Raw results for best practices badge

ossf · Mar 29, 2022 · 7140ed8 · 7140ed8
1 parent c428e31
commit 7140ed8
Show file tree

Hide file tree

Showing 5 changed files with 176 additions and 35 deletions.
diff --git a/checker/raw_result.go b/checker/raw_result.go
@@ -19,6 +19,7 @@ import "time"
 // RawResults contains results before a policy
 // is applied.
 type RawResults struct {
+	CIIBestPracticesResults     CIIBestPracticesData
 	VulnerabilitiesResults      VulnerabilitiesData
 	BinaryArtifactResults       BinaryArtifactData
 	SecurityPolicyResults       SecurityPolicyData
@@ -212,3 +213,27 @@ type Vulnerability struct {
 	ID string
 	// TODO(vuln): Add additional fields, if needed.
 }
+
+// CIIBadge corresponds to CII-Best-Practices badges.
+// https://bestpractices.coreinfrastructure.org/en
+type CIIBadge string
+
+const (
+	// CIIBadgeUnknown or non-parsable CII Best Practices badge.
+	CIIBadgeUnknown CIIBadge = "unknown"
+	// CIIBadgeNotFound represents when CII Best Practices returns an empty response for a project.
+	CIIBadgeNotFound CIIBadge = "not_found"
+	// CIIBadgeInProgress state of CII Best Practices badge.
+	CIIBadgeInProgress CIIBadge = "in_progress"
+	// CIIBadgePassing  for CII Best Practices badge.
+	CIIBadgePassing CIIBadge = "passing"
+	// CIIBadgeSilver  for CII Best Practices badge.
+	CIIBadgeSilver CIIBadge = "silver"
+	// CIIBadgeGold  for CII Best Practices badge.
+	CIIBadgeGold CIIBadge = "gold"
+)
+
+// CIIBestPracticesData contains data foor CIIBestPractices check.
+type CIIBestPracticesData struct {
+	Badge CIIBadge
+}
diff --git a/checks/cii_best_practices.go b/checks/cii_best_practices.go
@@ -15,22 +15,14 @@
 package checks
 
 import (
-	"fmt"
-
 	"github.com/ossf/scorecard/v4/checker"
-	"github.com/ossf/scorecard/v4/clients"
+	"github.com/ossf/scorecard/v4/checks/evaluation"
+	"github.com/ossf/scorecard/v4/checks/raw"
 	sce "github.com/ossf/scorecard/v4/errors"
 )
 
-const (
-	// CheckCIIBestPractices is the registered name for CIIBestPractices.
-	CheckCIIBestPractices = "CII-Best-Practices"
-	silverScore           = 7
-	// Note: if this value is changed, please update the action's threshold score
-	// https://github.com/ossf/scorecard-action/blob/main/policies/template.yml#L61.
-	passingScore    = 5
-	inProgressScore = 2
-)
+// CheckCIIBestPractices is the registered name for CIIBestPractices.
+const CheckCIIBestPractices = "CII-Best-Practices"
 
 //nolint:gochecknoinits
 func init() {
@@ -40,31 +32,19 @@ func init() {
 	}
 }
 
-// CIIBestPractices runs CII-Best-Practices check.
+// CodeReview will check if the maintainers perform code review.
 func CIIBestPractices(c *checker.CheckRequest) checker.CheckResult {
-	if c.CIIClient == nil {
-		return checker.CreateInconclusiveResult(CheckCIIBestPractices, "CII client is nil")
+	rawData, err := raw.CIIBestPractices(c)
+	if err != nil {
+		e := sce.WithMessage(sce.ErrScorecardInternal, err.Error())
+		return checker.CreateRuntimeErrorResult(CheckCIIBestPractices, e)
 	}
 
