From bf92deef927a4e46f0f64413eae3bc2b9b2322bd Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:47:34 -0500 Subject: [PATCH 01/34] chore: spelling: - Signed-off-by: Josh Soref --- tests/slsa_analyzer/git_service/test_github.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/slsa_analyzer/git_service/test_github.py b/tests/slsa_analyzer/git_service/test_github.py index 046da1789..4716ad8f4 100644 --- a/tests/slsa_analyzer/git_service/test_github.py +++ b/tests/slsa_analyzer/git_service/test_github.py @@ -25,5 +25,5 @@ def test_is_detected(self) -> None: assert github.is_detected("ssh://git@github.com:7999/org/name") assert not github.is_detected("http://gitlab.com/org/name") assert not github.is_detected("git@githubb.com:org/name") - assert not github.is_detected("git@not_supported_git_host.com:7999/org/name") + assert not github.is_detected("git@not-supported-git-host.com:7999/org/name") assert not github.is_detected("ssh://git@bitbucket.com:7999/org/name") From 4e47ee649d04d3d745da2be5199890c105520451 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 02/34] chore: spelling: arbitrary Signed-off-by: Josh Soref --- docker/Dockerfile.final | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.final b/docker/Dockerfile.final index bd65febf3..a96036403 100644 --- a/docker/Dockerfile.final +++ b/docker/Dockerfile.final @@ -16,7 +16,7 @@ ENV HOME="/home/macaron" ENV PACKAGE_PATH=$HOME/.venv/lib/python3.11/site-packages/macaron -# Create the macaron user and group with abritary UID and GID. +# Create the macaron user and group with arbitrary UID and GID. # The macaron GID and UID in this image will be modified by the # user.sh script on startup to get the UID and GID of the user who started # the Docker container. From da212d7d0213e161221b27fac6e8fda017a87492 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 03/34] chore: spelling: artifact Signed-off-by: Josh Soref --- tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py b/tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py index ec3bca3ba..f38874f1a 100644 --- a/tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py +++ b/tests/slsa_analyzer/checks/test_infer_artifact_pipeline.py @@ -1,7 +1,7 @@ # Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. -"""This module contains tests for the Infer ArtiFact Pipeline check.""" +"""This module contains tests for the Infer Artifact Pipeline check.""" from pathlib import Path From 5344055b81c5e319258b5f3c29504191d0f7e027 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 04/34] chore: spelling: below Signed-off-by: Josh Soref --- docs/source/pages/using.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/pages/using.rst b/docs/source/pages/using.rst index 960e9cce6..9d69d6162 100644 --- a/docs/source/pages/using.rst +++ b/docs/source/pages/using.rst @@ -102,7 +102,7 @@ To simplify the examples, we use the same configurations as above if needed (e.g pkg:// -The list bellow shows examples for the corresponding PURL strings for different git repositories: +The list below shows examples for the corresponding PURL strings for different git repositories: .. list-table:: Examples of PURL strings for git repositories. :widths: 50 50 From 7c4da9321abff8a05458ce064e8279228099f9d6 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 05/34] chore: spelling: bound Signed-off-by: Josh Soref --- src/macaron/output_reporter/templates/base_template.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macaron/output_reporter/templates/base_template.html b/src/macaron/output_reporter/templates/base_template.html index 3a31a39bf..2d440e34e 100644 --- a/src/macaron/output_reporter/templates/base_template.html +++ b/src/macaron/output_reporter/templates/base_template.html @@ -256,7 +256,7 @@ } /* - The reason why we need to create a separate .toggler class is because all .caret class are set binded + The reason why we need to create a separate .toggler class is because all .caret class are bound to the listener for extending/collapsing the provenance fields. */ .caret, .toggler { From 96c76114995d263567339d824f250bb1348097be Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 06/34] chore: spelling: component Signed-off-by: Josh Soref --- src/macaron/policy_engine/examples/aggregate.dl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macaron/policy_engine/examples/aggregate.dl b/src/macaron/policy_engine/examples/aggregate.dl index aeebc5e9a..fff73adfb 100644 --- a/src/macaron/policy_engine/examples/aggregate.dl +++ b/src/macaron/policy_engine/examples/aggregate.dl @@ -12,7 +12,7 @@ apply_policy_to("aggregate_level_3", repo_id) :- // if we have provenance, then require using a trusted builder, // verifying the provenance attestations, and // dependencies must use some kind of scripted build - repository_analysis(_, componen_id, repo_id, name), + repository_analysis(_, component_id, repo_id, name), provenance(_, component_id, _, _, _, _). // Require everything to have version control From 078823134b5bced668e683833c82a116c4971dfc Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 07/34] chore: spelling: configuration Signed-off-by: Josh Soref --- src/macaron/__main__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macaron/__main__.py