updates

ossf · May 2, 2022 · 7b73cb5 · 7b73cb5
1 parent 38cbf5f
commit 7b73cb5
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 38 deletions.
diff --git a/checks/pinned_dependencies.go b/checks/pinned_dependencies.go
@@ -236,14 +236,6 @@ func createReturnForIsShellScriptFreeOfInsecureDownloads(r pinnedResult,
 		dl, err)
 }
 
-func testValidateShellScriptIsFreeOfInsecureDownloads(pathfn string,
-	content []byte, dl checker.DetailLogger,
-) (int, error) {
-	var r pinnedResult
-	_, err := validateShellScriptIsFreeOfInsecureDownloads(pathfn, content, dl, &r)
-	return createReturnForIsShellScriptFreeOfInsecureDownloads(r, dl, err)
-}
-
 var validateShellScriptIsFreeOfInsecureDownloads fileparser.DoWhileTrueOnFileContent = func(
 	pathfn string,
 	content []byte,
@@ -294,14 +286,6 @@ func createReturnForIsDockerfileFreeOfInsecureDownloads(r pinnedResult,
 		dl, err)
 }
 
-func testValidateDockerfileIsFreeOfInsecureDownloads(pathfn string,
-	content []byte, dl checker.DetailLogger,
-) (int, error) {
-	var r pinnedResult
-	_, err := validateDockerfileIsFreeOfInsecureDownloads(pathfn, content, dl, &r)
-	return createReturnForIsDockerfileFreeOfInsecureDownloads(r, dl, err)
-}
-
 func isDockerfile(pathfn string, content []byte) bool {
 	if strings.HasSuffix(pathfn, ".go") ||
 		strings.HasSuffix(pathfn, ".c") ||
@@ -402,12 +386,6 @@ func createReturnForIsDockerfilePinned(r pinnedResult, dl checker.DetailLogger,
 		dl, err)
 }
 
-func testValidateDockerfileIsPinned(pathfn string, content []byte, dl checker.DetailLogger) (int, error) {
-	var r pinnedResult
-	_, err := validateDockerfileIsPinned(pathfn, content, dl, &r)
-	return createReturnForIsDockerfilePinned(r, dl, err)
-}
-
 var validateDockerfileIsPinned fileparser.DoWhileTrueOnFileContent = func(
 	pathfn string,
 	content []byte,
@@ -542,14 +520,6 @@ func createReturnForIsGitHubWorkflowScriptFreeOfInsecureDownloads(r pinnedResult
 		dl, err)
 }
 
-func testValidateGitHubWorkflowScriptFreeOfInsecureDownloads(pathfn string,
-	content []byte, dl checker.DetailLogger,
-) (int, error) {
-	var r pinnedResult
-	_, err := validateGitHubWorkflowIsFreeOfInsecureDownloads(pathfn, content, dl, &r)
-	return createReturnForIsGitHubWorkflowScriptFreeOfInsecureDownloads(r, dl, err)
-}
-
 // validateGitHubWorkflowIsFreeOfInsecureDownloads checks if the workflow file downloads dependencies that are unpinned.
 // Returns true if the check should continue executing after this file.
 var validateGitHubWorkflowIsFreeOfInsecureDownloads fileparser.DoWhileTrueOnFileContent = func(
@@ -654,12 +624,6 @@ func createReturnForIsGitHubActionsWorkflowPinned(r worklowPinningResult, dl che
 		dl, err)
 }
 
-func testIsGitHubActionsWorkflowPinned(pathfn string, content []byte, dl checker.DetailLogger) (int, error) {
-	var r worklowPinningResult
-	_, err := validateGitHubActionWorkflow(pathfn, content, dl, &r)
-	return createReturnForIsGitHubActionsWorkflowPinned(r, dl, err)
-}
-
 func generateOwnerToDisplay(gitHubOwned bool) string {
 	if gitHubOwned {
 		return "GitHub-owned"

diff --git a/checks/pinned_dependencies_test.go b/checks/pinned_dependencies_test.go
@@ -1115,6 +1115,17 @@ func TestShellScriptDownload(t *testing.T) {
 				NumberOfDebug: 0,
 			},
 		},
+		{
+			name:     "invalid shell script",
+			filename: "./testdata/script-invalid.sh",
+			expected: scut.TestReturn{
+				Error:         nil,
+				Score:         checker.MaxResultScore,
+				NumberOfWarn:  0,
+				NumberOfInfo:  1,
+				NumberOfDebug: 1,
+			},
+		},
 	}
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
@@ -1614,3 +1625,39 @@ func Test_maxScore(t *testing.T) {
 		})
 	}
 }
+
+func testValidateShellScriptIsFreeOfInsecureDownloads(pathfn string,
+	content []byte, dl checker.DetailLogger,
+) (int, error) {
+	var r pinnedResult
+	_, err := validateShellScriptIsFreeOfInsecureDownloads(pathfn, content, dl, &r)
+	return createReturnForIsShellScriptFreeOfInsecureDownloads(r, dl, err)
+}
+
+func testValidateDockerfileIsFreeOfInsecureDownloads(pathfn string,
+	content []byte, dl checker.DetailLogger,
+) (int, error) {
+	var r pinnedResult
+	_, err := validateDockerfileIsFreeOfInsecureDownloads(pathfn, content, dl, &r)
+	return createReturnForIsDockerfileFreeOfInsecureDownloads(r, dl, err)
+}
+
+func testValidateDockerfileIsPinned(pathfn string, content []byte, dl checker.DetailLogger) (int, error) {
+	var r pinnedResult
+	_, err := validateDockerfileIsPinned(pathfn, content, dl, &r)
+	return createReturnForIsDockerfilePinned(r, dl, err)
+}
+
+func testValidateGitHubWorkflowScriptFreeOfInsecureDownloads(pathfn string,
+	content []byte, dl checker.DetailLogger,
+) (int, error) {
+	var r pinnedResult
+	_, err := validateGitHubWorkflowIsFreeOfInsecureDownloads(pathfn, content, dl, &r)
+	return createReturnForIsGitHubWorkflowScriptFreeOfInsecureDownloads(r, dl, err)
+}
+
+func testIsGitHubActionsWorkflowPinned(pathfn string, content []byte, dl checker.DetailLogger) (int, error) {
+	var r worklowPinningResult
+	_, err := validateGitHubActionWorkflow(pathfn, content, dl, &r)
+	return createReturnForIsGitHubActionsWorkflowPinned(r, dl, err)
+}
diff --git a/checks/shell_download_validate_test.go b/checks/shell_download_validate_test.go
@@ -101,7 +101,7 @@ func TestValidateShellFile(t *testing.T) {
 	}
 	dl := scut.TestDetailLogger{}
 	_, err = validateShellFile(filename, 0, 0, content, map[string]bool{}, &dl)
-	if err != nil {
-		t.Errorf("failed to discard shell parsing error: %v", err)
+	if err == nil {
+		t.Errorf("failed to detect shell parsing error: %v", err)
 	}
 }