ossf · laurentsimon · Jun 9, 2022 · May 26, 2022 · May 26, 2022 · May 26, 2022
@@ -54,10 +54,7 @@ func DependencyUpdateTool(name string, dl checker.DetailLogger,
 		return checker.CreateRuntimeErrorResult(name, e)
 	}
 
-	// Note: only one file per tool is present,
-	// so we do not iterate thru all entries.
-	// Modified by AidenW on 05/31/2022: now Tool.File is a type of []File,
-	// so we need to do iterations on the files.
+	// Iterate over all the files, since a Tool can contain multiple files.
 	for _, file := range r.Tools[0].File {
 		dl.Info(&checker.LogMessage{
 			Path:   file.Path,

@@ -96,7 +96,7 @@ func TestDependencyUpdateTool(t *testing.T) {
 										enabled = true
 										`,
 									Offset: 0,
-									Type:   0,
+									Type:   checker.FileTypeNone,
 								},
 							},
 						},

@@ -32,6 +32,10 @@ func Fuzzing(name string, dl checker.DetailLogger,
 		return checker.CreateRuntimeErrorResult(name, e)
 	}
 
+	if len(r.Fuzzers) == 0 {
+		return checker.CreateMinScoreResult(name, "project is not fuzzed")
+	}
+	fuzzers := &[]string{}
 	for i := range r.Fuzzers {
 		fuzzer := r.Fuzzers[i]
 		if fuzzer.Name == raw.FuzzNameUserDefinedFunc {
@@ -44,8 +48,8 @@ func Fuzzing(name string, dl checker.DetailLogger,
 				dl.Info(&msg)
 			}
 		}
-		return checker.CreateMaxScoreResult(name,
-			fmt.Sprintf("project is fuzzed with %s", fuzzer.Name))
+		*fuzzers = append(*fuzzers, fuzzer.Name)
 	}
-	return checker.CreateMinScoreResult(name, "project is not fuzzed")
+	return checker.CreateMaxScoreResult(name,
+		fmt.Sprintf("project is fuzzed with %v", *fuzzers))
 }
diff --git a/checks/raw/errors.go b/checks/raw/errors.go
@@ -19,8 +19,12 @@ import (
 )
 
 var (
-	errInternalCommitishNil  = errors.New("commitish is nil")
-	errInvalidArgType        = errors.New("invalid arg type")
-	errInvalidArgLength      = errors.New("invalid arg length")
-	errInvalidGitHubWorkflow = errors.New("invalid GitHub workflow")
+	errInternalCommitishNil   = errors.New("commitish is nil")
+	errInvalidArgType         = errors.New("invalid arg type")
+	errInvalidArgLength       = errors.New("invalid arg length")
+	errInvalidGitHubWorkflow  = errors.New("invalid GitHub workflow")
+	errEmptyRepoClient        = errors.New("empty RepoClient")
+	errGetRepoProgrammingLang = errors.New("cannot get repo programming languages")
+	errGetRepoProminentLang   = errors.New("cannot get repo prominent languages")
+	errFuncParamIsNil         = errors.New("function parameter is nil")
 )
@@ -34,8 +34,8 @@ const (
 )
 
 type filesWithPatternStr struct {
-	files   []checker.File
 	pattern string
+	files   []checker.File
 }
 type languageFuzzConfig struct {
 	fuzzFileMatchPattern, fuzzFuncRegexPattern, langFuzzDocumentURL, langFuzzDesc string
@@ -138,24 +138,24 @@ func checkOSSFuzz(c *checker.CheckRequest) (bool, error) {
 
 func checkFuzzFunc(c *checker.CheckRequest) (bool, []checker.File, error) {
 	if c.RepoClient == nil {
-		return false, nil, fmt.Errorf("empty RepoClient")
+		return false, nil, errEmptyRepoClient
 	}
 	// To get the prominent programming language(s) to be checked.
 	langMap, err := c.RepoClient.ListProgrammingLanguages()
 	if err != nil {
-		return false, nil, fmt.Errorf("get programming languages of repo failed %w", err)
+		return false, nil, errGetRepoProgrammingLang
 	}
-	langsProminent, err := getProminentLanguages(langMap)
+	prominentLangs, err := getProminentLanguages(langMap)
 	if err != nil {
-		return false, nil, fmt.Errorf("error when getting promiment languages: %w", err)
+		return false, nil, errGetRepoProminentLang
 	}
 
 	data := filesWithPatternStr{
 		files: make([]checker.File, 0),
 	}
 
-	// Iterate the prominant language list and check for fuzz funcs per language.
-	for _, lang := range *langsProminent {
+	// Iterate the prominent language list and check for fuzz funcs per language.
+	for _, lang := range *prominentLangs {
 		// Search language fuzz patterns in the hashmap.
 		pattern, found := languageFuzzSpecsMap[lang]
 		if !found {
@@ -191,7 +191,7 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content
 	if !ok {
 		return false, fmt.Errorf("invalid arg type: %w", errInvalidArgType)
 	}
-	r, _ := regexp.Compile(pdata.pattern)
+	r := regexp.MustCompile(pdata.pattern)
 	lines := bytes.Split(content, []byte("\n"))
 	for i, line := range lines {
 		found := r.FindString(string(line))
@@ -212,7 +212,7 @@ var getFuzzFunc fileparser.DoWhileTrueOnFileContent = func(path string, content
 
 func getProminentLanguages(langs map[string]int) (*[]string, error) {
 	if langs == nil {
-		return nil, fmt.Errorf("no languages found in map")
+		return nil, errFuncParamIsNil
 	}
 	numLangs := len(langs)
 	totalLoC := 0
@@ -224,7 +224,7 @@ func getProminentLanguages(langs map[string]int) (*[]string, error) {
 	// and it can stay as an int, no need for a float value.
 	avgLoC := totalLoC / numLangs
 