b/src/macaron/__main__.py index e5a7aeb73..a982bb33a 100644 --- a/src/macaron/__main__.py +++ b/src/macaron/__main__.py @@ -109,7 +109,7 @@ def analyze_slsa_levels_single(analyzer_single_args: argparse.Namespace) -> None # of the Configuration class, but if `` analyzer_single_args.package_url`` is None, the ``purl`` field is set # to None in the Configuration instance. # This inconsistency could cause potential issues when Macaron handles those inputs. - # TODO: improve the implementation of ``Configuation`` class to avoid such inconsistencies. + # TODO: improve the implementation of ``Configuration`` class to avoid such inconsistencies. run_config = { "target": { "id": purl or repo_path or "", From 01332276942496405290c513eaffccffecd8001f Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 08/34] chore: spelling: consecutive Signed-off-by: Josh Soref --- tests/policy_engine/test_souffle.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/policy_engine/test_souffle.py b/tests/policy_engine/test_souffle.py index 058b5eebf..3a927a867 100644 --- a/tests/policy_engine/test_souffle.py +++ b/tests/policy_engine/test_souffle.py @@ -45,7 +45,7 @@ def test_error() -> None: raise ValueError() -def test_consecuitve() -> None: +def test_consecutive() -> None: """ Test running different programs in the same context. From 9e751e3b981e313b34e9b71ec2ee58a8c38ada27 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 09/34] chore: spelling: corporation Signed-off-by: Josh Soref --- THIRD_PARTY_LICENSES.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/THIRD_PARTY_LICENSES.txt b/THIRD_PARTY_LICENSES.txt index 7fd4c61a9..bef1a0377 100644 --- a/THIRD_PARTY_LICENSES.txt +++ b/THIRD_PARTY_LICENSES.txt @@ -5434,7 +5434,7 @@ Copyright 2020 Google LLC. Copyright 2020 Google LLC. All Rights Reserved. Copyright 2020 Google LLC. All Rights Reserved.\n" + Copyright 2020 Gregor Martynus -Copyright 2020 Intel Coporation. +Copyright 2020 Intel Corporation. Copyright 2020 The Go Authors. All rights reserved. Copyright 2020 The Kubernetes Authors. Copyright 2020 The gRPC Authors @@ -10201,7 +10201,7 @@ SPDX:Apache-2.0 == Copyright Copyright 2013 Google Inc. All Rights Reserved. Copyright 2019 The Kubernetes Authors. -Copyright 2020 Intel Coporation. +Copyright 2020 Intel Corporation. Copyright 2020 The Kubernetes Authors. Copyright 2021 The Kubernetes Authors. Copyright 2022 The Kubernetes Authors. @@ -10890,7 +10890,7 @@ Copyright 2020 Google LLC. Copyright 2020 Google LLC. All Rights Reserved. Copyright 2020 Google LLC. All Rights Reserved.\n" + Copyright 2020 Gregor Martynus -Copyright 2020 Intel Coporation. +Copyright 2020 Intel Corporation. Copyright 2020 The Go Authors. All rights reserved. Copyright 2020 The Kubernetes Authors. Copyright 2020 The gRPC Authors From 2ae9ea0bd631904d706cd81ba2660de396d67cd6 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 10/34] chore: spelling: cyclone Signed-off-by: Josh Soref --- .github/workflows/_build.yaml | 2 +- tests/dependency_analyzer/cyclonedx/test_cyclonedx.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index 6ed3a3354..286755012 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -91,7 +91,7 @@ jobs: GITHUB_TOKEN: ${{ github.token }} # Generate the requirements.txt that contains the hash digests of the dependencies and - # generate the SBOM using CyclonDX SBOM generator. + # generate the SBOM using CycloneDX SBOM generator. - name: Generate requirements.txt and SBOM if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON run: make requirements sbom diff --git a/tests/dependency_analyzer/cyclonedx/test_cyclonedx.py b/tests/dependency_analyzer/cyclonedx/test_cyclonedx.py index e05e24307..f3b939de9 100644 --- a/tests/dependency_analyzer/cyclonedx/test_cyclonedx.py +++ b/tests/dependency_analyzer/cyclonedx/test_cyclonedx.py @@ -1,7 +1,7 @@ # Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. -"""This module tests the CyclondeDX helper functions.""" +"""This module tests the CycloneDX helper functions.""" import os from pathlib import Path From 5d2bea2996d33daf6c6ae3f1cf3320505ee56b5c Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:25 -0500 Subject: [PATCH 11/34] chore: spelling: dependencies Signed-off-by: Josh Soref --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2fe5e91ca..4a3caee72 100644 --- a/Makefile +++ b/Makefile @@ -156,7 +156,7 @@ souffle: # package dependencies declared in pyproject.toml. # Go dependencies are only upgraded by Dependabot and managed differently # from Python dependencies and by default the upgrade target does not -# upgrade Go dependencies. To upgrade the Go depenencies use the +# upgrade Go dependencies. To upgrade the Go dependencies use the # `upgrade-go` target directly, which uses the code snippet suggested # here instead of `go get -u` to avoid updating indirect dependencies # and creating a broken state: From 92cf3afcaa69f65ff5793b594f802ef1c1ec5c33 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 12/34] chore: spelling: encode Signed-off-by: Josh Soref --- docs/source/pages/tutorials/commit_finder.