From 1f8f716c1fd85182559c2e26a3b3ca508692f3b7 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:13:01 -0500 Subject: [PATCH 01/88] spelling: accurate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/notCreatedRecently/def.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/notCreatedRecently/def.yml b/probes/notCreatedRecently/def.yml index b8a2b20e089..9fd3a560d69 100644 --- a/probes/notCreatedRecently/def.yml +++ b/probes/notCreatedRecently/def.yml @@ -15,7 +15,7 @@ id: notCreatedRecently short: Checks that the project was not created in the last 90 days. motivation: > - When Scorecard checks the activity of a project in the last 90 days, the project may not have been created before the last 90 days. As such, Scorecard cannot give an accurate score. This probe helps Scorecard assess whether it can give an accurrate score when checking the project activity in the last 90 days. + When Scorecard checks the activity of a project in the last 90 days, the project may not have been created before the last 90 days. As such, Scorecard cannot give an accurate score. This probe helps Scorecard assess whether it can give an accurate score when checking the project activity in the last 90 days. implementation: > The implementation checks the creation date is within the last 90 days. outcome: From 915fc4588a3937596f1404d3a10a34743b48c645 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:13:19 -0500 Subject: [PATCH 02/88] spelling: administrator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 08febe4bec1..91e0db6d9ca 100644 --- a/README.md +++ b/README.md @@ -413,7 +413,7 @@ RESULTS | | | | review dismissal enabled on | | | | | | branch 'main' Info: Owner | | | | | | review required on branch | | -| | | | 'main' Info: 'admininistrator' | | +| | | | 'main' Info: 'administrator' | | | | | | PRs need reviews before being | | | | | | merged on branch 'main' | | |---------|------------------------|--------------------------------|--------------------------------|---------------------------------------------------------------------------| From 76362ac95f84252db580378de0dee4a0b5385a55 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:13:30 -0500 Subject: [PATCH 03/88] spelling: analyze Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- .github/workflows/scdiff.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scdiff.yml b/.github/workflows/scdiff.yml index 3221f2ab545..cc439933095 100644 --- a/.github/workflows/scdiff.yml +++ b/.github/workflows/scdiff.yml @@ -30,7 +30,7 @@ jobs: if: ${{ (github.event.issue.pull_request) && (contains(github.event.comment.body, '/scdiff generate')) }} runs-on: [ubuntu-latest] steps: - - name: create file of repos to anlayze + - name: create file of repos to analyze run: | cat < $HOME/repos.txt https://github.com/airbnb/lottie-web From f8684b6c7e3e37ebff32bd9a7bc0bc65c654f873 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:49:19 -0500 Subject: [PATCH 04/88] spelling: andtwenty Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/hasRecentCommits/impl_test.go | 10 +++++----- probes/issueActivityByProjectMember/impl_test.go | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/probes/hasRecentCommits/impl_test.go b/probes/hasRecentCommits/impl_test.go index e603e6e7e21..383c7f376c3 100644 --- a/probes/hasRecentCommits/impl_test.go +++ b/probes/hasRecentCommits/impl_test.go @@ -38,15 +38,15 @@ func fiveCommitsInThreshold() []clients.Commit { return fiveCommitsInThreshold } -func twentyCommitsInThresholdAndtwentyNot() []clients.Commit { - twentyCommitsInThresholdAndtwentyNot := make([]clients.Commit, 0) +func twentyCommitsInThresholdAndTwentyNot() []clients.Commit { + twentyCommitsInThresholdAndTwentyNot := make([]clients.Commit, 0) for i := 70; i < 111; i++ { commit := clients.Commit{ CommittedDate: time.Now().AddDate(0 /*years*/, 0 /*months*/, -1*i /*days*/), } - twentyCommitsInThresholdAndtwentyNot = append(twentyCommitsInThresholdAndtwentyNot, commit) + twentyCommitsInThresholdAndTwentyNot = append(twentyCommitsInThresholdAndTwentyNot, commit) } - return twentyCommitsInThresholdAndtwentyNot + return twentyCommitsInThresholdAndTwentyNot } func Test_Run(t *testing.T) { @@ -85,7 +85,7 @@ func Test_Run(t *testing.T) { name: "Has twenty in threshold", raw: &checker.RawResults{ MaintainedResults: checker.MaintainedData{ - DefaultBranchCommits: twentyCommitsInThresholdAndtwentyNot(), + DefaultBranchCommits: twentyCommitsInThresholdAndTwentyNot(), }, }, values: map[string]int{ diff --git a/probes/issueActivityByProjectMember/impl_test.go b/probes/issueActivityByProjectMember/impl_test.go index 9f750671b3c..e44de8e975d 100644 --- a/probes/issueActivityByProjectMember/impl_test.go +++ b/probes/issueActivityByProjectMember/impl_test.go @@ -62,17 +62,17 @@ func fiveInThresholdByCollabAndFiveByFirstTimeUser() []clients.Issue { return fiveInThresholdByCollabAndFiveByFirstTimeUser } -func twentyIssuesInThresholdAndtwentyNot() []clients.Issue { - twentyIssuesInThresholdAndtwentyNot := make([]clients.Issue, 0) +func twentyIssuesInThresholdAndTwentyNot() []clients.Issue { + twentyIssuesInThresholdAndTwentyNot := make([]clients.Issue, 0) for i := 70; i < 111; i++ { createdAt := time.Now().AddDate(0 /*years*/, 0 /*months*/, -1*i /*days*/) commit := clients.Issue{ CreatedAt: &createdAt, AuthorAssociation: &collab, } - twentyIssuesInThresholdAndtwentyNot = append(twentyIssuesInThresholdAndtwentyNot, commit) + twentyIssuesInThresholdAndTwentyNot = append(twentyIssuesInThresholdAndTwentyNot, commit) } - return twentyIssuesInThresholdAndtwentyNot + return twentyIssuesInThresholdAndTwentyNot } func Test_Run(t *testing.T) { @@ -110,7 +110,7 @@ func Test_Run(t *testing.T) { name: "Has 20 issues in threshold", raw: &checker.RawResults{ MaintainedResults: checker.MaintainedData{ - Issues: twentyIssuesInThresholdAndtwentyNot(), + Issues: twentyIssuesInThresholdAndTwentyNot(), }, }, values: map[string]int{ From 5af279d08bd3234cbd4da9f062f1782bec0640f0 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:18:31 -0500 Subject: [PATCH 05/88] spelling: ascii Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- e2e/binary_artifacts_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/e2e/binary_artifacts_test.go b/e2e/binary_artifacts_test.go index b8577552f21..8a180a57eb0 100644 --- a/e2e/binary_artifacts_test.go +++ b/e2e/binary_artifacts_test.go @@ -129,7 +129,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Dlogger: &dl, } // TODO: upload real binaries to the repo as well. - // Existing binaries only contain SCII characters and are ignored. + // Existing binaries only contain ASCII characters and are ignored. expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore, @@ -157,7 +157,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Dlogger: &dl, } // TODO: upload real binaries to the repo. - // Existing binaries only contain SCII characters and are ignored. + // Existing binaries only contain ASCII characters and are ignored. expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore, From ecc1faa929ab62ae66e8281318a3bb5393ed0262 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:14:39 -0500 Subject: [PATCH 06/88] spelling: association Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/githubrepo/graphql.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/clients/githubrepo/graphql.go b/clients/githubrepo/graphql.go index e3fa19128b2..50f0fdc2dbd 100644 --- a/clients/githubrepo/graphql.go +++ b/clients/githubrepo/graphql.go @@ -341,26 +341,26 @@ func getRepoAssociation(association *string) *clients.RepoAssociation { if association == nil { return nil } - var repoAssociaton clients.RepoAssociation + var repoAssociation clients.RepoAssociation switch *association { case "COLLABORATOR": - repoAssociaton = clients.RepoAssociationCollaborator + repoAssociation = clients.RepoAssociationCollaborator case "CONTRIBUTOR": - repoAssociaton = clients.RepoAssociationContributor + repoAssociation = clients.RepoAssociationContributor case "FIRST_TIMER": - repoAssociaton = clients.RepoAssociationFirstTimer + repoAssociation = clients.RepoAssociationFirstTimer case "FIRST_TIME_CONTRIBUTOR": - repoAssociaton = clients.RepoAssociationFirstTimeContributor + repoAssociation = clients.RepoAssociationFirstTimeContributor case "MANNEQUIN": - repoAssociaton = clients.RepoAssociationMannequin + repoAssociation = clients.RepoAssociationMannequin case "MEMBER": - repoAssociaton = clients.RepoAssociationMember + repoAssociation = clients.RepoAssociationMember case "NONE": - repoAssociaton = clients.RepoAssociationNone + repoAssociation = clients.RepoAssociationNone case "OWNER": - repoAssociaton = clients.RepoAssociationOwner + repoAssociation = clients.RepoAssociationOwner default: return nil } - return &repoAssociaton + return &repoAssociation } From 