From f21d3413262587eae3b0a89b6a4d354cffb88c21 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Thu, 26 May 2022 23:54:39 +0000 Subject: [PATCH 01/24] temp save 05262022 --- checks/raw/fuzzing.go | 80 ++++++++++++++++++++++++++++++++++++ clients/githubrepo/client.go | 6 +++ clients/repo_client.go | 1 + 3 files changed, 87 insertions(+) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 75218d1162e..e0a60d3c0f5 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -23,6 +23,26 @@ import ( sce "github.com/ossf/scorecard/v4/errors" ) +type languageFuzzConfig struct { + fuzzFileRegexPat string + fuzzFuncRegexPat string + langFuzzDocumentURL string + langFuzzDesc string +} + +// Contains fuzzing speficications for programming languages. +// Use lowercases as the key, such as go, python, javascript, c++, etc. +var languageFuzzSpecsMap = map[string]languageFuzzConfig{ + // Default fuzz patterns for Go. + "go": languageFuzzConfig{ + fuzzFileRegexPat: "**/*test.go", + fuzzFuncRegexPat: "func Fuzz* (* /*testing.F)", + langFuzzDocumentURL: "https://go.dev/doc/fuzz/", + langFuzzDesc: "Go fuzzing intelligently walks through the code to find and report failures", + }, + // TODO: add more language-speficic fuzz patterns. +} + // Fuzzing runs Fuzzing check. func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { var fuzzers []checker.Tool @@ -56,6 +76,21 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { ) } + usingFuzzFunc, e := checkFuzzFunc(c) + if e != nil { + return checker.FuzzingData{}, fmt.Errorf("%w", e) + } + if usingFuzzFunc { + fuzzers = append(fuzzers, + checker.Tool{ + Name: "User-defined Fuzz Func", + URL: asPointer("URL to be determined"), + Desc: asPointer("Description to be determined"), + // TODO: File. + }, + ) + } + return checker.FuzzingData{Fuzzers: fuzzers}, nil } @@ -91,3 +126,48 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { } return result.Hits > 0, nil } + +func checkFuzzFunc(c *checker.CheckRequest) (bool, error) { + if c.RepoClient == nil { + return false, nil + } + // Use GitHub API to decide the primary programming language to be checked for the repo. + // Currently, we only perform the fuzzing check for a single language per repo. + // TODO: maybe add multi-language fuzzing check for each repo. + languageToBeChecked := "" + languagePat, found := languageFuzzSpecsMap["languageToBeChecked"] + if !found { + fmt.Errorf("language fuzz patterns not found for %s", languageToBeChecked) + return false, nil + } + filePattern, funcPattern := languagePat.fuzzFileRegexPat, languagePat.fuzzFuncRegexPat + if filePattern == "" || funcPattern == "" { + fmt.Errorf("file/func fuzz patterns not found for %s", languageToBeChecked) + return false, nil + } + + matcher := fileparser.PathMatcher{ + Pattern: filePattern, + CaseSensitive: false, + } + err := fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, funcPattern) + if err != nil { + fmt.Errorf("error when OnMatchingFileContentDo") + return false, err + } + return false, nil +} + +// This is the callback func for interface OnMatchingFileContentDo, +// used for matching fuzz functions in the file content +// and return a list of files (or nil for not found). +var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content []byte, args ...interface{}) (bool, error) { + if len(args) != 1 { + return false, fmt.Errorf("getFuzzFunc requires exactly one argument: %w", errInvalidArgLength) + } + fuzzFuncPat, ok := args[0].(string) + if !ok { + return false, fmt.Errorf("invalid arg type: %w", errInvalidArgType) + } + return false, nil +} diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index c380017e013..cd6ea08cf40 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -174,6 +174,12 @@ func (client *Client) ListStatuses(ref string) ([]clients.Status, error) { return client.statuses.listStatuses(ref) } +// ListProgrammingLanguages implments RepoClient.ListProgrammingLanguages. +// TODO: Aiden needs to finish this implementation soon +func (client *Client) ListProgrammingLanguages(ref string) ([]clients.Status, error) { + return nil, nil +} + // Search implements RepoClient.Search. func (client *Client) Search(request clients.SearchRequest) (clients.SearchResponse, error) { return client.search.search(request) diff --git a/clients/repo_client.go b/clients/repo_client.go index 0e8e2ff7b13..3e2a48310da 100644 --- a/clients/repo_client.go +++ b/clients/repo_client.go @@ -42,6 +42,7 @@ type RepoClient interface { ListCheckRunsForRef(ref string) ([]CheckRun, error) ListStatuses(ref string) ([]Status, error) ListWebhooks() ([]Webhook, error) + ListProgrammingLanguages() ([]string, error) Search(request SearchRequest) (SearchResponse, error) Close() error } From 091f311a7afab72aa67a6ea42fb846ddd72386ee Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Fri, 27 May 2022 23:31:40 +0000 Subject: [PATCH 02/24] finished golang fuzz func check, getLang interface to be done next week --- checks/raw/fuzzing.go | 81 +++++++++++++++++++++++------------- clients/githubrepo/client.go | 10 ++--- clients/repo_client.go | 2 +- 3 files changed, 57 insertions(+), 36 deletions(-) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index e0a60d3c0f5..1121073e202 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -16,6 +16,8 @@ package raw import ( "fmt" + "regexp" + "strings" "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks/fileparser" @@ -23,24 +25,26 @@ import ( sce "github.com/ossf/scorecard/v4/errors" ) +type filesWithPatternStr struct { + files []checker.File + pattern string +} type languageFuzzConfig struct { - fuzzFileRegexPat string - fuzzFuncRegexPat string - langFuzzDocumentURL string - langFuzzDesc string + fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzDocumentURL, langFuzzDesc string + //TODO: more language fuzzing-related fields } // Contains fuzzing speficications for programming languages. // Use lowercases as the key, such as go, python, javascript, c++, etc. var languageFuzzSpecsMap = map[string]languageFuzzConfig{ // Default fuzz patterns for Go. - "go": languageFuzzConfig{ - fuzzFileRegexPat: "**/*test.go", - fuzzFuncRegexPat: "func Fuzz* (* /*testing.F)", - langFuzzDocumentURL: "https://go.dev/doc/fuzz/", - langFuzzDesc: "Go fuzzing intelligently walks through the code to find and report failures", + "go": { + fuzzFileMatchPattern: "*_test.go", + fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, + langFuzzDocumentURL: "https://go.dev/doc/fuzz/", + langFuzzDesc: "Go fuzzing intelligently walks through the code to find and report failures", }, - // TODO: add more language-speficic fuzz patterns. + // TODO: add more language-speficic fuzz patterns & configs. } // Fuzzing runs Fuzzing check. @@ -76,17 +80,17 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { ) } - usingFuzzFunc, e := checkFuzzFunc(c) + usingFuzzFunc, files, e := checkFuzzFunc(c) if e != nil { return checker.FuzzingData{}, fmt.Errorf("%w", e) } if usingFuzzFunc { fuzzers = append(fuzzers, checker.Tool{ - Name: "User-defined Fuzz Func", - URL: asPointer("URL to be determined"), - Desc: asPointer("Description to be determined"), - // TODO: File. + Name: "user-defined fuzz functions", + URL: asPointer(languageFuzzSpecsMap["go"].langFuzzDocumentURL), + Desc: asPointer(languageFuzzSpecsMap["go"].langFuzzDesc), + File: &files[0], }, ) } @@ -127,35 +131,38 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { return result.Hits > 0, nil } -func checkFuzzFunc(c *checker.CheckRequest) (bool, error) { +func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) { if c.RepoClient == nil { - return false, nil + return false, nil, nil } // Use GitHub API to decide the primary programming language to be checked for the repo. // Currently, we only perform the fuzzing check for a single language per repo. // TODO: maybe add multi-language fuzzing check for each repo. - languageToBeChecked := "" - languagePat, found := languageFuzzSpecsMap["languageToBeChecked"] + // languageToBeChecked := c.Repo.Languages() + languageToBeChecked := "go" + languagePat, found := languageFuzzSpecsMap[languageToBeChecked] if !found { - fmt.Errorf("language fuzz patterns not found for %s", languageToBeChecked) - return false, nil + return false, nil, fmt.Errorf("current repo language %s not supported", languageToBeChecked) } - filePattern, funcPattern := languagePat.fuzzFileRegexPat, languagePat.fuzzFuncRegexPat + filePattern, funcPattern := languagePat.fuzzFileMatchPattern, languagePat.fuzzFuncRegexPattern if filePattern == "" || funcPattern == "" { - fmt.Errorf("file/func fuzz patterns not found for %s", languageToBeChecked) - return false, nil + return false, nil, fmt.Errorf("file/func fuzz patterns not found for %s", languageToBeChecked) } matcher := fileparser.PathMatcher{ Pattern: filePattern, CaseSensitive: false, } - err := fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, funcPattern) + + data := filesWithPatternStr{ + files: make([]checker.File, 0), + pattern: funcPattern, + } + err := fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) if err != nil { - fmt.Errorf("error when OnMatchingFileContentDo") - return false, err + return false, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) } - return false, nil + return true, data.files, nil } // This is the callback func for interface OnMatchingFileContentDo, @@ -165,9 +172,23 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content if len(args) != 1 { return false, fmt.Errorf("getFuzzFunc requires exactly one argument: %w", errInvalidArgLength) } - fuzzFuncPat, ok := args[0].(string) + pdata, ok := args[0].(*filesWithPatternStr) if !ok { return false, fmt.Errorf("invalid arg type: %w", errInvalidArgType) } - return false, nil + r, _ := regexp.Compile(pdata.pattern) + lines := strings.Split(string(content), `\n`) + + for i, line := range lines { + found := r.FindString(line) + if found != "" { + pdata.files = append(pdata.files, checker.File{ + Path: path, + Type: checker.FileTypeSource, + Snippet: found, + Offset: uint(i + 1), + }) + } + } + return true, nil } diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index cd6ea08cf40..e50c9d36c60 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -22,12 +22,11 @@ import ( "net/http" "github.com/google/go-github/v38/github" - "github.com/shurcooL/githubv4" - "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" sce "github.com/ossf/scorecard/v4/errors" "github.com/ossf/scorecard/v4/log" + "github.com/shurcooL/githubv4" ) var errInputRepoType = errors.New("input repo should be of type repoURL") @@ -176,9 +175,10 @@ func (client *Client) ListStatuses(ref string) ([]clients.Status, error) { // ListProgrammingLanguages implments RepoClient.ListProgrammingLanguages. // TODO: Aiden needs to finish this implementation soon -func (client *Client) ListProgrammingLanguages(ref string) ([]clients.Status, error) { - return nil, nil -} +// func (client *Client) ListProgrammingLanguages(ref string) ([]string, error) { + +// return nil, nil +// } // Search implements RepoClient.Search. func (client *Client) Search(request clients.SearchRequest) (clients.SearchResponse, error) { diff --git a/clients/repo_client.go b/clients/repo_client.go index 3e2a48310da..83283f625c1 100644 --- a/clients/repo_client.go +++ b/clients/repo_client.go @@ -42,7 +42,7 @@ type RepoClient interface { ListCheckRunsForRef(ref string) ([]CheckRun, error) ListStatuses(ref string) ([]Status, error) ListWebhooks() ([]Webhook, error) - ListProgrammingLanguages() ([]string, error) + // ListProgrammingLanguages() ([]string, error) Search(request SearchRequest) (SearchResponse, error) Close() error } From 3a225fa5c332887f5e40f1f1c4982d0c28fe15b4 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Wed, 1 Jun 2022 00:55:10 +0000 Subject: [PATCH 03/24] temp save 05/31/2022 --- checker/raw_result.go | 2 +- checks/evaluation/dependency_update_tool.go | 16 +++--- .../evaluation/dependency_update_tool_test.go | 12 +++-- checks/evaluation/fuzzing.go | 13 +++++ checks/raw/dependency_update_tool.go | 20 ++++--- checks/raw/fuzzing.go | 52 ++++++++++++------- clients/githubrepo/client.go | 22 +++++--- clients/localdir/client.go | 5 ++ clients/repo_client.go | 2 +- pkg/json_raw_results.go | 8 +-- 10 files changed, 102 insertions(+), 50 deletions(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index cb50e86cff7..faa2783b36c 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -118,7 +118,7 @@ type BranchProtectionsData struct { type Tool struct { URL *string Desc *string - File *File + File []File Name string // Runs of the tool. Runs []Run diff --git a/checks/evaluation/dependency_update_tool.go b/checks/evaluation/dependency_update_tool.go index d906c2574f5..659ec665a22 100644 --- a/checks/evaluation/dependency_update_tool.go +++ b/checks/evaluation/dependency_update_tool.go @@ -56,12 +56,16 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger, // Note: only one file per tool is present, // so we do not iterate thru all entries. - dl.Info(&checker.LogMessage{ - Path: r.Tools[0].File.Path, - Type: r.Tools[0].File.Type, - Offset: r.Tools[0].File.Offset, - Text: fmt.Sprintf("%s detected", r.Tools[0].Name), - }) + // Modified by AidenW on 05/31/2022: now Tool.File is a type of []File, + // so we need to do iterations on the files. + for _, file := range r.Tools[0].File { + dl.Info(&checker.LogMessage{ + Path: file.Path, + Type: file.Type, + Offset: file.Offset, + Text: fmt.Sprintf("%s detected", r.Tools[0].Name), + }) + } // High score result. return checker.CreateMaxScoreResult(name, "update tool detected") diff --git a/checks/evaluation/dependency_update_tool_test.go b/checks/evaluation/dependency_update_tool_test.go index 1155671f3e1..8f3a1ce4192 100644 --- a/checks/evaluation/dependency_update_tool_test.go +++ b/checks/evaluation/dependency_update_tool_test.go @@ -88,14 +88,16 @@ func TestDependencyUpdateTool(t *testing.T) { Tools: []checker.Tool{ { Name: "DependencyUpdateTool", - File: &checker.File{ - Path: "/etc/dependency-update-tool.conf", - Snippet: ` + File: []checker.File{ + { + Path: "/etc/dependency-update-tool.conf", + Snippet: ` [dependency-update-tool] enabled = true `, - Offset: 0, - Type: 0, + Offset: 0, + Type: 0, + }, }, }, }, diff --git a/checks/evaluation/fuzzing.go b/checks/evaluation/fuzzing.go index 6967730924d..a5fe8c37f62 100644 --- a/checks/evaluation/fuzzing.go +++ b/checks/evaluation/fuzzing.go @@ -16,8 +16,10 @@ package evaluation import ( "fmt" + "path" "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/checks/raw" sce "github.com/ossf/scorecard/v4/errors" ) @@ -32,6 +34,17 @@ func Fuzzing(name string, dl checker.DetailLogger, for i := range r.Fuzzers { fuzzer := r.Fuzzers[i] + if fuzzer.Name == raw.FuzzNameUserDefinedFunc { + for _, f := range fuzzer.File { + msg := checker.LogMessage{ + Path: path.Join(f.Path, f.Snippet), + Type: f.Type, + Offset: f.Offset, + } + dl.Info(&msg) + } + } + // Otherwise, the fuzzer is either OSS-Fuzz or CFL return checker.CreateMaxScoreResult(name, fmt.Sprintf("project is fuzzed with %s", fuzzer.Name)) } diff --git a/checks/raw/dependency_update_tool.go b/checks/raw/dependency_update_tool.go index 3ad79d9bea8..f32bc303107 100644 --- a/checks/raw/dependency_update_tool.go +++ b/checks/raw/dependency_update_tool.go @@ -51,10 +51,12 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin Name: "Dependabot", URL: asPointer("https://github.com/dependabot"), Desc: asPointer("Automated dependency updates built into GitHub"), - File: &checker.File{ - Path: name, - Type: checker.FileTypeSource, - Offset: checker.OffsetDefault, + File: []checker.File{ + { + Path: name, + Type: checker.FileTypeSource, + Offset: checker.OffsetDefault, + }, }, }) @@ -65,10 +67,12 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin Name: "Renovabot", URL: asPointer("https://github.com/renovatebot/renovate"), Desc: asPointer("Automated dependency updates. Multi-platform and multi-language."), - File: &checker.File{ - Path: name, - Type: checker.FileTypeSource, - Offset: checker.OffsetDefault, + File: []checker.File{ + { + Path: name, + Type: checker.FileTypeSource, + Offset: checker.OffsetDefault, + }, }, }) default: diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 1121073e202..8b66d1e26fa 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -15,9 +15,9 @@ package raw import ( + "bytes" "fmt" "regexp" - "strings" "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks/fileparser" @@ -25,13 +25,20 @@ import ( sce "github.com/ossf/scorecard/v4/errors" ) +const ( + FuzzNameOSSFuzz = "OSS-Fuzz" + FuzzNameClusterFuzzLite = "ClusterFuzzLite" + FuzzNameUserDefinedFunc = "user-defined fuzz functions" + // TODO: add more fuzz check support. +) + type filesWithPatternStr struct { files []checker.File pattern string } type languageFuzzConfig struct { fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzDocumentURL, langFuzzDesc string - //TODO: more language fuzzing-related fields + //TODO: add more language fuzzing-related fields. } // Contains fuzzing speficications for programming languages. @@ -41,8 +48,8 @@ var languageFuzzSpecsMap = map[string]languageFuzzConfig{ "go": { fuzzFileMatchPattern: "*_test.go", fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, - langFuzzDocumentURL: "https://go.dev/doc/fuzz/", - langFuzzDesc: "Go fuzzing intelligently walks through the code to find and report failures", + langFuzzDocumentURL: *asPointer("https://go.dev/doc/fuzz/"), + langFuzzDesc: *asPointer("Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), }, // TODO: add more language-speficic fuzz patterns & configs. } @@ -57,7 +64,7 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if usingCFLite { fuzzers = append(fuzzers, checker.Tool{ - Name: "ClusterFuzzLite", + Name: FuzzNameClusterFuzzLite, URL: asPointer("https://github.com/google/clusterfuzzlite"), Desc: asPointer("continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows"), // TODO: File. @@ -72,7 +79,7 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if usingOSSFuzz { fuzzers = append(fuzzers, checker.Tool{ - Name: "OSS-Fuzz", + Name: FuzzNameOSSFuzz, URL: asPointer("https://github.com/google/oss-fuzz"), Desc: asPointer("Continuous Fuzzing for Open Source Software"), // TODO: File. @@ -87,10 +94,10 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if usingFuzzFunc { fuzzers = append(fuzzers, checker.Tool{ - Name: "user-defined fuzz functions", + Name: FuzzNameUserDefinedFunc, URL: asPointer(languageFuzzSpecsMap["go"].langFuzzDocumentURL), Desc: asPointer(languageFuzzSpecsMap["go"].langFuzzDesc), - File: &files[0], + File: files, }, ) } @@ -135,10 +142,15 @@ func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) { if c.RepoClient == nil { return false, nil, nil } - // Use GitHub API to decide the primary programming language to be checked for the repo. - // Currently, we only perform the fuzzing check for a single language per repo. - // TODO: maybe add multi-language fuzzing check for each repo. - // languageToBeChecked := c.Repo.Languages() + // Use the GitHub API to decide the prominent programming language to be checked for the repo. + // Currently, we only perform the fuzz check for one language per repo. + // TODO: multi-language fuzz check for each repo. + langMap, err := c.RepoClient.ListProgrammingLanguages() + fmt.Print(langMap) + if err != nil { + // return false, nil, fmt.Errorf("get programming languages of repo failed %w", err) + } + languageToBeChecked := "go" languagePat, found := languageFuzzSpecsMap[languageToBeChecked] if !found { @@ -158,15 +170,15 @@ func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) { files: make([]checker.File, 0), pattern: funcPattern, } - err := fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) + err = fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) if err != nil { return false, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) } return true, data.files, nil } -// This is the callback func for interface OnMatchingFileContentDo, -// used for matching fuzz functions in the file content +// This is the callback func for interface OnMatchingFileContentDo +// used for matching fuzz functions in the file content, // and return a list of files (or nil for not found). var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content []byte, args ...interface{}) (bool, error) { if len(args) != 1 { @@ -177,16 +189,18 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content return false, fmt.Errorf("invalid arg type: %w", errInvalidArgType) } r, _ := regexp.Compile(pdata.pattern) - lines := strings.Split(string(content), `\n`) - + lines := bytes.Split(content, []byte("\n")) for i, line := range lines { - found := r.FindString(line) + found := r.FindString(string(line)) if found != "" { + // If fuzz func is found in the file, add it to the file array, + // with its file path as Path, func name as Snippet, + // FileTypeFuzz as Type, and # of lines as Offset. pdata.files = append(pdata.files, checker.File{ Path: path, Type: checker.FileTypeSource, Snippet: found, - Offset: uint(i + 1), + Offset: uint(i + 1), // Since the # of lines starts from zero. }) } } diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 620a6091d75..392acd9c16d 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "net/http" + "path" "github.com/google/go-github/v38/github" "github.com/ossf/scorecard/v4/clients" @@ -176,12 +177,21 @@ func (client *Client) ListStatuses(ref string) ([]clients.Status, error) { return client.statuses.listStatuses(ref) } -// ListProgrammingLanguages implments RepoClient.ListProgrammingLanguages. -// TODO: Aiden needs to finish this implementation soon -// func (client *Client) ListProgrammingLanguages(ref string) ([]string, error) { - -// return nil, nil -// } +//ListProgrammingLanguages implments RepoClient.ListProgrammingLanguages. +func (client *Client) ListProgrammingLanguages() (map[string]int, error) { + reqURL := path.Join("https://api.github.com/repos", *client.repo.Owner.Login, *client.repo.Name, "languages") + req, err := client.repoClient.NewRequest("GET", reqURL, nil) + if err != nil { + return nil, fmt.Errorf("http request for repo languages failed with %w", err) + } + fmt.Println(req) + resp, err := client.repoClient.Do(client.ctx, req, nil) + if err != nil { + return nil, fmt.Errorf("http response for repo languages failed with %w", err) + } + fmt.Println(resp) + return nil, nil +} // Search implements RepoClient.Search. func (client *Client) Search(request clients.SearchRequest) (clients.SearchResponse, error) { diff --git a/clients/localdir/client.go b/clients/localdir/client.go index 0a4c5a61a23..3da1caf7e20 100644 --- a/clients/localdir/client.go +++ b/clients/localdir/client.go @@ -218,6 +218,11 @@ func (client *localDirClient) Close() error { return nil } +// ListProgrammingLanguages implements RepoClient.ListProgrammingLanguages. +func (client *localDirClient) ListProgrammingLanguages() (map[string]int, error) { + return nil, fmt.Errorf("ListProgrammingLanguages: %w", clients.ErrUnsupportedFeature) +} + // CreateLocalDirClient returns a client which implements RepoClient interface. func CreateLocalDirClient(ctx context.Context, logger *log.Logger) clients.RepoClient { return &localDirClient{ diff --git a/clients/repo_client.go b/clients/repo_client.go index 629056006e2..12da037208b 100644 --- a/clients/repo_client.go +++ b/clients/repo_client.go @@ -42,7 +42,7 @@ type RepoClient interface { ListCheckRunsForRef(ref string) ([]CheckRun, error) ListStatuses(ref string) ([]Status, error) ListWebhooks() ([]Webhook, error) - // ListProgrammingLanguages() ([]string, error) + ListProgrammingLanguages() (map[string]int, error) Search(request SearchRequest) (SearchResponse, error) Close() error } diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index 8d756456e1d..7591c189908 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -457,9 +457,9 @@ func (r *jsonScorecardRawResult) addFuzzingRawResults(fd *checker.FuzzingData) e URL: f.URL, Desc: f.Desc, } - if f.File != nil { + if f.File != nil && len(f.File) == 1 { jt.File = &jsonFile{ - Path: f.File.Path, + Path: f.File[0].Path, } } r.Results.Fuzzers = append(r.Results.Fuzzers, jt) @@ -477,9 +477,9 @@ func (r *jsonScorecardRawResult) addDependencyUpdateToolRawResults(dut *checker. URL: t.URL, Desc: t.Desc, } - if t.File != nil { + if t.File != nil && len(t.File) == 1 { jt.File = &jsonFile{ - Path: t.File.Path, + Path: t.File[0].Path, } } r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt) From 162de284ef3f4def479cbb9f4b0c0355eca156d2 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Thu, 2 Jun 2022 02:28:30 +0000 Subject: [PATCH 04/24] temp save 06/01/2022 --- checker/raw_result.go | 4 +- checks/evaluation/fuzzing.go | 6 ++ checks/raw/fuzzing.go | 135 ++++++++++++++++++++++------- clients/githubrepo/client.go | 17 ++-- clients/mockclients/repo_client.go | 6 ++ 5 files changed, 126 insertions(+), 42 deletions(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index faa2783b36c..d86605dfe7c 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -126,7 +126,9 @@ type Tool struct { Issues []clients.Issue // Merge requests created by the tool. MergeRequests []clients.PullRequest - + // The ratio of language-specified fuzz coverage for + // prominent progrmaming languages in repo. + LanguageCoverage float32 // TODO: CodeCoverage, jsonWorkflowJob. } diff --git a/checks/evaluation/fuzzing.go b/checks/evaluation/fuzzing.go index a5fe8c37f62..855990f97db 100644 --- a/checks/evaluation/fuzzing.go +++ b/checks/evaluation/fuzzing.go @@ -43,6 +43,12 @@ func Fuzzing(name string, dl checker.DetailLogger, } dl.Info(&msg) } + score := int(10 * fuzzer.LanguageCoverage) + return checker.CreateResultWithScore( + name, + fmt.Sprintf("project is fuzzed by %s, with a language coverage of %.2f", fuzzer.Name, fuzzer.LanguageCoverage), + score, + ) } // Otherwise, the fuzzer is either OSS-Fuzz or CFL return checker.CreateMaxScoreResult(name, diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 8b66d1e26fa..d4d3d1a76e3 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -17,7 +17,9 @@ package raw import ( "bytes" "fmt" + "log" "regexp" + "strings" "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks/fileparser" @@ -29,6 +31,8 @@ const ( FuzzNameOSSFuzz = "OSS-Fuzz" FuzzNameClusterFuzzLite = "ClusterFuzzLite" FuzzNameUserDefinedFunc = "user-defined fuzz functions" + NoFuzz = 0.0 + AllFuzz = 1.0 // TODO: add more fuzz check support. ) @@ -51,6 +55,18 @@ var languageFuzzSpecsMap = map[string]languageFuzzConfig{ langFuzzDocumentURL: *asPointer("https://go.dev/doc/fuzz/"), langFuzzDesc: *asPointer("Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), }, + "python": { + fuzzFileMatchPattern: "*_test.py", + fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, + langFuzzDocumentURL: *asPointer("py"), + langFuzzDesc: *asPointer("pypy"), + }, + "javascript": { + fuzzFileMatchPattern: "*_test.js", + fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, + langFuzzDocumentURL: *asPointer("js"), + langFuzzDesc: *asPointer("jsjs"), + }, // TODO: add more language-speficic fuzz patterns & configs. } @@ -87,21 +103,21 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { ) } - usingFuzzFunc, files, e := checkFuzzFunc(c) + usingFuzzFunc, langCov, files, e := checkFuzzFunc(c) if e != nil { return checker.FuzzingData{}, fmt.Errorf("%w", e) } if usingFuzzFunc { fuzzers = append(fuzzers, checker.Tool{ - Name: FuzzNameUserDefinedFunc, - URL: asPointer(languageFuzzSpecsMap["go"].langFuzzDocumentURL), - Desc: asPointer(languageFuzzSpecsMap["go"].langFuzzDesc), - File: files, + Name: FuzzNameUserDefinedFunc, + URL: asPointer(languageFuzzSpecsMap["go"].langFuzzDocumentURL), + Desc: asPointer(languageFuzzSpecsMap["go"].langFuzzDesc), + File: files, + LanguageCoverage: langCov, }, ) } - return checker.FuzzingData{Fuzzers: fuzzers}, nil } @@ -138,43 +154,74 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { return result.Hits > 0, nil } -func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) { +func checkFuzzFunc(c *checker.CheckRequest) (bool, float32, []checker.File, error) { if c.RepoClient == nil { - return false, nil, nil + return false, NoFuzz, nil, fmt.Errorf("empty RepoClient") } - // Use the GitHub API to decide the prominent programming language to be checked for the repo. - // Currently, we only perform the fuzz check for one language per repo. - // TODO: multi-language fuzz check for each repo. + // To get the prominent programming language(s) to be checked. langMap, err := c.RepoClient.ListProgrammingLanguages() - fmt.Print(langMap) if err != nil { - // return false, nil, fmt.Errorf("get programming languages of repo failed %w", err) + return false, NoFuzz, nil, fmt.Errorf("get programming languages of repo failed %w", err) + } + langsProminent, err := getProminentLanguages(langMap) + if err != nil { + return false, NoFuzz, nil, fmt.Errorf("error when getting promiment languages: %w", err) } + fmt.Println(langsProminent) - languageToBeChecked := "go" - languagePat, found := languageFuzzSpecsMap[languageToBeChecked] - if !found { - return false, nil, fmt.Errorf("current repo language %s not supported", languageToBeChecked) + data := filesWithPatternStr{ + files: make([]checker.File, 0), } - filePattern, funcPattern := languagePat.fuzzFileMatchPattern, languagePat.fuzzFuncRegexPattern - if filePattern == "" || funcPattern == "" { - return false, nil, fmt.Errorf("file/func fuzz patterns not found for %s", languageToBeChecked) + isFuzzed := map[string]bool{} + // Iterate the prominant language list and check for fuzz funcs per language. + for _, lang := range *langsProminent { + pattern, found := languageFuzzSpecsMap[lang] + if !found { + log.Printf("fuzz patterns for the current language \"%s\" not supported", lang) + continue + } + filePattern, funcPattern := pattern.fuzzFileMatchPattern, pattern.fuzzFuncRegexPattern + matcher := fileparser.PathMatcher{ + Pattern: filePattern, + CaseSensitive: false, + } + data.pattern = funcPattern + oldFilesLen := len(data.files) // Files length before checking. + err = fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) + if err != nil { + return false, NoFuzz, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) + } + if len(data.files) == oldFilesLen { + // If the files length doesn't increase after checking, it indicates no fuzz funcs + // found for the current language so we give it a false + isFuzzed[lang] = false + } else { + // Meaning the current lang is fuzzed. + isFuzzed[lang] = true + } } - - matcher := fileparser.PathMatcher{ - Pattern: filePattern, - CaseSensitive: false, + // This means all prominent languages are not supported currently. + if len(isFuzzed) == 0 { + return false, NoFuzz, nil, nil } - - data := filesWithPatternStr{ - files: make([]checker.File, 0), - pattern: funcPattern, + notAllFuzzed := false + fuzzedLang, notFuzzedLang := []string{}, []string{} + for lang, fuzzed := range isFuzzed { + if !fuzzed { + notAllFuzzed = true + notFuzzedLang = append(notFuzzedLang, lang) + } else { + fuzzedLang = append(fuzzedLang, lang) + } } - err = fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) - if err != nil { - return false, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) + l1, l2 := len(fuzzedLang), len(notFuzzedLang) + fuzzRatio := float32(l1) / (float32(l1) + float32(l2)) + if notAllFuzzed { + log.Printf("not all prominent languages are fuzzed") + log.Printf("fuzzed lang: %s, not fuzzed lang: %s, fuzz ratio: %.2f", + fuzzedLang, notFuzzedLang, fuzzRatio) } - return true, data.files, nil + return true, fuzzRatio, data.files, nil } // This is the callback func for interface OnMatchingFileContentDo @@ -206,3 +253,27 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content } return true, nil } + +func getProminentLanguages(langs map[string]int) (*[]string, error) { + if langs == nil { + return nil, fmt.Errorf("no languages found in map") + } + numLangs := len(langs) + totalLoC := 0 + for _, LoC := range langs { + totalLoC += LoC + numLangs++ + } + // Var avgLoC calculates the average lines of code in the current repo, + // and it can stay as an int, no need for a float value. + avgLoC := totalLoC / numLangs + + // Languages that has lines of code above average will be considered prominent. + ret := &[]string{} + for lang, LoC := range langs { + if LoC >= avgLoC { + *ret = append(*ret, strings.ToLower(lang)) + } + } + return ret, nil +} diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 392acd9c16d..115aa2c0573 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -177,20 +177,19 @@ func (client *Client) ListStatuses(ref string) ([]clients.Status, error) { return client.statuses.listStatuses(ref) } -//ListProgrammingLanguages implments RepoClient.ListProgrammingLanguages. +//ListProgrammingLanguages implements RepoClient.ListProgrammingLanguages. func (client *Client) ListProgrammingLanguages() (map[string]int, error) { - reqURL := path.Join("https://api.github.com/repos", *client.repo.Owner.Login, *client.repo.Name, "languages") + reqURL := path.Join("repos", *client.repo.Owner.Login, *client.repo.Name, "languages") req, err := client.repoClient.NewRequest("GET", reqURL, nil) if err != nil { - return nil, fmt.Errorf("http request for repo languages failed with %w", err) + return nil, fmt.Errorf("request for repo languages failed with %w", err) } - fmt.Println(req) - resp, err := client.repoClient.Do(client.ctx, req, nil) - if err != nil { - return nil, fmt.Errorf("http response for repo languages failed with %w", err) + bodyJSON := map[string]int{} + _, errResp := client.repoClient.Do(client.ctx, req, &bodyJSON) + if errResp != nil { + return nil, fmt.Errorf("response for repo languages failed with %w", err) } - fmt.Println(resp) - return nil, nil + return bodyJSON, nil } // Search implements RepoClient.Search. diff --git a/clients/mockclients/repo_client.go b/clients/mockclients/repo_client.go index 8c57778b5b2..a0e3d36287d 100644 --- a/clients/mockclients/repo_client.go +++ b/clients/mockclients/repo_client.go @@ -272,6 +272,12 @@ func (mr *MockRepoClientMockRecorder) ListWebhooks() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListWebhooks", reflect.TypeOf((*MockRepoClient)(nil).ListWebhooks)) } +func (m *MockRepoClient) ListProgrammingLanguages() (map[string]int, error) { + m.ctrl.T.Helper() + // TODO: Aiden: how do I implement this func for mockClient? + return nil, nil +} + // Search mocks base method. func (m *MockRepoClient) Search(request clients.SearchRequest) (clients.SearchResponse, error) { m.ctrl.T.Helper() From 69b807b6b13d60891a4724cc593d65ee45de2814 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Thu, 2 Jun 2022 04:16:24 +0000 Subject: [PATCH 05/24] temp save-2 06/01/2022 --- checks/evaluation/fuzzing.go | 9 +++--- checks/raw/fuzzing.go | 61 +++++++++++++++++------------------- 2 files changed, 34 insertions(+), 36 deletions(-) diff --git a/checks/evaluation/fuzzing.go b/checks/evaluation/fuzzing.go index 855990f97db..0f1f54d5265 100644 --- a/checks/evaluation/fuzzing.go +++ b/checks/evaluation/fuzzing.go @@ -43,16 +43,17 @@ func Fuzzing(name string, dl checker.DetailLogger, } dl.Info(&msg) } - score := int(10 * fuzzer.LanguageCoverage) + score := int(checker.MaxResultScore * fuzzer.LanguageCoverage) return checker.CreateResultWithScore( name, fmt.Sprintf("project is fuzzed by %s, with a language coverage of %.2f", fuzzer.Name, fuzzer.LanguageCoverage), score, ) + } else { + // Otherwise, the