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/pages/tutorials/commit_finder.rst b/docs/source/pages/tutorials/commit_finder.rst index f02ce1d5e..eb9a63bcf 100644 --- a/docs/source/pages/tutorials/commit_finder.rst +++ b/docs/source/pages/tutorials/commit_finder.rst @@ -52,7 +52,7 @@ To perform an analysis on Arrow, Macaron can be run with the following command: ./run_macaron.sh analyze -rp https://github.com/arrow-py/arrow --skip-deps -However, this will return results based only on the current state of the repository, which as described above, is not what we want to achieve in this tutorial. To perform analyses on other repository states, we need to provide Macaron with the target artifact versions in the form of `PURLs `_, or Package URLs, which is a convenient way to encodify packages from different ecosystems into the same format. +However, this will return results based only on the current state of the repository, which as described above, is not what we want to achieve in this tutorial. To perform analyses on other repository states, we need to provide Macaron with the target artifact versions in the form of `PURLs `_, or Package URLs, which is a convenient way to encode packages from different ecosystems into the same format. In our case we are looking at a Python package, so our PURL must reflect that. For versions we will analyze ``1.3.0`` and ``0.15.0``, giving us the following PURLs: From 5db2ab465c83267298569b414d1306a9cad29318 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 13/34] chore: spelling: expect Signed-off-by: Josh Soref --- .../expectations/cue/test_cue_validator.py | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/tests/slsa_analyzer/provenance/expectations/cue/test_cue_validator.py b/tests/slsa_analyzer/provenance/expectations/cue/test_cue_validator.py index c51576811..fd2fc8e28 100644 --- a/tests/slsa_analyzer/provenance/expectations/cue/test_cue_validator.py +++ b/tests/slsa_analyzer/provenance/expectations/cue/test_cue_validator.py @@ -12,16 +12,17 @@ from macaron.database.table_definitions import CUEExpectation from macaron.slsa_analyzer.provenance.expectations.cue.cue_validator import get_target, validate_expectation -EXPEC_RESOURCE_PATH = Path(__file__).parent.joinpath("resources") +EXPECT_RESOURCE_PATH = Path(__file__).parent.joinpath("resources") PROV_RESOURCE_PATH = Path(__file__).parent.parent.parent.joinpath("resources") +PACKAGE_URLLIB3 = "pkg:github.com/urllib3/urllib3" @pytest.mark.parametrize( "expectation_path", [ - os.path.join(EXPEC_RESOURCE_PATH, "invalid_expectations", "invalid.cue"), - os.path.join(EXPEC_RESOURCE_PATH, "invalid_expectations", "urllib3_INVALID.cue"), - os.path.join(EXPEC_RESOURCE_PATH, "invalid_expectations", "no_file.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "invalid_expectations", "invalid.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "invalid_expectations", "urllib3_INVALID.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "invalid_expectations", "no_file.cue"), ], ) def test_make_expectation(expectation_path: str) -> None: @@ -35,8 +36,8 @@ def test_make_expectation(expectation_path: str) -> None: @pytest.mark.parametrize( ("expectation_path", "expected"), [ - (os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), "pkg:github.com/urllib3/urllib3"), - (os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), ""), + (os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), PACKAGE_URLLIB3), + (os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), ""), ], ) def test_get_target(expectation_path: str, expected: str) -> None: @@ -52,22 +53,22 @@ def test_get_target(expectation_path: str, expected: str) -> None: ("expectation_path", "prov_path", "expected"), [ ( - os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), os.path.join(PROV_RESOURCE_PATH, "valid_provenances", "urllib3_decoded_PASS.json"), True, ), ( - os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_PASS.cue"), os.path.join(PROV_RESOURCE_PATH, "valid_provenances", "urllib3_decoded_FAIL.json"), False, ), ( - os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), os.path.join(PROV_RESOURCE_PATH, "valid_provenances", "urllib3_decoded_PASS.json"), False, ), ( - os.path.join(EXPEC_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), + os.path.join(EXPECT_RESOURCE_PATH, "valid_expectations", "urllib3_FAIL.cue"), os.path.join(PROV_RESOURCE_PATH, "valid_provenances", "urllib3_decoded_FAIL.json"), False, ), From 312408c68756e27cb0cdb08aeb0881100ff25982 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 14/34] chore: spelling: findutils Signed-off-by: Josh Soref --- docker/Dockerfile.base | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.base b/docker/Dockerfile.base index 73a7eba0c..caace5f2b 100644 --- a/docker/Dockerfile.base +++ b/docker/Dockerfile.base @@ -56,7 +56,7 @@ enabled=1\ # Exception: netbase (We couldn't find an equivalent in Oracle Linux). tzdata \ ca-certificates \ - # git and finutils are needed for running and building Macaron. + # git and findutils are needed for running and building Macaron. git \ findutils \ # Runtime libraries for Souffle. These are based on From 4a4c9efd9f7db777e228f4fe839b7c2b847ebd7e Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 15/34] chore: spelling: function Signed-off-by: Josh Soref --- src/macaron/slsa_analyzer/git_url.