3ed0d45061cdb4f4b5e0f3a9ee145e5e5a8acabc Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:14:51 -0500 Subject: [PATCH 07/88] spelling: at least Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- attestor/policy/attestation_policy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/attestor/policy/attestation_policy.go b/attestor/policy/attestation_policy.go index cfc991db1fd..36d97c06e39 100644 --- a/attestor/policy/attestation_policy.go +++ b/attestor/policy/attestation_policy.go @@ -120,7 +120,7 @@ func (ap *AttestationPolicy) EvaluateResults(raw *checker.RawResults) (PolicyRes if ap.EnsureCodeReviewed { // By default, if code review reqs. aren't specified, we assume - // the user wants there to be atleast one reviewer + // the user wants there to be at least one reviewer if len(ap.CodeReviewRequirements.RequiredApprovers) == 0 && ap.CodeReviewRequirements.MinReviewers == 0 { ap.CodeReviewRequirements.MinReviewers = 1 From d8cf7e542d63ee49542e2c8c533a8b1075ff8e96 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:15:04 -0500 Subject: [PATCH 08/88] spelling: attestor Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9d870f74b79..ef1574c0f28 100644 --- a/Makefile +++ b/Makefile @@ -247,7 +247,7 @@ build-attestor-docker: ## Build scorecard-attestor Docker image build-attestor-docker: DOCKER_BUILDKIT=1 docker build . --file attestor/Dockerfile \ --tag scorecard-attestor:latest \ - --tag scorecard-atttestor:$(GIT_HASH) + --tag scorecard-attestor:$(GIT_HASH) TOKEN_SERVER_DEPS = $(shell find clients/githubrepo/roundtripper/tokens/ -iname "*.go") build-github-server: ## Build GitHub token server From 39df6276aafab605b0a4564d0f5b1ce0a9fdc6ba Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:09:10 -0500 Subject: [PATCH 09/88] spelling: barbaric Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/gitlabrepo/issues.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/gitlabrepo/issues.go b/clients/gitlabrepo/issues.go index 5447c7de3bd..c438e09c3e4 100644 --- a/clients/gitlabrepo/issues.go +++ b/clients/gitlabrepo/issues.go @@ -48,7 +48,7 @@ func (handler *issuesHandler) setup() error { } // There doesn't seem to be a good way to get user access_levels in gitlab so the following way may seem incredibly - // barberic, however I couldn't find a better way in the docs. + // barbaric, however I couldn't find a better way in the docs. projMemberships, resp, err := handler.glClient.ProjectMembers.ListAllProjectMembers( handler.repourl.projectID, &gitlab.ListProjectMembersOptions{}) if err != nil && resp.StatusCode != 401 { From 5a91fa41fb17566d3e3bca768eedd3393881a0c8 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:15:31 -0500 Subject: [PATCH 10/88] spelling: bucket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/testdata/Dockerfile-gsutil-file | 16 ++++++++-------- checks/raw/testdata/Dockerfile-script-ok | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/checks/raw/testdata/Dockerfile-gsutil-file b/checks/raw/testdata/Dockerfile-gsutil-file index 359984546c4..f7ffaedabfe 100644 --- a/checks/raw/testdata/Dockerfile-gsutil-file +++ b/checks/raw/testdata/Dockerfile-gsutil-file @@ -21,11 +21,11 @@ RUN /tmp/exe RUN gsutil gs://exe /tmp/exe1 && /tmp/exe1 RUN gsutil gs://exe /tmp/exe2 ; /tmp/exe2 -RUN gsutil gs://bucet/exe6 /path/to/ +RUN gsutil gs://bucket/exe6 /path/to/ RUN gsutil gs://bucket/exe . && ./exe -RUN gsutil gs://bucet/exe3 /path/to/ && /path/to/exe3 -RUN gsutil gs://bucet/exe4 /path/to/ && /path/to/exe4 +RUN gsutil gs://bucket/exe3 /path/to/ && /path/to/exe3 +RUN gsutil gs://bucket/exe4 /path/to/ && /path/to/exe4 RUN /path/to/exe6 @@ -35,19 +35,19 @@ RUN bash /tmp/file RUN gsutil gs://file /tmp/file1 && bash /tmp/file1 RUN gsutil gs://file /tmp/file2 ; bash /tmp/file2 -RUN gsutil gs://bucet/file6 /path/to/ +RUN gsutil gs://bucket/file6 /path/to/ RUN gsutil gs://bucket/file . && bash ./file -RUN gsutil gs://bucet/file3 /path/to/ && bash /path/to/file3 -RUN gsutil gs://bucet/file4 /path/to/ && bash /path/to/file4 +RUN gsutil gs://bucket/file3 /path/to/ && bash /path/to/file3 +RUN gsutil gs://bucket/file4 /path/to/ && bash /path/to/file4 RUN bash /path/to/file6 RUN ["gsutil", "gs://exe11", "/tmp/exe11"] RUN ["/tmp/exe11"] -RUN ["sh", "-c", "\"gsutil gs://bucet/file3xx /path/to/ && bash /path/to/file3xx\""] -RUN ["sh", "-c", "\"gsutil gs://bucet/file3yy /path/to/ \""] +RUN ["sh", "-c", "\"gsutil gs://bucket/file3xx /path/to/ && bash /path/to/file3xx\""] +RUN ["sh", "-c", "\"gsutil gs://bucket/file3yy /path/to/ \""] RUN ["sh", "-c", "\"bash /path/to/file3yy\""] FROM scratch diff --git a/checks/raw/testdata/Dockerfile-script-ok b/checks/raw/testdata/Dockerfile-script-ok index 37261b0e4ea..fbaf3032f4f 100644 --- a/checks/raw/testdata/Dockerfile-script-ok +++ b/checks/raw/testdata/Dockerfile-script-ok @@ -49,8 +49,8 @@ RUN gsutil gs://file /tmp/file1 && bash /tmp/fileqw RUN gsutil gs://file /tmp/file2 ; bash /tmp/file122 RUN gsutil gs://bucket/file . && bash ./file2222 -RUN gsutil gs://bucet/file /path/to/ && bash /path/to/fileqqq -RUN gsutil gs://bucet/file2 /path/to/ && bash /path/to/file2234 +RUN gsutil gs://bucket/file /path/to/ && bash /path/to/fileqqq +RUN gsutil gs://bucket/file2 /path/to/ && bash /path/to/file2234 RUN bash /path/to/fileshsj RUN bash somescript.sh From 0c64ce18b01c850b2a5fdd012d03d725c8d5e0eb Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:11:24 -0500 Subject: [PATCH 11/88] spelling: by Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- e2e/branch_protection_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/branch_protection_test.go b/e2e/branch_protection_test.go index 29a547157c3..07f617333f1 100644 --- a/e2e/branch_protection_test.go +++ b/e2e/branch_protection_test.go @@ -138,7 +138,7 @@ var _ = Describe("E2E TEST GITHUB_TOKEN:"+checks.CheckBranchProtection, func() { result := checks.BranchProtection(&req) Expect(result.Error).ShouldNot(BeNil()) // There should be an error with the GITHUB_TOKEN, until it's supported - // byt GitHub. + // by GitHub. Expect(repoClient.Close()).Should(BeNil()) }) }) From 4b554689542e22e54e59f22d3d139202f7bbaae2 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:50:25 -0500 Subject: [PATCH 12/88] spelling: can Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/evaluation/pinned_dependencies.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/evaluation/pinned_dependencies.go b/checks/evaluation/pinned_dependencies.go index 9e9180464f6..26271ea4e30 100644 --- a/checks/evaluation/pinned_dependencies.go +++ b/checks/evaluation/pinned_dependencies.go @@ -303,7 +303,7 @@ func updatePinningResults(dependencyType checker.DependencyUseType, wp *worklowPinningResult, pr map[checker.DependencyUseType]pinnedResult, ) { if dependencyType == checker.DependencyUseTypeGHAction { - // Note: `Snippet` contains `action/name@xxx`, so we cna use it to infer + // Note: `Snippet` contains `action/name@xxx`, so we can use it to infer // if it's a GitHub-owned action or not. gitHubOwned := fileparser.IsGitHubOwnedAction(*snippet) addWorkflowPinnedResult(outcome, wp, gitHubOwned) From b12e2e50f89b95999ebbf579eb393dcd333cf7f7 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:10:19 -0500 Subject: [PATCH 13/88] spelling: case-insensitive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/fileparser/listing_test.go | 26 ++++++++++++------------ clients/gitlabrepo/languages_e2e_test.go | 2 +- clients/ossfuzz/client_test.go | 2 +- cmd/internal/scdiff/app/stats_test.go | 2 +- cmd/package_managers.go | 2 +- docs/checks.md | 2 +- docs/checks/internal/checks.yaml | 2 +- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/checks/fileparser/listing_test.go b/checks/fileparser/listing_test.go index bb4e619b7aa..1b09c921fd7 100644 --- a/checks/fileparser/listing_test.go +++ b/checks/fileparser/listing_test.go @@ -202,7 +202,7 @@ func Test_isMatchingPath(t *testing.T) { want: true, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "dockerfile", @@ -211,7 +211,7 @@ func Test_isMatchingPath(t *testing.T) { want: true, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "dockerfile", @@ -220,7 +220,7 @@ func Test_isMatchingPath(t *testing.T) { want: false, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -229,7 +229,7 @@ func Test_isMatchingPath(t *testing.T) { want: false, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -238,7 +238,7 @@ func Test_isMatchingPath(t *testing.T) { want: false, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -247,7 +247,7 @@ func Test_isMatchingPath(t *testing.T) { want: false, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -255,7 +255,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -263,7 +263,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -271,7 +271,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -279,7 +279,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -287,7 +287,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -295,7 +295,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -303,7 +303,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", diff --git a/clients/gitlabrepo/languages_e2e_test.go b/clients/gitlabrepo/languages_e2e_test.go index 2e16a460707..61d24c63f45 100644 --- a/clients/gitlabrepo/languages_e2e_test.go +++ b/clients/gitlabrepo/languages_e2e_test.go @@ -39,7 +39,7 @@ var _ = Describe("E2E TEST: gitlabrepo.ListProgrammingLanguages", func() { // Check for the presence of some languages isPythonPresent := false for _, lang := range programmingLang { - // compare case insensitive + // compare case-insensitive if strings.EqualFold(string(lang.Name), "Python") { isPythonPresent = true break diff --git a/clients/ossfuzz/client_test.go b/clients/ossfuzz/client_test.go index cb7d455b087..9ab4b3fa014 100644 --- a/clients/ossfuzz/client_test.go +++ b/clients/ossfuzz/client_test.go @@ -64,7 +64,7 @@ func TestClient(t *testing.T) { wantErr: false, }, { - name: "project case insensitive", + name: "project case-insensitive", project: "github.com/FFTW/fftw3", statusFile: "status.json", wantHit: true, diff --git a/cmd/internal/scdiff/app/stats_test.go b/cmd/internal/scdiff/app/stats_test.go index 7896a80d38a..1931c97e3aa 100644 --- a/cmd/internal/scdiff/app/stats_test.go +++ b/cmd/internal/scdiff/app/stats_test.go @@ -47,7 +47,7 @@ func Test_countScores(t *testing.T) { want: [12]int{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1}, }, { - name: "check name case insensitive", + name: "check name case-insensitive", check: "fOo", results: common, want: [12]int{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1}, diff --git a/cmd/package_managers.go b/cmd/package_managers.go index 878235ceeec..8784f903275 100644 --- a/cmd/package_managers.go +++ b/cmd/package_managers.go @@ -45,7 +45,7 @@ func makeGithubRepo(urlAndPathParts []string) string { return fmt.Sprintf("https://github.com/%s/%s", userOrOrg, repoName) } -// Both GitHub and GitLab are case insensitive (and thus we lowercase those URLS) +// Both GitHub and GitLab are case-insensitive (and thus we lowercase those URLS) // however generic URLs are indeed case sensitive! var pypiMatchers = []func(string) string{ func(url string) string { diff --git a/docs/checks.md b/docs/checks.md index 402544fbded..7985bea0f97 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -570,7 +570,7 @@ Free Form Text (3/10 points): Security Policy Specific Text (1/10 points): - Specific text providing basic or general information about vulnerability and disclosure practices, expectations, and/or timelines - - Text should include a total of 2 or more hits which match (case insensitive) + - Text should include a total of 2 or more hits which match (case-insensitive) `vuln` and as in "Vulnerability" or "vulnerabilities"; `disclos` as "Disclosure" or "disclose"; and numbers which convey expectations of times, e.g., 30 days or 90 days diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 889589c0c58..5b4fcccb604 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -591,7 +591,7 @@ checks: Security Policy Specific Text (1/10 points): - Specific text providing basic or general information about vulnerability and disclosure practices, expectations, and/or timelines - - Text should include a total of 2 or more hits which match (case insensitive) + - Text should include a total of 2 or more hits which match (case-insensitive) `vuln` and as in "Vulnerability" or "vulnerabilities"; `disclos` as "Disclosure" or "disclose"; and numbers which convey expectations of times, e.g., 30 days or 90 days From 33a6b1892ff517cf32181bfbd52f62dce8e827d7 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:10:25 -0500 Subject: [PATCH 14/88] spelling: case-sensitive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/package_managers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/package_managers.go b/cmd/package_managers.go index 8784f903275..688ba961669 100644 --- a/cmd/package_managers.go +++ b/cmd/package_managers.go @@ -46,7 +46,7 @@ func makeGithubRepo(urlAndPathParts []string) string { } // Both GitHub and GitLab are case-insensitive (and thus we lowercase those URLS) -// however generic URLs are indeed case sensitive! +// however generic URLs are indeed case-sensitive! var pypiMatchers = []func(string) string{ func(url string) string { return makeGithubRepo(githubDomainRegexp.FindStringSubmatch(url)) From 1d729c57881c32a2450500fcf855998b9e676028 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:19:41 -0500 Subject: [PATCH 15/88] spelling: checking Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/pinned_dependencies_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/raw/pinned_dependencies_test.go b/checks/raw/pinned_dependencies_test.go index f734075005d..64aa611e9af 100644 --- a/checks/raw/pinned_dependencies_test.go +++ b/checks/raw/pinned_dependencies_test.go @@ -124,7 +124,7 @@ func TestGithubWorkflowPinningPattern(t *testing.T) { ispinned: false, }, { - desc: "hecking out mutable tag", + desc: "checking out mutable tag", uses: "actions/checkout@v3.2.0", ispinned: false, }, From 00d63cfb54774979d8e42531cc05fa0616105db6 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:50:38 -0500 Subject: [PATCH 16/88] spelling: command-line Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/package_managers.go | 2 +- cmd/package_managers_test.go | 2 +- cmd/root.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/package_managers.go b/cmd/package_managers.go index 688ba961669..cfd1c281ba1 100644 --- a/cmd/package_managers.go +++ b/cmd/package_managers.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package cmd implements Scorecard commandline. +// Package cmd implements Scorecard command-line. package cmd import ( diff --git a/cmd/package_managers_test.go b/cmd/package_managers_test.go index a8ba8ec1e97..f43acb531bc 100644 --- a/cmd/package_managers_test.go +++ b/cmd/package_managers_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package cmd implements Scorecard commandline. +// Package cmd implements Scorecard command-line. package cmd import ( diff --git a/cmd/root.go b/cmd/root.go index b66272c0bca..2c1bf71f14e 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package cmd implements Scorecard commandline. +// Package cmd implements Scorecard command-line. package cmd import ( From 07824aa87e4d6ca44a6f25c7d4dbacc6a7ace789 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:16:02 -0500 Subject: [PATCH 17/88] spelling: commit Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/pinned_dependencies_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/raw/pinned_dependencies_test.go b/checks/raw/pinned_dependencies_test.go index 64aa611e9af..e7982934f4e 100644 --- a/checks/raw/pinned_dependencies_test.go +++ b/checks/raw/pinned_dependencies_test.go @@ -144,12 +144,12 @@ func TestGithubWorkflowPinningPattern(t *testing.T) { ispinned: false, }, { - desc: "checking out specific commmit from github with truncated SHA-1", + desc: "checking out specific commit from github with truncated SHA-1", uses: "actions/checkout@a81bbbf", ispinned: false, }, { - desc: "checking out specific commmit from github with SHA-1", + desc: "checking out specific commit from github with SHA-1", uses: "actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675", ispinned: true, }, From c880347051d22aeafa1bc5a30b061ccbbeea5484 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:15:53 -0500 Subject: [PATCH 18/88] spelling: committed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ef1574c0f28..d2b5a1710f4 100644 --- a/Makefile +++ b/Makefile @@ -108,7 +108,7 @@ validate-projects: ./cron/internal/data/projects.csv | build-validate-script ./cron/internal/data/validate/validate ./cron/internal/data/gitlab-projects-releasetest.csv tree-status: | all-targets-update-dependencies ## Verify tree is clean and all changes are committed - # Verify the tree is clean and all changes are commited + # Verify the tree is clean and all changes are committed ./scripts/tree-status ############################################################################### From c7432eb68c8500c540cd73978a549d9d49f0660b Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:16:12 -0500 Subject: [PATCH 19/88] spelling: conclusion Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/sast_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/sast_test.go b/checks/sast_test.go index 745bda731ef..75cab0293bc 100644 --- a/checks/sast_test.go +++ b/checks/sast_test.go @@ -201,7 +201,7 @@ func Test_SAST(t *testing.T) { }, { name: `Airflow Workflow has CodeQL and two check runs one of - which has wrong type of conlusion. The other is 'success'`, + which has wrong type of conclusion. The other is 'success'`, err: nil, commits: []clients.Commit{ { From cf9439afde37d6bed5f6d7d3085894f471deb716 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:16:19 -0500 Subject: [PATCH 20/88] spelling: corresponding Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- dependencydiff/raw_dependencies.go | 2 +- finding/finding.