diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index 6ed3a3354..286755012 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -91,7 +91,7 @@ jobs: GITHUB_TOKEN: ${{ github.token }} # Generate the requirements.txt that contains the hash digests of the dependencies and - # generate the SBOM using CyclonDX SBOM generator. + # generate the SBOM using CycloneDX SBOM generator. - name: Generate requirements.txt and SBOM if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON run: make requirements sbom diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 846f48bf5..d41c80ed5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -97,7 +97,7 @@ jobs: contents: read packages: read - # Create a new Release on Github from the verified build artifacts, and optionally + # Create a new Release on GitHub from the verified build artifacts, and optionally # publish the artifacts to a PyPI server. release: needs: [build] @@ -284,7 +284,7 @@ jobs: # provenance-docker: # needs: [release] # permissions: - # actions: read # To detect the Github Actions environment. + # actions: read # To detect the GitHub Actions environment. # id-token: write # To create OIDC tokens for signing. # packages: write # To upload provenance. # uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 diff --git a/CHANGELOG.md b/CHANGELOG.md index c37fd95e3..34d5d4eaa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,7 +21,7 @@ - resolve podman compatibility issues (#512) - do not use git set-branches if the target branch is not currently available in the repository (#491) -- fix bash syntax error when running `run_macaron.sh` on MacOS (#528) +- fix bash syntax error when running `run_macaron.sh` on macOS (#528) ### Refactor diff --git a/Makefile b/Makefile index 2fe5e91ca..4a3caee72 100644 --- a/Makefile +++ b/Makefile @@ -156,7 +156,7 @@ souffle: # package dependencies declared in pyproject.toml. # Go dependencies are only upgraded by Dependabot and managed differently # from Python dependencies and by default the upgrade target does not -# upgrade Go dependencies. To upgrade the Go depenencies use the +# upgrade Go dependencies. To upgrade the Go dependencies use the # `upgrade-go` target directly, which uses the code snippet suggested # here instead of `go get -u` to avoid updating indirect dependencies # and creating a broken state: diff --git a/THIRD_PARTY_LICENSES.txt b/THIRD_PARTY_LICENSES.txt index 7fd4c61a9..bef1a0377 100644 --- a/THIRD_PARTY_LICENSES.txt +++ b/THIRD_PARTY_LICENSES.txt @@ -5434,7 +5434,7 @@ Copyright 2020 Google LLC. Copyright 2020 Google LLC. All Rights Reserved. Copyright 2020 Google LLC. All Rights Reserved.\n" + Copyright 2020 Gregor Martynus -Copyright 2020 Intel Coporation. +Copyright 2020 Intel Corporation. Copyright 2020 The Go Authors. All rights reserved. Copyright 2020 The Kubernetes Authors. Copyright 2020 The gRPC Authors @@ -10201,7 +10201,7 @@ SPDX:Apache-2.0 == Copyright Copyright 2013 Google Inc. All Rights Reserved. Copyright 2019 The Kubernetes Authors. -Copyright 2020 Intel Coporation. +Copyright 2020 Intel Corporation. Copyright 2020 The Kubernetes Authors. Copyright 2021 The Kubernetes Authors. Copyright 2022 The Kubernetes Authors. @@ -10890,7 +10890,7 @@ Copyright 2020 Google LLC. Copyright 2020 Google LLC. All Rights Reserved. Copyright 2020 Google LLC. All Rights Reserved.\n" + Copyright 2020 Gregor Martynus -Copyright 2020 Intel Coporation. +Copyright 2020 Intel Corporation. Copyright 2020 The Go Authors. All rights reserved. Copyright 2020 The Kubernetes Authors. Copyright 2020 The gRPC Authors diff --git a/docker/Dockerfile.base b/docker/Dockerfile.base index 73a7eba0c..ba28f67d3 100644 --- a/docker/Dockerfile.base +++ b/docker/Dockerfile.base @@ -56,7 +56,7 @@ enabled=1\ # Exception: netbase (We couldn't find an equivalent in Oracle Linux). tzdata \ ca-certificates \ - # git and finutils are needed for running and building Macaron. + # git and findutils are needed for running and building Macaron. git \ findutils \ # Runtime libraries for Souffle. These are based on @@ -205,7 +205,7 @@ enabled=1\ && souffle --version \ # --------------------------------------------------------------------------------------------------------------------- # CLEANING UP. - # We mark all unecessary packages to be removed while preserving the user installed packages. + # We mark all unnecessary packages to be removed while preserving the user installed packages. && dnf list installed | tail -n +2 | cut -d' ' -f1 | xargs -r dnf mark remove > /dev/null \ && [ -z "$USER_MANUAL_INSTALLED" ] || dnf mark install $USER_MANUAL_INSTALLED \ # Look for share libraries that are used by looking through the executables in /usr/local to preserve them. diff --git a/docker/Dockerfile.final b/docker/Dockerfile.final index bd65febf3..a96036403 100644 --- a/docker/Dockerfile.final +++ b/docker/Dockerfile.final @@ -16,7 +16,7 @@ ENV HOME="/home/macaron" ENV PACKAGE_PATH=$HOME/.venv/lib/python3.11/site-packages/macaron -# Create the macaron user and group with abritary UID and GID. +# Create the macaron user and group with arbitrary UID and GID. # The macaron GID and UID in this image will be modified by the # user.sh script on startup to get the UID and GID of the user who started # the Docker container. diff --git a/docs/source/index.rst b/docs/source/index.rst index 9681d4ac8..372b46f21 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -93,7 +93,7 @@ How does Macaron work? :alt: Macaron infrastructure :align: center - Macaron's infrastucture + Macaron's infrastructure Macaron is designed based on a Zero Trust model. It analyzes a target repository as an external tool and requires minimal configurations. After cloning a repository, Macaron parses the CI diff --git a/docs/source/pages/output_files.rst b/docs/source/pages/output_files.rst index 05a19b59e..09d3d0a0d 100644 --- a/docs/source/pages/output_files.rst +++ b/docs/source/pages/output_files.rst @@ -68,7 +68,7 @@ The report files will be stored into: .. code-block:: - /reports/github_com/micronaut-projects/micronaut-core + /reports/github_com/micronaut-projects/micronaut-core .. note:: In the unique path, only ASCII letters, digits and ``-`` are allowed. Prohibited characters are changed into ``_``. No changes to the letter case are made. diff --git a/docs/source/pages/tutorials/commit_finder.rst b/docs/source/pages/tutorials/commit_finder.rst index f02ce1d5e..eb9a63bcf 100644 --- a/docs/source/pages/tutorials/commit_finder.rst +++ b/docs/source/pages/tutorials/commit_finder.rst @@ -52,7 +52,7 @@ To perform an analysis on Arrow, Macaron can be run with the following command: ./run_macaron.sh analyze -rp https://github.com/arrow-py/arrow --skip-deps -However, this will return results based only on the current state of the repository, which as described above, is not what we want to achieve in this tutorial. To perform analyses on other repository states, we need to provide Macaron with the target artifact versions in the form of `PURLs `_, or Package URLs, which is a convenient way to encodify packages from different ecosystems into the same format. +However, this will return results based only on the current state of the repository, which as described above, is not what we want to achieve in this tutorial. To perform analyses on other repository states, we need to provide Macaron with the target artifact versions in the form of `PURLs `_, or Package URLs, which is a convenient way to encode packages from different ecosystems into the same format. In our case we are looking at a Python package, so our PURL must reflect that. For versions we will analyze ``1.3.0`` and ``0.15.0``, giving us the following PURLs: diff --git a/docs/source/pages/tutorials/detect_malicious_java_dep.rst b/docs/source/pages/tutorials/detect_malicious_java_dep.rst index b8910d015..e0710629a 100644 --- a/docs/source/pages/tutorials/detect_malicious_java_dep.rst +++ b/docs/source/pages/tutorials/detect_malicious_java_dep.rst @@ -72,7 +72,7 @@ First, we need to run the ``analyze`` command of Macaron to run a number of :ref .. note:: By default, Macaron clones the repositories and creates output files under the ``output`` directory. To understand the structure of this directory please see :ref:`Output Files Guide `. -By default, this command analyzes the the latest commit of the default branch of the repository. You can also analyze the repository +By default, this command analyzes the latest commit of the default branch of the repository. You can also analyze the repository at a specific commit by providing the branch and commit digest. See the :ref:`CLI options` of the ``analyze`` command for more information. After running the ``analyze`` command, we can view the data that Macaron has gathered about the ``example-maven-app`` repository in an HTML report. diff --git a/docs/source/pages/using.rst b/docs/source/pages/using.rst index 960e9cce6..773fb6833 100644 --- a/docs/source/pages/using.rst +++ b/docs/source/pages/using.rst @@ -18,12 +18,12 @@ Analyzing a source code repository ---------------------------------- '''''''''''''''''''''''''''''''''''' -Analyzing a public Github repository +Analyzing a public GitHub repository '''''''''''''''''''''''''''''''''''' -Macaron can analyze a Github public repository (and potentially the repositories of it dependencies) to determine its SLSA posture following the specification of `SLSA v0.1 `_. +Macaron can analyze a GitHub public repository (and potentially the repositories of it dependencies) to determine its SLSA posture following the specification of `SLSA v0.1 `_. -To run Macaron on a Github public repository, we use the following command: +To run Macaron on a GitHub public repository, we use the following command: .. code-block:: shell @@ -102,7 +102,7 @@ To simplify the examples, we use the same configurations as above if needed (e.g pkg:// -The list bellow shows examples for the corresponding PURL strings for different git repositories: +The list below shows examples for the corresponding PURL strings for different git repositories: .. list-table:: Examples of PURL strings for git repositories. :widths: 50 50 @@ -332,7 +332,7 @@ Macaron's policy engine accepts policies specified in `Datalog `_ as the Datalog engine in Macaron. Once you run the checks on a target project as described :ref:`here `, the check results will be stored in ``macaron.db`` in the output directory. We pass the check results to the policy engine by providing the path to ``macaron.db`` together with a Datalog policy file to be validated by the policy engine. -In the Datalog policy file, we must specify the identifier for the target software component that we are interested in to validate the policy against. These are two ways to specify the target software component in the Datalog policy file: +In the Datalog policy file, we must specify the identifier for the target software component that interests us to validate the policy against. These are two ways to specify the target software component in the Datalog policy file: #. Using the complete name of the target component (e.g. ``github.com/oracle-quickstart/oci-micronaut``) #. Using the PURL string of the target component (e.g. ``pkg:github.com/oracle-quickstart/oci-micronaut@``). diff --git a/scripts/dev_scripts/integration_tests.sh b/scripts/dev_scripts/integration_tests.sh index 60573fd66..2e17c4f18 100755 --- a/scripts/dev_scripts/integration_tests.sh +++ b/scripts/dev_scripts/integration_tests.sh @@ -467,7 +467,7 @@ HTML_EXPECTED=$WORKSPACE/output/reports/local_repos/maven/maven.html $RUN_MACARON -lr $WORKSPACE/output/git_repos/local_repos/ analyze -rp test_repo -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail -# We don't compare the report content because the remote_path fields in the reports are undeterministic when running +# We don't compare the report content because the remote_path fields in the reports are nondeterministic when running # this test locally and running it in the GitHub Actions runner. We only check if the reports are generated as # expected without the issue described in https://github.com/oracle/macaron/issues/116. ls $JSON_EXPECTED || log_fail diff --git a/scripts/release_scripts/run_macaron.sh b/scripts/release_scripts/run_macaron.sh index fb3f5bc95..ee39e68e7 100755 --- a/scripts/release_scripts/run_macaron.sh +++ b/scripts/release_scripts/run_macaron.sh @@ -23,7 +23,7 @@ set -euo pipefail # The `extglob` shopt option is required for the `@(...)