checker

package
v4.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 19, 2022 License: Apache-2.0 Imports: 10 Imported by: 4

Documentation

Overview

Package checker includes structs and functions used for running a check.

Index

Constants

View Source 
const (
	// MaxResultConfidence implies full certainty about a check result.
	// TODO(#1393): remove after deprecation.
	MaxResultConfidence = 10
	// HalfResultConfidence signifies uncertainty about a check's score.
	// TODO(#1393): remove after deprecation.
	HalfResultConfidence = 5
	// MinResultConfidence signifies no confidence in the check result.
	// TODO(#1393): remove after deprecation.
	MinResultConfidence = 0

	// MaxResultScore is the best score that can be given by a check.
	MaxResultScore = 10
	// MinResultScore is the worst score that can be given by a check.
	MinResultScore = 0
	// InconclusiveResultScore is returned when no reliable information can be retrieved by a check.
	InconclusiveResultScore = -1

	// OffsetDefault is used if we can't determine the offset, for example when referencing a file but not a
	// specific location in the file.
	OffsetDefault = uint(1)
)

Variables

This section is empty.

Functions

func AggregateScores 

func AggregateScores(scores ...int) int

AggregateScores adds up all scores and normalizes the result. Each score contributes equally.

func AggregateScoresWithWeight 

func AggregateScoresWithWeight(scores map[int]int) int

AggregateScoresWithWeight adds up all scores and normalizes the result.

func CreateProportionalScore 

func CreateProportionalScore(success, total int) int

CreateProportionalScore creates a proportional score.

func NormalizeReason 

func NormalizeReason(reason string, score int) string

NormalizeReason - placeholder function if we want to update range of scores.

Types

type BinaryArtifactData 

type BinaryArtifactData struct {
	// Files contains a list of files.
	Files []File
}

BinaryArtifactData contains the raw results for the Binary-Artifact check.

type BranchProtectionData 

type BranchProtectionData struct {
	Protected                           *bool
	AllowsDeletions                     *bool
	AllowsForcePushes                   *bool
	RequiresCodeOwnerReviews            *bool
	RequiresLinearHistory               *bool
	DismissesStaleReviews               *bool
	EnforcesAdmins                      *bool
	RequiresStatusChecks                *bool
	RequiresUpToDateBranchBeforeMerging *bool
	RequiredApprovingReviewCount        *int
	// StatusCheckContexts is always available, so
	// we don't use a pointer.
	StatusCheckContexts []string
	Name                string
}

BranchProtectionData contains the raw results for one branch.

type BranchProtectionsData 

type BranchProtectionsData struct {
	Branches []BranchProtectionData
}

BranchProtectionsData contains the raw results for the Branch-Protection check.

type Check added in v4.1.0 

type Check struct {
	Fn                    CheckFn
	SupportedRequestTypes []RequestType
}

Check defines a Scorecard check fn and its supported request types.

type CheckDetail 

type CheckDetail struct {
	Msg  LogMessage
	Type DetailType // Any of DetailWarn, DetailInfo, DetailDebug.
}

CheckDetail contains information for each detail.

type CheckFn 

type CheckFn func(*CheckRequest) CheckResult

CheckFn defined for convenience.

type CheckNameToFnMap 

type CheckNameToFnMap map[string]Check

CheckNameToFnMap defined here for convenience.

type CheckRequest 

type CheckRequest struct {
	Ctx                   context.Context
	RepoClient            clients.RepoClient
	CIIClient             clients.CIIBestPracticesClient
	OssFuzzRepo           clients.RepoClient
	Dlogger               DetailLogger
	Repo                  clients.Repo
	VulnerabilitiesClient clients.VulnerabilitiesClient
	// UPGRADEv6: return raw results instead of scores.
	RawResults    *RawResults
	RequiredTypes []RequestType
}

CheckRequest struct encapsulates all data to be passed into a CheckFn.

type CheckResult 

type CheckResult struct {
	// TODO(#1393): Remove old structure after deprecation.
	Error      error `json:"-"`
	Name       string
	Details    []string
	Confidence int
	Pass       bool

	// UPGRADEv2: New structure. Omitting unchanged Name field
	// for simplicity.
	Version  int           `json:"-"` // Default value of 0 indicates old structure.
	Error2   error         `json:"-"` // Runtime error indicate a filure to run the check.
	Details2 []CheckDetail `json:"-"` // Details of tests and sub-checks
	Score    int           `json:"-"` // {[-1,0...10], -1 = Inconclusive}
	Reason   string        `json:"-"` // A sentence describing the check result (score, etc)
}

CheckResult captures result from a check run. nolint:govet

func CreateInconclusiveResult 

func CreateInconclusiveResult(name, reason string) CheckResult

CreateInconclusiveResult is used when the check runs without runtime errors, but we don't have enough evidence to set a score.

func CreateMaxScoreResult 

func CreateMaxScoreResult(name, reason string) CheckResult

CreateMaxScoreResult is used when the check runs without runtime errors and we can assign a maximum score to the result.

func CreateMinScoreResult 

func CreateMinScoreResult(name, reason string) CheckResult

CreateMinScoreResult is used when the check runs without runtime errors and we can assign a minimum score to the result.

func CreateProportionalScoreResult 

func CreateProportionalScoreResult(name, reason string, b, t int) CheckResult

CreateProportionalScoreResult is used when the check runs without runtime errors and we assign a proportional score. This may be used if a check contains multiple tests and we want to assign a score proportional the the number of tests that succeeded.