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dependencydiff/raw_dependencies.go b/dependencydiff/raw_dependencies.go index d06684c4f30..fdf216e5d1a 100644 --- a/dependencydiff/raw_dependencies.go +++ b/dependencydiff/raw_dependencies.go @@ -26,7 +26,7 @@ import ( ) // dependency is a raw dependency fetched from the GitHub Dependency Review API. -// Fields of a dependnecy correspondings to those of pkg.DependencyCheckResult. +// Fields of a dependnecy corresponding to those of pkg.DependencyCheckResult. type dependency struct { // Package URL is a short link for a package. PackageURL *string `json:"package_url"` diff --git a/finding/finding.go b/finding/finding.go index 761fb876f16..98db226548c 100644 --- a/finding/finding.go +++ b/finding/finding.go @@ -107,7 +107,7 @@ type Finding struct { Values map[string]int `json:"values,omitempty"` } -// AnonymousFinding is a finding without a corerpsonding probe ID. +// AnonymousFinding is a finding without a corresponding probe ID. type AnonymousFinding struct { Finding // Remove the probe ID from From ce5115c76af87305fd5f2cf606b4a48ef6705e2b Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:16:38 -0500 Subject: [PATCH 21/88] spelling: created Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/notCreatedRecently/impl_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/notCreatedRecently/impl_test.go b/probes/notCreatedRecently/impl_test.go index f5d1a10ed8e..4309adb7393 100644 --- a/probes/notCreatedRecently/impl_test.go +++ b/probes/notCreatedRecently/impl_test.go @@ -48,7 +48,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "Was creted 100 days ago", + name: "Was created 100 days ago", raw: &checker.RawResults{ MaintainedResults: checker.MaintainedData{ CreatedAt: time.Now().AddDate(0 /*years*/, 0 /*months*/, -100 /*days*/), From 50713f1f13218f920a867d2d10e771d57def2a96 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:16:48 -0500 Subject: [PATCH 22/88] spelling: dataset Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cron/config/config_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/config/config_test.go b/cron/config/config_test.go index 6fe09b22a7d..609b1c1cbdf 100644 --- a/cron/config/config_test.go +++ b/cron/config/config_test.go @@ -343,7 +343,7 @@ func TestGetBigQueryDataset(t *testing.T) { os.Unsetenv(bigqueryDataset) dataset, err := GetBigQueryDataset() if err != nil { - t.Errorf("failed to get production BQ datset from config: %v", err) + t.Errorf("failed to get production BQ dataset from config: %v", err) } if dataset != prodBigQueryDataset { t.Errorf("test failed: expected - %s, got = %s", prodBigQueryDataset, dataset) From ab0b9b84f2643b2040dff2bd989177ba6b4dc948 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:17:49 -0500 Subject: [PATCH 23/88] spelling: default Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- pkg/sarif.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/sarif.go b/pkg/sarif.go index bcb9849d695..ca47619b0d6 100644 --- a/pkg/sarif.go +++ b/pkg/sarif.go @@ -381,7 +381,7 @@ func addDefaultLocation(locs []location, policyFile string) []location { return locs } - detaultLine := checker.OffsetDefault + defaultLine := checker.OffsetDefault loc := location{ PhysicalLocation: physicalLocation{ ArtifactLocation: artifactLocation{ @@ -391,7 +391,7 @@ func addDefaultLocation(locs []location, policyFile string) []location { Region: region{ // TODO: set the line to the check if it's overwritten, // or to the global policy. - StartLine: &detaultLine, + StartLine: &defaultLine, }, }, } From 155c4bc701934fa1167fb9b687f246421f16dfe8 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:16:56 -0500 Subject: [PATCH 24/88] spelling: defines Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checker/raw_result.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index afeb848b7f6..097004a0ceb 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -331,7 +331,7 @@ type Run struct { URL string } -// ArchivedStatus definess the archived status. +// ArchivedStatus defines the archived status. type ArchivedStatus struct { Status bool // TODO: add fields, e.g., date of archival. From 76557b715d8228c53c4cdaad9f351ffce02ca081 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:17:18 -0500 Subject: [PATCH 25/88] spelling: dependabot Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/toolDependabotInstalled/def.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/probes/toolDependabotInstalled/def.yml b/probes/toolDependabotInstalled/def.yml index 5b1935ea76e..18a7ee463d4 100644 --- a/probes/toolDependabotInstalled/def.yml +++ b/probes/toolDependabotInstalled/def.yml @@ -22,8 +22,8 @@ implementation: > the implementation checks whether commits are authored by Dependabot. If none of these succeed, Dependabot is not installed. NOTE: if the configuration files are found, the probe does not ensure that the Dependabot is run or that the Dependabot's pull requests are merged. outcome: - - If dependendabot is installed, the probe returns OutcomePositive (1) for each configuration. - - If dependendabot is not installed, the probe returns one OutcomeNegative (0). + - If dependabot is installed, the probe returns OutcomePositive (1) for each configuration. + - If dependabot is not installed, the probe returns one OutcomeNegative (0). remediation: effort: Low text: From cdea5ccd564732cc9239c87d2ab44bd9308cff20 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:17:03 -0500 Subject: [PATCH 26/88] spelling: dependency Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/dependency_update_tool.go | 2 +- checks/raw/dependency_update_tool.go | 2 +- dependencydiff/raw_dependencies.go | 2 +- probes/entries.go | 2 +- remediation/remediations_test.go | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/checks/dependency_update_tool.go b/checks/dependency_update_tool.go index 4022b389796..486c4a19149 100644 --- a/checks/dependency_update_tool.go +++ b/checks/dependency_update_tool.go @@ -23,7 +23,7 @@ import ( "github.com/ossf/scorecard/v4/probes/zrunner" ) -// CheckDependencyUpdateTool is the exported name for Automatic-Depdendency-Update. +// CheckDependencyUpdateTool is the exported name for Dependency-Update-Tool. const CheckDependencyUpdateTool = "Dependency-Update-Tool" //nolint:gochecknoinits diff --git a/checks/raw/dependency_update_tool.go b/checks/raw/dependency_update_tool.go index 63b262c70a1..5b9cc819b06 100644 --- a/checks/raw/dependency_update_tool.go +++ b/checks/raw/dependency_update_tool.go @@ -29,7 +29,7 @@ const ( dependabotID = 49699333 ) -// DependencyUpdateTool is the exported name for Depdendency-Update-Tool. +// DependencyUpdateTool is the exported name for Dependency-Update-Tool. func DependencyUpdateTool(c clients.RepoClient) (checker.DependencyUpdateToolData, error) { var tools []checker.Tool err := fileparser.OnAllFilesDo(c, checkDependencyFileExists, &tools) diff --git a/dependencydiff/raw_dependencies.go b/dependencydiff/raw_dependencies.go index fdf216e5d1a..de83cff625f 100644 --- a/dependencydiff/raw_dependencies.go +++ b/dependencydiff/raw_dependencies.go @@ -26,7 +26,7 @@ import ( ) // dependency is a raw dependency fetched from the GitHub Dependency Review API. -// Fields of a dependnecy corresponding to those of pkg.DependencyCheckResult. +// Fields of a dependency corresponding to those of pkg.DependencyCheckResult. type dependency struct { // Package URL is a short link for a package. PackageURL *string `json:"package_url"` diff --git a/probes/entries.go b/probes/entries.go index 1f95324a34b..69a4eed4f56 100644 --- a/probes/entries.go +++ b/probes/entries.go @@ -79,7 +79,7 @@ var ( securityPolicyContainsText.Run, } // DependencyToolUpdates is all the probes for the - // DpendencyUpdateTool check. + // DependencyUpdateTool check. DependencyToolUpdates = []ProbeImpl{ toolRenovateInstalled.Run, toolDependabotInstalled.Run, diff --git a/remediation/remediations_test.go b/remediation/remediations_test.go index 3ea529aad58..8ec39e0ff1e 100644 --- a/remediation/remediations_test.go +++ b/remediation/remediations_test.go @@ -81,7 +81,7 @@ func TestCreateDockerfilePinningRemediation(t *testing.T) { expected *rule.Remediation }{ { - name: "no depdendency", + name: "no dependency", dep: checker.Dependency{}, expected: nil, }, From c980ab36828c40518a5b3668f56b87a2848b2301 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:17:27 -0500 Subject: [PATCH 27/88] spelling: depending Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/branchProtectionAppliesToAdmins/def.