` pattern matching syntax. -# This option is not enabled by default for bash on some systems, most notably MacOS +# This option is not enabled by default for bash on some systems, most notably macOS # where the default bash version is very old. # Reference: https://www.gnu.org/software/bash/manual/html_node/The-Shopt-Builtin.html shopt -s extglob diff --git a/src/macaron/__main__.py b/src/macaron/__main__.py index e5a7aeb73..a982bb33a 100644 --- a/src/macaron/__main__.py +++ b/src/macaron/__main__.py @@ -109,7 +109,7 @@ def analyze_slsa_levels_single(analyzer_single_args: argparse.Namespace) -> None # of the Configuration class, but if `` analyzer_single_args.package_url`` is None, the ``purl`` field is set # to None in the Configuration instance. # This inconsistency could cause potential issues when Macaron handles those inputs. - # TODO: improve the implementation of ``Configuation`` class to avoid such inconsistencies. + # TODO: improve the implementation of ``Configuration`` class to avoid such inconsistencies. run_config = { "target": { "id": purl or repo_path or "", diff --git a/src/macaron/output_reporter/templates/base_template.html b/src/macaron/output_reporter/templates/base_template.html index 3a31a39bf..b5bf05221 100644 --- a/src/macaron/output_reporter/templates/base_template.html +++ b/src/macaron/output_reporter/templates/base_template.html @@ -256,7 +256,7 @@ } /* - The reason why we need to create a separate .toggler class is because all .caret class are set binded + The reason we need to create a separate .toggler class is that the .caret class is bound to the listener for extending/collapsing the provenance fields. */ .caret, .toggler { diff --git a/src/macaron/policy_engine/examples/aggregate.dl b/src/macaron/policy_engine/examples/aggregate.dl index aeebc5e9a..fff73adfb 100644 --- a/src/macaron/policy_engine/examples/aggregate.dl +++ b/src/macaron/policy_engine/examples/aggregate.dl @@ -12,7 +12,7 @@ apply_policy_to("aggregate_level_3", repo_id) :- // if we have provenance, then require using a trusted builder, // verifying the provenance attestations, and // dependencies must use some kind of scripted build - repository_analysis(_, componen_id, repo_id, name), + repository_analysis(_, component_id, repo_id, name), provenance(_, component_id, _, _, _, _). // Require everything to have version control diff --git a/src/macaron/repo_finder/repo_finder.py b/src/macaron/repo_finder/repo_finder.py index 6f7e8fad4..ca2fffd28 100644 --- a/src/macaron/repo_finder/repo_finder.py +++ b/src/macaron/repo_finder/repo_finder.py @@ -19,7 +19,7 @@ For Python, .NET, Rust, and NodeJS type PURLs, Google's Open Source Insights API is used to find the meta data. In either case, any repository links are extracted from the meta data, then checked for validity via -``repo_validator::find_valid_repository_url`` which accepts URLs that point to a Github repository or similar. +``repo_validator::find_valid_repository_url`` which accepts URLs that point to a GitHub repository or similar. Repository PURLs ---------------- diff --git a/src/macaron/slsa_analyzer/checks/build_as_code_check.py b/src/macaron/slsa_analyzer/checks/build_as_code_check.py index 3e59f36b2..7a849b4d4 100644 --- a/src/macaron/slsa_analyzer/checks/build_as_code_check.py +++ b/src/macaron/slsa_analyzer/checks/build_as_code_check.py @@ -164,7 +164,7 @@ def _check_build_tool( trusted_deploy_actions = build_tool.ci_deploy_kws["github_actions"] or [] - # Check for use of a trusted Github Actions workflow to publish/deploy. + # Check for use of a trusted GitHub Actions workflow to publish/deploy. # TODO: verify that deployment is legitimate and not a test if trusted_deploy_actions: for callee in ci_info["callgraph"].bfs(): diff --git a/src/macaron/slsa_analyzer/checks/build_service_check.py b/src/macaron/slsa_analyzer/checks/build_service_check.py index ea2273ea0..503fe2348 100644 --- a/src/macaron/slsa_analyzer/checks/build_service_check.py +++ b/src/macaron/slsa_analyzer/checks/build_service_check.py @@ -82,7 +82,7 @@ def _has_build_command(self, commands: list[list[str]], build_tool: BaseBuildToo continue # The first argument in a bash command is the program name. # So first check that the program name is a supported build tool name. - # We need to handle cases where the the first argument is a path to the program. + # We need to handle cases where the first argument is a path to the program. cmd_program_name = os.path.basename(com[0]) if not cmd_program_name: logger.debug("Found invalid program name %s.", com[0]) diff --git a/src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py b/src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py index 9b5344fd8..11a6ec082 100644 --- a/src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py +++ b/src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py @@ -82,7 +82,7 @@ def verify_artifact_assets( class ProvenanceWitnessL1Table(CheckFacts, ORMBase): - """Result table for provenenance l3 check.""" + """Result table for provenance l3 check.""" __tablename__ = "_provenance_witness_l1_check" diff --git a/src/macaron/slsa_analyzer/git_service/api_client.py b/src/macaron/slsa_analyzer/git_service/api_client.py index 575ae290c..44e4d6734 100644 --- a/src/macaron/slsa_analyzer/git_service/api_client.py +++ b/src/macaron/slsa_analyzer/git_service/api_client.py @@ -148,7 +148,7 @@ class _GhAPIEndPoint(Enum): class GhAPIClient(BaseAPIClient): - """This class acts as a client to use Github API. + """This class acts as a client to use GitHub API. See https://docs.github.com/en/rest for the GitHub API documentation. """ diff --git a/src/macaron/slsa_analyzer/git_url.py b/src/macaron/slsa_analyzer/git_url.py index 50ba9736e..eb93142bf 100644 --- a/src/macaron/slsa_analyzer/git_url.py +++ b/src/macaron/slsa_analyzer/git_url.py @@ -117,7 +117,7 @@ def check_out_repo_target( ) -> bool: """Checkout the branch and commit specified by the user. - This fucntion assumes that a remote "origin" exist and checkout from that remote ONLY. + This function assumes that a remote "origin" exist and checkout from that remote ONLY. If ``offline_mode`` is False, this function will fetch new changes from origin remote. The fetching operation will prune and update all references (e.g. tags, branches) to make sure that the local repository is up-to-date @@ -132,7 +132,7 @@ def check_out_repo_target( If ``branch_name`` is not provided and a commit is provided, this function will checkout the commit directly. If both ``branch_name`` and a commit are provided, this function will checkout the commit directly only if that - commit exists in the branch origin/. If not, this fucntion will return False. + commit exists in the branch origin/. If not, this function will return False. For all scenarios: - If the checkout fails (e.g. a branch or a commit doesn't exist), this function will return diff --git a/src/macaron/slsa_analyzer/package_registry/jfrog_maven_registry.py b/src/macaron/slsa_analyzer/package_registry/jfrog_maven_registry.py index 00d270acd..ce52a6595 100644 --- a/src/macaron/slsa_analyzer/package_registry/jfrog_maven_registry.py +++ b/src/macaron/slsa_analyzer/package_registry/jfrog_maven_registry.py @@ -560,7 +560,7 @@ def extract_file_names_from_folder_info_payload( Parameters ---------- folder_info_payload : JsonType - The JSON payload of a Folder Info reponse. + The JSON payload of a Folder Info response. extensions : set[str] | None The