✨ Raw results for dangerous workflow (#1849)

* draft * update * update * updates * comments * comments * comments
ossf · Apr 21, 2022 · 4622952 · 4622952
1 parent 72e2486
commit 4622952
Show file tree

Hide file tree

Showing 8 changed files with 1,008 additions and 927 deletions.
diff --git a/checker/raw_result.go b/checker/raw_result.go
@@ -20,6 +20,7 @@ import "time"
 // is applied.
 //nolint
 type RawResults struct {
+	DangerousWorkflowResults    DangerousWorkflowData
 	VulnerabilitiesResults      VulnerabilitiesData
 	BinaryArtifactResults       BinaryArtifactData
 	SecurityPolicyResults       SecurityPolicyData
@@ -256,3 +257,36 @@ type ReleaseAsset struct {
 	Name string
 	URL  string
 }
+
+// DangerousWorkflowData contains raw results
+// for dangerous workflow check.
+type DangerousWorkflowData struct {
+	ScriptInjections     []ScriptInjection
+	SecretInPullRequests []EncryptedSecret
+	UntrustedCheckouts   []UntrustedCheckout
+	// TODO: other
+}
+
+// UntrustedCheckout represents an untrusted checkout.
+type UntrustedCheckout struct {
+	Job  *WorkflowJob
+	File File
+}
+
+// ScriptInjection represents a script injection.
+type ScriptInjection struct {
+	Job  *WorkflowJob
+	File File
+}
+
+// EncryptedSecret represents an encrypted secret.
+type EncryptedSecret struct {
+	Job  *WorkflowJob
+	File File
+}
+
+// WorkflowJob reprresents a workflow job.
+type WorkflowJob struct {
+	Name *string
+	ID   *string
+}