fuzzer is either OSS-Fuzz or CFL + return checker.CreateMaxScoreResult(name, + fmt.Sprintf("project is fuzzed with %s", fuzzer.Name)) } - // Otherwise, the fuzzer is either OSS-Fuzz or CFL - return checker.CreateMaxScoreResult(name, - fmt.Sprintf("project is fuzzed with %s", fuzzer.Name)) } return checker.CreateMinScoreResult(name, "project is not fuzzed") diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index d4d3d1a76e3..bb0905c2de6 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -31,9 +31,9 @@ const ( FuzzNameOSSFuzz = "OSS-Fuzz" FuzzNameClusterFuzzLite = "ClusterFuzzLite" FuzzNameUserDefinedFunc = "user-defined fuzz functions" - NoFuzz = 0.0 - AllFuzz = 1.0 // TODO: add more fuzz check support. + NoFuzzCov = 0.0 // No fuzz coverage, so the ratio is zero. + AllFuzzCov = 1.0 ) type filesWithPatternStr struct { @@ -156,30 +156,33 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { func checkFuzzFunc(c *checker.CheckRequest) (bool, float32, []checker.File, error) { if c.RepoClient == nil { - return false, NoFuzz, nil, fmt.Errorf("empty RepoClient") + return false, NoFuzzCov, nil, fmt.Errorf("empty RepoClient") } // To get the prominent programming language(s) to be checked. langMap, err := c.RepoClient.ListProgrammingLanguages() if err != nil { - return false, NoFuzz, nil, fmt.Errorf("get programming languages of repo failed %w", err) + return false, NoFuzzCov, nil, fmt.Errorf("get programming languages of repo failed %w", err) } langsProminent, err := getProminentLanguages(langMap) if err != nil { - return false, NoFuzz, nil, fmt.Errorf("error when getting promiment languages: %w", err) + return false, NoFuzzCov, nil, fmt.Errorf("error when getting promiment languages: %w", err) } - fmt.Println(langsProminent) + fmt.Println(*langsProminent) // For debug. data := filesWithPatternStr{ files: make([]checker.File, 0), } - isFuzzed := map[string]bool{} + fuzzed, notFuzzed := &[]string{}, &[]string{} + // Iterate the prominant language list and check for fuzz funcs per language. for _, lang := range *langsProminent { + // Search language fuzz patterns in the hashmap. pattern, found := languageFuzzSpecsMap[lang] if !found { log.Printf("fuzz patterns for the current language \"%s\" not supported", lang) continue } + // Get patterns for file and func. filePattern, funcPattern := pattern.fuzzFileMatchPattern, pattern.fuzzFuncRegexPattern matcher := fileparser.PathMatcher{ Pattern: filePattern, @@ -189,39 +192,33 @@ func checkFuzzFunc(c *checker.CheckRequest) (bool, float32, []checker.File, erro oldFilesLen := len(data.files) // Files length before checking. err = fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) if err != nil { - return false, NoFuzz, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) + return false, NoFuzzCov, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) } if len(data.files) == oldFilesLen { - // If the files length doesn't increase after checking, it indicates no fuzz funcs - // found for the current language so we give it a false - isFuzzed[lang] = false + // If the files length after checking doesn't increase after checking, + // it indicates no fuzz funcs found for the current language so we give it a false. + *notFuzzed = append(*notFuzzed, lang) } else { // Meaning the current lang is fuzzed. - isFuzzed[lang] = true - } - } - // This means all prominent languages are not supported currently. - if len(isFuzzed) == 0 { - return false, NoFuzz, nil, nil - } - notAllFuzzed := false - fuzzedLang, notFuzzedLang := []string{}, []string{} - for lang, fuzzed := range isFuzzed { - if !fuzzed { - notAllFuzzed = true - notFuzzedLang = append(notFuzzedLang, lang) - } else { - fuzzedLang = append(fuzzedLang, lang) + *fuzzed = append(*fuzzed, lang) } } - l1, l2 := len(fuzzedLang), len(notFuzzedLang) - fuzzRatio := float32(l1) / (float32(l1) + float32(l2)) - if notAllFuzzed { + // Calculate the fuzz coverage ratio for prominent languages. + l1, l2 := len(*fuzzed), len(*notFuzzed) + langFuzzCov := float32(l1) / (float32(l1) + float32(l2)) + if langFuzzCov != AllFuzzCov { log.Printf("not all prominent languages are fuzzed") - log.Printf("fuzzed lang: %s, not fuzzed lang: %s, fuzz ratio: %.2f", - fuzzedLang, notFuzzedLang, fuzzRatio) + log.Printf("fuzzed lang: %s, not fuzzed lang: %s, language fuzz coverage: %.2f", + *fuzzed, *notFuzzed, langFuzzCov) + } + if langFuzzCov == NoFuzzCov { + // Although not all prominent languages are fuzzed, we still return the files + // that have been matched for fuzzed languages. + return false, NoFuzzCov, data.files, nil + } else { + // All the prominent languages are fuzz-covered. + return true, langFuzzCov, data.files, nil } - return true, fuzzRatio, data.files, nil } // This is the callback func for interface OnMatchingFileContentDo From 000d9c39679374491b75ffedd435b99df4f51d10 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Thu, 2 Jun 2022 22:11:40 +0000 Subject: [PATCH 06/24] temp save-1 06032022 --- checker/raw_result.go | 4 -- checks/evaluation/fuzzing.go | 13 +----- checks/raw/fuzzing.go | 71 +++++++----------------------- clients/mockclients/repo_client.go | 12 ++++- 4 files changed, 27 insertions(+), 73 deletions(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index 9f76f5667e2..df3df6d1345 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -147,10 +147,6 @@ type Tool struct { Issues []clients.Issue // Merge requests created by the tool. MergeRequests []clients.PullRequest - // The ratio of language-specified fuzz coverage for - // prominent progrmaming languages in repo. - LanguageCoverage float32 - // TODO: CodeCoverage, jsonWorkflowJob. } // Run represents a run. diff --git a/checks/evaluation/fuzzing.go b/checks/evaluation/fuzzing.go index 0f1f54d5265..812f401bed0 100644 --- a/checks/evaluation/fuzzing.go +++ b/checks/evaluation/fuzzing.go @@ -43,18 +43,9 @@ func Fuzzing(name string, dl checker.DetailLogger, } dl.Info(&msg) } - score := int(checker.MaxResultScore * fuzzer.LanguageCoverage) - return checker.CreateResultWithScore( - name, - fmt.Sprintf("project is fuzzed by %s, with a language coverage of %.2f", fuzzer.Name, fuzzer.LanguageCoverage), - score, - ) - } else { - // Otherwise, the fuzzer is either OSS-Fuzz or CFL - return checker.CreateMaxScoreResult(name, - fmt.Sprintf("project is fuzzed with %s", fuzzer.Name)) } + return checker.CreateMaxScoreResult(name, + fmt.Sprintf("project is fuzzed with %s", fuzzer.Name)) } - return checker.CreateMinScoreResult(name, "project is not fuzzed") } diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index bb0905c2de6..0cdf6361555 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -17,7 +17,6 @@ package raw import ( "bytes" "fmt" - "log" "regexp" "strings" @@ -32,8 +31,6 @@ const ( FuzzNameClusterFuzzLite = "ClusterFuzzLite" FuzzNameUserDefinedFunc = "user-defined fuzz functions" // TODO: add more fuzz check support. - NoFuzzCov = 0.0 // No fuzz coverage, so the ratio is zero. - AllFuzzCov = 1.0 ) type filesWithPatternStr struct { @@ -52,22 +49,8 @@ var languageFuzzSpecsMap = map[string]languageFuzzConfig{ "go": { fuzzFileMatchPattern: "*_test.go", fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, - langFuzzDocumentURL: *asPointer("https://go.dev/doc/fuzz/"), - langFuzzDesc: *asPointer("Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), }, - "python": { - fuzzFileMatchPattern: "*_test.py", - fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, - langFuzzDocumentURL: *asPointer("py"), - langFuzzDesc: *asPointer("pypy"), - }, - "javascript": { - fuzzFileMatchPattern: "*_test.js", - fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, - langFuzzDocumentURL: *asPointer("js"), - langFuzzDesc: *asPointer("jsjs"), - }, - // TODO: add more language-speficic fuzz patterns & configs. + // TODO: add more language-specific fuzz patterns & configs. } // Fuzzing runs Fuzzing check. @@ -103,18 +86,17 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { ) } - usingFuzzFunc, langCov, files, e := checkFuzzFunc(c) + usingFuzzFunc, files, e := checkFuzzFunc(c) if e != nil { return checker.FuzzingData{}, fmt.Errorf("%w", e) } if usingFuzzFunc { fuzzers = append(fuzzers, checker.Tool{ - Name: FuzzNameUserDefinedFunc, - URL: asPointer(languageFuzzSpecsMap["go"].langFuzzDocumentURL), - Desc: asPointer(languageFuzzSpecsMap["go"].langFuzzDesc), - File: files, - LanguageCoverage: langCov, + Name: FuzzNameUserDefinedFunc, + URL: asPointer("https://en.wikipedia.org/wiki/Fuzzing"), + Desc: asPointer("The function-level fuzzing walks through the source code to report failures and find vulnerabilities."), + File: files, }, ) } @@ -154,32 +136,30 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { return result.Hits > 0, nil } -func checkFuzzFunc(c *checker.CheckRequest) (bool, float32, []checker.File, error) { +func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) { if c.RepoClient == nil { - return false, NoFuzzCov, nil, fmt.Errorf("empty RepoClient") + return false, nil, fmt.Errorf("empty RepoClient") } // To get the prominent programming language(s) to be checked. langMap, err := c.RepoClient.ListProgrammingLanguages() if err != nil { - return false, NoFuzzCov, nil, fmt.Errorf("get programming languages of repo failed %w", err) + return false, nil, fmt.Errorf("get programming languages of repo failed %w", err) } langsProminent, err := getProminentLanguages(langMap) if err != nil { - return false, NoFuzzCov, nil, fmt.Errorf("error when getting promiment languages: %w", err) + return false, nil, fmt.Errorf("error when getting promiment languages: %w", err) } - fmt.Println(*langsProminent) // For debug. data := filesWithPatternStr{ files: make([]checker.File, 0), } - fuzzed, notFuzzed := &[]string{}, &[]string{} // Iterate the prominant language list and check for fuzz funcs per language. for _, lang := range *langsProminent { // Search language fuzz patterns in the hashmap. pattern, found := languageFuzzSpecsMap[lang] if !found { - log.Printf("fuzz patterns for the current language \"%s\" not supported", lang) + // Fuzz patterns for the current language not supported yet. continue } // Get patterns for file and func. @@ -189,36 +169,15 @@ func checkFuzzFunc(c *checker.CheckRequest) (bool, float32, []checker.File, erro CaseSensitive: false, } data.pattern = funcPattern - oldFilesLen := len(data.files) // Files length before checking. err = fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) if err != nil { - return false, NoFuzzCov, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) - } - if len(data.files) == oldFilesLen { - // If the files length after checking doesn't increase after checking, - // it indicates no fuzz funcs found for the current language so we give it a false. - *notFuzzed = append(*notFuzzed, lang) - } else { - // Meaning the current lang is fuzzed. - *fuzzed = append(*fuzzed, lang) + return false, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) } } - // Calculate the fuzz coverage ratio for prominent languages. - l1, l2 := len(*fuzzed), len(*notFuzzed) - langFuzzCov := float32(l1) / (float32(l1) + float32(l2)) - if langFuzzCov != AllFuzzCov { - log.Printf("not all prominent languages are fuzzed") - log.Printf("fuzzed lang: %s, not fuzzed lang: %s, language fuzz coverage: %.2f", - *fuzzed, *notFuzzed, langFuzzCov) - } - if langFuzzCov == NoFuzzCov { - // Although not all prominent languages are fuzzed, we still return the files - // that have been matched for fuzzed languages. - return false, NoFuzzCov, data.files, nil - } else { - // All the prominent languages are fuzz-covered. - return true, langFuzzCov, data.files, nil + if data.files == nil { + return false, nil, nil } + return true, data.files, nil } // This is the callback func for interface OnMatchingFileContentDo diff --git a/clients/mockclients/repo_client.go b/clients/mockclients/repo_client.go index af9cc89b060..dbc60805502 100644 --- a/clients/mockclients/repo_client.go +++ b/clients/mockclients/repo_client.go @@ -274,8 +274,16 @@ func (mr *MockRepoClientMockRecorder) ListWebhooks() *gomock.Call { func (m *MockRepoClient) ListProgrammingLanguages() (map[string]int, error) { m.ctrl.T.Helper() - // TODO: Aiden: how do I implement this func for mockClient? - return nil, nil + ret := m.ctrl.Call(m, "ListProgrammingLanguages") + ret0, _ := ret[0].(map[string]int) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListProgrammingLanguages indicates an expected call of ListProgrammingLanguages. +func (mr *MockRepoClientMockRecorder) ListProgrammingLanguages(predicate interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListProgrammingLanguages", reflect.TypeOf((*MockRepoClient)(nil).ListProgrammingLanguages), predicate) } // Search mocks base method. From f62dc64120ae6ce2ccaf51c5b8b34cc9c436d5aa Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Thu, 2 Jun 2022 23:49:31 +0000 Subject: [PATCH 07/24] temp save-2 06022022 --- checker/raw_result.go | 2 + checks/raw/fuzzing.go | 2 +- checks/raw/fuzzing_test.go | 127 +++++++++++++++++++++++++++++ clients/mockclients/repo_client.go | 4 +- 4 files changed, 132 insertions(+), 3 deletions(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index df3df6d1345..f7b9ef7de93 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -147,6 +147,8 @@ type Tool struct { Issues []clients.Issue // Merge requests created by the tool. MergeRequests []clients.PullRequest + + // TODO: CodeCoverage, jsonWorkflowJob. } // Run represents a run. diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 0cdf6361555..880392830fe 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -174,7 +174,7 @@ func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) { return false, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) } } - if data.files == nil { + if len(data.files) == 0 { return false, nil, nil } return true, data.files, nil diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index 5f74812e21b..d1f58cba8f1 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -16,6 +16,8 @@ package raw import ( "errors" + "path" + "regexp" "testing" "github.com/golang/mock/gomock" @@ -155,3 +157,128 @@ func Test_checkCFLite(t *testing.T) { }) } } + +func Test_fuzzFileAndFuncMatchPattern(t *testing.T) { + t.Parallel() + //nolint + tests := []struct { + name string + expectedFileMatch bool + expectedFuncMatch bool + lang string + fileName string + fileContent string + wantErr bool + }{ + { + name: "Test_fuzzFuncRegex file success & func success", + expectedFileMatch: true, + expectedFuncMatch: true, + lang: "go", + fileName: "FOOoo_fOOff_BaRRR_test.go", + fileContent: `func FuzzSomething (fOo_bAR_1234 *testing.F)`, + wantErr: false, + }, + { + name: "Test_fuzzFuncRegex file success & func failure", + expectedFileMatch: true, + expectedFuncMatch: false, + lang: "go", + fileName: "a_unit_test.go", + fileContent: `func TestSomethingUnitTest (t *testing.T)`, + wantErr: true, + }, + { + name: "Test_fuzzFuncRegex file failure & func failure", + expectedFileMatch: false, + expectedFuncMatch: false, + lang: "go", + fileName: "not_a_fuzz_test_file.go", + fileContent: `func main (t *testing.T)`, + wantErr: true, + }, + { + name: "Test_fuzzFuncRegex not a support language", + expectedFileMatch: false, + expectedFuncMatch: false, + lang: "not_a_supported_one", + fileName: "a_fuzz_test.py", + fileContent: `def NotSupported (foo)`, + wantErr: true, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + langSpecs, ok := languageFuzzSpecsMap[tt.lang] + if !ok && !tt.wantErr { + t.Errorf("retrieve supported language error") + } + fileMatchPattern := langSpecs.fuzzFileMatchPattern + fileMatch, _ := path.Match(fileMatchPattern, tt.fileName) + if (fileMatch != tt.expectedFileMatch) && !tt.wantErr { + t.Errorf("fileMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) + } + funcRegexPattern := langSpecs.fuzzFuncRegexPattern + r, _ := regexp.Compile(funcRegexPattern) + found := r.MatchString(tt.fileContent) + if (found != tt.expectedFuncMatch) && !tt.wantErr { + t.Errorf("funcMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) + } + }) + } +} + +func Test_checkFuzzFunc(t *testing.T) { + t.Parallel() + //nolint + tests := []struct { + name string + want bool + wantErr bool + langs map[string]int + fileName []string + fileContent string + }{ + { + // TODO: more test cases needed. @aidenwang9867 + name: "Test_checkFuzzFunc failure", + want: false, + wantErr: false, + fileName: []string{ + "foo_test.go", + "main.go", + }, + langs: map[string]int{ + "go": 100, + }, + fileContent: "func TestFoo (t *testing.T)", + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + ctrl := gomock.NewController(t) + defer ctrl.Finish() + mockClient := mockrepo.NewMockRepoClient(ctrl) + mockClient.EXPECT().ListProgrammingLanguages().Return(tt.langs, nil).AnyTimes() + mockClient.EXPECT().ListFiles(gomock.Any()).Return(tt.fileName, nil).AnyTimes() + mockClient.