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/probes/branchProtectionAppliesToAdmins/def.yml b/probes/branchProtectionAppliesToAdmins/def.yml index 6c27b98d75d..f0d74f77551 100644 --- a/probes/branchProtectionAppliesToAdmins/def.yml +++ b/probes/branchProtectionAppliesToAdmins/def.yml @@ -23,12 +23,12 @@ outcome: remediation: effort: Medium text: - - The remediation effort can be Low to High dependening on other branch protection settings. + - The remediation effort can be Low to High depending on other branch protection settings. - Enforce protection rules for admins on all branches. - For GitHub-hosted projects, see the ["Do not allow bypassing the above settings"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings) section in the GitHub docs. - For Gitlab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. markdown: - - The remediation effort can be Low to High dependening on other branch protection settings. + - The remediation effort can be Low to High depending on other branch protection settings. - Enforce protection rules for admins on all branches. - For GitHub-hosted projects, see the ["Do not allow bypassing the above settings"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings) section in the GitHub docs. - For Gitlab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. \ No newline at end of file From d3a8c11e244a2df404eb543ed7615effdbb07a6e Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:17:42 -0500 Subject: [PATCH 28/88] spelling: desired Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- finding/finding.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/finding/finding.go b/finding/finding.go index 98db226548c..a5f9eb65e60 100644 --- a/finding/finding.go +++ b/finding/finding.go @@ -147,7 +147,7 @@ func New(loc embed.FS, probeID string) (*Finding, error) { return f, nil } -// NewWith create a finding with the desried location and outcome. +// NewWith create a finding with the desired location and outcome. func NewWith(efs embed.FS, probeID, text string, loc *Location, o Outcome, ) (*Finding, error) { From 5ca2450322e2513d57d5b01f628198b80f844f4f Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:17:58 -0500 Subject: [PATCH 29/88] spelling: different Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/internal/scdiff/app/compare/compare_test.go | 2 +- cmd/internal/scdiff/main.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/internal/scdiff/app/compare/compare_test.go b/cmd/internal/scdiff/app/compare/compare_test.go index 3625e650499..c24874d773a 100644 --- a/cmd/internal/scdiff/app/compare/compare_test.go +++ b/cmd/internal/scdiff/app/compare/compare_test.go @@ -153,7 +153,7 @@ func TestResults(t *testing.T) { wantEqual: false, }, { - name: "details have differnet levels", + name: "details have different levels", a: &pkg.ScorecardResult{ Checks: []checker.CheckResult{ { diff --git a/cmd/internal/scdiff/main.go b/cmd/internal/scdiff/main.go index 4d56b3a1b62..639c9925cce 100644 --- a/cmd/internal/scdiff/main.go +++ b/cmd/internal/scdiff/main.go @@ -14,7 +14,7 @@ /* Scdiff is a tool to create and diff goldens when analyzing results. -These results can be from different points in time, or generated by differnet versions of Scorecard. +These results can be from different points in time, or generated by different versions of Scorecard. Intended usage: From 1f07214ff57cb17ee382791c11b2866d0eb4eb72 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:18:16 -0500 Subject: [PATCH 30/88] spelling: disclose Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/securityPolicyContainsText/def.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/securityPolicyContainsText/def.yml b/probes/securityPolicyContainsText/def.yml index 82dccd87adf..d8f2f66c976 100644 --- a/probes/securityPolicyContainsText/def.yml +++ b/probes/securityPolicyContainsText/def.yml @@ -15,7 +15,7 @@ id: securityPolicyContainsText short: Check that the security policy contains enough text and not just links. motivation: > - Telling security researchers how to privately dislose problems with your project is important. The more details available, the better. + Telling security researchers how to privately disclose problems with your project is important. The more details available, the better. implementation: > The implementation checks that the content of the SECURITY.md contains more than just a link or an email address. It does this by comparing the length of the content to the lengths of the links and email addresses. outcome: From 98775d03585e7d2ee9b87b13e7f30b4eeda96537 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:18:33 -0500 Subject: [PATCH 31/88] spelling: download Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/package_managers_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/package_managers_test.go b/cmd/package_managers_test.go index f43acb531bc..0dee9a2b6f5 100644 --- a/cmd/package_managers_test.go +++ b/cmd/package_managers_test.go @@ -336,7 +336,7 @@ func Test_fetchGitRepositoryFromPYPI(t *testing.T) { "description": "UNKNOWN", "description_content_type": null, "docs_url": null, - "downoad_url": null, + "download_url": null, "downloads": { "last_day": -1, "last_month": -1, From 215584eb13cc7d8fb899d9d0ad98dbe93991b00b Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:11:17 -0500 Subject: [PATCH 32/88] spelling: each Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index cb17b1d21fd..14f6119715f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -65,7 +65,7 @@ jobs: permissions: contents: read needs: docs_only_check - # ideally we put one "if" here, but due to how skipped matrix jobs work, we need one for each each step + # ideally we put one "if" here, but due to how skipped matrix jobs work, we need one for each step # https://github.com/orgs/community/discussions/9141 steps: - name: Harden Runner From abf5203fea9cdc5b2a2cb6c16163494270a577e0 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:18:51 -0500 Subject: [PATCH 33/88] spelling: enforce Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/releasesHaveProvenance/impl_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/releasesHaveProvenance/impl_test.go b/probes/releasesHaveProvenance/impl_test.go index dd4a929e024..6d9ddc010d1 100644 --- a/probes/releasesHaveProvenance/impl_test.go +++ b/probes/releasesHaveProvenance/impl_test.go @@ -154,7 +154,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "enforece lookback limit of 5 releases", + name: "enforce lookback limit of 5 releases", raw: &checker.RawResults{ SignedReleasesResults: checker.SignedReleasesData{ Releases: []clients.Release{ From e3278151fe6e99554ac9f12b612449282bcd45f2 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:12:26 -0500 Subject: [PATCH 34/88] spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cron/internal/emulator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/emulator/README.md b/cron/internal/emulator/README.md index 09174774e4f..391c2174b90 100644 --- a/cron/internal/emulator/README.md +++ b/cron/internal/emulator/README.md @@ -41,7 +41,7 @@ cd python-pubsub/samples/snippet pip install -r requirements.txt ``` -### Running the pubsub emulator (needed to do everytime) +### Running the pubsub emulator (needed to do every time) In a second window from any directory, run the emulator itself: From dd7d93e4f04757811d200da9070689d6ce999ee3 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 18 Jan 2024 09:57:27 -0500 Subject: [PATCH 35/88] spelling: exist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- e2e/searchCommits_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/searchCommits_test.go b/e2e/searchCommits_test.go index db6e42c3b17..b0e5b6c87a7 100644 --- a/e2e/searchCommits_test.go +++ b/e2e/searchCommits_test.go @@ -43,7 +43,7 @@ var _ = Describe("E2E TEST:SearchCommits", func() { err = repoClient.InitRepo(repo, "123456789", 0) Expect(err).ShouldNot(Not(BeNil())) }) - It("Should return error as the user does not exists", func() { + It("Should return error as the user does not exist", func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) From ce2b11779e2cb6242467e4f5f80d1b039a9d2da1 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:12:35 -0500 Subject: [PATCH 36/88] spelling: existing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/evaluation/pinned_dependencies.