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/macaron/slsa_analyzer/git_url.py b/src/macaron/slsa_analyzer/git_url.py index 50ba9736e..eb93142bf 100644 --- a/src/macaron/slsa_analyzer/git_url.py +++ b/src/macaron/slsa_analyzer/git_url.py @@ -117,7 +117,7 @@ def check_out_repo_target( ) -> bool: """Checkout the branch and commit specified by the user. - This fucntion assumes that a remote "origin" exist and checkout from that remote ONLY. + This function assumes that a remote "origin" exist and checkout from that remote ONLY. If ``offline_mode`` is False, this function will fetch new changes from origin remote. The fetching operation will prune and update all references (e.g. tags, branches) to make sure that the local repository is up-to-date @@ -132,7 +132,7 @@ def check_out_repo_target( If ``branch_name`` is not provided and a commit is provided, this function will checkout the commit directly. If both ``branch_name`` and a commit are provided, this function will checkout the commit directly only if that - commit exists in the branch origin/. If not, this fucntion will return False. + commit exists in the branch origin/. If not, this function will return False. For all scenarios: - If the checkout fails (e.g. a branch or a commit doesn't exist), this function will return From 8e4fe45ce0af5e56434e83e682689fed9ef31b35 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 16/34] chore: spelling: github Signed-off-by: Josh Soref --- .github/workflows/release.yaml | 4 ++-- docs/source/pages/using.rst | 6 +++--- src/macaron/repo_finder/repo_finder.py | 2 +- src/macaron/slsa_analyzer/checks/build_as_code_check.py | 2 +- src/macaron/slsa_analyzer/git_service/api_client.py | 2 +- tests/slsa_analyzer/checks/test_build_as_code_check.py | 4 ++-- tests/slsa_analyzer/git_service/test_github.py | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 846f48bf5..d41c80ed5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -97,7 +97,7 @@ jobs: contents: read packages: read - # Create a new Release on Github from the verified build artifacts, and optionally + # Create a new Release on GitHub from the verified build artifacts, and optionally # publish the artifacts to a PyPI server. release: needs: [build] @@ -284,7 +284,7 @@ jobs: # provenance-docker: # needs: [release] # permissions: - # actions: read # To detect the Github Actions environment. + # actions: read # To detect the GitHub Actions environment. # id-token: write # To create OIDC tokens for signing. # packages: write # To upload provenance. # uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 diff --git a/docs/source/pages/using.rst b/docs/source/pages/using.rst index 9d69d6162..ca461f462 100644 --- a/docs/source/pages/using.rst +++ b/docs/source/pages/using.rst @@ -18,12 +18,12 @@ Analyzing a source code repository ---------------------------------- '''''''''''''''''''''''''''''''''''' -Analyzing a public Github repository +Analyzing a public GitHub repository '''''''''''''''''''''''''''''''''''' -Macaron can analyze a Github public repository (and potentially the repositories of it dependencies) to determine its SLSA posture following the specification of `SLSA v0.1 `_. +Macaron can analyze a GitHub public repository (and potentially the repositories of it dependencies) to determine its SLSA posture following the specification of `SLSA v0.1 `_. -To run Macaron on a Github public repository, we use the following command: +To run Macaron on a GitHub public repository, we use the following command: .. code-block:: shell diff --git a/src/macaron/repo_finder/repo_finder.py b/src/macaron/repo_finder/repo_finder.py index 6f7e8fad4..ca2fffd28 100644 --- a/src/macaron/repo_finder/repo_finder.py +++ b/src/macaron/repo_finder/repo_finder.py @@ -19,7 +19,7 @@ For Python, .NET, Rust, and NodeJS type PURLs, Google's Open Source Insights API is used to find the meta data. In either case, any repository links are extracted from the meta data, then checked for validity via -``repo_validator::find_valid_repository_url`` which accepts URLs that point to a Github repository or similar. +``repo_validator::find_valid_repository_url`` which accepts URLs that point to a GitHub repository or similar. Repository PURLs ---------------- diff --git a/src/macaron/slsa_analyzer/checks/build_as_code_check.py b/src/macaron/slsa_analyzer/checks/build_as_code_check.py index 3e59f36b2..7a849b4d4 100644 --- a/src/macaron/slsa_analyzer/checks/build_as_code_check.py +++ b/src/macaron/slsa_analyzer/checks/build_as_code_check.py @@ -164,7 +164,7 @@ def _check_build_tool( trusted_deploy_actions = build_tool.ci_deploy_kws["github_actions"] or [] - # Check for use of a trusted Github Actions workflow to publish/deploy. + # Check for use of a trusted GitHub Actions workflow to publish/deploy. # TODO: verify that deployment is legitimate and not a test if trusted_deploy_actions: for callee in ci_info["callgraph"].bfs(): diff --git a/src/macaron/slsa_analyzer/git_service/api_client.py b/src/macaron/slsa_analyzer/git_service/api_client.py index 575ae290c..44e4d6734 100644 --- a/src/macaron/slsa_analyzer/git_service/api_client.py +++ b/src/macaron/slsa_analyzer/git_service/api_client.py @@ -148,7 +148,7 @@ class _GhAPIEndPoint(Enum): class GhAPIClient(BaseAPIClient): - """This class acts as a client to use Github