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(f string) (string, error) { + if tt.wantErr { + //nolint + return "", errors.New("error") + } + return tt.fileContent, nil + }).AnyTimes() + req := checker.CheckRequest{ + RepoClient: mockClient, + } + got, _, _ := checkFuzzFunc(&req) + if got != tt.want && !tt.wantErr { + t.Errorf("checkFuzzFunc() = %v, want %v for %v", got, tt.want, tt.name) + } + }) + } +} diff --git a/clients/mockclients/repo_client.go b/clients/mockclients/repo_client.go index dbc60805502..4f4e424b73a 100644 --- a/clients/mockclients/repo_client.go +++ b/clients/mockclients/repo_client.go @@ -281,9 +281,9 @@ func (m *MockRepoClient) ListProgrammingLanguages() (map[string]int, error) { } // ListProgrammingLanguages indicates an expected call of ListProgrammingLanguages. -func (mr *MockRepoClientMockRecorder) ListProgrammingLanguages(predicate interface{}) *gomock.Call { +func (mr *MockRepoClientMockRecorder) ListProgrammingLanguages() *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListProgrammingLanguages", reflect.TypeOf((*MockRepoClient)(nil).ListProgrammingLanguages), predicate) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListProgrammingLanguages", reflect.TypeOf((*MockRepoClient)(nil).ListProgrammingLanguages)) } // Search mocks base method. From 4b0178d2608a352011725fe91be1a76b6087a120 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Fri, 3 Jun 2022 20:45:06 +0000 Subject: [PATCH 08/24] temp save --- checks/evaluation/dependency_update_tool.go | 5 +---- .../evaluation/dependency_update_tool_test.go | 2 +- checks/evaluation/fuzzing.go | 10 +++++++--- checks/raw/errors.go | 12 +++++++---- checks/raw/fuzzing.go | 20 +++++++++---------- checks/raw/fuzzing_test.go | 10 +++++----- clients/githubrepo/client.go | 3 +++ cron/internal/format/json_raw_results.go | 2 +- pkg/json_raw_results.go | 18 ++++++++++------- 9 files changed, 47 insertions(+), 35 deletions(-) diff --git a/checks/evaluation/dependency_update_tool.go b/checks/evaluation/dependency_update_tool.go index 659ec665a22..eb43e94126a 100644 --- a/checks/evaluation/dependency_update_tool.go +++ b/checks/evaluation/dependency_update_tool.go @@ -54,10 +54,7 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger, return checker.CreateRuntimeErrorResult(name, e) } - // Note: only one file per tool is present, - // so we do not iterate thru all entries. - // Modified by AidenW on 05/31/2022: now Tool.File is a type of []File, - // so we need to do iterations on the files. + // Iterate over all the files, since a Tool can contain multiple files. for _, file := range r.Tools[0].File { dl.Info(&checker.LogMessage{ Path: file.Path, diff --git a/checks/evaluation/dependency_update_tool_test.go b/checks/evaluation/dependency_update_tool_test.go index 8f3a1ce4192..b71fd44c05a 100644 --- a/checks/evaluation/dependency_update_tool_test.go +++ b/checks/evaluation/dependency_update_tool_test.go @@ -96,7 +96,7 @@ func TestDependencyUpdateTool(t *testing.T) { enabled = true `, Offset: 0, - Type: 0, + Type: checker.FileTypeNone, }, }, }, diff --git a/checks/evaluation/fuzzing.go b/checks/evaluation/fuzzing.go index 812f401bed0..565cafc0958 100644 --- a/checks/evaluation/fuzzing.go +++ b/checks/evaluation/fuzzing.go @@ -32,6 +32,10 @@ func Fuzzing(name string, dl checker.DetailLogger, return checker.CreateRuntimeErrorResult(name, e) } + if len(r.Fuzzers) == 0 { + return checker.CreateMinScoreResult(name, "project is not fuzzed") + } + fuzzers := &[]string{} for i := range r.Fuzzers { fuzzer := r.Fuzzers[i] if fuzzer.Name == raw.FuzzNameUserDefinedFunc { @@ -44,8 +48,8 @@ func Fuzzing(name string, dl checker.DetailLogger, dl.Info(&msg) } } - return checker.CreateMaxScoreResult(name, - fmt.Sprintf("project is fuzzed with %s", fuzzer.Name)) + *fuzzers = append(*fuzzers, fuzzer.Name) } - return checker.CreateMinScoreResult(name, "project is not fuzzed") + return checker.CreateMaxScoreResult(name, + fmt.Sprintf("project is fuzzed with %v", *fuzzers)) } diff --git a/checks/raw/errors.go b/checks/raw/errors.go index 0de31a67d41..081dedff0fd 100644 --- a/checks/raw/errors.go +++ b/checks/raw/errors.go @@ -19,8 +19,12 @@ import ( ) var ( - errInternalCommitishNil = errors.New("commitish is nil") - errInvalidArgType = errors.New("invalid arg type") - errInvalidArgLength = errors.New("invalid arg length") - errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow") + errInternalCommitishNil = errors.New("commitish is nil") + errInvalidArgType = errors.New("invalid arg type") + errInvalidArgLength = errors.New("invalid arg length") + errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow") + errEmptyRepoClient = errors.New("empty RepoClient") + errGetRepoProgrammingLang = errors.New("cannot get repo programming languages") + errGetRepoProminentLang = errors.New("cannot get repo prominent languages") + errFuncParamIsNil = errors.New("function parameter is nil") ) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 880392830fe..c1ea77d9c9a 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -34,8 +34,8 @@ const ( ) type filesWithPatternStr struct { - files []checker.File pattern string + files []checker.File } type languageFuzzConfig struct { fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzDocumentURL, langFuzzDesc string @@ -138,24 +138,24 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) { if c.RepoClient == nil { - return false, nil, fmt.Errorf("empty RepoClient") + return false, nil, errEmptyRepoClient } // To get the prominent programming language(s) to be checked. langMap, err := c.RepoClient.ListProgrammingLanguages() if err != nil { - return false, nil, fmt.Errorf("get programming languages of repo failed %w", err) + return false, nil, errGetRepoProgrammingLang } - langsProminent, err := getProminentLanguages(langMap) + prominentLangs, err := getProminentLanguages(langMap) if err != nil { - return false, nil, fmt.Errorf("error when getting promiment languages: %w", err) + return false, nil, errGetRepoProminentLang } data := filesWithPatternStr{ files: make([]checker.File, 0), } - // Iterate the prominant language list and check for fuzz funcs per language. - for _, lang := range *langsProminent { + // Iterate the prominent language list and check for fuzz funcs per language. + for _, lang := range *prominentLangs { // Search language fuzz patterns in the hashmap. pattern, found := languageFuzzSpecsMap[lang] if !found { @@ -191,7 +191,7 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content if !ok { return false, fmt.Errorf("invalid arg type: %w", errInvalidArgType) } - r, _ := regexp.Compile(pdata.pattern) + r := regexp.MustCompile(pdata.pattern) lines := bytes.Split(content, []byte("\n")) for i, line := range lines { found := r.FindString(string(line)) @@ -212,7 +212,7 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content func getProminentLanguages(langs map[string]int) (*[]string, error) { if langs == nil { - return nil, fmt.Errorf("no languages found in map") + return nil, errFuncParamIsNil } numLangs := len(langs) totalLoC := 0 @@ -224,7 +224,7 @@ func getProminentLanguages(langs map[string]int) (*[]string, error) { // and it can stay as an int, no need for a float value. avgLoC := totalLoC / numLangs - // Languages that has lines of code above average will be considered prominent. + // Languages that have lines of code above average will be considered prominent. ret := &[]string{} for lang, LoC := range langs { if LoC >= avgLoC { diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index d1f58cba8f1..4a0b51b596c 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -216,14 +216,14 @@ func Test_fuzzFileAndFuncMatchPattern(t *testing.T) { t.Errorf("retrieve supported language error") } fileMatchPattern := langSpecs.fuzzFileMatchPattern - fileMatch, _ := path.Match(fileMatchPattern, tt.fileName) - if (fileMatch != tt.expectedFileMatch) && !tt.wantErr { + fileMatch, err := path.Match(fileMatchPattern, tt.fileName) + if fileMatch != tt.expectedFileMatch || err != nil && !tt.wantErr { t.Errorf("fileMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) } funcRegexPattern := langSpecs.fuzzFuncRegexPattern r, _ := regexp.Compile(funcRegexPattern) found := r.MatchString(tt.fileContent) - if (found != tt.expectedFuncMatch) && !tt.wantErr { + if found != tt.expectedFuncMatch && !tt.wantErr { t.Errorf("funcMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) } }) @@ -275,8 +275,8 @@ func Test_checkFuzzFunc(t *testing.T) { req := checker.CheckRequest{ RepoClient: mockClient, } - got, _, _ := checkFuzzFunc(&req) - if got != tt.want && !tt.wantErr { + got, _, err := checkFuzzFunc(&req) + if got != tt.want || err != nil && !tt.wantErr { t.Errorf("checkFuzzFunc() = %v, want %v for %v", got, tt.want, tt.name) } }) diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index feefec8a914..1ec332fbdb9 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -185,6 +185,9 @@ func (client *Client) ListProgrammingLanguages() (map[string]int, error) { return nil, fmt.Errorf("request for repo languages failed with %w", err) } bodyJSON := map[string]int{} + // The client.repoClient.Do API writes the reponse body to var bodyJSON, + // so we can ignore the first returned variable (the http response object) + // since we only need the response body here. _, errResp := client.repoClient.Do(client.ctx, req, &bodyJSON) if errResp != nil { return nil, fmt.Errorf("response for repo languages failed with %w", err) diff --git a/cron/internal/format/json_raw_results.go b/cron/internal/format/json_raw_results.go index e863c022b5a..10d84324ddb 100644 --- a/cron/internal/format/json_raw_results.go +++ b/cron/internal/format/json_raw_results.go @@ -206,7 +206,7 @@ func addDependencyUpdateToolRawResults(r *jsonScorecardRawResult, } if t.File != nil { jt.File = &jsonFile{ - Path: t.File.Path, + Path: t.File[0].Path, } } r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt) diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index f908c1cb29d..8fade07c309 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -50,7 +50,7 @@ type jsonTool struct { URL *string `json:"url"` Desc *string `json:"desc"` Job *jsonWorkflowJob `json:"job,omitempty"` - File *jsonFile `json:"file,omitempty"` + File []jsonFile `json:"file,omitempty"` Name string `json:"name"` // TODO: Runs, Issues, Merge requests. } @@ -508,9 +508,11 @@ func (r *jsonScorecardRawResult) addFuzzingRawResults(fd *checker.FuzzingData) e URL: f.URL, Desc: f.Desc, } - if f.File != nil && len(f.File) == 1 { - jt.File = &jsonFile{ - Path: f.File[0].Path, + if f.File != nil { + for _, f := range f.File { + jt.File = append(jt.File, jsonFile{ + Path: f.Path, + }) } } r.Results.Fuzzers = append(r.Results.Fuzzers, jt) @@ -528,9 +530,11 @@ func (r *jsonScorecardRawResult) addDependencyUpdateToolRawResults(dut *checker. URL: t.URL, Desc: t.Desc, } - if t.File != nil && len(t.File) == 1 { - jt.File = &jsonFile{ - Path: t.File[0].Path, + if t.File != nil { + for _, f := range t.File { + jt.File = append(jt.File, jsonFile{ + Path: f.Path, + }) } } r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt) From 69f6b18f2ce60b3f890635c199b9272b2e137e54 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Fri, 3 Jun 2022 23:04:24 +0000 Subject: [PATCH 09/24] temp save 06032022 --- checker/raw_result.go | 8 +- checks/evaluation/dependency_update_tool.go | 4 +- .../evaluation/dependency_update_tool_test.go | 4 +- checks/evaluation/fuzzing.go | 25 ++-- checks/fuzzing_test.go | 19 ++- checks/raw/dependency_update_tool.go | 4 +- checks/raw/errors.go | 14 +- checks/raw/fuzzing.go | 120 +++++++++--------- checks/raw/fuzzing_test.go | 15 ++- cron/internal/format/json_raw_results.go | 16 ++- go.mod | 5 + go.sum | 7 + pkg/json_raw_results.go | 22 ++-- 13 files changed, 145 insertions(+), 118 deletions(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index f7b9ef7de93..8bce36dbbaf 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -137,10 +137,10 @@ type BranchProtectionsData struct { // Tool represents a tool. type Tool struct { - URL *string - Desc *string - File []File - Name string + URL *string + Desc *string + Files []File + Name string // Runs of the tool. Runs []Run // Issues created by the tool. diff --git a/checks/evaluation/dependency_update_tool.go b/checks/evaluation/dependency_update_tool.go index eb43e94126a..7c2a44a314a 100644 --- a/checks/evaluation/dependency_update_tool.go +++ b/checks/evaluation/dependency_update_tool.go @@ -49,13 +49,13 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger, return checker.CreateRuntimeErrorResult(name, e) } - if r.Tools[0].File == nil { + if r.Tools[0].Files == nil { e := sce.WithMessage(sce.ErrScorecardInternal, "File is nil") return checker.CreateRuntimeErrorResult(name, e) } // Iterate over all the files, since a Tool can contain multiple files. - for _, file := range r.Tools[0].File { + for _, file := range r.Tools[0].Files { dl.Info(&checker.LogMessage{ Path: file.Path, Type: file.Type, diff --git a/checks/evaluation/dependency_update_tool_test.go b/checks/evaluation/dependency_update_tool_test.go index b71fd44c05a..253725d643b 100644 --- a/checks/evaluation/dependency_update_tool_test.go +++ b/checks/evaluation/dependency_update_tool_test.go @@ -88,7 +88,7 @@ func TestDependencyUpdateTool(t *testing.T) { Tools: []checker.Tool{ { Name: "DependencyUpdateTool", - File: []checker.File{ + Files: []checker.File{ { Path: "/etc/dependency-update-tool.conf", Snippet: ` @@ -96,7 +96,7 @@ func TestDependencyUpdateTool(t *testing.T) { enabled = true `, Offset: 0, - Type: checker.FileTypeNone, + Type: checker.FileTypeSource, }, }, }, diff --git a/checks/evaluation/fuzzing.go b/checks/evaluation/fuzzing.go index 565cafc0958..32d206a5130 100644 --- a/checks/evaluation/fuzzing.go +++ b/checks/evaluation/fuzzing.go @@ -16,10 +16,8 @@ package evaluation import ( "fmt" - "path" "github.com/ossf/scorecard/v4/checker" - "github.com/ossf/scorecard/v4/checks/raw" sce "github.com/ossf/scorecard/v4/errors" ) @@ -35,21 +33,22 @@ func Fuzzing(name string, dl checker.DetailLogger, if len(r.Fuzzers) == 0 { return checker.CreateMinScoreResult(name, "project is not fuzzed") } - fuzzers := &[]string{} + fuzzers := []string{} for i := range r.Fuzzers { fuzzer := r.Fuzzers[i] - if fuzzer.Name == raw.FuzzNameUserDefinedFunc { - for _, f := range fuzzer.File { - msg := checker.LogMessage{ - Path: path.Join(f.Path, f.Snippet), - Type: f.Type, - Offset: f.Offset, - } - dl.Info(&msg) + for _, f := range fuzzer.Files { + msg := checker.LogMessage{ + Path: f.Path, + Type: f.Type, + Offset: f.Offset, } + if f.Snippet != "" { + msg.Text = f.Snippet + } + dl.Info(&msg) } - *fuzzers = append(*fuzzers, fuzzer.Name) + fuzzers = append(fuzzers, fuzzer.Name) } return checker.CreateMaxScoreResult(name, - fmt.Sprintf("project is fuzzed with %v", *fuzzers)) + fmt.Sprintf("project is fuzzed with %v", fuzzers)) } diff --git a/checks/fuzzing_test.go b/checks/fuzzing_test.go index d22c02de261..7d1d48a8bbc 100644 --- a/checks/fuzzing_test.go +++ b/checks/fuzzing_test.go @@ -34,6 +34,7 @@ func TestFuzzing(t *testing.T) { tests := []struct { name string want checker.CheckResult + langs map[string]int response clients.SearchResponse wantErr bool wantFuzzErr bool @@ -44,13 +45,20 @@ func TestFuzzing(t *testing.T) { { name: "empty response", response: clients.SearchResponse{}, - wantErr: false, + langs: map[string]int{ + "go": 300, + }, + wantErr: false, }, { name: "hits 1", response: clients.SearchResponse{ Hits: 1, }, + langs: map[string]int{ + "go": 100, + "java": 70, + }, wantErr: false, want: checker.CheckResult{Score: 10}, expected: scut.TestReturn{ @@ -61,7 +69,10 @@ func TestFuzzing(t *testing.T) { }, }, { - name: "nil response", + name: "nil response", + langs: map[string]int{ + "python": 256, + }, wantErr: true, want: checker.CheckResult{Score: -1}, expected: scut.TestReturn{ @@ -73,7 +84,7 @@ func TestFuzzing(t *testing.T) { }, }, { - name: " error", + name: "error", wantFuzzErr: true, want: checker.CheckResult{}, }, @@ -94,7 +105,7 @@ func TestFuzzing(t *testing.T) { } return tt.response, nil }).AnyTimes() - + mockFuzz.EXPECT().ListProgrammingLanguages().Return(tt.langs, nil).AnyTimes() mockFuzz.EXPECT().ListFiles(gomock.Any()).Return(tt.fileName, nil).AnyTimes() mockFuzz.