Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable triggering scorecard scan for hosts other than https github (AST-78326) #978

Merged
merged 18 commits into from
Jan 9, 2025
Merged

Disable triggering scorecard scan for hosts other than https github (AST-78326) #978

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
3e8c2dc
Scorecard now only runs for supported hosts
LeonardoLordelloFontes Dec 19, 2024
770ad61
Added test to cover new behaviour
LeonardoLordelloFontes Dec 19, 2024
ee2eca7
revert test
LeonardoLordelloFontes Dec 19, 2024
39d2d2f
Add unit and integration tests to cover new behaviour
LeonardoLordelloFontes Dec 19, 2024
63a73ba
Fix test msg
LeonardoLordelloFontes Dec 19, 2024
d2037ed
Fix lint
LeonardoLordelloFontes Dec 19, 2024
873db4b
Fix when warning msg should be displayed
LeonardoLordelloFontes Dec 19, 2024
c7c32b2
Update tests
LeonardoLordelloFontes Dec 19, 2024
b80233f
Merge branch 'main' into feature/Disabling-triggering-a-Scorecard-sca…
LeonardoLordelloFontes Dec 19, 2024
1f6dc78
Update warning msg
LeonardoLordelloFontes Dec 19, 2024
86a7c10
Merge remote-tracking branch 'origin/feature/Disabling-triggering-a-S…
LeonardoLordelloFontes Dec 19, 2024
6624460
Refactor addSCSScan
LeonardoLordelloFontes Jan 8, 2025
db81947
Fix lint
LeonardoLordelloFontes Jan 8, 2025
2aa31d7
fix lint 2
LeonardoLordelloFontes Jan 8, 2025
5f766de
fix lint 3
LeonardoLordelloFontes Jan 8, 2025
95ed868
Merge branch 'main' into feature/Disabling-triggering-a-Scorecard-sca…
LeonardoLordelloFontes Jan 8, 2025
f3ad312
Updated scorecard unsupported host warning message
LeonardoLordelloFontes Jan 9, 2025
b36ea88
Merge branch 'feature/Disabling-triggering-a-Scorecard-scan-for-repos…
LeonardoLordelloFontes Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 12 additions & 3 deletions internal/commands/scan.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"path"
"path/filepath"
"reflect"
"regexp"
"slices"
"strconv"
"strings"
Expand Down Expand Up @@ -106,6 +107,7 @@ const (
"--scs-repo-url your_repo_url --scs-repo-token your_repo_token"
ScsRepoWarningMsg = "SCS scan warning: Unable to start Scorecard scan due to missing required flags, please include in the ast-cli arguments: " +
"--scs-repo-url your_repo_url --scs-repo-token your_repo_token"
ScsScorecardUnsupportedHostWarningMsg = "SCS scan warning: Unable to start Scorecard scan due to unsupported host. Currently, scorecard only supports https github"
)

var (
Expand Down Expand Up @@ -975,6 +977,11 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, hasEnterpr
SCSMapConfig[resultsMapValue] = &scsConfig
return SCSMapConfig, nil
}
githubURLPattern := regexp.MustCompile(`^(?:https?://)?github\.com/.+`) // only for https
LeonardoLordelloFontes marked this conversation as resolved.
Show resolved Hide resolved
IsGithubURL := githubURLPattern.MatchString(scsRepoURL)
if scsRepoURL != "" && !IsGithubURL {
fmt.Println(ScsScorecardUnsupportedHostWarningMsg)
}