API. + """This class acts as a client to use GitHub API. See https://docs.github.com/en/rest for the GitHub API documentation. """ diff --git a/tests/slsa_analyzer/checks/test_build_as_code_check.py b/tests/slsa_analyzer/checks/test_build_as_code_check.py index c215dd684..9204aff3c 100644 --- a/tests/slsa_analyzer/checks/test_build_as_code_check.py +++ b/tests/slsa_analyzer/checks/test_build_as_code_check.py @@ -226,7 +226,7 @@ def test_gha_workflow_deployment( workflows_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), "resources", "github", "workflow_files") - # This Github Actions workflow uses gh-action-pypi-publish to publish the artifact. + # This GitHub Actions workflow uses gh-action-pypi-publish to publish the artifact. gha_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="") gha_deploy.dynamic_data["build_spec"]["tools"] = [pip_tool] gha_deploy.dynamic_data["ci_services"] = [ci_info] @@ -247,7 +247,7 @@ def test_gha_workflow_deployment( ci_info["callgraph"] = gh_cg assert check.run_check(gha_deploy).result_type == CheckResultType.PASSED - # This Github Actions workflow is not using a trusted action to publish the artifact. + # This GitHub Actions workflow is not using a trusted action to publish the artifact. root = GitHubNode(name="root", node_type=GHWorkflowType.NONE, source_path="", parsed_obj={}, caller_path="") gh_cg = CallGraph(root, "") workflow_path = os.path.join(workflows_dir, "pypi_publish_blah.yaml") diff --git a/tests/slsa_analyzer/git_service/test_github.py b/tests/slsa_analyzer/git_service/test_github.py index 4716ad8f4..e01a415b7 100644 --- a/tests/slsa_analyzer/git_service/test_github.py +++ b/tests/slsa_analyzer/git_service/test_github.py @@ -24,6 +24,6 @@ def test_is_detected(self) -> None: assert github.is_detected("git@github.com:7999/org/name") assert github.is_detected("ssh://git@github.com:7999/org/name") assert not github.is_detected("http://gitlab.com/org/name") - assert not github.is_detected("git@githubb.com:org/name") + assert not github.is_detected("git@github0.com:org/name") assert not github.is_detected("git@not-supported-git-host.com:7999/org/name") assert not github.is_detected("ssh://git@bitbucket.com:7999/org/name") From 267b2f52cce3778b79687f7f4d0be05426d705e3 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 17/34] chore: spelling: gitlab Signed-off-by: Josh Soref --- tests/conftest.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/conftest.py b/tests/conftest.py index 7e725bce2..272fd539f 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -344,7 +344,7 @@ def circle_ci_service(setup_test): # type: ignore # pylint: disable=unused-argu @pytest.fixture() def gitlab_ci_service(setup_test): # type: ignore # pylint: disable=unused-argument - """Create a GitlabCI service instance. + """Create a GitLabCI service instance. Parameters ---------- @@ -353,8 +353,8 @@ def gitlab_ci_service(setup_test): # type: ignore # pylint: disable=unused-argu Returns ------- - GitlabCI - The GitlabCI instance. + GitLabCI + The GitLabCI instance. """ gitlab_ci = GitLabCI() gitlab_ci.load_defaults() From 52344016d6d2a84d7acb3cdf3f26917d27d7c3a8 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 18/34] chore: spelling: info Signed-off-by: Josh Soref --- src/macaron/slsa_analyzer/registry.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macaron/slsa_analyzer/registry.py b/src/macaron/slsa_analyzer/registry.py index 5cb28d423..06e8e7287 100644 --- a/src/macaron/slsa_analyzer/registry.py +++ b/src/macaron/slsa_analyzer/registry.py @@ -338,7 +338,7 @@ def scan(self, target: AnalyzeContext, skipped_checks: list[SkippedInfo]) -> dic ---------- target : AnalyzeContext The object containing processed data for the target repo. - skipped_checks : list[SkippedInfor] + skipped_checks : list[SkippedInfo] The list of skipped checks information. Returns From caf443f87e740c1a4da48be8029a1a18e9a987b3 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 19/34] chore: spelling: infrastructure Signed-off-by: Josh Soref --- docs/source/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/index.rst b/docs/source/index.rst index 9681d4ac8..372b46f21 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -93,7 +93,7 @@ How does Macaron work? :alt: Macaron infrastructure :align: center - Macaron's infrastucture + Macaron's infrastructure Macaron is designed based on a Zero Trust model. It analyzes a target repository as an external tool and requires minimal configurations. After cloning a repository, Macaron parses the CI From 052a53c94b7d94f8856ce6fa25fdbcc0cbd98101 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 20/34] chore: spelling: install Signed-off-by: Josh Soref --- tests/slsa_analyzer/checks/test_build_service_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/slsa_analyzer/checks/test_build_service_check.py b/tests/slsa_analyzer/checks/test_build_service_check.py index 71d48219b..895b320c4 100644 --- a/tests/slsa_analyzer/checks/test_build_service_check.py +++ b/tests/slsa_analyzer/checks/test_build_service_check.py @@ -179,7 +179,7 @@ def test_build_service_check(self) -> None: # Use pip as a module in CI with invalid goal to build the artifact. no_pip_interpreter_build_ci = MockAnalyzeContext(macaron_path=MacaronTestCase.macaron_path, output_dir="") no_pip_interpreter_build_ci.dynamic_data["build_spec"]["tools"] = [pip] - bash_commands["commands"] = [["python", "-m", "pip", "installl"]] + bash_commands["commands"] = [["python", "-m", "pip", "install-"]] no_pip_interpreter_build_ci.dynamic_data["ci_services"] = [ci_info] assert check.run_check(no_pip_interpreter_build_ci).result_type == CheckResultType.FAILED From 0af377b373e6e0de4f7f8bc5381245799c5204ce Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:26 -0500 Subject: [PATCH 21/34] chore: spelling: interests us Signed-off-by: Josh Soref --- docs/source/pages/using.