-	// Languages that has lines of code above average will be considered prominent.
+	// Languages that have lines of code above average will be considered prominent.
 	ret := &[]string{}
 	for lang, LoC := range langs {
 		if LoC >= avgLoC {

@@ -216,14 +216,14 @@ func Test_fuzzFileAndFuncMatchPattern(t *testing.T) {
 				t.Errorf("retrieve supported language error")
 			}
 			fileMatchPattern := langSpecs.fuzzFileMatchPattern
-			fileMatch, _ := path.Match(fileMatchPattern, tt.fileName)
-			if (fileMatch != tt.expectedFileMatch) && !tt.wantErr {
+			fileMatch, err := path.Match(fileMatchPattern, tt.fileName)
+			if fileMatch != tt.expectedFileMatch || err != nil && !tt.wantErr {
 				t.Errorf("fileMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name)
 			}
 			funcRegexPattern := langSpecs.fuzzFuncRegexPattern
 			r, _ := regexp.Compile(funcRegexPattern)
 			found := r.MatchString(tt.fileContent)
-			if (found != tt.expectedFuncMatch) && !tt.wantErr {
+			if found != tt.expectedFuncMatch && !tt.wantErr {
 				t.Errorf("funcMatch = %v, want %v for %v", fileMatch, tt.expectedFileMatch, tt.name)
 			}
 		})
@@ -275,8 +275,8 @@ func Test_checkFuzzFunc(t *testing.T) {
 			req := checker.CheckRequest{
 				RepoClient: mockClient,
 			}
-			got, _, _ := checkFuzzFunc(&req)
-			if got != tt.want && !tt.wantErr {
+			got, _, err := checkFuzzFunc(&req)
+			if got != tt.want || err != nil && !tt.wantErr {
 				t.Errorf("checkFuzzFunc() = %v, want %v for %v", got, tt.want, tt.name)
 			}
 		})

@@ -185,6 +185,9 @@ func (client *Client) ListProgrammingLanguages() (map[string]int, error) {
 		return nil, fmt.Errorf("request for repo languages failed with %w", err)
 	}
 	bodyJSON := map[string]int{}
+	// The client.repoClient.Do API writes the reponse body to var bodyJSON,
+	// so we can ignore the first returned variable (the http response object)
+	// since we only need the response body here.
 	_, errResp := client.repoClient.Do(client.ctx, req, &bodyJSON)
 	if errResp != nil {
 		return nil, fmt.Errorf("response for repo languages failed with %w", err)

@@ -206,7 +206,7 @@ func addDependencyUpdateToolRawResults(r *jsonScorecardRawResult,
 		}
 		if t.File != nil {
 			jt.File = &jsonFile{
-				Path: t.File.Path,
+				Path: t.File[0].Path,
 			}
 		}
 		r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt)

@@ -50,7 +50,7 @@ type jsonTool struct {
 	URL  *string          `json:"url"`
 	Desc *string          `json:"desc"`
 	Job  *jsonWorkflowJob `json:"job,omitempty"`
-	File *jsonFile        `json:"file,omitempty"`
+	File []jsonFile       `json:"file,omitempty"`
 	Name string           `json:"name"`
 	// TODO: Runs, Issues, Merge requests.
 }
@@ -508,9 +508,11 @@ func (r *jsonScorecardRawResult) addFuzzingRawResults(fd *checker.FuzzingData) e
 			URL:  f.URL,
 			Desc: f.Desc,
 		}
-		if f.File != nil && len(f.File) == 1 {
-			jt.File = &jsonFile{
-				Path: f.File[0].Path,
+		if f.File != nil {
+			for _, f := range f.File {
+				jt.File = append(jt.File, jsonFile{
+					Path: f.Path,
+				})
 			}
 		}
 		r.Results.Fuzzers = append(r.Results.Fuzzers, jt)
@@ -528,9 +530,11 @@ func (r *jsonScorecardRawResult) addDependencyUpdateToolRawResults(dut *checker.
 			URL:  t.URL,
 			Desc: t.Desc,
 		}
-		if t.File != nil && len(t.File) == 1 {
-			jt.File = &jsonFile{
-				Path: t.File[0].Path,
+		if t.File != nil {
+			for _, f := range t.File {
+				jt.File = append(jt.File, jsonFile{
+					Path: f.Path,
+				})
 			}
 		}
 		r.Results.DependencyUpdateTools = append(r.Results.DependencyUpdateTools, jt)