set of allowed extensions. Filenames not ending in these extensions are omitted from the result. diff --git a/src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py b/src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py index 0f6d05eed..aafed5ce4 100644 --- a/src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py +++ b/src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py @@ -1,7 +1,7 @@ # Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. -"""This module handles in-toto version version 1 attestations.""" +"""This module handles in-toto version 1 attestations.""" from typing import TypedDict diff --git a/src/macaron/slsa_analyzer/registry.py b/src/macaron/slsa_analyzer/registry.py index 5cb28d423..06e8e7287 100644 --- a/src/macaron/slsa_analyzer/registry.py +++ b/src/macaron/slsa_analyzer/registry.py @@ -338,7 +338,7 @@ def scan(self, target: AnalyzeContext, skipped_checks: list[SkippedInfo]) -> dic ---------- target : AnalyzeContext The object containing processed data for the target repo. - skipped_checks : list[SkippedInfor] + skipped_checks : list[SkippedInfo] The list of skipped checks information. Returns diff --git a/tests/conftest.py b/tests/conftest.py index 7e725bce2..272fd539f 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -344,7 +344,7 @@ def circle_ci_service(setup_test): # type: ignore # pylint: disable=unused-argu @pytest.fixture() def gitlab_ci_service(setup_test): # type: ignore # pylint: disable=unused-argument - """Create a GitlabCI service instance. + """Create a GitLabCI service instance. Parameters ---------- @@ -353,8 +353,8 @@ def gitlab_ci_service(setup_test): # type: ignore # pylint: disable=unused-argu Returns ------- - GitlabCI - The GitlabCI instance. + GitLabCI + The GitLabCI instance. """ gitlab_ci = GitLabCI() gitlab_ci.load_defaults() diff --git a/tests/dependency_analyzer/cyclonedx/test_cyclonedx.py b/tests/dependency_analyzer/cyclonedx/test_cyclonedx.py index e05e24307..f3b939de9 100644 --- a/tests/dependency_analyzer/cyclonedx/test_cyclonedx.py +++ b/tests/dependency_analyzer/cyclonedx/test_cyclonedx.py @@ -1,7 +1,7 @@ # Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. -"""This module tests the CyclondeDX helper functions.""" +"""This module tests the CycloneDX helper functions.""" import os from pathlib import Path diff --git a/tests/parsers/bashparser/resources/bash_files/valid_github_action_bash.sh b/tests/parsers/bashparser/resources/bash_files/valid_github_action_bash.sh index 95937e420..a725e1ef0 100644 --- a/tests/parsers/bashparser/resources/bash_files/valid_github_action_bash.sh +++ b/tests/parsers/bashparser/resources/bash_files/valid_github_action_bash.sh @@ -4,7 +4,7 @@ # This is a valid GitHub Actions expression. echo "hash=${{ steps.compute-hash.outputs.hash }}" >> "$GITHUB_OUTPUT" -# These maynot be valid GitHub Actions expressions but we want to make +# These may not be valid GitHub Actions expressions but we want to make # sure we can handle such cases using greedy regex matching. echo "hash=${{ ${{ FOO }} }}" echo "hash=${{ ${ FOO } }}" diff --git a/tests/policy_engine/test_souffle.py b/tests/policy_engine/test_souffle.py index 058b5eebf..3a927a867 100644 --- a/tests/policy_engine/test_souffle.py +++ b/tests/policy_engine/test_souffle.py @@ -45,7 +45,7 @@ def test_error() -> None: raise ValueError() -def test_consecuitve() -> None: +def test_consecutive() -> None: """ Test running different programs in the same context. diff --git a/tests/slsa_analyzer/checks/resources/github/workflow_files/maven_build_itself.yml b/tests/slsa_analyzer/checks/resources/github/workflow_files/maven_build_itself.yml index 40b8f6f6c..0ddda9159 100644 --- a/tests/slsa_analyzer/checks/resources/github/workflow_files/maven_build_itself.yml +++ b/tests/slsa_analyzer/checks/resources/github/workflow_files/maven_build_itself.yml @@ -35,7 +35,7 @@ jobs: tar -xzf ${{ env.TAR_BALL }} -C "$temp_dir" --strip 1 maven_bin_dir=$temp_dir/bin if [ -d $maven_bin_dir ]; then - echo "tar.gz file \"${{ env.TAR_BALL }}\" succesfully extracted in temporarily directory \"$temp_dir.