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/pages/using.rst b/docs/source/pages/using.rst index ca461f462..773fb6833 100644 --- a/docs/source/pages/using.rst +++ b/docs/source/pages/using.rst @@ -332,7 +332,7 @@ Macaron's policy engine accepts policies specified in `Datalog `_ as the Datalog engine in Macaron. Once you run the checks on a target project as described :ref:`here `, the check results will be stored in ``macaron.db`` in the output directory. We pass the check results to the policy engine by providing the path to ``macaron.db`` together with a Datalog policy file to be validated by the policy engine. -In the Datalog policy file, we must specify the identifier for the target software component that we are interested in to validate the policy against. These are two ways to specify the target software component in the Datalog policy file: +In the Datalog policy file, we must specify the identifier for the target software component that interests us to validate the policy against. These are two ways to specify the target software component in the Datalog policy file: #. Using the complete name of the target component (e.g. ``github.com/oracle-quickstart/oci-micronaut``) #. Using the PURL string of the target component (e.g. ``pkg:github.com/oracle-quickstart/oci-micronaut@``). From 1c7805bc5cbde7fc133daabe4ab3a871ae43f11f Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 22/34] chore: spelling: macos Signed-off-by: Josh Soref --- CHANGELOG.md | 2 +- scripts/release_scripts/run_macaron.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c37fd95e3..34d5d4eaa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,7 +21,7 @@ - resolve podman compatibility issues (#512) - do not use git set-branches if the target branch is not currently available in the repository (#491) -- fix bash syntax error when running `run_macaron.sh` on MacOS (#528) +- fix bash syntax error when running `run_macaron.sh` on macOS (#528) ### Refactor diff --git a/scripts/release_scripts/run_macaron.sh b/scripts/release_scripts/run_macaron.sh index fb3f5bc95..ee39e68e7 100755 --- a/scripts/release_scripts/run_macaron.sh +++ b/scripts/release_scripts/run_macaron.sh @@ -23,7 +23,7 @@ set -euo pipefail # The `extglob` shopt option is required for the `@(...)` pattern matching syntax. -# This option is not enabled by default for bash on some systems, most notably MacOS +# This option is not enabled by default for bash on some systems, most notably macOS # where the default bash version is very old. # Reference: https://www.gnu.org/software/bash/manual/html_node/The-Shopt-Builtin.html shopt -s extglob From 325d31d0efd0948dacdd37e3ec4efbd3b969b1cd Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 23/34] chore: spelling: may not Signed-off-by: Josh Soref --- .../bashparser/resources/bash_files/valid_github_action_bash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/parsers/bashparser/resources/bash_files/valid_github_action_bash.sh b/tests/parsers/bashparser/resources/bash_files/valid_github_action_bash.sh index 95937e420..a725e1ef0 100644 --- a/tests/parsers/bashparser/resources/bash_files/valid_github_action_bash.sh +++ b/tests/parsers/bashparser/resources/bash_files/valid_github_action_bash.sh @@ -4,7 +4,7 @@ # This is a valid GitHub Actions expression. echo "hash=${{ steps.compute-hash.outputs.hash }}" >> "$GITHUB_OUTPUT" -# These maynot be valid GitHub Actions expressions but we want to make +# These may not be valid GitHub Actions expressions but we want to make # sure we can handle such cases using greedy regex matching. echo "hash=${{ ${{ FOO }} }}" echo "hash=${{ ${ FOO } }}" From a38b1bfb6c8183e0df20d5338e348110b7accc6f Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 24/34] chore: spelling: nondeterministic Signed-off-by: Josh Soref --- scripts/dev_scripts/integration_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/dev_scripts/integration_tests.sh b/scripts/dev_scripts/integration_tests.sh index 60573fd66..2e17c4f18 100755 --- a/scripts/dev_scripts/integration_tests.sh +++ b/scripts/dev_scripts/integration_tests.sh @@ -467,7 +467,7 @@ HTML_EXPECTED=$WORKSPACE/output/reports/local_repos/maven/maven.html $RUN_MACARON -lr $WORKSPACE/output/git_repos/local_repos/ analyze -rp test_repo -b master -d 3fc399318edef0d5ba593723a24fff64291d6f9b --skip-deps || log_fail -# We don't compare the report content because the remote_path fields in the reports are undeterministic when running +# We don't compare the report content because the remote_path fields in the reports are nondeterministic when running # this test locally and running it in the GitHub Actions runner. We only check if the reports are generated as # expected without the issue described in https://github.com/oracle/macaron/issues/116. ls $JSON_EXPECTED || log_fail From 211c76b4f6bda26b7acf601e1d8c60a1e2844118 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 25/34] chore: spelling: output Signed-off-by: Josh Soref --- docs/source/pages/output_files.