diff --git a/src/macaron/slsa_analyzer/checks/build_as_code_check.py b/src/macaron/slsa_analyzer/checks/build_as_code_check.py index 1b7f177f9..6c3e89d4b 100644 --- a/src/macaron/slsa_analyzer/checks/build_as_code_check.py +++ b/src/macaron/slsa_analyzer/checks/build_as_code_check.py @@ -257,7 +257,9 @@ def run_check(self, ctx: AnalyzeContext) -> CheckResultData: if isinstance(ci_service, unparsed_ci): if tool.ci_deploy_kws[ci_service.name]: deploy_kw, config_name = ci_service.has_kws_in_config( - tool.ci_deploy_kws[ci_service.name], repo_path=ctx.component.repository.fs_path + tool.ci_deploy_kws[ci_service.name], + build_tool_name=tool.name, + repo_path=ctx.component.repository.fs_path, ) if not config_name: break diff --git a/src/macaron/slsa_analyzer/checks/build_service_check.py b/src/macaron/slsa_analyzer/checks/build_service_check.py index ee47a4a47..51049f135 100644 --- a/src/macaron/slsa_analyzer/checks/build_service_check.py +++ b/src/macaron/slsa_analyzer/checks/build_service_check.py @@ -172,7 +172,9 @@ def run_check(self, ctx: AnalyzeContext) -> CheckResultData: if isinstance(ci_service, unparsed_ci): if tool.ci_build_kws[ci_service.name]: build_kw, config_name = ci_service.has_kws_in_config( - tool.ci_build_kws[ci_service.name], repo_path=ctx.component.repository.fs_path + tool.ci_build_kws[ci_service.name], + build_tool_name=tool.name, + repo_path=ctx.component.repository.fs_path, ) if not config_name: break diff --git a/src/macaron/slsa_analyzer/ci_service/base_ci_service.py b/src/macaron/slsa_analyzer/ci_service/base_ci_service.py index ef11f99ac..6089d9aff 100644 --- a/src/macaron/slsa_analyzer/ci_service/base_ci_service.py +++ b/src/macaron/slsa_analyzer/ci_service/base_ci_service.py @@ -109,7 +109,7 @@ def build_call_graph(self, repo_path: str, macaron_path: str = "") -> CallGraph: """ raise NotImplementedError - def has_kws_in_config(self, kws: list, repo_path: str) -> tuple[str, str]: + def has_kws_in_config(self, kws: list, build_tool_name: str, repo_path: str) -> tuple[str, str]: """Check the content of all config files in a repository for any build keywords. For now, it only checks the file content directly. @@ -118,6 +118,8 @@ def has_kws_in_config(self, kws: list, repo_path: str) -> tuple[str, str]: ---------- kws : list The list of keywords to check. + build_tool_name: str + The name of the target build tool. repo_path : str The path to the target repo. @@ -137,14 +139,15 @@ def has_kws_in_config(self, kws: list, repo_path: str) -> tuple[str, str]: for index, line in enumerate(file): if any((keyword := kw) in line for kw in kws): logger.info( - 'Found build command %s at line %s in %s: "%s"', + 'Found build command %s for %s at line %s in %s: "%s"', keyword, + build_tool_name, index, config, line.strip(), ) return keyword, config - logger.info("No build command found in %s", file_path) + logger.info("No build command found for %s in %s", build_tool_name, file_path) return "", "" except FileNotFoundError as error: logger.debug(error) diff --git a/tests/slsa_analyzer/ci_service/test_base_ci_service.py b/tests/slsa_analyzer/ci_service/test_base_ci_service.py index 38eb1fda2..510d8cf01 100644 --- a/tests/slsa_analyzer/ci_service/test_base_ci_service.py +++ b/tests/slsa_analyzer/ci_service/test_base_ci_service.py @@ -1,4 +1,4 @@ -# Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. """This module tests the base CI service.""" @@ -46,4 +46,4 @@ def test_has_kws_in_config(entry_conf: list[str], kws: list[str], repo_path: str """Test has keywords in config check.""" base_ci_service = BaseCIService("base") # type: ignore base_ci_service.entry_conf = entry_conf - assert base_ci_service.has_kws_in_config(kws=kws, repo_path=repo_path) == expect + assert base_ci_service.has_kws_in_config(kws=kws, build_tool_name="foo", repo_path=repo_path) == expect