scsSecretDetectionSelected := false
scsScoreCardSelected := false
Expand All @@ -1000,9 +1007,11 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, hasEnterpr
}
if scsScoreCardSelected {
if scsRepoToken != "" && scsRepoURL != "" {
scsConfig.Scorecard = trueString
scsConfig.RepoToken = scsRepoToken
scsConfig.RepoURL = strings.ToLower(scsRepoURL)
if IsGithubURL {
LeonardoLordelloFontes marked this conversation as resolved.
Show resolved Hide resolved
scsConfig.Scorecard = trueString
scsConfig.RepoToken = scsRepoToken
scsConfig.RepoURL = strings.ToLower(scsRepoURL)
}
} else {
if userScanTypes == "" {
fmt.Println(ScsRepoWarningMsg)
Expand Down
162 changes: 162 additions & 0 deletions internal/commands/scan_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"archive/zip"
"bytes"
"fmt"
"io"
"log"
"os"
"reflect"
Expand All @@ -31,7 +32,9 @@ const (
unknownFlag = "unknown flag: --chibutero"
blankSpace = " "
errorMissingBranch = "Failed creating a scan: Please provide a branch"
dummyGitlabRepo = "https://gitlab.com/dummy-org/gitlab-dummy"
dummyRepo = "https://github.com/dummyuser/dummy_project.git"
dummyShortenedGithubRepo = "github.com/dummyuser/dummy_project.git"
dummyToken = "dummyToken"
dummySSHRepo = "[email protected]:dummyRepo/dummyProject.git"
errorSourceBadFormat = "Failed creating a scan: Input in bad format: Sources input has bad format: "
Expand Down Expand Up @@ -1034,6 +1037,165 @@ func TestCreateScan_WithSCSSecretDetection_scsMapHasSecretDetection(t *testing.T
}
}

func TestCreateScan_WithSCSSecretDetectionAndScorecardShortenedGithubRepo_scsMapHasBoth(t *testing.T) {
// Create a pipe for capturing stdout
r, w, _ := os.Pipe()
oldStdout := os.Stdout
defer func() { os.Stdout = oldStdout }()
os.Stdout = w // Redirecting stdout to the pipe

var resubmitConfig []wrappers.Config
cmdCommand := &cobra.Command{
Use: "scan",
Short: "Scan a project",
Long: `Scan a project`,
}
cmdCommand.PersistentFlags().String(commonParams.SCSEnginesFlag, "", "SCS Engine flag")
cmdCommand.PersistentFlags().String(commonParams.SCSRepoTokenFlag, "", "GitHub token to be used with SCS engines")
cmdCommand.PersistentFlags().String(commonParams.SCSRepoURLFlag, "", "GitHub url to be used with SCS engines")
_ = cmdCommand.Execute()
_ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection,scorecard")
_ = cmdCommand.Flags().Set(commonParams.SCSRepoTokenFlag, dummyToken)
_ = cmdCommand.Flags().Set(commonParams.SCSRepoURLFlag, dummyShortenedGithubRepo)

result, _ := addSCSScan(cmdCommand, resubmitConfig, true)

// Close the writer to signal that we are done capturing the output
w.Close()

// Read from the pipe (stdout)
var buf bytes.Buffer
_, err := io.Copy(&buf, r) // Copy the captured output to a buffer
if err != nil {
t.Fatalf("Failed to capture output: %v", err)
}

output := buf.String()
if strings.Contains(output, ScsScorecardUnsupportedHostWarningMsg) {
t.Errorf("Expected output to not contain %q, but got %q", ScsScorecardUnsupportedHostWarningMsg, output)
}

scsConfig := wrappers.SCSConfig{
Twoms: "true",
Scorecard: "true",
RepoURL: dummyShortenedGithubRepo,
RepoToken: dummyToken,
}
scsMapConfig := make(map[string]interface{})
scsMapConfig[resultsMapType] = commonParams.MicroEnginesType
scsMapConfig[resultsMapValue] = &scsConfig

if !reflect.DeepEqual(result, scsMapConfig) {
t.Errorf("Expected %+v, but got %+v", scsMapConfig, result)
}
}

func TestCreateScan_WithSCSSecretDetectionAndScorecardGitLabRepo_scsMapHasSecretDetection(t *testing.T) {
// Create a pipe for capturing stdout
r, w, _ := os.Pipe()
oldStdout := os.Stdout
defer func() { os.Stdout = oldStdout }()
os.Stdout = w // Redirecting stdout to the pipe