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/pages/output_files.rst b/docs/source/pages/output_files.rst index 05a19b59e..09d3d0a0d 100644 --- a/docs/source/pages/output_files.rst +++ b/docs/source/pages/output_files.rst @@ -68,7 +68,7 @@ The report files will be stored into: .. code-block:: - /reports/github_com/micronaut-projects/micronaut-core + /reports/github_com/micronaut-projects/micronaut-core .. note:: In the unique path, only ASCII letters, digits and ``-`` are allowed. Prohibited characters are changed into ``_``. No changes to the letter case are made. From fb7697d0c4948455d4d3322d36947736e049fd3e Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 26/34] chore: spelling: outputting Signed-off-by: Josh Soref --- tests/test_main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_main.py b/tests/test_main.py index d30b5934e..ce7f9d7c4 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -26,7 +26,7 @@ def test_version(capsys: pytest.CaptureFixture, flag: str) -> None: main([flag]) out, err = capsys.readouterr() - # Test that we are indeed outputing Macaron version. + # Test that we are indeed outputting Macaron version. assert out == f"macaron {importlib_metadata.version('macaron')}\n" assert err == "" assert exc_info.value.code == 0 From e727594df91c32426439753cb8c531d799a59c82 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 27/34] chore: spelling: provenance Signed-off-by: Josh Soref --- src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py b/src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py index 9b5344fd8..11a6ec082 100644 --- a/src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py +++ b/src/macaron/slsa_analyzer/checks/provenance_witness_l1_check.py @@ -82,7 +82,7 @@ def verify_artifact_assets( class ProvenanceWitnessL1Table(CheckFacts, ORMBase): - """Result table for provenenance l3 check.""" + """Result table for provenance l3 check.""" __tablename__ = "_provenance_witness_l1_check" From 0ba23f1c5e13704c3af714264029cf733e92db06 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 28/34] chore: spelling: response Signed-off-by: Josh Soref --- .../slsa_analyzer/package_registry/jfrog_maven_registry.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macaron/slsa_analyzer/package_registry/jfrog_maven_registry.py b/src/macaron/slsa_analyzer/package_registry/jfrog_maven_registry.py index 00d270acd..ce52a6595 100644 --- a/src/macaron/slsa_analyzer/package_registry/jfrog_maven_registry.py +++ b/src/macaron/slsa_analyzer/package_registry/jfrog_maven_registry.py @@ -560,7 +560,7 @@ def extract_file_names_from_folder_info_payload( Parameters ---------- folder_info_payload : JsonType - The JSON payload of a Folder Info reponse. + The JSON payload of a Folder Info response. extensions : set[str] | None The set of allowed extensions. Filenames not ending in these extensions are omitted from the result. From 62d373a6dc819bc2d3b1ca3b99083dcb2292c7a3 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 29/34] chore: spelling: successfully Signed-off-by: Josh Soref --- .../resources/github/workflow_files/maven_build_itself.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/slsa_analyzer/checks/resources/github/workflow_files/maven_build_itself.yml b/tests/slsa_analyzer/checks/resources/github/workflow_files/maven_build_itself.yml index 40b8f6f6c..0ddda9159 100644 --- a/tests/slsa_analyzer/checks/resources/github/workflow_files/maven_build_itself.yml +++ b/tests/slsa_analyzer/checks/resources/github/workflow_files/maven_build_itself.yml @@ -35,7 +35,7 @@ jobs: tar -xzf ${{ env.TAR_BALL }} -C "$temp_dir" --strip 1 maven_bin_dir=$temp_dir/bin if [ -d $maven_bin_dir ]; then - echo "tar.gz file \"${{ env.TAR_BALL }}\" succesfully extracted in temporarily directory \"$temp_dir.\"" + echo "tar.gz file \"${{ env.TAR_BALL }}\" successfully extracted in temporarily directory \"$temp_dir.\"" echo "TEMP_MAVEN_BIN_DIR=$maven_bin_dir" >> $GITHUB_ENV else echo "$maven_bin_dir does not exist." From aa72be76a3bfe5c1a1008cefb891eb26fdf26b50 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 30/34] chore: spelling: the Signed-off-by: Josh Soref --- docs/source/pages/tutorials/detect_malicious_java_dep.rst | 2 +- src/macaron/slsa_analyzer/checks/build_service_check.