ossf · spencerschrock · Apr 9, 2024 · Mar 27, 2024 · Apr 9, 2024
@@ -22,7 +22,7 @@ import (
 
 	sce "github.com/ossf/scorecard/v4/errors"
 	"github.com/ossf/scorecard/v4/finding"
-	"github.com/ossf/scorecard/v4/rule"
+	"github.com/ossf/scorecard/v4/finding/probe"
 )
 
 type (
@@ -86,13 +86,13 @@ type LogMessage struct {
 	Finding *finding.Finding
 
 	// Non-structured results.
-	Text        string            // A short string explaining why the detail was recorded/logged.
-	Path        string            // Fullpath to the file.
-	Type        finding.FileType  // Type of file.
-	Offset      uint              // Offset in the file of Path (line for source/text files).
-	EndOffset   uint              // End of offset in the file, e.g. if the command spans multiple lines.
-	Snippet     string            // Snippet of code
-	Remediation *rule.Remediation // Remediation information, if any.
+	Text        string             // A short string explaining why the detail was recorded/logged.
+	Path        string             // Fullpath to the file.
+	Type        finding.FileType   // Type of file.
+	Offset      uint               // Offset in the file of Path (line for source/text files).
+	EndOffset   uint               // End of offset in the file, e.g. if the command spans multiple lines.
+	Snippet     string             // Snippet of code
+	Remediation *probe.Remediation // Remediation information, if any.
 }
 
 // ProportionalScoreWeighted is a structure that contains

@@ -20,7 +20,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/clients"
 	"github.com/ossf/scorecard/v4/finding"
-	"github.com/ossf/scorecard/v4/rule"
+	"github.com/ossf/scorecard/v4/finding/probe"
 )
 
 // RawResults contains results before a policy
@@ -126,7 +126,7 @@ type Dependency struct {
 	Location    *File
 	Msg         *string // Only for debug messages.
 	Pinned      *bool
-	Remediation *rule.Remediation
+	Remediation *probe.Remediation
 	Type        DependencyUseType
 }
 

@@ -21,9 +21,7 @@ import (
 	"github.com/ossf/scorecard/v4/checks/fileparser"
 	sce "github.com/ossf/scorecard/v4/errors"
 	"github.com/ossf/scorecard/v4/finding"
-	"github.com/ossf/scorecard/v4/finding/probe"
 	"github.com/ossf/scorecard/v4/probes/pinsDependencies"
-	"github.com/ossf/scorecard/v4/rule"
 )
 
 type pinnedResult struct {
@@ -52,15 +50,6 @@ const (
 	normalWeight            int = gitHubOwnedActionWeight + thirdPartyActionWeight
 )
 
-func probeRemToRuleRem(rem *probe.Remediation) *rule.Remediation {
-	return &rule.Remediation{
-		Patch:    rem.Patch,
-		Text:     rem.Text,
-		Markdown: rem.Markdown,
-		Effort:   rule.RemediationEffort(rem.Effort),
-	}
-}
-
 // PinningDependencies applies the score policy for the Pinned-Dependencies check.
 func PinningDependencies(name string,
 	findings []finding.Finding,
@@ -101,7 +90,7 @@ func PinningDependencies(name string,
 			}
 
 			if f.Remediation != nil {
-				lm.Remediation = probeRemToRuleRem(f.Remediation)
+				lm.Remediation = f.Remediation
 			}
 			dl.Warn(lm)
 		case finding.OutcomeError:

@@ -27,7 +27,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
-	"github.com/ossf/scorecard/v4/rule"
+	"github.com/ossf/scorecard/v4/finding/probe"
 	scut "github.com/ossf/scorecard/v4/utests"
 )
 
@@ -1874,7 +1874,7 @@ func TestCollectDockerfilePinning(t *testing.T) {
 					},
 					Pinned: boolAsPointer(false),
 					Type:   "containerImage",
-					Remediation: &rule.Remediation{
+					Remediation: &probe.Remediation{
 						Text: "pin your Docker image by updating python:3.7 to python:3.7" +
 							"@sha256:eedf63967cdb57d8214db38ce21f105003ed4e4d0358f02bedc057341bcf92a0",
 						Markdown: "pin your Docker image by updating python:3.7 to python:3.7" +