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/evaluation/pinned_dependencies.go b/checks/evaluation/pinned_dependencies.go index 26271ea4e30..1e7e24ed4b2 100644 --- a/checks/evaluation/pinned_dependencies.go +++ b/checks/evaluation/pinned_dependencies.go @@ -269,7 +269,7 @@ func PinningDependencies(name string, c *checker.CheckRequest, // Go through all dependency types // GitHub Actions need to be handled separately since they are not in pr scores = append(scores, createScoreForGitHubActionsWorkflow(&wp, dl)...) - // Only exisiting dependencies will be found in pr + // Only existing dependencies will be found in pr // We will only score the ecosystem if there are dependencies // This results in only existing ecosystems being included in the final score for t := range pr { From 0e403c02dcb6ded903b077ba5c580ea2d2a73b6d Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:14:25 -0500 Subject: [PATCH 37/88] spelling: fields Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- pkg/json_raw_results.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index cb4fbf354ff..d9a2014235f 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -146,7 +146,7 @@ type jsonCreatedAtTime struct { type jsonComment struct { CreatedAt *time.Time `json:"createdAt"` Author *jsonUser `json:"author"` - // TODO: add ields if needed, e.g., content. + // TODO: add fields if needed, e.g., content. } type jsonIssue struct { From 171f869f2da20eaeef82511648eec9181a0f0f31 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:22:15 -0500 Subject: [PATCH 38/88] spelling: files Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/requiresCodeOwnersReview/impl_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/requiresCodeOwnersReview/impl_test.go b/probes/requiresCodeOwnersReview/impl_test.go index 132d88b5b7a..b58a00c716a 100644 --- a/probes/requiresCodeOwnersReview/impl_test.go +++ b/probes/requiresCodeOwnersReview/impl_test.go @@ -41,7 +41,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "1 branch requires code owner reviews with viles = 1 positive outcome", + name: "1 branch requires code owner reviews with files = 1 positive outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ From e0de5faf75b4eb03730f63c59d7d797ba92ba2b2 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:19:09 -0500 Subject: [PATCH 39/88] spelling: for Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checker/raw_result.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index 097004a0ceb..011bd106cb5 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -348,7 +348,7 @@ type File struct { // TODO: add hash. } -// CIIBestPracticesData contains data foor CIIBestPractices check. +// CIIBestPracticesData contains data for CIIBestPractices check. type CIIBestPracticesData struct { Badge clients.BadgeLevel } From ca9f102f9ac49cd76b8ac2b20b65e34f0efdb746 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:13:08 -0500 Subject: [PATCH 40/88] spelling: force-push Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/githubrepo/branches_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/branches_test.go b/clients/githubrepo/branches_test.go index e8467422449..f41316a7ae4 100644 --- a/clients/githubrepo/branches_test.go +++ b/clients/githubrepo/branches_test.go @@ -290,7 +290,7 @@ func Test_applyRepoRules(t *testing.T) { BranchProtectionRule: clients.BranchProtectionRule{ AllowDeletions: &falseVal, AllowForcePushes: &falseVal, - EnforceAdmins: &falseVal, // Maintain: deletion enforces but forcepush does not + EnforceAdmins: &falseVal, // Maintain: deletion enforces but force-push does not RequireLinearHistory: &falseVal, RequiredPullRequestReviews: clients.PullRequestReviewRule{ Required: &falseVal, From 5e02eb7535bdb2c780d10385f0bd92d88c829fef Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:07:04 -0500 Subject: [PATCH 41/88] spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- README.md | 2 +- clients/githubrepo/graphql.go | 2 +- clients/githubrepo/repo_test.go | 6 +++--- clients/githubrepo/roundtripper/rate_limit.go | 2 +- clients/user.go | 2 +- docs/checks.md | 4 ++-- docs/checks/internal/checks.yaml | 4 ++-- probes/hasDangerousWorkflowScriptInjection/def.yml | 2 +- probes/hasDangerousWorkflowUntrustedCheckout/def.yml | 2 +- probes/hasFSFOrOSIApprovedLicense/def.yml | 2 +- probes/hasLicenseFile/def.yml | 2 +- probes/packagedWithAutomatedWorkflow/impl.go | 2 +- probes/releasesAreSigned/def.yml | 4 ++-- probes/releasesHaveProvenance/def.yml | 4 ++-- probes/testsRunInCI/def.yml | 2 +- 15 files changed, 21 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 91e0db6d9ca..c86c2166f8f 100644 --- a/README.md +++ b/README.md @@ -559,7 +559,7 @@ risk level. ### Report Problems If you have what looks like a bug, please use the -[Github issue tracking system.](https://github.com/ossf/scorecard/issues) Before +[GitHub issue tracking system.](https://github.com/ossf/scorecard/issues) Before you file an issue, please search existing issues to see if your issue is already covered. diff --git a/clients/githubrepo/graphql.go b/clients/githubrepo/graphql.go index 50f0fdc2dbd..3a5940cc45c 100644 --- a/clients/githubrepo/graphql.go +++ b/clients/githubrepo/graphql.go @@ -266,7 +266,7 @@ func commitsFrom(data *graphqlData, repoOwner, repoName string) ([]clients.Commi continue } // ResourcePath: e.g., for dependabot, "/apps/dependabot", or "/apps/renovate" - // Path that can be appended to "https://github.com" for a Github resource + // Path that can be appended to "https://github.com" for a GitHub resource openedByBot := strings.HasPrefix(string(pr.Author.ResourcePath), "/apps/") associatedPR = clients.PullRequest{ Number: int(pr.Number), diff --git a/clients/githubrepo/repo_test.go b/clients/githubrepo/repo_test.go index b0fdca7703d..7b8b2977e77 100644 --- a/clients/githubrepo/repo_test.go +++ b/clients/githubrepo/repo_test.go @@ -50,7 +50,7 @@ func TestRepoURL_IsValid(t *testing.T) { wantErr: false, }, { - name: "Non github repository", + name: "Non GitHub repository", expected: repoURL{ host: "gitlab.com", owner: "foo", @@ -60,7 +60,7 @@ func TestRepoURL_IsValid(t *testing.T) { wantErr: true, }, { - name: "Github repository", + name: "GitHub repository", expected: repoURL{ host: "github.com", owner: "foo", @@ -70,7 +70,7 @@ func TestRepoURL_IsValid(t *testing.T) { wantErr: false, }, { - name: "Github repository with host", + name: "GitHub repository with host", expected: repoURL{ host: "github.com", owner: "foo", diff --git a/clients/githubrepo/roundtripper/rate_limit.go b/clients/githubrepo/roundtripper/rate_limit.go index 6d7d76b482c..5b0e064f4b0 100644 --- a/clients/githubrepo/roundtripper/rate_limit.go +++ b/clients/githubrepo/roundtripper/rate_limit.go @@ -36,7 +36,7 @@ func MakeRateLimitedTransport(innerTransport http.RoundTripper, logger *log.Logg } } -// rateLimitTransport is a rate-limit aware http.Transport for Github. +// rateLimitTransport is a rate-limit aware http.Transport for GitHub. type rateLimitTransport struct { logger *log.Logger innerTransport http.RoundTripper diff --git a/clients/user.go b/clients/user.go index ffbd2ce5805..489d0b2f763 100644 --- a/clients/user.go +++ b/clients/user.go @@ -28,7 +28,7 @@ type User struct { type RepoAssociation uint32 // Values taken from https://docs.github.com/en/graphql/reference/enums#commentauthorassociation. -// Additional values may be added in the future for non-Github projects. +// Additional values may be added in the future for non-GitHub projects. // NOTE: Values are present in increasing order of privilege. If adding new values // maintain the order of privilege to ensure Gte() functionality is preserved. const ( diff --git a/docs/checks.md b/docs/checks.md index 7985bea0f97..e5fe78f4c73 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -413,7 +413,7 @@ need maintenance unless an underlying implementation language definition changed. A lack of active maintenance should signal that potential users should investigate further to judge the situation. -This check will only succeed if a Github project is >90 days old. Projects +This check will only succeed if a GitHub project is >90 days old. Projects that are younger than this are too new to assess whether they are maintained or not, and users should inspect the contents of those projects to ensure they are as expected. @@ -526,7 +526,7 @@ SAST is testing run on source code before the application is run. Using SAST tools can prevent known classes of bugs from being inadvertently introduced in the codebase. -The checks currently looks for known Github apps such as +The checks currently looks for known GitHub apps such as [CodeQL](https://codeql.github.com/) (github-code-scanning) or [SonarCloud](https://sonarcloud.io/) in the recent (~30) merged PRs, or the use of "github/codeql-action" in a GitHub workflow. It also checks for the deprecated diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 5b4fcccb604..75023f42995 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -38,7 +38,7 @@ checks: changed. A lack of active maintenance should signal that potential users should investigate further to judge the situation. - This check will only succeed if a Github project is >90 days old. Projects + This check will only succeed if a GitHub project is >90 days