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/pages/tutorials/detect_malicious_java_dep.rst b/docs/source/pages/tutorials/detect_malicious_java_dep.rst index b8910d015..e0710629a 100644 --- a/docs/source/pages/tutorials/detect_malicious_java_dep.rst +++ b/docs/source/pages/tutorials/detect_malicious_java_dep.rst @@ -72,7 +72,7 @@ First, we need to run the ``analyze`` command of Macaron to run a number of :ref .. note:: By default, Macaron clones the repositories and creates output files under the ``output`` directory. To understand the structure of this directory please see :ref:`Output Files Guide `. -By default, this command analyzes the the latest commit of the default branch of the repository. You can also analyze the repository +By default, this command analyzes the latest commit of the default branch of the repository. You can also analyze the repository at a specific commit by providing the branch and commit digest. See the :ref:`CLI options` of the ``analyze`` command for more information. After running the ``analyze`` command, we can view the data that Macaron has gathered about the ``example-maven-app`` repository in an HTML report. diff --git a/src/macaron/slsa_analyzer/checks/build_service_check.py b/src/macaron/slsa_analyzer/checks/build_service_check.py index ea2273ea0..503fe2348 100644 --- a/src/macaron/slsa_analyzer/checks/build_service_check.py +++ b/src/macaron/slsa_analyzer/checks/build_service_check.py @@ -82,7 +82,7 @@ def _has_build_command(self, commands: list[list[str]], build_tool: BaseBuildToo continue # The first argument in a bash command is the program name. # So first check that the program name is a supported build tool name. - # We need to handle cases where the the first argument is a path to the program. + # We need to handle cases where the first argument is a path to the program. cmd_program_name = os.path.basename(com[0]) if not cmd_program_name: logger.debug("Found invalid program name %s.", com[0]) From d069996a4b551b8ad055a1c918dcfeacf28ef045 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:27 -0500 Subject: [PATCH 31/34] chore: spelling: unnecessary Signed-off-by: Josh Soref --- docker/Dockerfile.base | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile.base b/docker/Dockerfile.base index caace5f2b..ba28f67d3 100644 --- a/docker/Dockerfile.base +++ b/docker/Dockerfile.base @@ -205,7 +205,7 @@ enabled=1\ && souffle --version \ # --------------------------------------------------------------------------------------------------------------------- # CLEANING UP. - # We mark all unecessary packages to be removed while preserving the user installed packages. + # We mark all unnecessary packages to be removed while preserving the user installed packages. && dnf list installed | tail -n +2 | cut -d' ' -f1 | xargs -r dnf mark remove > /dev/null \ && [ -z "$USER_MANUAL_INSTALLED" ] || dnf mark install $USER_MANUAL_INSTALLED \ # Look for share libraries that are used by looking through the executables in /usr/local to preserve them. From 929445ec02cd38234786454dc1c3936560bbc055 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:28 -0500 Subject: [PATCH 32/34] chore: spelling: unsupported Signed-off-by: Josh Soref --- tests/slsa_analyzer/test_git_url.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/slsa_analyzer/test_git_url.py b/tests/slsa_analyzer/test_git_url.py index eff608f49..28aa88e83 100644 --- a/tests/slsa_analyzer/test_git_url.py +++ b/tests/slsa_analyzer/test_git_url.py @@ -133,8 +133,8 @@ def test_get_remote_vcs_url() -> None: assert git_url.get_remote_vcs_url("ssh://gitlab.com:org/name.git") == "" assert git_url.get_remote_vcs_url("https://github.com/org") == "" assert git_url.get_remote_vcs_url("https://example.com") == "" - assert git_url.get_remote_vcs_url("https://unsupport.host.com/org/name") == "" - assert git_url.get_remote_vcs_url("git@unsupport.host.com:org/name/") == "" + assert git_url.get_remote_vcs_url("https://unsupported.host.com/org/name") == "" + assert git_url.get_remote_vcs_url("git@unsupported.host.com:org/name/") == "" assert git_url.get_remote_vcs_url("git@github.com:org/") == "" assert git_url.get_remote_vcs_url("git@github.com:7999/org/") == "" From 57cf4b03c58b01e80cbaa2407f12cd67b1535a22 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 21 Jan 2024 03:53:28 -0500 Subject: [PATCH 33/34] chore: spelling: version Signed-off-by: Josh Soref --- src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py b/src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py index 0f6d05eed..aafed5ce4 100644 --- a/src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py +++ b/src/macaron/slsa_analyzer/provenance/intoto/v1/__init__.py @@ -1,7 +1,7 @@ # Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. -"""This module handles in-toto version version 1 attestations.""" +"""This module handles in-toto version 1 attestations.""" from typing import TypedDict From 94df96386acaac353ff2467db7078485cf5cffa1 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Tue, 23 Jan 2024 20:51:51 -0500 Subject: [PATCH 34/34] chore: Rewrite comment Signed-off-by: Ben Selwyn-Smith Signed-off-by: Josh Soref --- src/macaron/output_reporter/templates/base_template.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macaron/output_reporter/templates/base_template.html b/src/macaron/output_reporter/templates/base_template.html index 2d440e34e..b5bf05221 100644 --- a/src/macaron/output_reporter/templates/base_template.html +++ b/src/macaron/output_reporter/templates/base_template.html @@ -256,7 +256,7 @@ } /* - The reason why we need to create a separate .toggler class is because all .caret class are bound + The reason we need to create a separate .toggler class is that the .caret class is bound to the listener for extending/collapsing the provenance fields. */ .caret, .toggler {