✨ Enhancement: adding new entries for GH actions & Pub as ecosystems,…

… typo fixes (#2109) * save * save * Update mapping.go * save * save * save
ossf · Aug 1, 2022 · 7de9713 · 7de9713
1 parent 69eb1cc
commit 7de9713
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 28 deletions.
diff --git a/dependencydiff/dependencydiff.go b/dependencydiff/dependencydiff.go
@@ -79,7 +79,7 @@ func GetDependencyDiffResults(
 	if err != nil {
 		return nil, fmt.Errorf("error in fetchRawDependencyDiffData: %w", err)
 	}
-  // Map the ecosystem naming convention from GitHub to OSV.
+	// Map the ecosystem naming convention from GitHub to OSV.
 	err = mapDependencyEcosystemNaming(dCtx.dependencydiffs)
 	if err != nil {
 		return nil, fmt.Errorf("error in mapDependencyEcosystemNaming: %w", err)
@@ -91,22 +91,6 @@ func GetDependencyDiffResults(
 	return dCtx.results, nil
 }
 
-func mapDependencyEcosystemNaming(deps []dependency) error {
-	for i := range deps {
-		if deps[i].Ecosystem == nil {
-			continue
-		}
-		mappedEcosys, err := toEcosystem(*deps[i].Ecosystem)
-		if err != nil {
-			wrappedErr := fmt.Errorf("error mapping dependency ecosystem: %w", err)
-			return wrappedErr
-		}
-		deps[i].Ecosystem = asPointer(string(mappedEcosys))
-
-	}
-	return nil
-}
-
 func initRepoAndClientByChecks(dCtx *dependencydiffContext, dSrcRepo string) error {
 	repo, repoClient, ossFuzzClient, ciiClient, vulnsClient, err := checker.GetClients(
 		dCtx.ctx, dSrcRepo, "", dCtx.logger,
@@ -192,7 +176,3 @@ func getScorecardCheckResults(dCtx *dependencydiffContext) error {
 	}
 	return nil
 }
-
-func asPointer(s string) *string {
-	return &s
-}
diff --git a/dependencydiff/dependencydiff_test.go b/dependencydiff/dependencydiff_test.go
@@ -21,7 +21,7 @@ import (
 	"testing"
 
 	"github.com/ossf/scorecard/v4/clients"
-	"github.com/ossf/scorecard/v4/log"
+	sclog "github.com/ossf/scorecard/v4/log"
 )
 
 // Test_fetchRawDependencyDiffData is a test function for fetchRawDependencyDiffData.
@@ -37,7 +37,7 @@ func Test_fetchRawDependencyDiffData(t *testing.T) {
 		{
 			name: "error response",
 			dCtx: dependencydiffContext{
-				logger:    log.NewLogger(log.InfoLevel),
+				logger:    sclog.NewLogger(sclog.InfoLevel),
 				ctx:       context.Background(),
 				ownerName: "no_such_owner",
 				repoName:  "repo_not_exist",
@@ -82,7 +82,7 @@ func Test_initRepoAndClientByChecks(t *testing.T) {
 		{
 			name: "error creating repo",
 			dCtx: dependencydiffContext{
-				logger:          log.NewLogger(log.InfoLevel),
+				logger:          sclog.NewLogger(sclog.InfoLevel),
 				ctx:             context.Background(),
 				checkNamesToRun: []string{},
 			},
@@ -140,7 +140,7 @@ func Test_getScorecardCheckResults(t *testing.T) {
 			name: "empty response",
 			dCtx: dependencydiffContext{
 				ctx:       context.Background(),
-				logger:    log.NewLogger(log.InfoLevel),
+				logger:    sclog.NewLogger(sclog.InfoLevel),
 				ownerName: "owner_not_exist",
 				repoName:  "repo_not_exist",
 			},
@@ -187,10 +187,10 @@ func Test_mapDependencyEcosystemNaming(t *testing.T) {
 			deps: []dependency{
 				{
 					Name:      "dependency_3",
-					Ecosystem: asPointer("actions"),
+					Ecosystem: asPointer("foobar"),
 				},
 			},
-			errWanted: errInvalid,
+			errWanted: errMappingNotFound,
 		},
 		{
 			name: "correct mapping",
@@ -207,6 +207,10 @@ func Test_mapDependencyEcosystemNaming(t *testing.T) {
 					Name:      "dependency_6",
 					Ecosystem: asPointer("cargo"),
 				},
+				{
+					Name:      "dependency_7",
+					Ecosystem: asPointer("actions"),
+				},
 			},
 		},
 	}

diff --git a/dependencydiff/mapping.go b/dependencydiff/mapping.go
@@ -52,7 +52,7 @@ const (
 	ecosystemMaven ecosystem = "Maven"
 
 	// The NuGet package ecosystem.
-	ecosystemNuGet ecosystem = "Nuget"
+	ecosystemNuGet ecosystem = "NuGet"
 
 	// The Linux kernel.
 	ecosystemLinux ecosystem = "Linux" // nolint:unused
@@ -63,6 +63,15 @@ const (
 	// Hex is the package manager of Erlang.
 	// TODO: GitHub doesn't support hex as the ecosystem for Erlang yet. Add this to the map in the future.
 	ecosystemHex ecosystem = "Hex" // nolint:unused
+
+	// GitHub Actions is an ecosystem for the GitHub Actions.
+	ecosystemActions ecosystem = "GitHub Actions"
+
+	// Pub is the official package repository for Dart and Flutter apps.
+	ecosystemPub ecosystem = "Pub" // nolint:unused
+
+	// Ecosystems with a "nolint" tag suggests GitHub hasn't gotten them supported yet.
+	// We need to add them to the below hashmap in a timely manner once GitHub adds supports.
 )
 
 var (
@@ -78,12 +87,38 @@ var (
 		"composer": ecosystemPackagist,
 		"rubygems": ecosystemRubyGems,
 		"nuget":    ecosystemNuGet,
+		"actions":  ecosystemActions,
 	}
 )
 
+func mapDependencyEcosystemNaming(deps []dependency) error {
+	for i := range deps {
+		// Since we allow a dependency's ecosystem to be nil, so skip those nil ones and only map
+		// those valid ones.
+		if deps[i].Ecosystem == nil {
+			continue
+		}
+		mappedEcosys, err := toEcosystem(*deps[i].Ecosystem)
+		if err != nil {
+			// Iff. the ecosystem is not empty and the mapping entry is not found, we will return an error.
+			return fmt.Errorf("error mapping dependency ecosystem: %w", err)
+		}
+		deps[i].Ecosystem = asPointer(string(mappedEcosys))
+
+	}
+	return nil
+}
+
+// Note: the current implementation directly returns an error if the mapping entry is not found in the above hashmap.
+// GitHub might update their ecosystem names frequently, so we might also need to update the above map in a timely
+// manner for the dependency-diff feature not to fail because of the "mapping not found" error.
 func toEcosystem(e string) (ecosystem, error) {
 	if ecosystemOSV, found := gitHubToOSV[e]; found {
 		return ecosystemOSV, nil
 	}
 	return "", fmt.Errorf("%w for github entry %s", errMappingNotFound, e)
 }
+
+func asPointer(s string) *string {
+	return &s
+}