 		funcPattern:  `LLVMFuzzerTestOneInput`,
-		Name:         fuzzerCppLibFuzzer,
+		Name:         fuzzers.CppLibFuzzer,
 		Desc: asPointer(
 			"Fuzzed with cpp LibFuzzer"),
 	},
 	clients.Rust: {
 		filePatterns: []string{"*.rs"},
 		funcPattern:  `libfuzzer_sys`,
-		Name:         fuzzerRustCargoFuzz,
+		Name:         fuzzers.RustCargoFuzz,
 		Desc: asPointer(
 			"Fuzzed with Cargo-fuzz"),
 	},
 	clients.Java: {
 		filePatterns: []string{"*.java"},
 		funcPattern:  `com.code_intelligence.jazzer.api.FuzzedDataProvider;`,
-		Name:         fuzzerJavaJazzerFuzzer,
+		Name:         fuzzers.JavaJazzerFuzzer,
 		Desc: asPointer(
 			"Fuzzed with Jazzer fuzzer"),
 	},
 	clients.Swift: {
 		filePatterns: []string{"*.swift"},
 		funcPattern:  `LLVMFuzzerTestOneInput`,
-		Name:         fuzzerSwiftLibFuzzer,
+		Name:         fuzzers.SwiftLibFuzzer,
 		Desc: asPointer(
 			"Fuzzed with Swift LibFuzzer"),
 	},
@@ -164,15 +149,15 @@ var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{
 
 // Fuzzing runs Fuzzing check.
 func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
-	var fuzzers []checker.Tool
+	var detectedFuzzers []checker.Tool
 	usingCFLite, e := checkCFLite(c)
 	if e != nil {
 		return checker.FuzzingData{}, fmt.Errorf("%w", e)
 	}
 	if usingCFLite {
-		fuzzers = append(fuzzers,
+		detectedFuzzers = append(detectedFuzzers,
 			checker.Tool{
-				Name: fuzzerClusterFuzzLite,
+				Name: fuzzers.ClusterFuzzLite,
 				URL:  asPointer("https://github.com/google/clusterfuzzlite"),
 				Desc: asPointer("continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows"),
 				// TODO: File.
@@ -185,9 +170,9 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
 		return checker.FuzzingData{}, fmt.Errorf("%w", e)
 	}
 	if usingOSSFuzz {
-		fuzzers = append(fuzzers,
+		detectedFuzzers = append(detectedFuzzers,
 			checker.Tool{
-				Name: fuzzerOSSFuzz,
+				Name: fuzzers.OSSFuzz,
 				URL:  asPointer("https://github.com/google/oss-fuzz"),
 				Desc: asPointer("Continuous Fuzzing for Open Source Software"),
 				// TODO: File.
@@ -206,7 +191,7 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
 			return checker.FuzzingData{}, fmt.Errorf("%w", e)
 		}
 		if usingFuzzFunc {
-			fuzzers = append(fuzzers,
+			detectedFuzzers = append(detectedFuzzers,
 				checker.Tool{
 					Name:  languageFuzzSpecs[lang].Name,
 					URL:   languageFuzzSpecs[lang].URL,
@@ -216,7 +201,7 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) {
 			)
 		}
 	}
-	return checker.FuzzingData{Fuzzers: fuzzers}, nil
+	return checker.FuzzingData{Fuzzers: detectedFuzzers}, nil
 }
 
 func checkCFLite(c *checker.CheckRequest) (bool, error) {

diff --git a/internal/fuzzers/fuzzers.go b/internal/fuzzers/fuzzers.go
@@ -0,0 +1,32 @@
+// Copyright 2024 OpenSSF Scorecard Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package fuzzers defines the string constants used when identifying supported fuzzer tools.
+package fuzzers
+
+const (
+	OSSFuzz                 = "OSSFuzz"
+	ClusterFuzzLite         = "ClusterFuzzLite"
+	BuiltInGo               = "GoBuiltInFuzzer"
+	PropertyBasedHaskell    = "HaskellPropertyBasedTesting"
+	PropertyBasedJavaScript = "JavaScriptPropertyBasedTesting"
+	PropertyBasedTypeScript = "TypeScriptPropertyBasedTesting"
+	PythonAtheris           = "PythonAtherisFuzzer"
+	CLibFuzzer              = "CLibFuzzer"
+	CppLibFuzzer            = "CppLibFuzzer"
+	SwiftLibFuzzer          = "SwiftLibFuzzer"
+	RustCargoFuzz           = "RustCargoFuzzer"
+	JavaJazzerFuzzer        = "JavaJazzerFuzzer"
+	// TODO: add more fuzzing check supports.
+)
diff --git a/probes/fuzzedWithCLibFuzzer/impl.go b/probes/fuzzedWithCLibFuzzer/impl.go
@@ -21,6 +21,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
+	"github.com/ossf/scorecard/v4/internal/fuzzers"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/fuzzing"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
 )
@@ -35,5 +36,5 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 		return nil, "", fmt.Errorf("%w: raw", uerror.ErrNil)
 	}
 	//nolint:wrapcheck
-	return fuzzing.Run(raw, fs, Probe, "CLibFuzzer")
+	return fuzzing.Run(raw, fs, Probe, fuzzers.CLibFuzzer)
 }
diff --git a/probes/fuzzedWithCLibFuzzer/impl_test.go b/probes/fuzzedWithCLibFuzzer/impl_test.go
@@ -23,6 +23,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
+	"github.com/ossf/scorecard/v4/internal/fuzzers"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/test"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
 )
@@ -42,7 +43,7 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "CLibFuzzer",
+							Name: fuzzers.CLibFuzzer,
 						},
 					},
 				},
@@ -57,10 +58,10 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "CLibFuzzer",
+							Name: fuzzers.CLibFuzzer,
 						},
 						{
-							Name: "CLibFuzzer",
+							Name: fuzzers.CLibFuzzer,
 						},
 					},
 				},
@@ -76,7 +77,7 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "CLibFuzzer",
+							Name: fuzzers.CLibFuzzer,
 						},
 						{
 							Name: "not-CLibFuzzer",