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(f string) (string, error) { if tt.wantErr { diff --git a/checks/raw/dependency_update_tool.go b/checks/raw/dependency_update_tool.go index f32bc303107..8dbfb230ec8 100644 --- a/checks/raw/dependency_update_tool.go +++ b/checks/raw/dependency_update_tool.go @@ -51,7 +51,7 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin Name: "Dependabot", URL: asPointer("https://github.com/dependabot"), Desc: asPointer("Automated dependency updates built into GitHub"), - File: []checker.File{ + Files: []checker.File{ { Path: name, Type: checker.FileTypeSource, @@ -67,7 +67,7 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin Name: "Renovabot", URL: asPointer("https://github.com/renovatebot/renovate"), Desc: asPointer("Automated dependency updates. Multi-platform and multi-language."), - File: []checker.File{ + Files: []checker.File{ { Path: name, Type: checker.FileTypeSource, diff --git a/checks/raw/errors.go b/checks/raw/errors.go index 081dedff0fd..b8df7e61520 100644 --- a/checks/raw/errors.go +++ b/checks/raw/errors.go @@ -19,12 +19,10 @@ import ( ) var ( - errInternalCommitishNil = errors.New("commitish is nil") - errInvalidArgType = errors.New("invalid arg type") - errInvalidArgLength = errors.New("invalid arg length") - errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow") - errEmptyRepoClient = errors.New("empty RepoClient") - errGetRepoProgrammingLang = errors.New("cannot get repo programming languages") - errGetRepoProminentLang = errors.New("cannot get repo prominent languages") - errFuncParamIsNil = errors.New("function parameter is nil") + errInternalCommitishNil = errors.New("commitish is nil") + errInvalidArgType = errors.New("invalid arg type") + errInvalidArgLength = errors.New("invalid arg length") + errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow") + errEmptyRepoClient = errors.New("empty RepoClient") + errFuncParamIsNil = errors.New("function parameter is nil") ) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index c1ea77d9c9a..87e30e014a7 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -27,10 +27,10 @@ import ( ) const ( - FuzzNameOSSFuzz = "OSS-Fuzz" - FuzzNameClusterFuzzLite = "ClusterFuzzLite" - FuzzNameUserDefinedFunc = "user-defined fuzz functions" - // TODO: add more fuzz check support. + fuzzNameOSSFuzz = "OSSFuzz" + fuzzNameClusterFuzzLite = "ClusterFuzzLite" + fuzzNameBuiltInGo = "GoBuiltInFuzzer" + // TODO: add more fuzzing check supports. ) type filesWithPatternStr struct { @@ -38,17 +38,21 @@ type filesWithPatternStr struct { files []checker.File } type languageFuzzConfig struct { - fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzDocumentURL, langFuzzDesc string + fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzName string + langFuzzDocumentURL, langFuzzDesc *string //TODO: add more language fuzzing-related fields. } // Contains fuzzing speficications for programming languages. // Use lowercases as the key, such as go, python, javascript, c++, etc. -var languageFuzzSpecsMap = map[string]languageFuzzConfig{ +var languageFuzzSpecs = map[string]languageFuzzConfig{ // Default fuzz patterns for Go. "go": { fuzzFileMatchPattern: "*_test.go", fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, + langFuzzName: fuzzNameBuiltInGo, + langFuzzDocumentURL: asPointer("https://go.dev/doc/fuzz/"), + langFuzzDesc: asPointer("Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), }, // TODO: add more language-specific fuzz patterns & configs. } @@ -63,7 +67,7 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if usingCFLite { fuzzers = append(fuzzers, checker.Tool{ - Name: FuzzNameClusterFuzzLite, + Name: fuzzNameClusterFuzzLite, URL: asPointer("https://github.com/google/clusterfuzzlite"), Desc: asPointer("continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows"), // TODO: File. @@ -78,7 +82,7 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if usingOSSFuzz { fuzzers = append(fuzzers, checker.Tool{ - Name: FuzzNameOSSFuzz, + Name: fuzzNameOSSFuzz, URL: asPointer("https://github.com/google/oss-fuzz"), Desc: asPointer("Continuous Fuzzing for Open Source Software"), // TODO: File. @@ -86,19 +90,29 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { ) } - usingFuzzFunc, files, e := checkFuzzFunc(c) - if e != nil { - return checker.FuzzingData{}, fmt.Errorf("%w", e) + langMap, err := c.RepoClient.ListProgrammingLanguages() + if err != nil { + return checker.FuzzingData{}, fmt.Errorf("cannot get langs of repo: %w", err) } - if usingFuzzFunc { - fuzzers = append(fuzzers, - checker.Tool{ - Name: FuzzNameUserDefinedFunc, - URL: asPointer("https://en.wikipedia.org/wiki/Fuzzing"), - Desc: asPointer("The function-level fuzzing walks through the source code to report failures and find vulnerabilities."), - File: files, - }, - ) + prominentLangs, err := getProminentLanguages(langMap) + if err != nil { + return checker.FuzzingData{}, fmt.Errorf("cannot get the prominent langs: %w", err) + } + for _, lang := range prominentLangs { + usingFuzzFunc, files, e := checkFuzzFunc(c, lang) + if e != nil { + return checker.FuzzingData{}, fmt.Errorf("%w", e) + } + if usingFuzzFunc { + fuzzers = append(fuzzers, + checker.Tool{ + Name: languageFuzzSpecs[lang].langFuzzName, + URL: languageFuzzSpecs[lang].langFuzzDocumentURL, + Desc: languageFuzzSpecs[lang].langFuzzDesc, + Files: files, + }, + ) + } } return checker.FuzzingData{Fuzzers: fuzzers}, nil } @@ -136,45 +150,36 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { return result.Hits > 0, nil } -func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) { +func checkFuzzFunc(c *checker.CheckRequest, lang string) (bool, []checker.File, error) { if c.RepoClient == nil { - return false, nil, errEmptyRepoClient + return false, nil, errEmptyClient } - // To get the prominent programming language(s) to be checked. - langMap, err := c.RepoClient.ListProgrammingLanguages() - if err != nil { - return false, nil, errGetRepoProgrammingLang - } - prominentLangs, err := getProminentLanguages(langMap) - if err != nil { - return false, nil, errGetRepoProminentLang - } - data := filesWithPatternStr{ files: make([]checker.File, 0), } - - // Iterate the prominent language list and check for fuzz funcs per language. - for _, lang := range *prominentLangs { - // Search language fuzz patterns in the hashmap. - pattern, found := languageFuzzSpecsMap[lang] - if !found { - // Fuzz patterns for the current language not supported yet. - continue - } - // Get patterns for file and func. - filePattern, funcPattern := pattern.fuzzFileMatchPattern, pattern.fuzzFuncRegexPattern - matcher := fileparser.PathMatcher{ - Pattern: filePattern, - CaseSensitive: false, - } - data.pattern = funcPattern - err = fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) - if err != nil { - return false, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) - } + // Search language-specified fuzz func patterns in the hashmap. + pattern, found := languageFuzzSpecs[lang] + if !found { + // If the fuzz patterns for the current language not supported yet, + // we return it as false (not found), nil (no files), and nil (no errors). + return false, nil, nil + } + // Get patterns for file and func. + // We use the file pattern in the matcher to match the test files, + // and put the func pattern in var data to match file contents (func names). + filePattern, funcPattern := pattern.fuzzFileMatchPattern, pattern.fuzzFuncRegexPattern + matcher := fileparser.PathMatcher{ + Pattern: filePattern, + CaseSensitive: false, } + data.pattern = funcPattern + err := fileparser.OnMatchingFileContentDo(c.RepoClient, matcher, getFuzzFunc, &data) + if err != nil { + return false, nil, fmt.Errorf("error when OnMatchingFileContentDo: %w", err) + } + if len(data.files) == 0 { + // This means no fuzz funcs matched for this language. return false, nil, nil } return true, data.files, nil @@ -189,7 +194,7 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content } pdata, ok := args[0].(*filesWithPatternStr) if !ok { - return false, fmt.Errorf("invalid arg type: %w", errInvalidArgType) + return false, errInvalidArgType } r := regexp.MustCompile(pdata.pattern) lines := bytes.Split(content, []byte("\n")) @@ -210,25 +215,24 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content return true, nil } -func getProminentLanguages(langs map[string]int) (*[]string, error) { +func getProminentLanguages(langs map[string]int) ([]string, error) { if langs == nil { - return nil, errFuncParamIsNil + return nil, nil } numLangs := len(langs) totalLoC := 0 for _, LoC := range langs { totalLoC += LoC - numLangs++ } // Var avgLoC calculates the average lines of code in the current repo, // and it can stay as an int, no need for a float value. avgLoC := totalLoC / numLangs // Languages that have lines of code above average will be considered prominent. - ret := &[]string{} + ret := []string{} for lang, LoC := range langs { if LoC >= avgLoC { - *ret = append(*ret, strings.ToLower(lang)) + ret = append(ret, strings.ToLower(lang)) } } return ret, nil diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index 4a0b51b596c..73dfb74338f 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -211,19 +211,19 @@ func Test_fuzzFileAndFuncMatchPattern(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - langSpecs, ok := languageFuzzSpecsMap[tt.lang] + langSpecs, ok := languageFuzzSpecs[tt.lang] if !ok && !tt.wantErr { t.Errorf("retrieve supported language error") } fileMatchPattern := langSpecs.fuzzFileMatchPattern fileMatch, err := path.Match(fileMatchPattern, tt.fileName) - if fileMatch != tt.expectedFileMatch || err != nil && !tt.wantErr { + if (fileMatch != tt.expectedFileMatch || err != nil) && !tt.wantErr { t.Errorf("fileMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) } funcRegexPattern := langSpecs.fuzzFuncRegexPattern r, _ := regexp.Compile(funcRegexPattern) found := r.MatchString(tt.fileContent) - if found != tt.expectedFuncMatch && !tt.wantErr { + if (found != tt.expectedFuncMatch) && !tt.wantErr { t.Errorf("funcMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) } }) @@ -263,7 +263,6 @@ func Test_checkFuzzFunc(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() mockClient := mockrepo.NewMockRepoClient(ctrl) - mockClient.EXPECT().ListProgrammingLanguages().Return(tt.langs, nil).AnyTimes() mockClient.EXPECT().ListFiles(gomock.Any()).Return(tt.fileName, nil).AnyTimes() mockClient.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(f string) (string, error) { if tt.wantErr { @@ -275,9 +274,11 @@ func Test_checkFuzzFunc(t *testing.T) { req := checker.CheckRequest{ RepoClient: mockClient, } - got, _, err := checkFuzzFunc(&req) - if got != tt.want || err != nil && !tt.wantErr { - t.Errorf("checkFuzzFunc() = %v, want %v for %v", got, tt.want, tt.name) + for l := range tt.langs { + got, _, err := checkFuzzFunc(&req, l) + if (got != tt.want || err != nil) && !tt.wantErr { + t.Errorf("checkFuzzFunc() = %v, want %v for %v", got, tt.want, tt.name) + } } }) } diff --git a/cron/internal/format/json_raw_results.go b/cron/internal/format/json_raw_results.go index 10d84324ddb..d510fa5628c 100644 --- a/cron/internal/format/json_raw_results.go +++ b/cron/internal/format/json_raw_results.go @@ -40,10 +40,10 @@ type jsonFile struct { } type jsonTool struct { - URL *string `json:"url"` - Desc *string `json:"desc"` - File *jsonFile `json:"file"` - Name string `json:"name"` + URL *string `json:"url"` + Desc *string `json:"desc"` + Files []jsonFile `json:"file"` + Name string `json:"name"` // TODO: Runs, Issues, Merge requests. } @@ -204,9 +204,11 @@ func addDependencyUpdateToolRawResults(r *jsonScorecardRawResult, URL: t.URL, Desc: t.Desc, } - if t.File != nil { - jt.File = &jsonFile{ - Path: t.File[0].Path, + if t.Files != nil && len(t.Files) > 0 { + for _, f := range t.Files { + jt.Files = append(jt.Files, jsonFile{ + Path: f.Path, + }) } } r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt) diff --git a/go.mod b/go.mod index 7fe2cd0616c..76584cd1023 100644 --- a/go.mod +++ b/go.mod @@ -64,6 +64,7 @@ require ( github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/containerd/stargz-snapshotter/estargz v0.11.4 // indirect github.com/containerd/typeurl v1.0.2 // indirect + github.com/daixiang0/gci v0.3.4 // indirect github.com/docker/cli v20.10.16+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/docker v20.10.16+incompatible // indirect @@ -81,6 +82,7 @@ require ( github.com/google/wire v0.5.0 // indirect github.com/googleapis/gax-go/v2 v2.3.0 // indirect github.com/googleapis/go-type-adapters v1.0.0 // indirect + github.com/hexops/gotextdiff v1.0.3 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -103,6 +105,9 @@ require ( github.com/xanzy/ssh-agent v0.3.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect + go.uber.org/atomic v1.9.0 // indirect + go.uber.org/multierr v1.8.0 // indirect + go.uber.org/zap v1.21.0 // indirect golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 // indirect golang.org/x/net v0.0.0-20220516155154-20f960328961 // indirect golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect diff --git a/go.sum b/go.sum index 5be5b820d4e..44eb6e95f24 100644 --- a/go.sum +++ b/go.sum @@ -555,6 +555,8 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= +github.com/daixiang0/gci v0.3.4 h1:+EZ83znNs73C9ZBTM7xhNagMP6gJs5wlptiFiuce5BM= +github.com/daixiang0/gci v0.3.4/go.mod h1:pB1j339Q+2sv/EyKd4dgvGXcaBGIErim+dlhLDtqeW4= github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -997,6 +999,8 @@ github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0m github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c/go.mod h1:fHzc09UnyJyqyW+bFuq864eh+wC7dj65aXmXLRe5to0= +github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= +github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -1669,6 +1673,7 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= @@ -1677,6 +1682,7 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/ go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= @@ -1684,6 +1690,7 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index 8fade07c309..d90fa0eb1b1 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -47,11 +47,11 @@ type jsonFile struct { } type jsonTool struct { - URL *string `json:"url"` - Desc *string `json:"desc"` - Job *jsonWorkflowJob `json:"job,omitempty"` - File []jsonFile `json:"file,omitempty"` - Name string `json:"name"` + URL *string `json:"url"` + Desc *string `json:"desc"` + Job *jsonWorkflowJob `json:"job,omitempty"` + Name string `json:"name"` + Files []jsonFile `json:"files,omitempty"` // TODO: Runs, Issues, Merge requests. } @@ -508,9 +508,9 @@ func (r *jsonScorecardRawResult) addFuzzingRawResults(fd *checker.FuzzingData) e URL: f.URL, Desc: f.Desc, } - if f.File != nil { - for _, f := range f.File { - jt.File = append(jt.File, jsonFile{ + if f.Files != nil { + for _, f := range f.Files { + jt.Files = append(jt.Files, jsonFile{ Path: f.Path, }) } @@ -530,9 +530,9 @@ func (r *jsonScorecardRawResult) addDependencyUpdateToolRawResults(dut *checker. URL: t.URL, Desc: t.Desc, } - if t.File != nil { - for _, f := range t.File { - jt.File = append(jt.File, jsonFile{ + if t.Files != nil { + for _, f := range t.Files { + jt.Files = append(jt.Files, jsonFile{ Path: f.Path, }) } From ffe1bf1f4874f058bf6b12b791926d5ce89298e4 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Fri, 3 Jun 2022 23:06:48 +0000 Subject: [PATCH 10/24] temp save 06032022 (2) --- checks/evaluation/dependency_update_tool_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/checks/evaluation/dependency_update_tool_test.go b/checks/evaluation/dependency_update_tool_test.go index 253725d643b..edb9840c1bf 100644 --- a/checks/evaluation/dependency_update_tool_test.go +++ b/checks/evaluation/dependency_update_tool_test.go @@ -95,8 +95,7 @@ func TestDependencyUpdateTool(t *testing.T) { [dependency-update-tool] enabled = true `, - Offset: 0, - Type: checker.FileTypeSource, + Type: checker.FileTypeSource, }, }, }, From 739de16b94727d09cb6451f59ff0e6193bb0c323 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Fri, 3 Jun 2022 23:10:30 +0000 Subject: [PATCH 11/24] update err def --- checks/raw/errors.go | 1 - 1 file changed, 1 deletion(-) diff --git a/checks/raw/errors.go b/checks/raw/errors.go index b8df7e61520..9f1405680ed 100644 --- a/checks/raw/errors.go +++ b/checks/raw/errors.go @@ -24,5 +24,4 @@ var ( errInvalidArgLength = errors.New("invalid arg length") errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow") errEmptyRepoClient = errors.New("empty RepoClient") - errFuncParamIsNil = errors.New("function parameter is nil") ) From 06a03734be6fc315a0516b414779aef5dcb73dcf Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Fri, 3 Jun 2022 23:53:05 +0000 Subject: [PATCH 12/24] temp save 3 --- checks/raw/errors.go | 1 - checks/raw/fuzzing.go | 16 +++++++--------- checks/raw/fuzzing_test.go | 2 +- cron/internal/format/json_raw_results.go | 2 +- 4 files changed, 9 insertions(+), 12 deletions(-) diff --git a/checks/raw/errors.go b/checks/raw/errors.go index 9f1405680ed..0de31a67d41 100644 --- a/checks/raw/errors.go +++ b/checks/raw/errors.go @@ -23,5 +23,4 @@ var ( errInvalidArgType = errors.New("invalid arg type") errInvalidArgLength = errors.New("invalid arg length") errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow") - errEmptyRepoClient = errors.New("empty RepoClient") ) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 87e30e014a7..f85f31f7bd2 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -38,8 +38,8 @@ type filesWithPatternStr struct { files []checker.File } type languageFuzzConfig struct { - fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzName string langFuzzDocumentURL, langFuzzDesc *string + fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzName string //TODO: add more language fuzzing-related fields. } @@ -94,10 +94,8 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if err != nil { return checker.FuzzingData{}, fmt.Errorf("cannot get langs of repo: %w", err) } - prominentLangs, err := getProminentLanguages(langMap) - if err != nil { - return checker.FuzzingData{}, fmt.Errorf("cannot get the prominent langs: %w", err) - } + prominentLangs := getProminentLanguages(langMap) + for _, lang := range prominentLangs { usingFuzzFunc, files, e := checkFuzzFunc(c, lang) if e != nil { @@ -152,7 +150,7 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { func checkFuzzFunc(c *checker.CheckRequest, lang string) (bool, []checker.File, error) { if c.RepoClient == nil { - return false, nil, errEmptyClient + return false, nil, nil } data := filesWithPatternStr{ files: make([]checker.File, 0), @@ -215,9 +213,9 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content return true, nil } -func getProminentLanguages(langs map[string]int) ([]string, error) { +func getProminentLanguages(langs map[string]int) []string { if langs == nil { - return nil, nil + return nil } numLangs := len(langs) totalLoC := 0 @@ -235,5 +233,5 @@ func getProminentLanguages(langs map[string]int) ([]string, error) { ret = append(ret, strings.ToLower(lang)) } } - return ret, nil + return ret } diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index 73dfb74338f..2b6733cec5a 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -221,7 +221,7 @@ func Test_fuzzFileAndFuncMatchPattern(t *testing.T) { t.Errorf("fileMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) } funcRegexPattern := langSpecs.fuzzFuncRegexPattern - r, _ := regexp.Compile(funcRegexPattern) + r := regexp.MustCompile(funcRegexPattern) found := r.MatchString(tt.fileContent) if (found != tt.expectedFuncMatch) && !tt.wantErr { t.Errorf("funcMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) diff --git a/cron/internal/format/json_raw_results.go b/cron/internal/format/json_raw_results.go index d510fa5628c..f6221445c52 100644 --- a/cron/internal/format/json_raw_results.go +++ b/cron/internal/format/json_raw_results.go @@ -42,8 +42,8 @@ type jsonFile struct { type jsonTool struct { URL *string `json:"url"` Desc *string `json:"desc"` - Files []jsonFile `json:"file"` Name string `json:"name"` + Files []jsonFile `json:"file"` // TODO: Runs, Issues, Merge requests. } From f999d7c500481b3860da5865efca65253841b5da Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Mon, 6 Jun 2022 04:59:12 +0000 Subject: [PATCH 13/24] update docs for fuzzing --- docs/checks.