-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Support user-defined fuzz functions (GoLang) in fuzzing check #1979
✨ Support user-defined fuzz functions (GoLang) in fuzzing check #1979
Conversation
…ng9867/scorecard into feat/897_go_fuzzer_check
…ng9867/scorecard into feat/897_go_fuzzer_check
Codecov Report
@@ Coverage Diff @@
## main #1979 +/- ##
==========================================
+ Coverage 51.08% 53.02% +1.93%
==========================================
Files 87 88 +1
Lines 7074 7225 +151
==========================================
+ Hits 3614 3831 +217
+ Misses 3220 3141 -79
- Partials 240 253 +13 |
…ng9867/scorecard into feat/897_go_fuzzer_check
Integration tests success for |
@laurentsimon please see my implementation for caching the programming languages at https://github.com/ossf/scorecard/pull/1979/files#diff-8214bff6f7acf7713c122c9b398050b1464aca5ec3153a03d8ebf16bf0c95f81R42, and resolve the requested change if it looks good. Also, @olivekl please see my modifications on the document Thanks! :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making the changes. LGTM!
Integration tests success for |
What kind of change does this PR introduce?
Add an interface
clients.RepoClient.ListProgrammingLanguages
used for retrieving programming languages of a repository.Update
checks.yaml
to generate the doc for fuzzing.What is the current behavior?
The fuzzing check of scorecard only checks for the config of OSS-Fuzz and ClusterFuzzLite in a repo.
What is the new behavior (if this is a feature change)?**
It can check for user-defined golang fuzz functions in the repo and give the check a full score (10/10) if such functions are found.
Also, detailed information of the found fuzz functions would be logged into
DetailLogger
.Which issue(s) this PR fixes
Special notes for your reviewer
Does this PR introduce a user-facing change?
Yes.
For user-facing changes, please add a concise, human-readable release note to
the
release-note
(In particular, describe what changes users might need to make in their
application as a result of this pull request.)