diff --git a/checks/fuzzing.go b/checks/fuzzing.go index 9b5a19d0ded5..9894fd5fb50a 100644 --- a/checks/fuzzing.go +++ b/checks/fuzzing.go @@ -42,8 +42,19 @@ func init() { registerCheck(CheckFuzzing, Fuzzing) } -// Fuzzing runs Fuzzing check. -func Fuzzing(c *checker.CheckRequest) checker.CheckResult { +func checkCFLite(c *checker.CheckRequest) (bool, error) { + result := false + e := CheckFilesContent(".clusterfuzzlite/Dockerfile", true, c, + func(path string, content []byte, dl checker.DetailLogger, data FileCbData) (bool, error) { + // We only care about the existence of this file. + result = true + return false, nil + }, nil) + + return result, e +} + +func checkOSSFuzz(c *checker.CheckRequest) (bool, error) { once.Do(func() { logger, errOssFuzzRepo = githubrepo.NewLogger(zap.InfoLevel) if errOssFuzzRepo != nil { @@ -59,7 +70,7 @@ func Fuzzing(c *checker.CheckRequest) checker.CheckResult { }) if errOssFuzzRepo != nil { e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("InitRepo: %v", errOssFuzzRepo)) - return checker.CreateRuntimeErrorResult(CheckFuzzing, e) + return false, e } req := clients.SearchRequest{ @@ -69,13 +80,31 @@ func Fuzzing(c *checker.CheckRequest) checker.CheckResult { result, err := ossFuzzRepoClient.Search(req) if err != nil { e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("Client.Search.Code: %v", err)) + return false, e + } + + return result.Hits > 0, nil +} + +// Fuzzing runs Fuzzing check. +func Fuzzing(c *checker.CheckRequest) checker.CheckResult { + usingCFLite, e := checkCFLite(c) + if e != nil { return checker.CreateRuntimeErrorResult(CheckFuzzing, e) } + if usingCFLite { + return checker.CreateMaxScoreResult(CheckFuzzing, + "project uses ClusterFuzzLite") + } - if result.Hits > 0 { + usingOSSFuzz, e := checkOSSFuzz(c) + if e != nil { + return checker.CreateRuntimeErrorResult(CheckFuzzing, e) + } + if usingOSSFuzz { return checker.CreateMaxScoreResult(CheckFuzzing, "project is fuzzed in OSS-Fuzz") } - return checker.CreateMinScoreResult(CheckFuzzing, "project is not fuzzed in OSS-Fuzz") + return checker.CreateMinScoreResult(CheckFuzzing, "project is not fuzzed") } diff --git a/e2e/fuzzing_test.go b/e2e/fuzzing_test.go index 04cbc10fa2e8..df2b759fa3a6 100644 --- a/e2e/fuzzing_test.go +++ b/e2e/fuzzing_test.go @@ -28,7 +28,7 @@ import ( var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { Context("E2E TEST:Validating use of fuzzing tools", func() { - It("Should return use of fuzzing tools", func() { + It("Should return use of OSS-Fuzz", func() { dl := scut.TestDetailLogger{} repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow") Expect(err).Should(BeNil()) @@ -49,12 +49,53 @@ var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() { NumberOfDebug: 0, } result := checks.Fuzzing(&req) - // UPGRADEv2: to remove. - // Old version. - Expect(result.Error).Should(BeNil()) - Expect(result.Pass).Should(BeTrue()) - // New version. Expect(scut.ValidateTestReturn(nil, "use fuzzing", &expected, &result, &dl)).Should(BeTrue()) }) + It("Should return use of ClusterFuzzLite", func() { + dl := scut.TestDetailLogger{} + repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-fuzzing-cflite") + Expect(err).Should(BeNil()) + repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) + err = repoClient.InitRepo(repo) + Expect(err).Should(BeNil()) + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: checker.MaxResultScore, + NumberOfWarn: 0, + NumberOfInfo: 0, + NumberOfDebug: 0, + } + result := checks.Fuzzing(&req) + Expect(scut.ValidateTestReturn(nil, "use fuzzing", &expected, &result, &dl)).Should(BeTrue()) + }) + It("Should return no fuzzing", func() { + dl := scut.TestDetailLogger{} + repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-packaging-e2e") + Expect(err).Should(BeNil()) + repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) + err = repoClient.InitRepo(repo) + Expect(err).Should(BeNil()) + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: checker.MinResultScore, + NumberOfWarn: 0, + NumberOfInfo: 0, + NumberOfDebug: 0, + } + result := checks.Fuzzing(&req) + Expect(scut.ValidateTestReturn(nil, "no fuzzing", &expected, &result, &dl)).Should(BeTrue()) + }) }) }) diff --git a/go.mod b/go.mod index c7c8e8c50519..3788f1955f8d 100644 --- a/go.mod +++ b/go.mod @@ -53,6 +53,7 @@ require ( github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.3.1 // indirect + github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect diff --git a/go.sum b/go.sum index 2a561ea42719..7906eb1fc411 100644 --- a/go.sum +++ b/go.sum @@ -567,6 +567,7 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4= github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=