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/checks.md b/docs/checks.md index 4f9e0dcccc4..139e5aaf5af 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -317,9 +317,11 @@ low score is therefore not a definitive indication that the project is at risk. Risk: `Medium` (possible vulnerabilities in code) This check tries to determine if the project uses -[fuzzing](https://owasp.org/www-community/Fuzzing) by checking if the repository -name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project -list. +[fuzzing](https://owasp.org/www-community/Fuzzing). Currently, scorecard checks: +1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project +list; +2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository; +3. if there are user-defined language-specified fuzzing fuctions (now supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository. Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs. Regular fuzzing is important to detect From 3d10b94bd15470baa9c6337cfce73bb260b78743 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Mon, 6 Jun 2022 05:00:09 +0000 Subject: [PATCH 14/24] update docs for fuzzing --- docs/checks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/checks.md b/docs/checks.md index 139e5aaf5af..7a51e9e3581 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -321,7 +321,7 @@ This check tries to determine if the project uses 1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list; 2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository; -3. if there are user-defined language-specified fuzzing fuctions (now supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository. +3. if there are user-defined language-specified fuzzing functions (now supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository. Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs. Regular fuzzing is important to detect From f4818030adb540e5500bdb6fffa8329db46cc875 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Mon, 6 Jun 2022 21:12:48 +0000 Subject: [PATCH 15/24] update checks.yaml to gen docs --- checks/fuzzing_test.go | 8 ++++ docs/checks.md | 9 ++-- docs/checks/internal/checks.yaml | 7 +-- go.mod | 5 --- go.sum | 76 -------------------------------- 5 files changed, 16 insertions(+), 89 deletions(-) diff --git a/checks/fuzzing_test.go b/checks/fuzzing_test.go index 7d1d48a8bbc..7131a579ec5 100644 --- a/checks/fuzzing_test.go +++ b/checks/fuzzing_test.go @@ -83,6 +83,14 @@ func TestFuzzing(t *testing.T) { Score: -1, }, }, + { + name: "min score since lang not supported", + langs: map[string]int{ + "not_supported_lang": 1490, + }, + wantFuzzErr: false, + want: checker.CheckResult{Score: 0}, + }, { name: "error", wantFuzzErr: true, diff --git a/docs/checks.md b/docs/checks.md index 7a51e9e3581..70696ed1517 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -317,11 +317,10 @@ low score is therefore not a definitive indication that the project is at risk. Risk: `Medium` (possible vulnerabilities in code) This check tries to determine if the project uses -[fuzzing](https://owasp.org/www-community/Fuzzing). Currently, scorecard checks: -1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project -list; +[fuzzing](https://owasp.org/www-community/Fuzzing) by checking: +1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list; 2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository; -3. if there are user-defined language-specified fuzzing functions (now supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository. +3. if there are user-defined language-specified fuzzing functions (currently only supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository. Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs. Regular fuzzing is important to detect @@ -471,7 +470,7 @@ dependencies using the [GitHub dependency graph](https://docs.github.com/en/code - First determine if your project is producing a library or application. If it is a library, you generally don't want to pin dependencies of library users, and should not follow any remediation steps. - If your project is producing an application, declare all your dependencies with specific versions in your package format file (e.g. `package.json` for npm, `requirements.txt` for python). For C/C++, check in the code from a trusted source and add a `README` on the specific version used (and the archive SHA hashes). - If the package manager supports lock files (e.g. `package-lock.json` for npm), make sure to check these in the source code as well. These files maintain signatures for the entire dependency tree and saves from future exploitation in case the package is compromised. -- For Dockerfiles, pin dependencies by hash. See [Dockerfile](https://github.com/ossf/scorecard/blob/main/cron/worker/Dockerfile) for example. If you are using a manifest list to support builds across multiple architectures, you can pin to the manifest list hash instead of a single image hash. You can use a tool like [crane](https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md) to obtain the hash of the manifest list like in this [example](https://github.com/ossf/scorecard/issues/1773#issuecomment-1076699039). +- For Dockerfiles, pin dependencies by hash. See [Dockerfile](https://github.com/ossf/scorecard/blob/main/cron/worker/Dockerfile) for example. If you are using a manifest list to support builds across multiple architectures, you can pin to the manifest list hash instead of a single image hash. You can use a tool like [crane](https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md) to obtain the hash of the manifest list like in this [example](https://github.com/ossf/scorecard/issues/1773#issuecomment-1076699039). - For GitHub workflows, pin dependencies by hash. See [main.yaml](https://github.com/ossf/scorecard/blob/f55b86d6627cc3717e3a0395e03305e81b9a09be/.github/workflows/main.yml#L27) for example. To determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/) by ticking the "Pin actions to a full length commit SHA". You may also tick the "Restrict permissions for GITHUB_TOKEN" to fix issues found by the Token-Permissions check. - To help update your dependencies after pinning them, use tools such as Github's [dependabot](https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/) diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 73dcdd20950..f15bd2f9e93 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -374,9 +374,10 @@ checks: Risk: `Medium` (possible vulnerabilities in code) This check tries to determine if the project uses - [fuzzing](https://owasp.org/www-community/Fuzzing) by checking if the repository - name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project - list. + [fuzzing](https://owasp.org/www-community/Fuzzing) by checking: + 1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list; + 2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository; + 3. if there are user-defined language-specified fuzzing functions (currently only supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository. Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs. Regular fuzzing is important to detect diff --git a/go.mod b/go.mod index 76584cd1023..7fe2cd0616c 100644 --- a/go.mod +++ b/go.mod @@ -64,7 +64,6 @@ require ( github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/containerd/stargz-snapshotter/estargz v0.11.4 // indirect github.com/containerd/typeurl v1.0.2 // indirect - github.com/daixiang0/gci v0.3.4 // indirect github.com/docker/cli v20.10.16+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/docker v20.10.16+incompatible // indirect @@ -82,7 +81,6 @@ require ( github.com/google/wire v0.5.0 // indirect github.com/googleapis/gax-go/v2 v2.3.0 // indirect github.com/googleapis/go-type-adapters v1.0.0 // indirect - github.com/hexops/gotextdiff v1.0.3 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -105,9 +103,6 @@ require ( github.com/xanzy/ssh-agent v0.3.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - go.uber.org/atomic v1.9.0 // indirect - go.uber.org/multierr v1.8.0 // indirect - go.uber.org/zap v1.21.0 // indirect golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 // indirect golang.org/x/net v0.0.0-20220516155154-20f960328961 // indirect golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect diff --git a/go.sum b/go.sum index 44eb6e95f24..6af40b10a24 100644 --- a/go.sum +++ b/go.sum @@ -22,7 +22,6 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.66.0/go.mod h1:dgqGAjKCDxyhGTtC9dAREQGUJpkceNm1yt590Qno0Ko= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= @@ -60,7 +59,6 @@ cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSi cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/firestore v1.4.0/go.mod h1:NjjGEnxCS3CAKYp+vmALu20QzcqasGodQp48WxJGAYc= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/iam v0.1.1/go.mod h1:CKqrcnI/suGpybEHxZ7BMehL0oA4LpdyJdUlTl9jVMw= @@ -75,7 +73,6 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/pubsub v1.9.0/go.mod h1:G3o6/kJvEMIEAN5urdkaP4be49WQsjNiykBIto9LFtY= cloud.google.com/go/pubsub v1.19.0/go.mod h1:/O9kmSe9bb9KRnIAWkzmqhPjHo6LtzGOBYd/kr06XSs= cloud.google.com/go/pubsub v1.21.1 h1:ghu6wlm6WouITmmuwkxGG+6vNRXDaPdAjqLcRdsw3EQ= cloud.google.com/go/pubsub v1.21.1/go.mod h1:u3XGeMBOBCIQLcxNzy14Svz88ZFS8vI250uDgIAQDSQ= @@ -85,7 +82,6 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.12.0/go.mod h1:fFLk2dp2oAhDz8QFKwqrjdJvxSp/W2g7nillojlL5Ho= cloud.google.com/go/storage v1.21.0/go.mod h1:XmRlxkgPjlBONznT2dDUU/5XlpU2OjMnKuqnZI01LAA= cloud.google.com/go/storage v1.22.0 h1:NUV0NNp9nkBuW66BFRLuMgldN60C57ET3dhbwLIYio8= cloud.google.com/go/storage v1.22.0/go.mod h1:GbaLEoMqbVm6sx3Z0R++gSiBlgMv6yUi2q1DeGFKQgE= @@ -97,7 +93,6 @@ contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= -contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= contrib.go.opencensus.io/exporter/stackdriver v0.13.10/go.mod h1:I5htMbyta491eUxufwwZPQdcKvvgzMB4O9ni41YnIM8= contrib.go.opencensus.io/exporter/stackdriver v0.13.12 h1:bjBKzIf7/TAkxd7L2utGaLM78bmUWlCval5K9UeElbY= contrib.go.opencensus.io/exporter/stackdriver v0.13.12/go.mod h1:mmxnWlrvrFdpiOHOhxBaVi1rkc0WOqhgfknj4Yg0SeQ= @@ -110,8 +105,6 @@ git.apache.org/thrift.git v0.12.0/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqbl github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= github.com/AkihiroSuda/containerd-fuse-overlayfs v1.0.0/go.mod h1:0mMDvQFeLbbn1Wy8P2j3hwFhqBq+FKn8OZPno8WLmp8= github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= -github.com/Azure/azure-amqp-common-go/v3 v3.0.1/go.mod h1:PBIGdzcO1teYoufTKMcGibdKaYZv4avS+O6LNIp8bq0= -github.com/Azure/azure-amqp-common-go/v3 v3.1.0/go.mod h1:PBIGdzcO1teYoufTKMcGibdKaYZv4avS+O6LNIp8bq0= github.com/Azure/azure-amqp-common-go/v3 v3.2.1/go.mod h1:O6X1iYHP7s2x7NjUKsXVhkwWrQhxrd+d8/3rRadj4CI= github.com/Azure/azure-amqp-common-go/v3 v3.2.2/go.mod h1:O6X1iYHP7s2x7NjUKsXVhkwWrQhxrd+d8/3rRadj4CI= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= @@ -122,24 +115,18 @@ github.com/Azure/azure-sdk-for-go v19.1.1+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v37.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v42.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v49.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v51.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v59.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0= github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= -github.com/Azure/azure-service-bus-go v0.10.7/go.mod h1:o5z/3lDG1iT/T/G7vgIwIqVDTx9Qa2wndf5OdzSzpF8= github.com/Azure/azure-service-bus-go v0.11.5/go.mod h1:MI6ge2CuQWBVq+ly456MY7XqNLJip5LO1iSFodbNLbU= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= -github.com/Azure/azure-storage-blob-go v0.13.0/go.mod h1:pA9kNqtjUeQF2zOSu4s//nUdBD+e64lEuc4sVnuOfNs= github.com/Azure/azure-storage-blob-go v0.14.0 h1:1BCg74AmVdYwO3dlKwtFU1V0wU2PZdREkXvAmZJRUlM= github.com/Azure/azure-storage-blob-go v0.14.0/go.mod h1:SMqIBi+SuiQH32bvyjngEewEeXoPfKMgWlBDaYf6fck= -github.com/Azure/go-amqp v0.13.0/go.mod h1:qj+o8xPCz9tMSbQ83Vp8boHahuRDl5mkNHyt1xlxUTs= -github.com/Azure/go-amqp v0.13.1/go.mod h1:qj+o8xPCz9tMSbQ83Vp8boHahuRDl5mkNHyt1xlxUTs= github.com/Azure/go-amqp v0.16.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= github.com/Azure/go-amqp v0.16.4/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= @@ -154,10 +141,6 @@ github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8 github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= github.com/Azure/go-autorest/autorest v0.10.2/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.7/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs= -github.com/Azure/go-autorest/autorest v0.11.9/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= -github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.22/go.mod h1:BAWYUWGPEtKPzjVkp0Q6an0MJcJDsoh5Z1BFAEFs4Xs= @@ -167,15 +150,11 @@ github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMl github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.8.3/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/adal v0.9.2/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= -github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= -github.com/Azure/go-autorest/autorest/adal v0.9.6/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.17/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.3/go.mod h1:4bJZhUhcq8LB20TruwHbAQsmUs2Xh+QR7utuJpLXX3A= github.com/Azure/go-autorest/autorest/azure/auth v0.5.9/go.mod h1:hg3/1yw0Bq87O3KvvnJoAh34/0zbP7SFizX/qN5JvjU= github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw= github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= @@ -192,7 +171,6 @@ github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsI github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI= -github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= @@ -204,7 +182,6 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/Djarvur/go-err113 v0.0.0-20200410182137-af658d038157/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/Djarvur/go-err113 v0.1.0/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= -github.com/GoogleCloudPlatform/cloudsql-proxy v1.19.1/go.mod h1:+yYmuKqcBVkgRePGpUhTA9OEg0XsnFE96eZ6nJ2yCQM= github.com/GoogleCloudPlatform/cloudsql-proxy v1.29.0/go.mod h1:spvB9eLJH9dutlbPSRmHvSXXHOwGRyeXh1jVdquA2G8= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= @@ -287,11 +264,9 @@ github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.36.1/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.43.31 h1:yJZIr8nMV1hXjAvvOLUFqZRJcHV7udPQBfhJqawDzI0= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= @@ -354,9 +329,6 @@ github.com/bombsimon/wsl/v2 v2.2.0/go.mod h1:Azh8c3XGEJl9LyX0/sFC+CKMc7Ssgua0g+6 github.com/bombsimon/wsl/v3 v3.0.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc= github.com/bombsimon/wsl/v3 v3.1.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= -github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= -github.com/bradleyfalzon/ghinstallation v1.1.1 h1:pmBXkxgM1WeF8QYvDLT5kuQiHMcmf+X015GI0KM/E3I= -github.com/bradleyfalzon/ghinstallation v1.1.1/go.mod h1:vyCmHTciHx/uuyN82Zc3rXN3X2KTK8nUTCrTMwAhcug= github.com/bradleyfalzon/ghinstallation/v2 v2.0.4 h1:tXKVfhE7FcSkhkv0UwkLvPDeZ4kz6OXd0PKPlFqf81M= github.com/bradleyfalzon/ghinstallation/v2 v2.0.4/go.mod h1:B40qPqJxWE0jDZgOR1JmaMy+4AY1eBP+IByOvqyAKp0= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= @@ -555,14 +527,11 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= -github.com/daixiang0/gci v0.3.4 h1:+EZ83znNs73C9ZBTM7xhNagMP6gJs5wlptiFiuce5BM= -github.com/daixiang0/gci v0.3.4/go.mod h1:pB1j339Q+2sv/EyKd4dgvGXcaBGIErim+dlhLDtqeW4= github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/denisenkom/go-mssqldb v0.12.0/go.mod h1:iiK0YP1ZeepvmBQk/QpLEhhTNJgfzrpArPY/aFvc9yU= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= @@ -820,7 +789,6 @@ github.com/golangci/prealloc v0.0.0-20180630174525-215b22d4de21/go.mod h1:tf5+bz github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= github.com/golangci/revgrep v0.0.0-20180812185044-276a5c0a1039/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= -github.com/gomodule/redigo v1.8.4/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -849,9 +817,6 @@ github.com/google/go-containerregistry v0.9.0/go.mod h1:9eq4BnSufyT1kHNffX+vSXVo github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= -github.com/google/go-github/v29 v29.0.2/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E= -github.com/google/go-github/v32 v32.1.0 h1:GWkQOdXqviCPx7Q7Fj+KyPoGm4SwHRh8rheoPhd27II= -github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= @@ -860,11 +825,9 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= -github.com/google/go-replayers/grpcreplay v1.0.