checker

package
v4.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2022 License: Apache-2.0 Imports: 13 Imported by: 4

Documentation

Overview

Package checker includes structs and functions used for running a check.

Index

Constants

View Source 
const (
	// MaxResultScore is the best score that can be given by a check.
	MaxResultScore = 10
	// MinResultScore is the worst score that can be given by a check.
	MinResultScore = 0
	// InconclusiveResultScore is returned when no reliable information can be retrieved by a check.
	InconclusiveResultScore = -1

	// OffsetDefault is used if we can't determine the offset, for example when referencing a file but not a
	// specific location in the file.
	OffsetDefault = uint(1)
)

Variables

This section is empty.

Functions

func AggregateScores 

func AggregateScores(scores ...int) int

AggregateScores adds up all scores and normalizes the result. Each score contributes equally.

func AggregateScoresWithWeight 

func AggregateScoresWithWeight(scores map[int]int) int

AggregateScoresWithWeight adds up all scores and normalizes the result.

func CreateProportionalScore 

func CreateProportionalScore(success, total int) int

CreateProportionalScore creates a proportional score.

func GetClients added in v4.2.0 

func GetClients(ctx context.Context, repoURI, localURI string, logger *log.Logger) (
	clients.Repo,
	clients.RepoClient,
	clients.RepoClient,
	clients.CIIBestPracticesClient,
	clients.VulnerabilitiesClient,
	error,
)

GetClients returns a list of clients for running scorecard checks. TODO(repo): Pass a `http.RoundTripper` here.

func NormalizeReason 

func NormalizeReason(reason string, score int) string

NormalizeReason - placeholder function if we want to update range of scores.

Types

type ArchivedStatus added in v4.2.0 

type ArchivedStatus struct {
	Status bool
}

ArchivedStatus definess the archived status.

type BinaryArtifactData 

type BinaryArtifactData struct {
	// Files contains a list of files.
	Files []File
}

BinaryArtifactData contains the raw results for the Binary-Artifact check.

type BranchProtectionData 

type BranchProtectionData struct {
	Protected                           *bool
	AllowsDeletions                     *bool
	AllowsForcePushes                   *bool
	RequiresCodeOwnerReviews            *bool
	RequiresLinearHistory               *bool
	DismissesStaleReviews               *bool
	EnforcesAdmins                      *bool
	RequiresStatusChecks                *bool
	RequiresUpToDateBranchBeforeMerging *bool
	RequiredApprovingReviewCount        *int
	// StatusCheckContexts is always available, so
	// we don't use a pointer.
	StatusCheckContexts []string
	Name                string
}

BranchProtectionData contains the raw results for one branch.

type BranchProtectionsData 

type BranchProtectionsData struct {
	Branches []BranchProtectionData
}

BranchProtectionsData contains the raw results for the Branch-Protection check.

type CIIBadge added in v4.3.0 

type CIIBadge string

CIIBadge corresponds to CII-Best-Practices badges. https://bestpractices.coreinfrastructure.org/en 

const (
	// CIIBadgeUnknown or non-parsable CII Best Practices badge.
	CIIBadgeUnknown CIIBadge = "unknown"
	// CIIBadgeNotFound represents when CII Best Practices returns an empty response for a project.
	CIIBadgeNotFound CIIBadge = "not_found"
	// CIIBadgeInProgress state of CII Best Practices badge.
	CIIBadgeInProgress CIIBadge = "in_progress"
	// CIIBadgePassing  for CII Best Practices badge.
	CIIBadgePassing CIIBadge = "passing"
	// CIIBadgeSilver  for CII Best Practices badge.
	CIIBadgeSilver CIIBadge = "silver"
	// CIIBadgeGold  for CII Best Practices badge.
	CIIBadgeGold CIIBadge = "gold"
)

type CIIBestPracticesData added in v4.3.0 

type CIIBestPracticesData struct {
	Badge CIIBadge
}

CIIBestPracticesData contains data foor CIIBestPractices check.

type Check added in v4.1.0 

type Check struct {
	Fn                    CheckFn
	SupportedRequestTypes []RequestType
}

Check defines a Scorecard check fn and its supported request types.

type CheckDetail 

type CheckDetail struct {
	Msg  LogMessage
	Type DetailType // Any of DetailWarn, DetailInfo, DetailDebug.
}

