Skip to content

🐛 Add npm installs to Pinned-Dependencies score #2960

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
spencerschrock merged 14 commits into from
Jul 12, 2023
Merged

🐛 Add npm installs to Pinned-Dependencies score #2960

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
193931a
feat: Add npm install to pinned dependencies score
gabibguti May 4, 2023
f348881
test: Fix pinned dependencies evaluation tests
gabibguti May 5, 2023
e09bd98
test: Fix pinned dependencies e2e tests
gabibguti May 5, 2023
62e0cb8
test: Fix typo
gabibguti May 5, 2023
5758dcb
test: Unpinned npm install score
gabibguti May 5, 2023
06f7f9a
test: Undefined npm install score
gabibguti May 5, 2023
0ed8312
Merge branch 'main' into feat/score-npm-installs-in-pinned-deps
gabibguti May 10, 2023
60d629d
test: Fix typo
gabibguti May 10, 2023
37905a3
test: Fix "validate various warnings and info" test
gabibguti May 10, 2023
397c97f
Merge branch 'main' into feat/score-npm-installs-in-pinned-deps
gabibguti May 12, 2023
f752047
fix: npm dependencies pinned log
gabibguti Jul 12, 2023
f395a28
test: Remove test of error when parsing an npm dependency
gabibguti Jul 12, 2023
d2273fe
Merge branch 'main' into feat/score-npm-installs-in-pinned-deps
spencerschrock Jul 12, 2023
a1cfa13
Empty commit to retrigger DCO bot.
spencerschrock Jul 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion checks/evaluation/pinned_dependencies.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,15 +127,22 @@ func PinningDependencies(name string, c *checker.CheckRequest,
return checker.CreateRuntimeErrorResult(name, err)
}

// Npm installs.
npmScore, err := createReturnForIsNpmInstallPinned(pr, dl)
if err != nil {
return checker.CreateRuntimeErrorResult(name, err)
}

// Scores may be inconclusive.
actionScore = maxScore(0, actionScore)
dockerFromScore = maxScore(0, dockerFromScore)
dockerDownloadScore = maxScore(0, dockerDownloadScore)
scriptScore = maxScore(0, scriptScore)
pipScore = maxScore(0, pipScore)
npmScore = maxScore(0, npmScore)

score := checker.AggregateScores(actionScore, dockerFromScore,
dockerDownloadScore, scriptScore, pipScore)
dockerDownloadScore, scriptScore, pipScore, npmScore)

if score == checker.MaxResultScore {
return checker.CreateMaxScoreResult(name, "all dependencies are pinned")
Expand Down Expand Up @@ -260,6 +267,15 @@ func createReturnForIsPipInstallPinned(pr map[checker.DependencyUseType]pinnedRe
dl)
}

// Create the result for npm install commands.
func createReturnForIsNpmInstallPinned(pr map[checker.DependencyUseType]pinnedResult,
dl checker.DetailLogger,
) (int, error) {
return createReturnValues(pr, checker.DependencyUseTypeNpmCommand,
"Npm installs are pinned",
dl)
}

func createReturnValues(pr map[checker.DependencyUseType]pinnedResult,
t checker.DependencyUseType, infoMsg string,
dl checker.DetailLogger,
Expand Down
47 changes: 40 additions & 7 deletions checks/evaluation/pinned_dependencies_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ func Test_PinningDependencies(t *testing.T) {
Error: nil,
Score: checker.MaxResultScore,
NumberOfWarn: 0,
NumberOfInfo: 6,
NumberOfInfo: 7,
NumberOfDebug: 1,
},
},
Expand All @@ -130,12 +130,12 @@ func Test_PinningDependencies(t *testing.T) {
Error: nil,
Score: 6,
NumberOfWarn: 1,
NumberOfInfo: 4,
NumberOfInfo: 5,
NumberOfDebug: 1,
},
},
{
name: "various wanrings",
name: "various warnings",
dependencies: []checker.Dependency{
{
Location: &checker.File{},
Expand All @@ -156,9 +156,9 @@ func Test_PinningDependencies(t *testing.T) {
},
expected: scut.TestReturn{
Error: nil,
Score: 2,
Score: 3,
NumberOfWarn: 3,
NumberOfInfo: 2,
NumberOfInfo: 3,
NumberOfDebug: 1,
},
},
Expand All @@ -174,7 +174,7 @@ func Test_PinningDependencies(t *testing.T) {
Error: nil,
Score: 8,
NumberOfWarn: 1,
NumberOfInfo: 5,
NumberOfInfo: 6,
NumberOfDebug: 0,
},
},
Expand All @@ -191,7 +191,7 @@ func Test_PinningDependencies(t *testing.T) {
Error: nil,
Score: 10,
NumberOfWarn: 0,
NumberOfInfo: 6,
NumberOfInfo: 7,
NumberOfDebug: 1,
},
},
Expand All @@ -201,10 +201,43 @@ func Test_PinningDependencies(t *testing.T) {
Error: nil,
Score: 10,
NumberOfWarn: 0,
NumberOfInfo: 7,
NumberOfDebug: 0,
},
},
{
name: "unpinned npm install",
dependencies: []checker.Dependency{
{
Location: &checker.File{},
Type: checker.DependencyUseTypeNpmCommand,
},
},
expected: scut.TestReturn{
Error: nil,
Score: 8,
NumberOfWarn: 1,
NumberOfInfo: 6,
NumberOfDebug: 0,
},
},
{
name: "undefined npm install",
dependencies: []checker.Dependency{
{
Location: &checker.File{},
Type: checker.DependencyUseTypeNpmCommand,
Msg: asPointer("debug message"),
},
},
expected: scut.TestReturn{
Error: nil,
Score: 10,
NumberOfWarn: 0,
NumberOfInfo: 7,
NumberOfDebug: 1,
},
},
}

for _, tt := range tests {
Expand Down
12 changes: 6 additions & 6 deletions e2e/pinned_dependencies_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,9 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() {
}
expected := scut.TestReturn{
Error: nil,
Score: 1,
Score: 3,
NumberOfWarn: 139,
NumberOfInfo: 1,
NumberOfInfo: 2,
NumberOfDebug: 0,
}
result := checks.PinningDependencies(&req)
Expand All @@ -74,9 +74,9 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() {
}
expected := scut.TestReturn{
Error: nil,
Score: 1,
Score: 3,
NumberOfWarn: 139,
NumberOfInfo: 1,
NumberOfInfo: 2,
NumberOfDebug: 0,
}
result := checks.PinningDependencies(&req)
Expand Down Expand Up @@ -110,9 +110,9 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() {
}
expected := scut.TestReturn{
Error: nil,
Score: 1,
Score: 3,
NumberOfWarn: 139,
NumberOfInfo: 1,
NumberOfInfo: 2,
NumberOfDebug: 0,
}
result := checks.PinningDependencies(&req)
Expand Down