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/grpcreplay v1.1.0 h1:S5+I3zYyZ+GQz68OfbURDdt/+cSMqCK1wrvNx7WBzTE= github.com/google/go-replayers/grpcreplay v1.1.0/go.mod h1:qzAvJ8/wi57zq7gWqaE6AwLM6miiXUQwP1S+I9icmhk= github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= -github.com/google/go-replayers/httpreplay v0.1.2/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/go-replayers/httpreplay v1.1.1 h1:H91sIMlt1NZzN7R+/ASswyouLJfW0WLW7fhyUFvDEkY= github.com/google/go-replayers/httpreplay v1.1.1/go.mod h1:gN9GeLIs7l6NUoVaSSnv2RiqK1NiwAmD0MrKeC9IIks= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= @@ -887,7 +850,6 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200905233945-acf8798be1f7/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= @@ -947,7 +909,6 @@ github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.m github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.2.0/go.mod h1:mJzapYve32yjrKlk9GbyCZHuPgZsrbyIbyKhSzOpg6s= @@ -999,8 +960,6 @@ github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0m github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c/go.mod h1:fHzc09UnyJyqyW+bFuq864eh+wC7dj65aXmXLRe5to0= -github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= -github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -1137,7 +1096,6 @@ github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= @@ -1213,7 +1171,6 @@ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:F github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/buildkit v0.8.1/go.mod h1:/kyU1hKy/aYCuP39GZA9MaKioovHku57N6cqlKZIaiQ= github.com/moby/buildkit v0.10.3 h1:/dGykD8FW+H4p++q5+KqKEo6gAkYKyBQHdawdjVwVAU= @@ -1254,7 +1211,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nakabonne/nestif v0.3.0/go.mod h1:dI314BppzXjJ4HsCnbo7XzrJHPszZsjnk5wEBSYHI2c= -github.com/naveensrinivasan/httpcache v1.2.2/go.mod h1:gpEVVjcTYZA3F1tqYkLqbNvZuf380rhUDaV5OZpyQ88= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -1277,7 +1233,6 @@ github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.15.2/go.mod h1:Dd6YFfwBW84ETqqtL0CPyPXillHgY6XhQH3uuCCTr/o= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= @@ -1294,7 +1249,6 @@ github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= -github.com/onsi/gomega v1.11.0/go.mod h1:azGKhqFUon9Vuj0YmTfLSmx0FUwqXYSTl5re8lQLTUg= github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= @@ -1336,8 +1290,6 @@ github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYr github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/ossf/scorecard v1.2.0 h1:Gf12BN29RZDDSev0suW/DwJyhYWH1XHsIqSmpCChgsE= -github.com/ossf/scorecard v1.2.0/go.mod h1:hc0zwnXi2NHq2aru8A/NoNZ9H+DqZZlYbmOw7jjHi/Q= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -1455,7 +1407,6 @@ github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lz github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shurcooL/githubv4 v0.0.0-20200928013246-d292edc3691b/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo= github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa h1:jozR3igKlnYCj9IVHOVump59bp07oIRoLQ/CcjMYIUA= github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= @@ -1526,7 +1477,6 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM= @@ -1673,7 +1623,6 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= @@ -1682,19 +1631,15 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/ go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= -gocloud.dev v0.22.0/go.mod h1:z3jKIQ0Es9LALVZFQ3wOvwqAsSLq1R5c/2RdmghDucw= gocloud.dev v0.25.0 h1:Y7vDq8xj7SyM848KXf32Krda2e6jQ4CLh/mTeCSqXtk= gocloud.dev v0.25.0/go.mod h1:7HegHVCYZrMiU3IE1qtnzf/vRrDwLYnRNR3EhWX8x9Y= golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4= @@ -1707,7 +1652,6 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -1825,7 +1769,6 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -1869,7 +1812,6 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201203001011-0b49973bad19/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -2106,7 +2048,6 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2150,18 +2091,12 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200828161849-5deb26317202/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20200915173823-2db8f0ff891c/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= -golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201202200335-bef1c476418a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201203202102-a1a1cbeaa516/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= @@ -2195,7 +2130,6 @@ google.golang.org/api v0.6.1-0.20190607001116-5213b8090861/go.mod h1:btoxGiFvQNV google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= @@ -2209,8 +2143,6 @@ google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.31.0/go.mod h1:CL+9IBCa2WWU6gRuBWaKqGWLFFwbEUXkfeMkHLQWYWo= -google.golang.org/api v0.32.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= @@ -2246,7 +2178,6 @@ google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= @@ -2291,15 +2222,11 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200831141814-d751682dd103/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200914193844-75d14daec038/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200921151605-7abf4a1a14d5/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201203001206-6486ece9c497/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -2376,7 +2303,6 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= @@ -2417,7 +2343,6 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= @@ -2558,7 +2483,6 @@ mvdan.cc/sh/v3 v3.5.1 h1:hmP3UOw4f+EYexsJjFxvU38+kn+V/s2CclXHanIBkmQ= mvdan.cc/sh/v3 v3.5.1/go.mod h1:1JcoyAKm1lZw/2bZje/iYKWicU/KMd0rsyJeKHnsK4E= mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= mvdan.cc/unparam v0.0.0-20200501210554-b37ab49443f7/go.mod h1:HGC5lll35J70Y5v7vCGb9oLhHoScFwkHDJm/05RdSTc= -nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= From 68a6cb25362ee42ec490b8945631a65c200df33b Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Mon, 6 Jun 2022 23:23:00 +0000 Subject: [PATCH 16/24] temp save 0606 --- checks/evaluation/dependency_update_tool.go | 2 +- checks/raw/fuzzing.go | 34 +++++++------- checks/raw/fuzzing_test.go | 4 +- clients/githubrepo/client.go | 22 +++------ clients/githubrepo/languages.go | 52 +++++++++++++++++++++ 5 files changed, 80 insertions(+), 34 deletions(-) create mode 100644 clients/githubrepo/languages.go diff --git a/checks/evaluation/dependency_update_tool.go b/checks/evaluation/dependency_update_tool.go index 7c2a44a314a..7f709727e78 100644 --- a/checks/evaluation/dependency_update_tool.go +++ b/checks/evaluation/dependency_update_tool.go @@ -50,7 +50,7 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger, } if r.Tools[0].Files == nil { - e := sce.WithMessage(sce.ErrScorecardInternal, "File is nil") + e := sce.WithMessage(sce.ErrScorecardInternal, "Files are nil") return checker.CreateRuntimeErrorResult(name, e) } diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index f85f31f7bd2..8ae4cb082ff 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -27,9 +27,9 @@ import ( ) const ( - fuzzNameOSSFuzz = "OSSFuzz" - fuzzNameClusterFuzzLite = "ClusterFuzzLite" - fuzzNameBuiltInGo = "GoBuiltInFuzzer" + fuzzerOSSFuzz = "OSSFuzz" + fuzzerClusterFuzzLite = "ClusterFuzzLite" + fuzzerBuiltInGo = "GoBuiltInFuzzer" // TODO: add more fuzzing check supports. ) @@ -37,9 +37,11 @@ type filesWithPatternStr struct { pattern string files []checker.File } + +// Configurations for language-specified fuzzers. type languageFuzzConfig struct { - langFuzzDocumentURL, langFuzzDesc *string - fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzName string + URL, Desc *string + filePattern, funcPattern, Name string //TODO: add more language fuzzing-related fields. } @@ -48,11 +50,11 @@ type languageFuzzConfig struct { var languageFuzzSpecs = map[string]languageFuzzConfig{ // Default fuzz patterns for Go. "go": { - fuzzFileMatchPattern: "*_test.go", - fuzzFuncRegexPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, - langFuzzName: fuzzNameBuiltInGo, - langFuzzDocumentURL: asPointer("https://go.dev/doc/fuzz/"), - langFuzzDesc: asPointer("Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), + filePattern: "*_test.go", + funcPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, + Name: fuzzerBuiltInGo, + URL: asPointer("https://go.dev/doc/fuzz/"), + Desc: asPointer("Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), }, // TODO: add more language-specific fuzz patterns & configs. } @@ -67,7 +69,7 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if usingCFLite { fuzzers = append(fuzzers, checker.Tool{ - Name: fuzzNameClusterFuzzLite, + Name: fuzzerClusterFuzzLite, URL: asPointer("https://github.com/google/clusterfuzzlite"), Desc: asPointer("continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows"), // TODO: File. @@ -82,7 +84,7 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if usingOSSFuzz { fuzzers = append(fuzzers, checker.Tool{ - Name: fuzzNameOSSFuzz, + Name: fuzzerOSSFuzz, URL: asPointer("https://github.com/google/oss-fuzz"), Desc: asPointer("Continuous Fuzzing for Open Source Software"), // TODO: File. @@ -104,9 +106,9 @@ func Fuzzing(c *checker.CheckRequest) (checker.FuzzingData, error) { if usingFuzzFunc { fuzzers = append(fuzzers, checker.Tool{ - Name: languageFuzzSpecs[lang].langFuzzName, - URL: languageFuzzSpecs[lang].langFuzzDocumentURL, - Desc: languageFuzzSpecs[lang].langFuzzDesc, + Name: languageFuzzSpecs[lang].Name, + URL: languageFuzzSpecs[lang].URL, + Desc: languageFuzzSpecs[lang].Desc, Files: files, }, ) @@ -165,7 +167,7 @@ func checkFuzzFunc(c *checker.CheckRequest, lang string) (bool, []checker.File, // Get patterns for file and func. // We use the file pattern in the matcher to match the test files, // and put the func pattern in var data to match file contents (func names). - filePattern, funcPattern := pattern.fuzzFileMatchPattern, pattern.fuzzFuncRegexPattern + filePattern, funcPattern := pattern.filePattern, pattern.funcPattern matcher := fileparser.PathMatcher{ Pattern: filePattern, CaseSensitive: false, diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index 2b6733cec5a..c06b1bdc147 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -215,12 +215,12 @@ func Test_fuzzFileAndFuncMatchPattern(t *testing.T) { if !ok && !tt.wantErr { t.Errorf("retrieve supported language error") } - fileMatchPattern := langSpecs.fuzzFileMatchPattern + fileMatchPattern := langSpecs.filePattern fileMatch, err := path.Match(fileMatchPattern, tt.fileName) if (fileMatch != tt.expectedFileMatch || err != nil) && !tt.wantErr { t.Errorf("fileMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name) } - funcRegexPattern := langSpecs.fuzzFuncRegexPattern + funcRegexPattern := langSpecs.funcPattern r := regexp.MustCompile(funcRegexPattern) found := r.MatchString(tt.fileContent) if (found != tt.expectedFuncMatch) && !tt.wantErr { diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 1ec332fbdb9..fade3d5db5c 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -20,7 +20,6 @@ import ( "errors" "fmt" "net/http" - "path" "github.com/google/go-github/v38/github" "github.com/ossf/scorecard/v4/clients" @@ -51,6 +50,7 @@ type Client struct { webhook *webhookHandler ctx context.Context tarball tarballHandler + languages *languagesHandler } // InitRepo sets up the GitHub repo in local storage for improving performance and GitHub token usage efficiency. @@ -104,6 +104,8 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error { // Setup webhookHandler. client.webhook.init(client.ctx, client.repourl) + // Setup languagesHandler. + client.languages.init(client.ctx, client.repourl) return nil } @@ -179,20 +181,7 @@ func (client *Client) ListStatuses(ref string) ([]clients.Status, error) { //ListProgrammingLanguages implements RepoClient.ListProgrammingLanguages. func (client *Client) ListProgrammingLanguages() (map[string]int, error) { - reqURL := path.Join("repos", *client.repo.Owner.Login, *client.repo.Name, "languages") - req, err := client.repoClient.NewRequest("GET", reqURL, nil) - if err != nil { - return nil, fmt.Errorf("request for repo languages failed with %w", err) - } - bodyJSON := map[string]int{} - // The client.repoClient.Do API writes the reponse body to var bodyJSON, - // so we can ignore the first returned variable (the http response object) - // since we only need the response body here. - _, errResp := client.repoClient.Do(client.ctx, req, &bodyJSON) - if errResp != nil { - return nil, fmt.Errorf("response for repo languages failed with %w", err) - } - return bodyJSON, nil + return client.languages.listProgrammingLanguages() } // Search implements RepoClient.Search. @@ -244,6 +233,9 @@ func CreateGithubRepoClientWithTransport(ctx context.Context, rt http.RoundTripp webhook: &webhookHandler{ ghClient: client, }, + languages: &languagesHandler{ + ghclient: client, + }, } } diff --git a/clients/githubrepo/languages.go b/clients/githubrepo/languages.go new file mode 100644 index 00000000000..1037ca45514 --- /dev/null +++ b/clients/githubrepo/languages.go @@ -0,0 +1,52 @@ +// Copyright 2021 Security Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "fmt" + "path" + + "github.com/google/go-github/v38/github" +) + +type languagesHandler struct { + ghclient *github.Client + ctx context.Context + repourl *repoURL +} + +func (handler *languagesHandler) init(ctx context.Context, repourl *repoURL) { + handler.ctx = ctx + handler.repourl = repourl +} + +func (handler *languagesHandler) listProgrammingLanguages() (map[string]int, error) { + client := handler.ghclient + reqURL := path.Join("repos", handler.repourl.owner, handler.repourl.repo, "languages") + req, err := client.NewRequest("GET", reqURL, nil) + if err != nil { + return nil, fmt.Errorf("request for repo languages failed with %w", err) + } + bodyJSON := map[string]int{} + // The client.repoClient.Do API writes the reponse body to var bodyJSON, + // so we can ignore the first returned variable (the http response object) + // since we only need the response body here. + _, errResp := client.Do(handler.ctx, req, &bodyJSON) + if errResp != nil { + return nil, fmt.Errorf("response for repo languages failed with %w", err) + } + return bodyJSON, nil +} From 40ad2a03c06c987521b20869aa74fe5661c4f267 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Tue, 7 Jun 2022 00:02:45 +0000 Subject: [PATCH 17/24] temp save-2 0606 --- clients/githubrepo/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index fade3d5db5c..5768a43229d 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -48,9 +48,9 @@ type Client struct { statuses *statusesHandler search *searchHandler webhook *webhookHandler + language *languagesHandler ctx context.Context tarball tarballHandler - languages *languagesHandler } // InitRepo sets up the GitHub repo in local storage for improving performance and GitHub token usage efficiency. From a9180258610da4800e4798df6efaa6d47bc5ee48 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Tue, 7 Jun 2022 00:10:33 +0000 Subject: [PATCH 18/24] temp save-3 0606 --- clients/githubrepo/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 5768a43229d..1d87bf21b1a 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -48,7 +48,7 @@ type Client struct { statuses *statusesHandler search *searchHandler webhook *webhookHandler - language *languagesHandler + languages *languagesHandler ctx context.Context tarball tarballHandler } From b41e82f9787baef4c16c1b9684ed8eee0437f0c3 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Tue, 7 Jun 2022 01:15:23 +0000 Subject: [PATCH 19/24] temp save-4 0606 --- clients/githubrepo/languages.go | 52 ++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/clients/githubrepo/languages.go b/clients/githubrepo/languages.go index 1037ca45514..6c3db14ef3b 100644 --- a/clients/githubrepo/languages.go +++ b/clients/githubrepo/languages.go @@ -18,35 +18,53 @@ import ( "context" "fmt" "path" + "sync" "github.com/google/go-github/v38/github" ) type languagesHandler struct { - ghclient *github.Client - ctx context.Context - repourl *repoURL + ghclient *github.Client + once *sync.Once + ctx context.Context + errSetup error + repourl *repoURL + languages map[string]int } func (handler *languagesHandler) init(ctx context.Context, repourl *repoURL) { handler.ctx = ctx handler.repourl = repourl + handler.errSetup = nil + handler.once = new(sync.Once) +} + +func (handler *languagesHandler) setup() error { + handler.once.Do(func() { + client := handler.ghclient + reqURL := path.Join("repos", handler.repourl.owner, handler.repourl.repo, "languages") + req, err := client.NewRequest("GET", reqURL, nil) + if err != nil { + handler.errSetup = fmt.Errorf("request for repo languages failed with %w", err) + return + } + handler.languages = map[string]int{} + // The client.repoClient.Do API writes the reponse body to var bodyJSON, + // so we can ignore the first returned variable (the http response object) + // since we only need the response body here. + _, err = client.Do(handler.ctx, req, &handler.languages) + if err != nil { + handler.errSetup = fmt.Errorf("response for repo languages failed with %w", err) + return + } + handler.errSetup = nil + }) + return handler.errSetup } func (handler *languagesHandler) listProgrammingLanguages() (map[string]int, error) { - client := handler.ghclient - reqURL := path.Join("repos", handler.repourl.owner, handler.repourl.repo, "languages") - req, err := client.NewRequest("GET", reqURL, nil) - if err != nil { - return nil, fmt.Errorf("request for repo languages failed with %w", err) - } - bodyJSON := map[string]int{} - // The client.repoClient.Do API writes the reponse body to var bodyJSON, - // so we can ignore the first returned variable (the http response object) - // since we only need the response body here. - _, errResp := client.Do(handler.ctx, req, &bodyJSON) - if errResp != nil { - return nil, fmt.Errorf("response for repo languages failed with %w", err) + if err := handler.setup(); err != nil { + return nil, fmt.Errorf("error during languagesHandler.setup: %w", err) } - return bodyJSON, nil + return handler.languages, nil } From 543ff10005b4fa6118f74d59a3d9a0151809a59e Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Tue, 7 Jun 2022 18:01:44 +0000 Subject: [PATCH 20/24] fix linter errors --- clients/githubrepo/client.