CheckDetail contains information for each detail.

type CheckFn 

type CheckFn func(*CheckRequest) CheckResult

CheckFn defined for convenience.

type CheckNameToFnMap 

type CheckNameToFnMap map[string]Check

CheckNameToFnMap defined here for convenience.

type CheckRequest 

type CheckRequest struct {
	Ctx                   context.Context
	RepoClient            clients.RepoClient
	CIIClient             clients.CIIBestPracticesClient
	OssFuzzRepo           clients.RepoClient
	Dlogger               DetailLogger
	Repo                  clients.Repo
	VulnerabilitiesClient clients.VulnerabilitiesClient
	// UPGRADEv6: return raw results instead of scores.
	RawResults    *RawResults
	RequiredTypes []RequestType
}

CheckRequest struct encapsulates all data to be passed into a CheckFn.

type CheckResult 

type CheckResult struct {
	Name    string
	Version int
	Error   error
	Details []CheckDetail
	Score   int
	Reason  string
}

CheckResult captures result from a check run. nolint:govet

func CreateInconclusiveResult 

func CreateInconclusiveResult(name, reason string) CheckResult

CreateInconclusiveResult is used when the check runs without runtime errors, but we don't have enough evidence to set a score.

func CreateMaxScoreResult 

func CreateMaxScoreResult(name, reason string) CheckResult

CreateMaxScoreResult is used when the check runs without runtime errors and we can assign a maximum score to the result.

func CreateMinScoreResult 

func CreateMinScoreResult(name, reason string) CheckResult

CreateMinScoreResult is used when the check runs without runtime errors and we can assign a minimum score to the result.

func CreateProportionalScoreResult 

func CreateProportionalScoreResult(name, reason string, b, t int) CheckResult

CreateProportionalScoreResult is used when the check runs without runtime errors and we assign a proportional score. This may be used if a check contains multiple tests and we want to assign a score proportional the the number of tests that succeeded.

func CreateResultWithScore 

func CreateResultWithScore(name, reason string, score int) CheckResult

CreateResultWithScore is used when the check runs without runtime errors and we want to assign a specific score.

func CreateRuntimeErrorResult 

func CreateRuntimeErrorResult(name string, e error) CheckResult

CreateRuntimeErrorResult is used when the check fails to run because of a runtime error.

type CodeReviewData added in v4.1.0 

type CodeReviewData struct {
	DefaultBranchCommits []DefaultBranchCommit
}

CodeReviewData contains the raw results for the Code-Review check.

type Comment added in v4.2.0 

type Comment struct {
	CreatedAt *time.Time
	Author    *User
}

Comment represents a comment for a pull request or an issue.

type DangerousWorkflow added in v4.3.0 

type DangerousWorkflow struct {
	Job  *WorkflowJob
	File File
	Type DangerousWorkflowType
}

DangerousWorkflow represents a dangerous workflow.

type DangerousWorkflowData added in v4.2.0 

type DangerousWorkflowData struct {
	Workflows []DangerousWorkflow
}

DangerousWorkflowData contains raw results for dangerous workflow check.

type DangerousWorkflowType added in v4.3.0 

type DangerousWorkflowType int

DangerousWorkflowType represents a type of dangerous workflow. 

const (
	// DangerousWorkflowScriptInjection represents a script injection.
	DangerousWorkflowScriptInjection DangerousWorkflowType = iota
	// DangerousWorkflowUntrustedCheckout represents an untrusted checkout.
	DangerousWorkflowUntrustedCheckout
)

type DefaultBranchCommit added in v4.1.0 

type DefaultBranchCommit struct {
	// Fields below are taken directly from cloud
	// version control systems, e.g. GitHub.
	SHA           string
	CommitMessage string
	MergeRequest  *MergeRequest
	CommitDate    *time.Time
	Committer     User
}

DefaultBranchCommit represents a commit to the default branch.

type DependencyUpdateToolData 

type DependencyUpdateToolData struct {
	// Tools contains a list of tools.
	// Note: we only populate one entry at most.
	Tools []Tool
}

DependencyUpdateToolData contains the raw results for the Dependency-Update-Tool check.

