Skip to content

Commit

Permalink
pr fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@balteravishay
balteravishay committed Feb 26, 2025
1 parent 537aa61 commit ca8d999
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 34 deletions.
6 changes: 3 additions & 3 deletions probes/unsafeblock/def.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ implementation: >
- for go the probe will look for the use of the `unsafe` include directive.
- for c# the probe will look at the csproj and identify the use of the `AllowUnsafeBlocks` property.
outcome:
- For supported ecosystem, the probe returns OutcomeFalse per unsafe block.
- If the project has no unsafe blocks, the probe returns OutcomeTrue.
- For supported ecosystem, the probe returns OutcomeTrue per unsafe block.
- If the project has no unsafe blocks, the probe returns OutcomeFalse.
remediation:
onOutcome: False
onOutcome: True
effort: Medium
text:
- Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.
Expand Down
13 changes: 5 additions & 8 deletions probes/unsafeblock/impl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,12 @@ func init() {
}

func Run(raw *checker.CheckRequest) (found []finding.Finding, probeName string, err error) {
prominentLangs, err := getLanguageChecks(raw)
repoLanguageChecks, err := getLanguageChecks(raw)
if err != nil {
return nil, Probe, err
}
findings := []finding.Finding{}
for _, lang := range prominentLangs {
for _, lang := range repoLanguageChecks {
langFindings, err := lang.funcPointer(raw)
if err != nil {
return nil, Probe, fmt.Errorf("error while running function for language %s: %w", lang.Desc, err)
Expand All @@ -73,7 +73,7 @@ func Run(raw *checker.CheckRequest) (found []finding.Finding, probeName string,
}
if len(findings) == 0 {
found, err := finding.NewWith(fs, Probe,
"All supported ecosystems do not declare or use unsafe code blocks", nil, finding.OutcomeTrue)
"All supported ecosystems do not declare or use unsafe code blocks", nil, finding.OutcomeFalse)
if err != nil {
return nil, Probe, fmt.Errorf("create finding: %w", err)
}

Check warning on line 79 in probes/unsafeblock/impl.go

View check run for this annotation

Codecov / codecov/patch

probes/unsafeblock/impl.go#L78-L79 

Added lines #L78 - L79 were not covered by tests
Expand All @@ -87,9 +87,6 @@ func getLanguageChecks(raw *checker.CheckRequest) ([]languageMemoryCheckConfig,
if err != nil {
return nil, fmt.Errorf("cannot get langs of repo: %w", err)
}
if len(langs) == 0 {
return []languageMemoryCheckConfig{}, nil
}
if len(langs) == 1 && langs[0].Name == clients.All {
return getAllLanguages(), nil
}
Expand Down Expand Up @@ -150,7 +147,7 @@ func goCodeUsesUnsafePackage(path string, content []byte, args ...interface{}) (
found, err := finding.NewWith(fs, Probe,
"Golang code uses the unsafe package", &finding.Location{
Path: path, LineStart: &lineStart,
}, finding.OutcomeFalse)
}, finding.OutcomeTrue)
if err != nil {
return false, fmt.Errorf("create finding: %w", err)
}

Check warning on line 153 in probes/unsafeblock/impl.go

View check run for this annotation

Codecov / codecov/patch

probes/unsafeblock/impl.go#L152-L153 

Added lines #L152 - L153 were not covered by tests
Expand Down Expand Up @@ -198,7 +195,7 @@ func csProjAllosUnsafeBlocks(path string, content []byte, args ...interface{}) (
found, err := finding.NewWith(fs, Probe,
"C# project file allows the use of unsafe blocks", &finding.Location{
Path: path,
}, finding.OutcomeFalse)
}, finding.OutcomeTrue)
if err != nil {
return false, fmt.Errorf("create finding: %w", err)
}

Check warning on line 201 in probes/unsafeblock/impl.go

View check run for this annotation

Codecov / codecov/patch

probes/unsafeblock/impl.go#L200-L201 

Added lines #L200 - L201 were not covered by tests
Expand Down
47 changes: 24 additions & 23 deletions probes/unsafeblock/impl_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
"github.com/ossf/scorecard/v5/clients"
mockrepo "github.com/ossf/scorecard/v5/clients/mockclients"
"github.com/ossf/scorecard/v5/finding"
scut "github.com/ossf/scorecard/v5/utests"
)

func Test_Run(t *testing.T) {
Expand All @@ -49,7 +50,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -65,7 +66,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -81,7 +82,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -98,7 +99,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -115,7 +116,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -132,7 +133,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "Golang code uses the unsafe package",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -155,7 +156,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "Golang code uses the unsafe package",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -178,7 +179,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "Golang code uses the unsafe package",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -199,7 +200,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -216,7 +217,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -233,7 +234,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -250,7 +251,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "C# project file allows the use of unsafe blocks",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -273,7 +274,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "C# project file allows the use of unsafe blocks",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -296,7 +297,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "C# project file allows the use of unsafe blocks",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -318,7 +319,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -336,7 +337,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "All supported ecosystems do not declare or use unsafe code blocks",
Outcome: finding.OutcomeTrue,
Outcome: finding.OutcomeFalse,
},
},
err: nil,
Expand All @@ -354,7 +355,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "C# project file allows the use of unsafe blocks",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -377,7 +378,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "Golang code uses the unsafe package",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -400,7 +401,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "Golang code uses the unsafe package",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand All @@ -410,7 +411,7 @@ func Test_Run(t *testing.T) {
{
Probe: Probe,
Message: "C# project file allows the use of unsafe blocks",
Outcome: finding.OutcomeFalse,
Outcome: finding.OutcomeTrue,
Remediation: &finding.Remediation{
Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)",
Effort: 2,
Expand Down Expand Up @@ -438,7 +439,7 @@ func Test_Run(t *testing.T) {
return os.Open(file)
}).AnyTimes()
raw.RepoClient = mockRepoClient
raw.Dlogger = checker.NewLogger()
raw.Dlogger = &scut.TestDetailLogger{}
findings, _, err := Run(raw)
if err != nil {
t.Fatalf("unexpected error: %v", err)
Expand All @@ -460,7 +461,7 @@ func Test_Run_Error_ListProgrammingLanguages(t *testing.T) {
return nil, fmt.Errorf("error")
}).AnyTimes()
raw.RepoClient = mockRepoClient
raw.Dlogger = checker.NewLogger()
raw.Dlogger = &scut.TestDetailLogger{}
_, _, err := Run(raw)
if err == nil {
t.Fatalf("expected error: %v", err)
Expand Down Expand Up @@ -500,7 +501,7 @@ func Test_Run_Error_OnMatchingFileContentDo(t *testing.T) {
return nil, fmt.Errorf("error")
}).AnyTimes()
raw.RepoClient = mockRepoClient
raw.Dlogger = checker.NewLogger()
raw.Dlogger = &scut.TestDetailLogger{}
_, _, err := Run(raw)
if err.Error() != tt.expectedErr.Error() {
t.Error(cmp.Diff(err, tt.expectedErr, cmpopts.EquateErrors()))
Expand Down

0 comments on commit ca8d999

Please sign in to comment.