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 1d87bf21b1a..61e4f13ea70 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -22,11 +22,12 @@ import ( "net/http" "github.com/google/go-github/v38/github" + "github.com/shurcooL/githubv4" + "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" sce "github.com/ossf/scorecard/v4/errors" "github.com/ossf/scorecard/v4/log" - "github.com/shurcooL/githubv4" ) var ( From 56d7d3ed8aed049a3511fb662a79b11d1ddf1926 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Tue, 7 Jun 2022 18:18:28 +0000 Subject: [PATCH 21/24] fix linter errs-2 --- checks/raw/fuzzing.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 8ae4cb082ff..47b477b27f6 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -54,7 +54,8 @@ var languageFuzzSpecs = map[string]languageFuzzConfig{ funcPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, Name: fuzzerBuiltInGo, URL: asPointer("https://go.dev/doc/fuzz/"), - Desc: asPointer("Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), + Desc: asPointer( + "Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), }, // TODO: add more language-specific fuzz patterns & configs. } @@ -188,7 +189,8 @@ func checkFuzzFunc(c *checker.CheckRequest, lang string) (bool, []checker.File, // This is the callback func for interface OnMatchingFileContentDo // used for matching fuzz functions in the file content, // and return a list of files (or nil for not found). -var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content []byte, args ...interface{}) (bool, error) { +var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func( + path string, content []byte, args ...interface{}) (bool, error) { if len(args) != 1 { return false, fmt.Errorf("getFuzzFunc requires exactly one argument: %w", errInvalidArgLength) } From ff02e79b58d67c766766c7614be9bd4ef6809c6d Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Tue, 7 Jun 2022 22:27:21 +0000 Subject: [PATCH 22/24] fix e2e errors --- checks/raw/fuzzing.go | 4 ++-- e2e/fuzzing_test.go | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 47b477b27f6..988e4e1ecfe 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -218,10 +218,10 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func( } func getProminentLanguages(langs map[string]int) []string { - if langs == nil { + numLangs := len(langs) + if numLangs == 0 { return nil } - numLangs := len(langs) totalLoC := 0 for _, LoC := range langs { totalLoC += LoC diff --git a/e2e/fuzzing_test.go b/e2e/fuzzing_test.go index efe9917b79b..15c6def89e1 100644 --- a/e2e/fuzzing_test.go +++ b/e2e/fuzzing_test.go @@ -85,6 +85,34 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { Expect(repoClient.Close()).Should(BeNil()) Expect(ossFuzzRepoClient.Close()).Should(BeNil()) }) + It("Should return use of GoBuiltInFuzzers", func() { + dl := scut.TestDetailLogger{} + repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-fuzzing-golang") + Expect(err).Should(BeNil()) + repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) + err = repoClient.InitRepo(repo, clients.HeadSHA) + Expect(err).Should(BeNil()) + ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger) + Expect(err).Should(BeNil()) + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + OssFuzzRepo: ossFuzzRepoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: checker.MaxResultScore, + NumberOfWarn: 0, + NumberOfInfo: 2, + NumberOfDebug: 0, + } + result := checks.Fuzzing(&req) + Expect(scut.ValidateTestReturn(nil, "use fuzzing", &expected, &result, &dl)).Should(BeTrue()) + Expect(repoClient.Close()).Should(BeNil()) + Expect(ossFuzzRepoClient.Close()).Should(BeNil()) + }) It("Should return no fuzzing", func() { dl := scut.TestDetailLogger{} repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-packaging-e2e") From 20b192d44f138affd8c0403c7b74b07f9d1ddaf5 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Wed, 8 Jun 2022 22:52:35 +0000 Subject: [PATCH 23/24] 0608 --- checks/raw/fuzzing.go | 14 +++--- checks/raw/fuzzing_test.go | 6 +-- clients/githubrepo/client.go | 2 +- clients/githubrepo/languages.go | 13 ++++-- clients/languages.go | 73 ++++++++++++++++++++++++++++++ clients/localdir/client.go | 16 ++++--- clients/mockclients/repo_client.go | 4 +- clients/repo_client.go | 2 +- 8 files changed, 105 insertions(+), 25 deletions(-) create mode 100644 clients/languages.go diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 988e4e1ecfe..e1a5eacf41c 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -47,9 +47,10 @@ type languageFuzzConfig struct { // Contains fuzzing speficications for programming languages. // Use lowercases as the key, such as go, python, javascript, c++, etc. -var languageFuzzSpecs = map[string]languageFuzzConfig{ +var languageFuzzSpecs = map[clients.Language]languageFuzzConfig{ // Default fuzz patterns for Go. - "go": { + // Please use the type Language defined in clients/languages.go rather than a raw string. + clients.Go: { filePattern: "*_test.go", funcPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, Name: fuzzerBuiltInGo, @@ -151,7 +152,7 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { return result.Hits > 0, nil } -func checkFuzzFunc(c *checker.CheckRequest, lang string) (bool, []checker.File, error) { +func checkFuzzFunc(c *checker.CheckRequest, lang clients.Language) (bool, []checker.File, error) { if c.RepoClient == nil { return false, nil, nil } @@ -217,7 +218,7 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func( return true, nil } -func getProminentLanguages(langs map[string]int) []string { +func getProminentLanguages(langs map[clients.Language]int) []clients.Language { numLangs := len(langs) if numLangs == 0 { return nil @@ -231,10 +232,11 @@ func getProminentLanguages(langs map[string]int) []string { avgLoC := totalLoC / numLangs // Languages that have lines of code above average will be considered prominent. - ret := []string{} + ret := []clients.Language{} for lang, LoC := range langs { if LoC >= avgLoC { - ret = append(ret, strings.ToLower(lang)) + lang = clients.Language(strings.ToLower(string(lang))) + ret = append(ret, lang) } } return ret diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index c06b1bdc147..b507c0ae9e0 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -165,7 +165,7 @@ func Test_fuzzFileAndFuncMatchPattern(t *testing.T) { name string expectedFileMatch bool expectedFuncMatch bool - lang string + lang clients.Language fileName string fileContent string wantErr bool @@ -237,7 +237,7 @@ func Test_checkFuzzFunc(t *testing.T) { name string want bool wantErr bool - langs map[string]int + langs map[clients.Language]int fileName []string fileContent string }{ @@ -250,7 +250,7 @@ func Test_checkFuzzFunc(t *testing.T) { "foo_test.go", "main.go", }, - langs: map[string]int{ + langs: map[clients.Language]int{ "go": 100, }, fileContent: "func TestFoo (t *testing.T)", diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 61e4f13ea70..59d21a0ec4a 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -181,7 +181,7 @@ func (client *Client) ListStatuses(ref string) ([]clients.Status, error) { } //ListProgrammingLanguages implements RepoClient.ListProgrammingLanguages. -func (client *Client) ListProgrammingLanguages() (map[string]int, error) { +func (client *Client) ListProgrammingLanguages() (map[clients.Language]int, error) { return client.languages.listProgrammingLanguages() } diff --git a/clients/githubrepo/languages.go b/clients/githubrepo/languages.go index 6c3db14ef3b..97ff1c2fef8 100644 --- a/clients/githubrepo/languages.go +++ b/clients/githubrepo/languages.go @@ -21,6 +21,7 @@ import ( "sync" "github.com/google/go-github/v38/github" + "github.com/ossf/scorecard/v4/clients" ) type languagesHandler struct { @@ -29,7 +30,7 @@ type languagesHandler struct { ctx context.Context errSetup error repourl *repoURL - languages map[string]int + languages map[clients.Language]int } func (handler *languagesHandler) init(ctx context.Context, repourl *repoURL) { @@ -39,6 +40,8 @@ func (handler *languagesHandler) init(ctx context.Context, repourl *repoURL) { handler.once = new(sync.Once) } +// TODO: Can add support to parse the raw reponse JSON and mark languages that are not in +// our defined Language consts in clients/languages.go as "not supported languages". func (handler *languagesHandler) setup() error { handler.once.Do(func() { client := handler.ghclient @@ -48,9 +51,9 @@ func (handler *languagesHandler) setup() error { handler.errSetup = fmt.Errorf("request for repo languages failed with %w", err) return } - handler.languages = map[string]int{} - // The client.repoClient.Do API writes the reponse body to var bodyJSON, - // so we can ignore the first returned variable (the http response object) + handler.languages = map[clients.Language]int{} + // The client.repoClient.Do API writes the reponse body to the handler.languages, + // so we can ignore the first returned variable (the entire http response object) // since we only need the response body here. _, err = client.Do(handler.ctx, req, &handler.languages) if err != nil { @@ -62,7 +65,7 @@ func (handler *languagesHandler) setup() error { return handler.errSetup } -func (handler *languagesHandler) listProgrammingLanguages() (map[string]int, error) { +func (handler *languagesHandler) listProgrammingLanguages() (map[clients.Language]int, error) { if err := handler.setup(); err != nil { return nil, fmt.Errorf("error during languagesHandler.setup: %w", err) } diff --git a/clients/languages.go b/clients/languages.go new file mode 100644 index 00000000000..e10626f9354 --- /dev/null +++ b/clients/languages.go @@ -0,0 +1,73 @@ +// Copyright 2021 Security Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package clients + +// A customized string type `Language` for languages used by clients. +// A language could be a programming language, or more general, +// such as Dockerfile, CMake, HTML, YAML, etc. +type Language string + +// TODO: retrieve all languages supported by GitHub. +const ( + // Go: https://go.dev/ + Go Language = "go" + + // Python: https://www.python.org/ + Python Language = "python" + + // JavaScript: https://www.javascript.com/ + JavaScript Language = "javascript" + + // C++: https://cplusplus.com/ + Cpp Language = "c++" + + // C: https://www.open-std.org/jtc1/sc22/wg14/ + C Language = "c" + + // TypeScript: https://www.typescriptlang.org/ + TypeScript Language = "typescript" + + // Java: https://www.java.com/en/ + Java Language = "java" + + // C#: https://docs.microsoft.com/en-us/dotnet/csharp/ + CSharp Language = "c#" + + // Ruby: https://www.ruby-lang.org/ + Ruby Language = "ruby" + + // PHP: https://www.php.net/ + PHP Language = "php" + + // Starlark: https://github.com/bazelbuild/starlark + StarLark Language = "starlark" + + // Scala: https://www.scala-lang.org/ + Scala Language = "scala" + + // Kotlin: https://kotlinlang.org/ + Kotlin Language = "kotlin" + + // Swift: https://github.com/apple/swift + Swift Language = "swift" + + // Rust: https://github.com/rust-lang/rust + Rust Language = "rust" + + // Other indicates other programming languages not listed by the GitHub API. + Other Language = "other" + + // Add more programming languages here if needed, please use lower cases. +) diff --git a/clients/localdir/client.go b/clients/localdir/client.go index f005dec157d..23e365eab28 100644 --- a/clients/localdir/client.go +++ b/clients/localdir/client.go @@ -38,12 +38,13 @@ var ( //nolint:govet type localDirClient struct { - logger *log.Logger - ctx context.Context - path string - once sync.Once - errFiles error - files []string + logger *log.Logger + ctx context.Context + path string + once sync.Once + errFiles error + files []string + languages map[clients.Language]int } // InitRepo sets up the local repo. @@ -219,7 +220,8 @@ func (client *localDirClient) Close() error { } // ListProgrammingLanguages implements RepoClient.ListProgrammingLanguages. -func (client *localDirClient) ListProgrammingLanguages() (map[string]int, error) { +// TODO: add ListProgrammingLanguages support for local directories +func (client *localDirClient) ListProgrammingLanguages() (map[clients.Language]int, error) { return nil, fmt.Errorf("ListProgrammingLanguages: %w", clients.ErrUnsupportedFeature) } diff --git a/clients/mockclients/repo_client.go b/clients/mockclients/repo_client.go index 4f4e424b73a..4036d136d72 100644 --- a/clients/mockclients/repo_client.go +++ b/clients/mockclients/repo_client.go @@ -272,10 +272,10 @@ func (mr *MockRepoClientMockRecorder) ListWebhooks() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListWebhooks", reflect.TypeOf((*MockRepoClient)(nil).ListWebhooks)) } -func (m *MockRepoClient) ListProgrammingLanguages() (map[string]int, error) { +func (m *MockRepoClient) ListProgrammingLanguages() (map[clients.Language]int, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "ListProgrammingLanguages") - ret0, _ := ret[0].(map[string]int) + ret0, _ := ret[0].(map[clients.Language]int) ret1, _ := ret[1].(error) return ret0, ret1 } diff --git a/clients/repo_client.go b/clients/repo_client.go index 1be5aefce14..739330dcf7a 100644 --- a/clients/repo_client.go +++ b/clients/repo_client.go @@ -42,7 +42,7 @@ type RepoClient interface { ListCheckRunsForRef(ref string) ([]CheckRun, error) ListStatuses(ref string) ([]Status, error) ListWebhooks() ([]Webhook, error) - ListProgrammingLanguages() (map[string]int, error) + ListProgrammingLanguages() (map[Language]int, error) Search(request SearchRequest) (SearchResponse, error) Close() error } From af0c15730b412d3eecdd9762e34e81dbff40cc23 Mon Sep 17 00:00:00 2001 From: Aiden Wang Date: Wed, 8 Jun 2022 23:29:09 +0000 Subject: [PATCH 24/24] 0608-2 --- checks/fuzzing_test.go | 20 ++++++++++---------- checks/raw/fuzzing.go | 3 +-- checks/raw/fuzzing_test.go | 2 +- clients/githubrepo/languages.go | 1 + clients/languages.go | 2 +- clients/localdir/client.go | 13 ++++++------- 6 files changed, 20 insertions(+), 21 deletions(-) diff --git a/checks/fuzzing_test.go b/checks/fuzzing_test.go index 7131a579ec5..7fe1a0a75ab 100644 --- a/checks/fuzzing_test.go +++ b/checks/fuzzing_test.go @@ -34,7 +34,7 @@ func TestFuzzing(t *testing.T) { tests := []struct { name string want checker.CheckResult - langs map[string]int + langs map[clients.Language]int response clients.SearchResponse wantErr bool wantFuzzErr bool @@ -45,8 +45,8 @@ func TestFuzzing(t *testing.T) { { name: "empty response", response: clients.SearchResponse{}, - langs: map[string]int{ - "go": 300, + langs: map[clients.Language]int{ + clients.Go: 300, }, wantErr: false, }, @@ -55,9 +55,9 @@ func TestFuzzing(t *testing.T) { response: clients.SearchResponse{ Hits: 1, }, - langs: map[string]int{ - "go": 100, - "java": 70, + langs: map[clients.Language]int{ + clients.Go: 100, + clients.Java: 70, }, wantErr: false, want: checker.CheckResult{Score: 10}, @@ -70,8 +70,8 @@ func TestFuzzing(t *testing.T) { }, { name: "nil response", - langs: map[string]int{ - "python": 256, + langs: map[clients.Language]int{ + clients.Python: 256, }, wantErr: true, want: checker.CheckResult{Score: -1}, @@ -85,8 +85,8 @@ func TestFuzzing(t *testing.T) { }, { name: "min score since lang not supported", - langs: map[string]int{ - "not_supported_lang": 1490, + langs: map[clients.Language]int{ + clients.Language("not_supported_lang"): 1490, }, wantFuzzErr: false, want: checker.CheckResult{Score: 0}, diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index e1a5eacf41c..848cfbd86b3 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -46,10 +46,9 @@ type languageFuzzConfig struct { } // Contains fuzzing speficications for programming languages. -// Use lowercases as the key, such as go, python, javascript, c++, etc. +// Please use the type Language defined in clients/languages.go rather than a raw string. var languageFuzzSpecs = map[clients.Language]languageFuzzConfig{ // Default fuzz patterns for Go. - // Please use the type Language defined in clients/languages.go rather than a raw string. clients.Go: { filePattern: "*_test.go", funcPattern: `func\s+Fuzz\w+\s*\(\w+\s+\*testing.F\)`, diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index b507c0ae9e0..8fdc9daac41 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -251,7 +251,7 @@ func Test_checkFuzzFunc(t *testing.T) { "main.go", }, langs: map[clients.Language]int{ - "go": 100, + clients.Go: 100, }, fileContent: "func TestFoo (t *testing.T)", }, diff --git a/clients/githubrepo/languages.go b/clients/githubrepo/languages.go index 97ff1c2fef8..24793a7c882 100644 --- a/clients/githubrepo/languages.go +++ b/clients/githubrepo/languages.go @@ -21,6 +21,7 @@ import ( "sync" "github.com/google/go-github/v38/github" + "github.com/ossf/scorecard/v4/clients" ) diff --git a/clients/languages.go b/clients/languages.go index e10626f9354..cc41ede9632 100644 --- a/clients/languages.go +++ b/clients/languages.go @@ -14,7 +14,7 @@ package clients -// A customized string type `Language` for languages used by clients. +// Language represents a customized string for languages used by clients. // A language could be a programming language, or more general, // such as Dockerfile, CMake, HTML, YAML, etc. type Language string diff --git a/clients/localdir/client.go b/clients/localdir/client.go index 23e365eab28..7a97df61614 100644 --- a/clients/localdir/client.go +++ b/clients/localdir/client.go @@ -38,13 +38,12 @@ var ( //nolint:govet type localDirClient struct { - logger *log.Logger - ctx context.Context - path string - once sync.Once - errFiles error - files []string - languages map[clients.Language]int + logger *log.Logger + ctx context.Context + path string + once sync.Once + errFiles error + files []string } // InitRepo sets up the local repo.