type DetailLogger 

type DetailLogger interface {
	Info(msg *LogMessage)
	Warn(msg *LogMessage)
	Debug(msg *LogMessage)
	// Flush resets the logger state and returns collected logs.
	Flush() []CheckDetail
}

DetailLogger logs a CheckDetail struct.

func NewLogger added in v4.2.0 

func NewLogger() DetailLogger

NewLogger creates a new instance of `DetailLogger`.

type DetailType 

type DetailType int

DetailType is the type of details. 

const (
	// DetailInfo is info-level log.
	DetailInfo DetailType = iota
	// DetailWarn is warn log.
	DetailWarn
	// DetailDebug is debug log.
	DetailDebug
)

type File 

type File struct {
	Path    string
	Snippet string   // Snippet of code
	Offset  uint     // Offset in the file of Path (line for source/text files).
	Type    FileType // Type of file.

}

File represents a file.

type FileType 

type FileType int

FileType is the type of a file. 

const (
	// FileTypeNone is a default, not defined.
	// FileTypeNone must be `0`.
	FileTypeNone FileType = iota
	// FileTypeSource is for source code files.
	FileTypeSource
	// FileTypeBinary is for binary files.
	FileTypeBinary
	// FileTypeText is for text files.
	FileTypeText
	// FileTypeURL for URLs.
	FileTypeURL
)

type Issue 

type Issue struct {
	CreatedAt *time.Time
	Author    *User
	URL       string
	Comments  []Comment
}

Issue represents an issue.

type LicenseData added in v4.2.0 

type LicenseData struct {
	Files []File
}

LicenseData contains the raw results for the License check.

type LogMessage 

type LogMessage struct {
	Text        string       // A short string explaining why the detail was recorded/logged.
	Path        string       // Fullpath to the file.
	Type        FileType     // Type of file.
	Offset      uint         // Offset in the file of Path (line for source/text files).
	EndOffset   uint         // End of offset in the file, e.g. if the command spans multiple lines.
	Snippet     string       // Snippet of code
	Remediation *Remediation // Remediation information, if any.
}

LogMessage is a structure that encapsulates detail's information. This allows updating the definition easily. nolint:govet

type MaintainedData added in v4.2.0 

type MaintainedData struct {
	Issues               []Issue
	DefaultBranchCommits []DefaultBranchCommit
	ArchivedStatus       ArchivedStatus
}

MaintainedData contains the raw results for the Maintained check.

type MergeRequest 

type MergeRequest struct {
	Number   int
	Labels   []string
	Reviews  []Review
	Author   User
	MergedAt time.Time
}

MergeRequest represents a merge request. nolint:govet

type RawResults 

type RawResults struct {
	CIIBestPracticesResults     CIIBestPracticesData
	DangerousWorkflowResults    DangerousWorkflowData
	VulnerabilitiesResults      VulnerabilitiesData
	BinaryArtifactResults       BinaryArtifactData
	SecurityPolicyResults       SecurityPolicyData
	DependencyUpdateToolResults DependencyUpdateToolData
	BranchProtectionResults     BranchProtectionsData
	CodeReviewResults           CodeReviewData
	WebhookResults              WebhooksData
	MaintainedResults           MaintainedData
	SignedReleasesResults       SignedReleasesData
	LicenseResults              LicenseData
}

RawResults contains results before a policy is applied. nolint

type Release added in v4.2.0 

type Release struct {
	Tag    string
	URL    string
	Assets []ReleaseAsset
}

Release represents a project release.

type ReleaseAsset added in v4.2.0 

type ReleaseAsset struct {
	Name string
	URL  string
}

ReleaseAsset represents a release asset.

type Remediation added in v4.3.0 

type Remediation struct {
	// Code snippet for humans.
	Snippet string
	// Diff for machines.
	Diff string
	// Help text for humans.
	HelpText string
	// Help text in markdown format for humans.
	HelpMarkdown string
}

Remediation represents a remediation.

type RepoAssociation added in v4.2.0 

type RepoAssociation string

RepoAssociation represents a user relationship with a repo. 