\"" + echo "tar.gz file \"${{ env.TAR_BALL }}\" successfully extracted in temporarily directory \"$temp_dir.\"" echo "TEMP_MAVEN_BIN_DIR=$maven_bin_dir" >> $GITHUB_ENV else echo "$maven_bin_dir does not exist." diff --git a/tests/slsa_analyzer/checks/test_build_as_code_check.py b/tests/slsa_analyzer/checks/test_build_as_code_check.py index c215dd684..9204aff3c 100644 --- a/tests/slsa_analyzer/checks/test_build_as_code_check.py +++ b/tests/slsa_analyzer/checks/test_build_as_code_check.py @@ -226,7 +226,7 @@ def test_gha_workflow_deployment( workflows_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), "resources", "github", "workflow_files") - # This Github Actions workflow uses gh-action-pypi-publish to publish the artifact. + # This GitHub Actions workflow uses gh-action-pypi-publish to publish the artifact. gha_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="") gha_deploy.dynamic_data["build_spec"]["tools"] = [pip_tool] gha_deploy.dynamic_data["ci_services"] = [ci_info] @@ -247,7 +247,7 @@ def test_gha_workflow_deployment( ci_info["callgraph"] = gh_cg assert check.run_check(gha_deploy).result_type == CheckResultType.PASSED - # This Github Actions workflow is not using a trusted action to publish the artifact. + # This GitHub Actions workflow is not using a trusted action to publish the artifact. root = GitHubNode(name="root", node_type=GHWorkflowType.NONE, source_path="", parsed_obj={}, caller_path="") gh_cg = CallGraph(root, "") workflow_path = os.path.join(workflows_dir, "pypi_publish_blah.yaml") diff --git a/tests/slsa_analyzer/checks/test_build_service_check.py b/tests/slsa_analyzer/checks/test_build_service_check.py index 71d48219b..895b320c4 100644 --- a/tests/slsa_analyzer/checks/test_build_service_check.py +++ b/tests/slsa_analyzer/checks/test_build_service_check.py @@ -179,7 +179,7 @@ def test_build_service_check(self) -> None: # Use pip as a module in CI with invalid goal to build the artifact. no_pip_interpreter_build_ci = MockAnalyzeContext(macaron_path=MacaronTestCase.macaron_path, output_dir="") no_pip_interpreter_build_ci.dynamic_data["build_spec"]["tools"] = [pip] - bash_commands["commands"] = [["python", "-m", "pip", "installl"]] + bash_commands["commands"] = [["python", "-m", "pip", "install-"]] no_pip_interpreter_build_ci.dynamic_data["ci_services"] = [ci_info] assert check.run_check(no_pip_interpreter_build_ci).result_type == CheckResultType.FAILED diff --git a/tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py b/tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py index ec3bca3ba..f38874f1a 100644 --- a/tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py +++ b/tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py @@ -1,7 +1,7 @@ # Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. -"""This module contains tests for the Infer ArtiFact Pipeline check.""" +"""This module contains tests for the Infer Artifact Pipeline check.""" from pathlib import Path diff --git a/tests/slsa_analyzer/git_service/test_github.py b/tests/slsa_analyzer/git_service/test_github.py index 046da1789..e01a415b7 100644 --- a/tests/slsa_analyzer/git_service/test_github.py +++ b/tests/slsa_analyzer/git_service/test_github.py @@ -24,6 +24,6 @@ def test_is_detected(self) -> None: assert github.is_detected("git@github.com:7999/org/name") assert github.is_detected("ssh://git@github.com:7999/org/name") assert not github.is_detected("http://gitlab.com/org/name") - assert not github.is_detected("git@githubb.com:org/name") - assert not github.is_detected("git@not_supported_git_host.com:7999/org/name") + assert not github.is_detected("git@github0.com:org/name") + assert not github.is_detected("git@not-supported-git-host.com:7999/org/name") assert not github.is_detected("ssh://git@bitbucket.com:7999/org/name") diff --git a/tests/slsa_analyzer/provenance/expectations/cue/test_cue_validator.py