func CreateResultWithScore 

func CreateResultWithScore(name, reason string, score int) CheckResult

CreateResultWithScore is used when the check runs without runtime errors and we want to assign a specific score.

func CreateRuntimeErrorResult 

func CreateRuntimeErrorResult(name string, e error) CheckResult

CreateRuntimeErrorResult is used when the check fails to run because of a runtime error.

type CodeReviewData added in v4.1.0 

type CodeReviewData struct {
	DefaultBranchCommits []DefaultBranchCommit
}

CodeReviewData contains the raw results for the Code-Review check.

type DefaultBranchCommit added in v4.1.0 

type DefaultBranchCommit struct {
	// Fields below are taken directly from cloud
	// version control systems, e.g. GitHub.
	SHA           string
	CommitMessage string
	MergeRequest  *MergeRequest
	Committer     User
}

DefaultBranchCommit represents a commit to the default branch.

type DependencyUpdateToolData 

type DependencyUpdateToolData struct {
	// Tools contains a list of tools.
	// Note: we only populate one entry at most.
	Tools []Tool
}

DependencyUpdateToolData contains the raw results for the Dependency-Update-Tool check.

type DetailLogger 

type DetailLogger interface {
	Info(msg *LogMessage)
	Warn(msg *LogMessage)
	Debug(msg *LogMessage)
	// Flush resets the logger state and returns collected logs.
	Flush() []CheckDetail
}

DetailLogger logs a CheckDetail struct.

type DetailType 

type DetailType int

DetailType is the type of details. 

const (
	// DetailInfo is info-level log.
	DetailInfo DetailType = iota
	// DetailWarn is warn log.
	DetailWarn
	// DetailDebug is debug log.
	DetailDebug
)

type File 

type File struct {
	Path    string
	Snippet string   // Snippet of code
	Offset  uint     // Offset in the file of Path (line for source/text files).
	Type    FileType // Type of file.

}

File represents a file.

type FileType 

type FileType int

FileType is the type of a file. 

const (
	// FileTypeNone is a default, not defined.
	// FileTypeNone must be `0`.
	FileTypeNone FileType = iota
	// FileTypeSource is for source code files.
	FileTypeSource
	// FileTypeBinary is for binary files.
	FileTypeBinary
	// FileTypeText is for text files.
	FileTypeText
	// FileTypeURL for URLs.
	FileTypeURL
)

type Issue 

type Issue struct {
	URL string
}

Issue represents an issue.

type LogMessage 

type LogMessage struct {
	Text      string   // A short string explaining why the detail was recorded/logged.
	Path      string   // Fullpath to the file.
	Type      FileType // Type of file.
	Offset    uint     // Offset in the file of Path (line for source/text files).
	EndOffset uint     // End of offset in the file, e.g. if the command spans multiple lines.
	Snippet   string   // Snippet of code
}

LogMessage is a structure that encapsulates detail's information. This allows updating the definition easily. nolint:govet

type MergeRequest 

type MergeRequest struct {
	Number   int
	Labels   []string
	Reviews  []Review
	Author   User
	MergedAt time.Time
}

MergeRequest represents a merge request. nolint:govet

type RawResults 

type RawResults struct {
	VulnerabilitiesResults      VulnerabilitiesData
	BinaryArtifactResults       BinaryArtifactData
	SecurityPolicyResults       SecurityPolicyData
	DependencyUpdateToolResults DependencyUpdateToolData
	BranchProtectionResults     BranchProtectionsData
	CodeReviewResults           CodeReviewData
}

RawResults contains results before a policy is applied.

type RequestType added in v4.1.0 

type RequestType int

RequestType identifies special requirements/attributes that need to be supported by checks. 

const (
	// FileBased request types require checks to run solely on file-content.
	FileBased RequestType = iota
	// CommitBased request types require checks to run on non-HEAD commit content.
	CommitBased
)

func ListUnsupported added in v4.1.0 

func ListUnsupported(required, supported []RequestType) []RequestType

ListUnsupported returns []RequestType not in `supported` and are `required`.

type Review added in v4.1.0 

type Review struct {
	Reviewer User
	State    string
}

Review represent a review using the built-in review system.

type Run 

type Run struct {
	URL string
}

Run represents a run.

type Runner 

type Runner struct {
	CheckName    string
	Repo         string
	CheckRequest CheckRequest
}

Runner runs a check with retries.

func (*Runner) Run 

func (r *Runner) Run(ctx context.Context, c Check) CheckResult

Run runs a given check.

type SecurityPolicyData 

type SecurityPolicyData struct {
	// Files contains a list of files.
	Files []File
}

SecurityPolicyData contains the raw results for the Security-Policy check.

type Tool 

type Tool struct {
	// Runs of the tool.
	Runs []Run
	// Issues created by the tool.
	Issues []Issue
	// Merge requests created by the tool.
	MergeRequests []MergeRequest
	Name          string
	URL           string
	Desc          string
	ConfigFiles   []File
}

Tool represents a tool.

type User added in v4.1.0 

type User struct {
	Login string
}

User represent a user.

type VulnerabilitiesData added in v4.1.0 

type VulnerabilitiesData struct {
	Vulnerabilities []Vulnerability
}

VulnerabilitiesData contains the raw results for the Vulnerabilities check.

type Vulnerability added in v4.1.0 

type Vulnerability struct {
	// For OSV: OSV-2020-484
	// For CVE: CVE-2022-23945
	ID string
}

Vulnerability defines a vulnerability from a database.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.