const (
	// RepoAssociationCollaborator has been invited to collaborate on the repository.
	RepoAssociationCollaborator RepoAssociation = RepoAssociation("collaborator")
	// RepoAssociationContributor is an contributor to the repository.
	RepoAssociationContributor RepoAssociation = RepoAssociation("contributor")
	// RepoAssociationOwner is an owner of the repository.
	RepoAssociationOwner RepoAssociation = RepoAssociation("owner")
	// RepoAssociationMember is a member of the organization that owns the repository.
	RepoAssociationMember RepoAssociation = RepoAssociation("member")
	// RepoAssociationFirstTimer has previously committed to the repository.
	RepoAssociationFirstTimer RepoAssociation = RepoAssociation("first-timer")
	// RepoAssociationFirstTimeContributor has not previously committed to the repository.
	RepoAssociationFirstTimeContributor RepoAssociation = RepoAssociation("first-timer-contributor")
	// RepoAssociationMannequin is a placeholder for an unclaimed user.
	RepoAssociationMannequin RepoAssociation = RepoAssociation("unknown")
	// RepoAssociationNone has no association with the repository.
	RepoAssociationNone RepoAssociation = RepoAssociation("none")
)

type RequestType added in v4.1.0 

type RequestType int

RequestType identifies special requirements/attributes that need to be supported by checks. 

const (
	// FileBased request types require checks to run solely on file-content.
	FileBased RequestType = iota
	// CommitBased request types require checks to run on non-HEAD commit content.
	CommitBased
)

func ListUnsupported added in v4.1.0 

func ListUnsupported(required, supported []RequestType) []RequestType

ListUnsupported returns []RequestType not in `supported` and are `required`.

type Review added in v4.1.0 

type Review struct {
	Reviewer User
	State    string
}

Review represent a review using the built-in review system.

type Run 

type Run struct {
	URL string
}

Run represents a run.

type Runner 

type Runner struct {
	CheckName    string
	Repo         string
	CheckRequest CheckRequest
}

Runner runs a check with retries.

func NewRunner added in v4.2.0 

func NewRunner(checkName, repo string, checkReq *CheckRequest) *Runner

NewRunner creates a new instance of `Runner`.

func (*Runner) Run 

func (r *Runner) Run(ctx context.Context, c Check) CheckResult

Run runs a given check.

func (*Runner) SetCheckName added in v4.2.0 

func (r *Runner) SetCheckName(check string)

SetCheckName sets the check name.

func (*Runner) SetCheckRequest added in v4.2.0 

func (r *Runner) SetCheckRequest(checkReq *CheckRequest)

SetCheckRequest sets the check request.

func (*Runner) SetRepo added in v4.2.0 

func (r *Runner) SetRepo(repo string)

SetRepo sets the repository.

type SecurityPolicyData 

type SecurityPolicyData struct {
	// Files contains a list of files.
	Files []File
}

SecurityPolicyData contains the raw results for the Security-Policy check.

type SignedReleasesData added in v4.2.0 

type SignedReleasesData struct {
	Releases []Release
}

SignedReleasesData contains the raw results for the Signed-Releases check.

type Tool 

type Tool struct {
	// Runs of the tool.
	Runs []Run
	// Issues created by the tool.
	Issues []Issue
	// Merge requests created by the tool.
	MergeRequests []MergeRequest
	Name          string
	URL           string
	Desc          string
	ConfigFiles   []File
}

Tool represents a tool.

type User added in v4.1.0 

type User struct {
	RepoAssociation *RepoAssociation
	Login           string
}

User represent a user.

type VulnerabilitiesData added in v4.1.0 

type VulnerabilitiesData struct {
	Vulnerabilities []Vulnerability
}

VulnerabilitiesData contains the raw results for the Vulnerabilities check.

type Vulnerability added in v4.1.0 

type Vulnerability struct {
	// For OSV: OSV-2020-484
	// For CVE: CVE-2022-23945
	ID string
}

Vulnerability defines a vulnerability from a database.

type WebhookData added in v4.2.0 

type WebhookData struct {
	Path           string
	ID             int64
	UsesAuthSecret bool
}

WebhookData contains the raw results for webhook check.

type WebhooksData added in v4.2.0 

type WebhooksData struct {
	Webhook []WebhookData
}

WebhooksData contains the raw results for the Webhook check.

type WorkflowJob added in v4.2.0 

type WorkflowJob struct {
	Name *string
	ID   *string
}

WorkflowJob reprresents a workflow job.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.