diff --git a/probes/fuzzedWithClusterFuzzLite/impl.go b/probes/fuzzedWithClusterFuzzLite/impl.go
@@ -21,6 +21,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
+	"github.com/ossf/scorecard/v4/internal/fuzzers"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/fuzzing"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
 )
@@ -35,5 +36,5 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 		return nil, "", fmt.Errorf("%w: raw", uerror.ErrNil)
 	}
 	//nolint:wrapcheck
-	return fuzzing.Run(raw, fs, Probe, "ClusterFuzzLite")
+	return fuzzing.Run(raw, fs, Probe, fuzzers.ClusterFuzzLite)
 }
diff --git a/probes/fuzzedWithClusterFuzzLite/impl_test.go b/probes/fuzzedWithClusterFuzzLite/impl_test.go
@@ -23,6 +23,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
+	"github.com/ossf/scorecard/v4/internal/fuzzers"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/test"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
 )
@@ -42,7 +43,7 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "ClusterFuzzLite",
+							Name: fuzzers.ClusterFuzzLite,
 						},
 					},
 				},
@@ -57,10 +58,10 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "ClusterFuzzLite",
+							Name: fuzzers.ClusterFuzzLite,
 						},
 						{
-							Name: "ClusterFuzzLite",
+							Name: fuzzers.ClusterFuzzLite,
 						},
 					},
 				},
@@ -76,7 +77,7 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "ClusterFuzzLite",
+							Name: fuzzers.ClusterFuzzLite,
 						},
 						{
 							Name: "not-ClusterFuzzLite",

diff --git a/probes/fuzzedWithCppLibFuzzer/impl.go b/probes/fuzzedWithCppLibFuzzer/impl.go
@@ -21,6 +21,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
+	"github.com/ossf/scorecard/v4/internal/fuzzers"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/fuzzing"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
 )
@@ -35,5 +36,5 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 		return nil, "", fmt.Errorf("%w: raw", uerror.ErrNil)
 	}
 	//nolint:wrapcheck
-	return fuzzing.Run(raw, fs, Probe, "CppLibFuzzer")
+	return fuzzing.Run(raw, fs, Probe, fuzzers.CppLibFuzzer)
 }
diff --git a/probes/fuzzedWithCppLibFuzzer/impl_test.go b/probes/fuzzedWithCppLibFuzzer/impl_test.go
@@ -23,6 +23,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
+	"github.com/ossf/scorecard/v4/internal/fuzzers"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/test"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
 )
@@ -42,7 +43,7 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "CppLibFuzzer",
+							Name: fuzzers.CppLibFuzzer,
 						},
 					},
 				},
@@ -57,10 +58,10 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "CppLibFuzzer",
+							Name: fuzzers.CppLibFuzzer,
 						},
 						{
-							Name: "CppLibFuzzer",
+							Name: fuzzers.CppLibFuzzer,
 						},
 					},
 				},
@@ -76,7 +77,7 @@ func Test_Run(t *testing.T) {
 				FuzzingResults: checker.FuzzingData{
 					Fuzzers: []checker.Tool{
 						{
-							Name: "CppLibFuzzer",
+							Name: fuzzers.CppLibFuzzer,
 						},
 						{
 							Name: "not-CppLibFuzzer",

diff --git a/probes/fuzzedWithGoNative/impl.go b/probes/fuzzedWithGoNative/impl.go
@@ -21,6 +21,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
+	"github.com/ossf/scorecard/v4/internal/fuzzers"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/fuzzing"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
 )
@@ -35,5 +36,5 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 		return nil, "", fmt.Errorf("%w: raw", uerror.ErrNil)
 	}
 	//nolint:wrapcheck
-	return fuzzing.Run(raw, fs, Probe, "GoBuiltInFuzzer")
+	return fuzzing.Run(raw, fs, Probe, fuzzers.BuiltInGo)
 }