From 7b73cb533d1430e3849d8ab2b1c714d8fe06c688 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 2 May 2022 16:13:03 +0000 Subject: [PATCH] updates --- checks/pinned_dependencies.go | 36 -------------------- checks/pinned_dependencies_test.go | 47 ++++++++++++++++++++++++++ checks/shell_download_validate_test.go | 4 +-- 3 files changed, 49 insertions(+), 38 deletions(-) diff --git a/checks/pinned_dependencies.go b/checks/pinned_dependencies.go index c8e731a2c36c..7c4a66a4503c 100644 --- a/checks/pinned_dependencies.go +++ b/checks/pinned_dependencies.go @@ -236,14 +236,6 @@ func createReturnForIsShellScriptFreeOfInsecureDownloads(r pinnedResult, dl, err) } -func testValidateShellScriptIsFreeOfInsecureDownloads(pathfn string, - content []byte, dl checker.DetailLogger, -) (int, error) { - var r pinnedResult - _, err := validateShellScriptIsFreeOfInsecureDownloads(pathfn, content, dl, &r) - return createReturnForIsShellScriptFreeOfInsecureDownloads(r, dl, err) -} - var validateShellScriptIsFreeOfInsecureDownloads fileparser.DoWhileTrueOnFileContent = func( pathfn string, content []byte, @@ -294,14 +286,6 @@ func createReturnForIsDockerfileFreeOfInsecureDownloads(r pinnedResult, dl, err) } -func testValidateDockerfileIsFreeOfInsecureDownloads(pathfn string, - content []byte, dl checker.DetailLogger, -) (int, error) { - var r pinnedResult - _, err := validateDockerfileIsFreeOfInsecureDownloads(pathfn, content, dl, &r) - return createReturnForIsDockerfileFreeOfInsecureDownloads(r, dl, err) -} - func isDockerfile(pathfn string, content []byte) bool { if strings.HasSuffix(pathfn, ".go") || strings.HasSuffix(pathfn, ".c") || @@ -402,12 +386,6 @@ func createReturnForIsDockerfilePinned(r pinnedResult, dl checker.DetailLogger, dl, err) } -func testValidateDockerfileIsPinned(pathfn string, content []byte, dl checker.DetailLogger) (int, error) { - var r pinnedResult - _, err := validateDockerfileIsPinned(pathfn, content, dl, &r) - return createReturnForIsDockerfilePinned(r, dl, err) -} - var validateDockerfileIsPinned fileparser.DoWhileTrueOnFileContent = func( pathfn string, content []byte, @@ -542,14 +520,6 @@ func createReturnForIsGitHubWorkflowScriptFreeOfInsecureDownloads(r pinnedResult dl, err) } -func testValidateGitHubWorkflowScriptFreeOfInsecureDownloads(pathfn string, - content []byte, dl checker.DetailLogger, -) (int, error) { - var r pinnedResult - _, err := validateGitHubWorkflowIsFreeOfInsecureDownloads(pathfn, content, dl, &r) - return createReturnForIsGitHubWorkflowScriptFreeOfInsecureDownloads(r, dl, err) -} - // validateGitHubWorkflowIsFreeOfInsecureDownloads checks if the workflow file downloads dependencies that are unpinned. // Returns true if the check should continue executing after this file. var validateGitHubWorkflowIsFreeOfInsecureDownloads fileparser.DoWhileTrueOnFileContent = func( @@ -654,12 +624,6 @@ func createReturnForIsGitHubActionsWorkflowPinned(r worklowPinningResult, dl che dl, err) } -func testIsGitHubActionsWorkflowPinned(pathfn string, content []byte, dl checker.DetailLogger) (int, error) { - var r worklowPinningResult - _, err := validateGitHubActionWorkflow(pathfn, content, dl, &r) - return createReturnForIsGitHubActionsWorkflowPinned(r, dl, err) -} - func generateOwnerToDisplay(gitHubOwned bool) string { if gitHubOwned { return "GitHub-owned" diff --git a/checks/pinned_dependencies_test.go b/checks/pinned_dependencies_test.go index 2d9f120d095f..862b6fa9763b 100644 --- a/checks/pinned_dependencies_test.go +++ b/checks/pinned_dependencies_test.go @@ -1115,6 +1115,17 @@ func TestShellScriptDownload(t *testing.T) { NumberOfDebug: 0, }, }, + { + name: "invalid shell script", + filename: "./testdata/script-invalid.sh", + expected: scut.TestReturn{ + Error: nil, + Score: checker.MaxResultScore, + NumberOfWarn: 0, + NumberOfInfo: 1, + NumberOfDebug: 1, + }, + }, } for _, tt := range tests { tt := tt // Re-initializing variable so it is not changed while executing the closure below @@ -1614,3 +1625,39 @@ func Test_maxScore(t *testing.T) { }) } } + +func testValidateShellScriptIsFreeOfInsecureDownloads(pathfn string, + content []byte, dl checker.DetailLogger, +) (int, error) { + var r pinnedResult + _, err := validateShellScriptIsFreeOfInsecureDownloads(pathfn, content, dl, &r) + return createReturnForIsShellScriptFreeOfInsecureDownloads(r, dl, err) +} + +func testValidateDockerfileIsFreeOfInsecureDownloads(pathfn string, + content []byte, dl checker.DetailLogger, +) (int, error) { + var r pinnedResult + _, err := validateDockerfileIsFreeOfInsecureDownloads(pathfn, content, dl, &r) + return createReturnForIsDockerfileFreeOfInsecureDownloads(r, dl, err) +} + +func testValidateDockerfileIsPinned(pathfn string, content []byte, dl checker.DetailLogger) (int, error) { + var r pinnedResult + _, err := validateDockerfileIsPinned(pathfn, content, dl, &r) + return createReturnForIsDockerfilePinned(r, dl, err) +} + +func testValidateGitHubWorkflowScriptFreeOfInsecureDownloads(pathfn string, + content []byte, dl checker.DetailLogger, +) (int, error) { + var r pinnedResult + _, err := validateGitHubWorkflowIsFreeOfInsecureDownloads(pathfn, content, dl, &r) + return createReturnForIsGitHubWorkflowScriptFreeOfInsecureDownloads(r, dl, err) +} + +func testIsGitHubActionsWorkflowPinned(pathfn string, content []byte, dl checker.DetailLogger) (int, error) { + var r worklowPinningResult + _, err := validateGitHubActionWorkflow(pathfn, content, dl, &r) + return createReturnForIsGitHubActionsWorkflowPinned(r, dl, err) +} diff --git a/checks/shell_download_validate_test.go b/checks/shell_download_validate_test.go index dfad86ca6532..be8d4720eec7 100644 --- a/checks/shell_download_validate_test.go +++ b/checks/shell_download_validate_test.go @@ -101,7 +101,7 @@ func TestValidateShellFile(t *testing.T) { } dl := scut.TestDetailLogger{} _, err = validateShellFile(filename, 0, 0, content, map[string]bool{}, &dl) - if err != nil { - t.Errorf("failed to discard shell parsing error: %v", err) + if err == nil { + t.Errorf("failed to detect shell parsing error: %v", err) } }