Add ClusterFuzzLite to Fuzzing check.

Check for the existence of ".clusterfuzzlite/Dockerfile".

Fixes #1148.

checks/fuzzing.go

@@ -42,8 +42,19 @@ func init() {
 	registerCheck(CheckFuzzing, Fuzzing)
 }
 
-// Fuzzing runs Fuzzing check.
-func Fuzzing(c *checker.CheckRequest) checker.CheckResult {
+func checkCFLite(c *checker.CheckRequest) (bool, error) {
+	result := false
+	e := CheckFilesContent(".clusterfuzzlite/Dockerfile", true, c,
+		func(path string, content []byte, dl checker.DetailLogger, data FileCbData) (bool, error) {
+			// We only care about the existence of this file.
+			result = true
+			return false, nil
+		}, nil)
+
+	return result, e
+}
+
+func checkOSSFuzz(c *checker.CheckRequest) (bool, error) {
 	once.Do(func() {
 		logger, errOssFuzzRepo = githubrepo.NewLogger(zap.InfoLevel)
 		if errOssFuzzRepo != nil {
@@ -59,7 +70,7 @@ func Fuzzing(c *checker.CheckRequest) checker.CheckResult {
 	})
 	if errOssFuzzRepo != nil {
 		e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("InitRepo: %v", errOssFuzzRepo))
-		return checker.CreateRuntimeErrorResult(CheckFuzzing, e)
+		return false, e
 	}
 
 	req := clients.SearchRequest{
@@ -69,13 +80,31 @@ func Fuzzing(c *checker.CheckRequest) checker.CheckResult {
 	result, err := ossFuzzRepoClient.Search(req)
 	if err != nil {
 		e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("Client.Search.Code: %v", err))
+		return false, e
+	}
+
+	return result.Hits > 0, nil
+}
+
+// Fuzzing runs Fuzzing check.
+func Fuzzing(c *checker.CheckRequest) checker.CheckResult {
+	usingCFLite, e := checkCFLite(c)
+	if e != nil {
 		return checker.CreateRuntimeErrorResult(CheckFuzzing, e)
 	}
+	if usingCFLite {
+		return checker.CreateMaxScoreResult(CheckFuzzing,
+			"project uses ClusterFuzzLite")
+	}
 
-	if result.Hits > 0 {
+	usingOSSFuzz, e := checkOSSFuzz(c)
+	if e != nil {
+		return checker.CreateRuntimeErrorResult(CheckFuzzing, e)
+	}
+	if usingOSSFuzz {
 		return checker.CreateMaxScoreResult(CheckFuzzing,
 			"project is fuzzed in OSS-Fuzz")
 	}
 
-	return checker.CreateMinScoreResult(CheckFuzzing, "project is not fuzzed in OSS-Fuzz")
+	return checker.CreateMinScoreResult(CheckFuzzing, "project is not fuzzed")
 }

e2e/fuzzing_test.go

@@ -28,7 +28,7 @@ import (
 
 var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() {
 	Context("E2E TEST:Validating use of fuzzing tools", func() {
-		It("Should return use of fuzzing tools", func() {
+		It("Should return use of OSS-Fuzz", func() {
 			dl := scut.TestDetailLogger{}
 			repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow")
 			Expect(err).Should(BeNil())
@@ -49,12 +49,53 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() {
 				NumberOfDebug: 0,
 			}
 			result := checks.Fuzzing(&req)
-			// UPGRADEv2: to remove.
-			// Old version.
-			Expect(result.Error).Should(BeNil())
-			Expect(result.Pass).Should(BeTrue())
-			// New version.
 			Expect(scut.ValidateTestReturn(nil, "use fuzzing", &expected, &result, &dl)).Should(BeTrue())
 		})
+		It("Should return use of ClusterFuzzLite", func() {
+			dl := scut.TestDetailLogger{}
+			repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-fuzzing-cflite")
+			Expect(err).Should(BeNil())
+			repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger)
+			err = repoClient.InitRepo(repo)
+			Expect(err).Should(BeNil())
+			req := checker.CheckRequest{
+				Ctx:        context.Background(),
+				RepoClient: repoClient,
+				Repo:       repo,
+				Dlogger:    &dl,
+			}
+			expected := scut.TestReturn{
+				Error:         nil,
+				Score:         checker.MaxResultScore,
+				NumberOfWarn:  0,
+				NumberOfInfo:  0,
+				NumberOfDebug: 0,
+			}
+			result := checks.Fuzzing(&req)
+			Expect(scut.ValidateTestReturn(nil, "use fuzzing", &expected, &result, &dl)).Should(BeTrue())
+		})
+		It("Should return no fuzzing", func() {
+			dl := scut.TestDetailLogger{}
+			repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-packaging-e2e")
+			Expect(err).Should(BeNil())
+			repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger)
+			err = repoClient.InitRepo(repo)
+			Expect(err).Should(BeNil())
+			req := checker.CheckRequest{
+				Ctx:        context.Background(),
+				RepoClient: repoClient,
+				Repo:       repo,
+				Dlogger:    &dl,
+			}
+			expected := scut.TestReturn{
+				Error:         nil,
+				Score:         checker.MinResultScore,
+				NumberOfWarn:  0,
+				NumberOfInfo:  0,
+				NumberOfDebug: 0,
+			}
+			result := checks.Fuzzing(&req)
+			Expect(scut.ValidateTestReturn(nil, "no fuzzing", &expected, &result, &dl)).Should(BeTrue())
+		})
 	})
 })

go.mod

@@ -53,6 +53,7 @@ require (
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect

go.sum

@@ -567,6 +567,7 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
 github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=