@@ -18,8 +18,8 @@ import (
 	"testing"
 
 	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/finding/probe"
 	"github.com/ossf/scorecard/v4/log"
-	rules "github.com/ossf/scorecard/v4/rule"
 )
 
 func TestDetailString(t *testing.T) {
@@ -122,7 +122,7 @@ func TestDetailString(t *testing.T) {
 				Msg: checker.LogMessage{
 					Text: "some meaningful text",
 					Path: "Dockerfile",
-					Remediation: &rules.Remediation{
+					Remediation: &probe.Remediation{
 						Text: "fix x by doing y",
 					},
 				},

@@ -26,10 +26,10 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/finding"
+	"github.com/ossf/scorecard/v4/finding/probe"
 	"github.com/ossf/scorecard/v4/log"
 	"github.com/ossf/scorecard/v4/options"
 	spol "github.com/ossf/scorecard/v4/policy"
-	rules "github.com/ossf/scorecard/v4/rule"
 )
 
 func sarifMockDocRead() *mockDoc {
@@ -162,7 +162,7 @@ func TestSARIFOutput(t *testing.T) {
 									Type:    finding.FileTypeSource,
 									Offset:  5,
 									Snippet: "if (bad) {BUG();}",
-									Remediation: &rules.Remediation{
+									Remediation: &probe.Remediation{
 										Markdown: "this is the custom markdown help",
 										Text:     "this is the custom text help",
 									},

@@ -23,10 +23,8 @@ import (
 	"github.com/ossf/scorecard/v4/checks/fileparser"
 	sce "github.com/ossf/scorecard/v4/errors"
 	"github.com/ossf/scorecard/v4/finding"
-	"github.com/ossf/scorecard/v4/finding/probe"
 	"github.com/ossf/scorecard/v4/internal/probes"
 	"github.com/ossf/scorecard/v4/probes/internal/utils/uerror"
-	"github.com/ossf/scorecard/v4/rule"
 )
 
 func init() {
@@ -91,7 +89,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 			f = f.WithMessage(generateTextUnpinned(&rr)).
 				WithOutcome(finding.OutcomeFalse)
 			if rr.Remediation != nil {
-				f.Remediation = ruleRemToProbeRem(rr.Remediation)
+				f.Remediation = rr.Remediation
 			}
 			f = f.WithValues(map[string]string{
 				DepTypeKey: string(rr.Type),
@@ -121,15 +119,6 @@ func generateTextIncompleteResults(e checker.ElementError) string {
 	return fmt.Sprintf("Possibly incomplete results: %s", e.Err)
 }
 
-func ruleRemToProbeRem(rem *rule.Remediation) *probe.Remediation {
-	return &probe.Remediation{
-		Patch:    rem.Patch,
-		Text:     rem.Text,
-		Markdown: rem.Markdown,
-		Effort:   probe.RemediationEffort(rem.Effort),
-	}
-}
-
 func generateTextUnpinned(rr *checker.Dependency) string {
 	if rr.Type == checker.DependencyUseTypeGHAction {
 		// Check if we are dealing with a GitHub action or a third-party one.

@@ -22,7 +22,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/crane"
 
 	"github.com/ossf/scorecard/v4/checker"
-	"github.com/ossf/scorecard/v4/rule"
+	"github.com/ossf/scorecard/v4/finding/probe"
 )
 
 var errInvalidArg = errors.New("invalid argument")
@@ -62,11 +62,11 @@ func New(c *checker.CheckRequest) (*RemediationMetadata, error) {
 }
 
 // CreateWorkflowPinningRemediation create remediation for pinning GH Actions.
-func (r *RemediationMetadata) CreateWorkflowPinningRemediation(filepath string) *rule.Remediation {
+func (r *RemediationMetadata) CreateWorkflowPinningRemediation(filepath string) *probe.Remediation {
 	return r.createWorkflowRemediation(filepath, "pin")
 }
 