-	// TODO: not supported for local clients.
-	badgeLevel, err := c.CIIClient.GetBadgeLevel(c.Ctx, c.Repo.URI())
-	if err == nil {
-		switch badgeLevel {
-		case clients.NotFound:
-			return checker.CreateMinScoreResult(CheckCIIBestPractices, "no badge detected")
-		case clients.InProgress:
-			return checker.CreateResultWithScore(CheckCIIBestPractices, "badge detected: in_progress", inProgressScore)
-		case clients.Passing:
-			return checker.CreateResultWithScore(CheckCIIBestPractices, "badge detected: passing", passingScore)
-		case clients.Silver:
-			return checker.CreateResultWithScore(CheckCIIBestPractices, "badge detected: silver", silverScore)
-		case clients.Gold:
-			return checker.CreateMaxScoreResult(CheckCIIBestPractices, "badge detected: gold")
-		case clients.Unknown:
-			e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("unsupported badge: %v", badgeLevel))
-			return checker.CreateRuntimeErrorResult(CheckCIIBestPractices, e)
-		}
+	// Return raw results.
+	if c.RawResults != nil {
+		c.RawResults.CIIBestPracticesResults = rawData
 	}
-	e := sce.WithMessage(sce.ErrScorecardInternal, err.Error())
-	return checker.CreateRuntimeErrorResult(CheckCIIBestPractices, e)
+
+	// Return the score evaluation.
+	return evaluation.CIIBestPractices(CheckCIIBestPractices, c.Dlogger, &rawData)
 }
diff --git a/checks/evaluation/cii_best_practices.go b/checks/evaluation/cii_best_practices.go
@@ -0,0 +1,57 @@
+// Copyright Security Scorecard Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package evaluation
+
+import (
+	"fmt"
+
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
+)
+
+const (
+	silverScore = 7
+	// Note: if this value is changed, please update the action's threshold score
+	// https://github.com/ossf/scorecard-action/blob/main/policies/template.yml#L61.
+	passingScore    = 5
+	inProgressScore = 2
+)
+
+// CIIBestPractices applies the score policy for the CIIBestPractices check.
+func CIIBestPractices(name string, dl checker.DetailLogger, r *checker.CIIBestPracticesData) checker.CheckResult {
+	if r == nil {
+		e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
+		return checker.CreateRuntimeErrorResult(name, e)
+	}
+
+	var results checker.CheckResult
+	switch r.Badge {
+	case checker.CIIBadgeNotFound:
+		results = checker.CreateMinScoreResult(name, "no badge detected")
+	case checker.CIIBadgeInProgress:
+		results = checker.CreateResultWithScore(name, "badge detected: in_progress", inProgressScore)
+	case checker.CIIBadgePassing:
+		results = checker.CreateResultWithScore(name, "badge detected: passing", passingScore)
+	case checker.CIIBadgeSilver:
+		results = checker.CreateResultWithScore(name, "badge detected: silver", silverScore)
+	case checker.CIIBadgeGold:
+		results = checker.CreateMaxScoreResult(name, "badge detected: gold")
+	case checker.CIIBadgeUnknown:
+		e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("unsupported badge: %v", r.Badge))
+		results = checker.CreateRuntimeErrorResult(name, e)
+	}
+
+	return results
+}
diff --git a/checks/raw/cii_best_practices.go b/checks/raw/cii_best_practices.go
@@ -0,0 +1,55 @@
+// Copyright 2022 Security Scorecard Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package raw
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+)
+
+var errEmptyClient = errors.New("CII client is nil")
+
+// CIIBestPractices retrieves the raw data for the CIIBestPractices check.
+func CIIBestPractices(c *checker.CheckRequest) (checker.CIIBestPracticesData, error) {
+	var results checker.CIIBestPracticesData
+	if c.CIIClient == nil {
+		return results, fmt.Errorf("%w", errEmptyClient)
+	}
+
+	badge, err := c.CIIClient.GetBadgeLevel(c.Ctx, c.Repo.URI())
+	if err != nil {
+		return results, fmt.Errorf("%w", err)
+	}
+
+	switch badge {
+	case clients.NotFound:
+		results.Badge = checker.CIIBadgeNotFound
+	case clients.InProgress:
+		results.Badge = checker.CIIBadgeInProgress
+	case clients.Passing:
+		results.Badge = checker.CIIBadgePassing
+	case clients.Silver:
+		results.Badge = checker.CIIBadgeSilver
+	case clients.Gold:
+		results.Badge = checker.CIIBadgeGold
+	case clients.Unknown:
+		results.Badge = checker.CIIBadgeUnknown
+	}
+
+	return results, nil
+}
diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go
@@ -123,6 +123,16 @@ type jsonRawResults struct {
 	// List of recent issues.
 	RecentIssues []jsonIssue `json:"issues"`
 	// List of vulnerabilities.
+}
+
+type jsonOssfBestPractices struct {
+	Badge string `json:"badge"`
+}
+
+type jsonRawResults struct {
+	// OSSF best practices badge.
+	OssfBestPractices jsonOssfBestPractices `json:"openssf-best-practices-badge"`
+	// Vulnerabilities.
 	DatabaseVulnerabilities []jsonDatabaseVulnerability `json:"database-vulnerabilities"`
 	// List of binaries found in the repo.
 	Binaries []jsonFile `json:"binaries"`
@@ -198,6 +208,15 @@ func (r *jsonScorecardRawResult) setDefaultCommitData(commits []checker.DefaultB
 		return nil
 	}
 
+
+//nolint:unparam
+func (r *jsonScorecardRawResult) addOssfBestPracticesRawResults(cbp *checker.CIIBestPracticesData) error {
+	r.Results.OssfBestPractices.Badge = string(cbp.Badge)
+	return nil
+}
+
+//nolint:unparam
+func (r *jsonScorecardRawResult) addCodeReviewRawResults(cr *checker.CodeReviewData) error {
 	r.Results.DefaultBranchCommits = []jsonDefaultBranchCommit{}
 	for _, commit := range commits {
 		com := jsonDefaultBranchCommit{
@@ -367,6 +386,11 @@ func (r *jsonScorecardRawResult) fillJSONRawResults(raw *checker.RawResults) err
 		return sce.WithMessage(sce.ErrScorecardInternal, err.Error())
 	}
 
+	// CII-Best-Practices.
+	if err := r.addOssfBestPracticesRawResults(&raw.CIIBestPracticesResults); err != nil {
+		return sce.WithMessage(sce.ErrScorecardInternal, err.Error())
+	}
+
 	return nil
 }