b/tests/slsa_analyzer/provenance/expectations/cue/test_cue_validator.py index c51576811..fd2fc8e28 100644 --- a/tests/slsa_analyzer/provenance/expectations/cue/test_cue_validator.py +++ b/tests/slsa_analyzer/provenance/expectations/cue/test_cue_validator.py @@ -12,16 +12,17 @@ from macaron.database.table_definitions import CUEExpectation from macaron.slsa_analyzer.provenance.expectations.cue.cue_validator import get_target, validate_expectation -EXPEC_RESOURCE_PATH = Path(__file__).parent.joinpath("resources") +EXPECT_RESOURCE_PATH = Path(__file__).parent.joinpath("resources") PROV_RESOURCE_PATH = Path(__file__).parent.parent.parent.joinpath("resources") +PACKAGE_URLLIB3 = "pkg:github.com/urllib3/urllib3" @pytest.mark.parametrize( "expectation_path", [ - os.path.join(EXPEC_RESOURCE_PATH, "invalid_expectations", "invalid.cue"), - os.path.join(EXPEC_RESOURCE_PATH, "invalid_expectations", "urllib3_INVALID.cue"), - os.path.join(EXPEC_RESOURCE_PATH, "invalid_expectations", "no_file.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "invalid_expectations", "invalid.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "invalid_expectations", "urllib3_INVALID.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "invalid_expectations", "no_file.cue"), ], ) def test_make_expectation(expectation_path: str) -> None: @@ -35,8 +36,8 @@ def test_make_expectation(expectation_path: str) -> None: @pytest.mark.parametrize( ("expectation_path", "expected"), [ - (os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), "pkg:github.com/urllib3/urllib3"), - (os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), ""), + (os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), PACKAGE_URLLIB3), + (os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), ""), ], ) def test_get_target(expectation_path: str, expected: str) -> None: @@ -52,22 +53,22 @@ def test_get_target(expectation_path: str, expected: str) -> None: ("expectation_path", "prov_path", "expected"), [ ( - os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), os.path.join(PROV_RESOURCE_PATH, "valid_provenances", "urllib3_decoded_PASS.json"), True, ), ( - os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), os.path.join(PROV_RESOURCE_PATH, "valid_provenances", "urllib3_decoded_FAIL.json"), False, ), ( - os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), os.path.join(PROV_RESOURCE_PATH, "valid_provenances", "urllib3_decoded_PASS.json"), False, ), ( - os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), os.path.join(PROV_RESOURCE_PATH, "valid_provenances", "urllib3_decoded_FAIL.json"), False, ), diff --git a/tests/slsa_analyzer/test_git_url.py b/tests/slsa_analyzer/test_git_url.py index eff608f49..28aa88e83 100644 --- a/tests/slsa_analyzer/test_git_url.py +++ b/tests/slsa_analyzer/test_git_url.py @@ -133,8 +133,8 @@ def test_get_remote_vcs_url() -> None: assert git_url.get_remote_vcs_url("ssh://gitlab.com:org/name.git") == "" assert git_url.get_remote_vcs_url("https://github.com/org") == "" assert git_url.get_remote_vcs_url("https://example.com") == "" - assert git_url.get_remote_vcs_url("https://unsupport.host.com/org/name") == "" - assert git_url.get_remote_vcs_url("git@unsupport.host.com:org/name/") == "" + assert git_url.get_remote_vcs_url("https://unsupported.host.com/org/name") == "" + assert git_url.get_remote_vcs_url("git@unsupported.host.com:org/name/") == "" assert git_url.get_remote_vcs_url("git@github.com:org/") == "" assert git_url.get_remote_vcs_url("git@github.com:7999/org/") == "" diff --git a/tests/test_main.py b/tests/test_main.py index d30b5934e..ce7f9d7c4 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -26,7 +26,7 @@ def test_version(capsys: pytest.CaptureFixture, flag: str) -> None: main([flag]) out, err = capsys.readouterr() - # Test that we are indeed outputing Macaron version. + # Test that we are indeed outputting Macaron version. assert out == f"macaron {importlib_metadata.version('macaron')}\n" assert err == "" assert exc_info.value.code == 0