-func (r *RemediationMetadata) createWorkflowRemediation(path, t string) *rule.Remediation {
+func (r *RemediationMetadata) createWorkflowRemediation(path, t string) *probe.Remediation {
 	p := strings.TrimPrefix(path, ".github/workflows/")
 	if r.Branch == "" || r.Repo == "" {
 		return nil
@@ -75,7 +75,7 @@ func (r *RemediationMetadata) createWorkflowRemediation(path, t string) *rule.Re
 	text := fmt.Sprintf(workflowText, r.Repo, p, r.Branch, t)
 	markdown := fmt.Sprintf(workflowMarkdown, r.Repo, p, r.Branch, t)
 
-	return &rule.Remediation{
+	return &probe.Remediation{
 		Text:     text,
 		Markdown: markdown,
 	}
@@ -101,7 +101,7 @@ func (c CraneDigester) Digest(name string) (string, error) {
 }
 
 // CreateDockerfilePinningRemediation create remediation for pinning Dockerfile images.
-func CreateDockerfilePinningRemediation(dep *checker.Dependency, digester Digester) *rule.Remediation {
+func CreateDockerfilePinningRemediation(dep *checker.Dependency, digester Digester) *probe.Remediation {
 	name, ok := dockerImageName(dep)
 	if !ok {
 		return nil
@@ -115,7 +115,7 @@ func CreateDockerfilePinningRemediation(dep *checker.Dependency, digester Digest
 	text := fmt.Sprintf(dockerfilePinText, name, hash)
 	markdown := text
 
-	return &rule.Remediation{
+	return &probe.Remediation{
 		Text:     text,
 		Markdown: markdown,
 	}

@@ -23,7 +23,7 @@ import (
 
 	"github.com/ossf/scorecard/v4/checker"
 	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
-	"github.com/ossf/scorecard/v4/rule"
+	"github.com/ossf/scorecard/v4/finding/probe"
 )
 
 func TestRepeatedSetup(t *testing.T) {
@@ -75,7 +75,7 @@ func TestCreateDockerfilePinningRemediation(t *testing.T) {
 	t.Parallel()
 
 	tests := []struct {
-		expected *rule.Remediation
+		expected *probe.Remediation
 		dep      checker.Dependency
 		name     string
 	}{
@@ -90,7 +90,7 @@ func TestCreateDockerfilePinningRemediation(t *testing.T) {
 				Name: asPointer("foo"),
 				Type: checker.DependencyUseTypeDockerfileContainerImage,
 			},
-			expected: &rule.Remediation{
+			expected: &probe.Remediation{
 				Text:     "pin your Docker image by updating foo to foo@sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
 				Markdown: "pin your Docker image by updating foo to foo@sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
 			},
@@ -103,7 +103,7 @@ func TestCreateDockerfilePinningRemediation(t *testing.T) {
 				PinnedAt: asPointer("11"),
 				Type:     checker.DependencyUseTypeDockerfileContainerImage,
 			},
-			expected: &rule.Remediation{
+			expected: &probe.Remediation{
 				Text:     "pin your Docker image by updating amazoncorretto:11 to amazoncorretto:11@sha256:b1a711069b801a325a30885f08f5067b2b102232379750dda4d25a016afd9a88",
 				Markdown: "pin your Docker image by updating amazoncorretto:11 to amazoncorretto:11@sha256:b1a711069b801a325a30885f08f5067b2b102232379750dda4d25a016afd9a88",
 			},
@@ -143,7 +143,7 @@ func TestCreateWorkflowPinningRemediation(t *testing.T) {
 	t.Parallel()
 
 	tests := []struct {
-		expected *rule.Remediation
+		expected *probe.Remediation
 		name     string
 		branch   string
 		repo     string
@@ -154,7 +154,7 @@ func TestCreateWorkflowPinningRemediation(t *testing.T) {
 			branch:   "main",
 			repo:     "ossf/scorecard",
 			filepath: ".github/workflows/scorecard.yml",
-			expected: &rule.Remediation{
+			expected: &probe.Remediation{
 				Text:     fmt.Sprintf(workflowText, "ossf/scorecard", "scorecard.yml", "main", "pin"),
 				Markdown: fmt.Sprintf(workflowMarkdown, "ossf/scorecard", "scorecard.yml", "main", "pin"),
 			},