var resubmitConfig []wrappers.Config
cmdCommand := &cobra.Command{
Use: "scan",
Short: "Scan a project",
Long: `Scan a project`,
}
cmdCommand.PersistentFlags().String(commonParams.SCSEnginesFlag, "", "SCS Engine flag")
cmdCommand.PersistentFlags().String(commonParams.SCSRepoTokenFlag, "", "GitHub token to be used with SCS engines")
cmdCommand.PersistentFlags().String(commonParams.SCSRepoURLFlag, "", "GitHub url to be used with SCS engines")
_ = cmdCommand.Execute()
_ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection,scorecard")
_ = cmdCommand.Flags().Set(commonParams.SCSRepoTokenFlag, dummyToken)
_ = cmdCommand.Flags().Set(commonParams.SCSRepoURLFlag, dummyGitlabRepo)

result, _ := addSCSScan(cmdCommand, resubmitConfig, true)

// Close the writer to signal that we are done capturing the output
w.Close()

// Read from the pipe (stdout)
var buf bytes.Buffer
_, err := io.Copy(&buf, r) // Copy the captured output to a buffer
if err != nil {
t.Fatalf("Failed to capture output: %v", err)
}

output := buf.String()
if !strings.Contains(output, ScsScorecardUnsupportedHostWarningMsg) {
t.Errorf("Expected output to contain %q, but got %q", ScsScorecardUnsupportedHostWarningMsg, output)
}

scsConfig := wrappers.SCSConfig{
Twoms: "true",
Scorecard: "",
RepoURL: "",
RepoToken: "",
}
scsMapConfig := make(map[string]interface{})
scsMapConfig[resultsMapType] = commonParams.MicroEnginesType
scsMapConfig[resultsMapValue] = &scsConfig

if !reflect.DeepEqual(result, scsMapConfig) {
t.Errorf("Expected %+v, but got %+v", scsMapConfig, result)
}
}

func TestCreateScan_WithSCSSecretDetectionAndScorecardGitSSHRepo_scsMapHasSecretDetection(t *testing.T) {
// Create a pipe for capturing stdout
r, w, _ := os.Pipe()
oldStdout := os.Stdout
defer func() { os.Stdout = oldStdout }()
os.Stdout = w // Redirecting stdout to the pipe

var resubmitConfig []wrappers.Config
cmdCommand := &cobra.Command{
Use: "scan",
Short: "Scan a project",
Long: `Scan a project`,
}
cmdCommand.PersistentFlags().String(commonParams.SCSEnginesFlag, "", "SCS Engine flag")
cmdCommand.PersistentFlags().String(commonParams.SCSRepoTokenFlag, "", "GitHub token to be used with SCS engines")
cmdCommand.PersistentFlags().String(commonParams.SCSRepoURLFlag, "", "GitHub url to be used with SCS engines")
_ = cmdCommand.Execute()
_ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection,scorecard")
_ = cmdCommand.Flags().Set(commonParams.SCSRepoTokenFlag, dummyToken)
_ = cmdCommand.Flags().Set(commonParams.SCSRepoURLFlag, dummySSHRepo)

result, _ := addSCSScan(cmdCommand, resubmitConfig, true)

// Close the writer to signal that we are done capturing the output
w.Close()

// Read from the pipe (stdout)
var buf bytes.Buffer
_, err := io.Copy(&buf, r) // Copy the captured output to a buffer
if err != nil {
t.Fatalf("Failed to capture output: %v", err)
}

output := buf.String()
if !strings.Contains(output, ScsScorecardUnsupportedHostWarningMsg) {
t.Errorf("Expected output to contain %q, but got %q", ScsScorecardUnsupportedHostWarningMsg, output)
}

scsConfig := wrappers.SCSConfig{
Twoms: "true",
Scorecard: "",
RepoURL: "",
RepoToken: "",
}
scsMapConfig := make(map[string]interface{})
scsMapConfig[resultsMapType] = commonParams.MicroEnginesType
scsMapConfig[resultsMapValue] = &scsConfig

if !reflect.DeepEqual(result, scsMapConfig) {
t.Errorf("Expected %+v, but got %+v", scsMapConfig, result)
}
}

func Test_isDirFiltered(t *testing.T) {
type args struct {
filename string
Expand Down
Loading