old. Projects that are younger than this are too new to assess whether they are maintained or not, and users should inspect the contents of those projects to ensure they are as expected. @@ -544,7 +544,7 @@ checks: tools can prevent known classes of bugs from being inadvertently introduced in the codebase. - The checks currently looks for known Github apps such as + The checks currently looks for known GitHub apps such as [CodeQL](https://codeql.github.com/) (github-code-scanning) or [SonarCloud](https://sonarcloud.io/) in the recent (~30) merged PRs, or the use of "github/codeql-action" in a GitHub workflow. It also checks for the deprecated diff --git a/probes/hasDangerousWorkflowScriptInjection/def.yml b/probes/hasDangerousWorkflowScriptInjection/def.yml index f2c30529506..ede46e87986 100644 --- a/probes/hasDangerousWorkflowScriptInjection/def.yml +++ b/probes/hasDangerousWorkflowScriptInjection/def.yml @@ -13,7 +13,7 @@ # limitations under the License. id: hasDangerousWorkflowScriptInjection -short: Check whether the project has Github Actions workflows that enable script injection. +short: Check whether the project has GitHub Actions workflows that enable script injection. motivation: > Script Injection with Untrusted Context Variables: This pattern detects whether a workflow's inline script may execute untrusted input from attackers. This occurs when an attacker adds malicious commands and scripts to a context. When a workflow runs, these strings may be interpreted as code that is executed on the runner. Attackers can add their own content to certain github context variables that are considered untrusted, for example, github.event.issue.title. These values should not flow directly into executable code. implementation: > diff --git a/probes/hasDangerousWorkflowUntrustedCheckout/def.yml b/probes/hasDangerousWorkflowUntrustedCheckout/def.yml index 0a6e9c0cddf..be7e87ff2de 100644 --- a/probes/hasDangerousWorkflowUntrustedCheckout/def.yml +++ b/probes/hasDangerousWorkflowUntrustedCheckout/def.yml @@ -13,7 +13,7 @@ # limitations under the License. id: hasDangerousWorkflowUntrustedCheckout -short: Check whether the project has Github Actions workflows that does untrusted checkouts. +short: Check whether the project has GitHub Actions workflows that does untrusted checkouts. motivation: > Untrusted Code Checkout: This is the misuse of potentially dangerous triggers. This checks if a pull_request_target or workflow_run workflow trigger was used in conjunction with an explicit pull request checkout. Workflows triggered with pull_request_target / workflow_run have write permission to the target repository and access to target repository secrets. With the PR checkout, PR authors may compromise the repository, for example, by using build scripts controlled by the author of the PR or reading token in memory. This check does not detect whether untrusted code checkouts are used safely, for example, only on pull request that have been assigned a label. implementation: > diff --git a/probes/hasFSFOrOSIApprovedLicense/def.yml b/probes/hasFSFOrOSIApprovedLicense/def.yml index 06e429c43a4..9e9269fa09b 100644 --- a/probes/hasFSFOrOSIApprovedLicense/def.yml +++ b/probes/hasFSFOrOSIApprovedLicense/def.yml @@ -25,4 +25,4 @@ outcome: remediation: effort: Low text: - - Update the license file format in the Github repository to be of an approved format. \ No newline at end of file + - Update the license file format in the GitHub repository to be of an approved format. \ No newline at end of file diff --git a/probes/hasLicenseFile/def.yml b/probes/hasLicenseFile/def.yml index d283bbef2f8..6b5194ef4db 100644 --- a/probes/hasLicenseFile/def.yml +++ b/probes/hasLicenseFile/def.yml @@ -24,6 +24,6 @@ outcome: remediation: effort: Low text: - - For Github projects, follow [this guide](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository) to determine which license to apply to your project and establish a license file for your project. + - For GitHub projects, follow [this guide](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository) to determine which license to apply to your project and establish a license file for your project. - For Gitlab projects, create the license in a .adoc, .asc, .docx, .doc, .ext, .html, .markdown, .md, .rst, .txt, or .xml, named LICENSE, COPYRIGHT, or COPYING, and place it in the top-level directory. To identify a specific license, use an SPDX license identifier in the filename. Examples include LICENSE.md, Apache-2.0-LICENSE.md or LICENSE-Apache-2.0. - Alternately, create a LICENSE directory and add a license file(s) with a name that matches your SPDX license identifier. such as LICENSES/Apache-2.0.txt. \ No newline at end of file diff --git a/probes/packagedWithAutomatedWorkflow/impl.go b/probes/packagedWithAutomatedWorkflow/impl.go index 5c30e2766d2..2eb13d30651 100644 --- a/probes/packagedWithAutomatedWorkflow/impl.go +++ b/probes/packagedWithAutomatedWorkflow/impl.go @@ -44,7 +44,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { // Presence of a single non-debug message means the // check passes. f, err := finding.NewWith(fs, Probe, - "Project packages its releases by way of Github Actions.", nil, + "Project packages its releases by way of GitHub Actions.", nil, finding.OutcomePositive) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) diff --git a/probes/releasesAreSigned/def.yml b/probes/releasesAreSigned/def.yml index 5c77599a067..d068c6ab239 100644 --- a/probes/releasesAreSigned/def.yml +++ b/probes/releasesAreSigned/def.yml @@ -13,11 +13,11 @@ # limitations under the License. id: releasesAreSigned -short: Check that the projects Github and Gitlab releases are signed. +short: Check that the projects GitHub and Gitlab releases are signed. motivation: > Signed releases allow consumers to verify their artifacts before consuming them. implementation: > - The implementation checks whether a signature file is present in release assets. The probe checks the last 5 releases on Github and Gitlab. + The implementation checks whether a signature file is present in release assets. The probe checks the last 5 releases on GitHub and Gitlab. outcome: - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a signature file in the release assets. - For each of the last 5 releases, the probe returns OutcomeNegative, if the the release does not have a signature file in the release assets. diff --git a/probes/releasesHaveProvenance/def.yml b/probes/releasesHaveProvenance/def.yml index 4cb0dc70b74..63bcb4448ff 100644 --- a/probes/releasesHaveProvenance/def.yml +++ b/probes/releasesHaveProvenance/def.yml @@ -13,11 +13,11 @@ # limitations under the License. id: releasesHaveProvenance -short: Check that the projects releases on Github and Gitlab have provenance. +short: Check that the projects releases on GitHub and Gitlab have provenance. motivation: > Provenance give users security-critical, verifiable information so that consumers can verify their artifacts before consuming them. implementation: > - The probe checks whether any of the assets in any of the last five releases on Github or Gitlab have a provenance file. + The probe checks whether any of the assets in any of the last five releases on GitHub or Gitlab have a provenance file. outcome: - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a provenance file in the release assets. - For each of the last 5 releases, the probe returns OutcomeNegative, if the the release does not have a provenance file in the release assets. diff --git a/probes/testsRunInCI/def.yml b/probes/testsRunInCI/def.yml index 447dbeaa78b..1594ce34f87 100644 --- a/probes/testsRunInCI/def.yml +++ b/probes/testsRunInCI/def.yml @@ -13,7 +13,7 @@ # limitations under the License. id: testsRunInCI -short: Checks that the project runs tests in the CI for example with Github Actions or Prow. +short: Checks that the project runs tests in the CI for example with GitHub Actions or Prow. motivation: > Running tests helps developers catch mistakes early on, which can reduce the number of vulnerabilities that find their way into a project. implementation: > From f25fb784bf07433c622934f815b82407b935fdb9 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:06:28 -0500 Subject: [PATCH 42/88] spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/gitlabrepo/checkruns.go | 2 +- clients/gitlabrepo/repo.go | 4 ++-- probes/blocksDeleteOnBranches/def.yml | 2 +- probes/blocksForcePushOnBranches/def.yml | 4 ++-- probes/branchProtectionAppliesToAdmins/def.yml | 4 ++-- probes/dismissesStaleReviews/def.yml | 2 +- probes/hasLicenseFile/def.yml | 2 +- probes/releasesAreSigned/def.yml | 4 ++-- probes/releasesHaveProvenance/def.yml | 4 ++-- probes/requiresApproversForPullRequests/def.yml | 4 ++-- probes/requiresCodeOwnersReview/def.yml | 4 ++-- probes/requiresLastPushApproval/def.yml | 4 ++-- probes/requiresUpToDateBranches/def.yml | 4 ++-- 13 files changed, 22 insertions(+), 22 deletions(-) diff --git a/clients/gitlabrepo/checkruns.go b/clients/gitlabrepo/checkruns.go index 0dbbf8c214b..6ae8133682c 100644 --- a/clients/gitlabrepo/checkruns.go +++ b/clients/gitlabrepo/checkruns.go @@ -43,7 +43,7 @@ func (handler *checkrunsHandler) listCheckRunsForRef(ref string) ([]clients.Chec options.Ref = &ref } - // Notes for Gitlab ListProjectPipelines endpoint: + // Notes for GitLab ListProjectPipelines endpoint: // Only full SHA works for SHA param, Short SHA does not work // Branch names work for Ref Param, tags and SHAs do not work // Reference: https://docs.gitlab.com/ee/api/pipelines.html#list-project-pipelines diff --git a/clients/gitlabrepo/repo.go b/clients/gitlabrepo/repo.go index 1241fecb4b6..5d51c4f83d9 100644 --- a/clients/gitlabrepo/repo.go +++ b/clients/gitlabrepo/repo.go @@ -12,8 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -// NOTE: In Gitlab repositories are called projects, however to ensure compatibility, -// this package will regard to Gitlab projects as repositories. +// NOTE: In GitLab repositories are called projects, however to ensure compatibility, +// this package will regard to GitLab projects as repositories. package gitlabrepo import ( diff --git a/probes/blocksDeleteOnBranches/def.yml b/probes/blocksDeleteOnBranches/def.yml index fdda8657bd8..9e9db3a3f87 100644 --- a/probes/blocksDeleteOnBranches/def.yml +++ b/probes/blocksDeleteOnBranches/def.yml @@ -24,4 +24,4 @@ remediation: effort: Low text: - Disallow deletion of branches in your project to remove negative outcomes. - - GitHub and Gitlab by default disable deleting a protected branch. \ No newline at end of file + - GitHub and GitLab by default disable deleting a protected branch. \ No newline at end of file diff --git a/probes/blocksForcePushOnBranches/def.yml b/probes/blocksForcePushOnBranches/def.yml index 502ccb29a95..35e1cf03a11 100644 --- a/probes/blocksForcePushOnBranches/def.yml +++ b/probes/blocksForcePushOnBranches/def.yml @@ -26,8 +26,8 @@ remediation: text: - Disallow force pushes branches in your project to remove negative outcomes. - For GitHub-hosted projects, force pushes are disabled by default. To make sure it has not been enabled, see ["Allow force pushes"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#allow-force-pushes). - - For Gitlab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. + - For GitLab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. markdown: - Disallow force pushes branches in your project to remove negative outcomes. - For GitHub-hosted projects, force pushes are disabled by default. To make sure it has not been enabled, see ["Allow force pushes"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#allow-force-pushes). - - For Gitlab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. \ No newline at end of file + - For GitLab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. \ No newline at end of file diff --git a/probes/branchProtectionAppliesToAdmins/def.yml b/probes/branchProtectionAppliesToAdmins/def.yml index f0d74f77551..a00f3404c0e 100644 --- a/probes/branchProtectionAppliesToAdmins/def.yml +++ b/probes/branchProtectionAppliesToAdmins/def.yml @@ -26,9 +26,9 @@ remediation: - The remediation effort can be Low to High depending on other branch protection settings. - Enforce protection rules for admins on all branches. - For GitHub-hosted projects, see the ["Do not allow bypassing the above settings"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings) section in the GitHub docs. - - For Gitlab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. + - For GitLab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. markdown: - The remediation effort can be Low to High depending on other branch protection settings. - Enforce protection rules for admins on all branches. - For GitHub-hosted projects, see the ["Do not allow bypassing the above settings"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings) section in the GitHub docs. - - For Gitlab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. \ No newline at end of file + - For GitLab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. \ No newline at end of file diff --git a/probes/dismissesStaleReviews/def.yml b/probes/dismissesStaleReviews/def.yml index 9dfd90fdeee..26039782b53 100644 --- a/probes/dismissesStaleReviews/def.yml +++ b/probes/dismissesStaleReviews/def.yml @@ -25,4 +25,4 @@ remediation: text: - Configure your repository so that the stale status of PRs is dismissed when users make new commits. - For GitHub-hosted projects, see ["Require pull request reviews before merging"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging). - - For Gitlab-hosted projects, see ["Remove all approvals when commits are added to the source branch"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). \ No newline at end of file + - For GitLab-hosted projects, see ["Remove all approvals when commits are added to the source branch"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). \ No newline at end of file diff --git a/probes/hasLicenseFile/def.yml b/probes/hasLicenseFile/def.yml index 6b5194ef4db..43c5dbeb29b 100644 --- a/probes/hasLicenseFile/def.yml +++ b/probes/hasLicenseFile/def.yml @@ -25,5 +25,5 @@ remediation: effort: Low text: - For GitHub projects, follow [this guide](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository) to determine which license to apply to your project and establish a license file for your project. - - For Gitlab projects, create the license in a .adoc, .asc, .docx, .doc, .ext, .html, .markdown, .md, .rst, .txt, or .xml, named LICENSE, COPYRIGHT, or COPYING, and place it in the top-level directory. To identify a specific license, use an SPDX license identifier in the filename. Examples include LICENSE.md, Apache-2.0-LICENSE.md or LICENSE-Apache-2.0. + - For GitLab projects, create the license in a .adoc, .asc, .docx, .doc, .ext, .html, .markdown, .md, .rst, .txt, or .xml, named LICENSE, COPYRIGHT, or COPYING, and place it in the top-level directory. To identify a specific license, use an SPDX license identifier in the filename. Examples include LICENSE.md, Apache-2.0-LICENSE.md or LICENSE-Apache-2.0. - Alternately, create a LICENSE directory and add a license file(s) with a name that matches your SPDX license identifier. such as LICENSES/Apache-2.0.txt. \ No newline at end of file diff --git a/probes/releasesAreSigned/def.yml b/probes/releasesAreSigned/def.yml index d068c6ab239..ff12cc6692a 100644 --- a/probes/releasesAreSigned/def.yml +++ b/probes/releasesAreSigned/def.yml @@ -13,11 +13,11 @@ # limitations under the License. id: releasesAreSigned -short: Check that the projects GitHub and Gitlab releases are signed. +short: Check that the projects GitHub and GitLab releases are signed. motivation: > Signed releases allow consumers to verify their artifacts before consuming them. implementation: > - The implementation checks whether a signature file is present in release assets. The probe checks the last 5 releases on GitHub and Gitlab. + The implementation checks whether a signature file is present in release assets. The probe checks the last 5 releases on GitHub and GitLab. outcome: - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a signature file in the release assets. - For each of the last 5 releases, the probe returns OutcomeNegative, if the the release does not have a signature file in the release assets. diff --git a/probes/releasesHaveProvenance/def.yml b/probes/releasesHaveProvenance/def.yml index 63bcb4448ff..3567cf4a55f 100644 --- a/probes/releasesHaveProvenance/def.yml +++ b/probes/releasesHaveProvenance/def.yml @@ -13,11 +13,11 @@ # limitations under the License. id: releasesHaveProvenance -short: Check that the projects releases on GitHub and Gitlab have provenance. +short: Check that the projects releases on GitHub and GitLab have provenance. motivation: > Provenance give users security-critical, verifiable information so that consumers can verify their artifacts before consuming them. implementation: > - The probe checks whether any of the assets in any of the last five releases on GitHub or Gitlab have a provenance file. + The probe checks whether any of the assets in any of the last five releases on GitHub or GitLab have a provenance file. outcome: - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a provenance file in the release assets. - For each of the last 5 releases, the probe returns OutcomeNegative, if the the release does not have a provenance file in the release assets. diff --git a/probes/requiresApproversForPullRequests/def.yml b/probes/requiresApproversForPullRequests/def.yml index ace826c4ac4..e778c093d41 100644 --- a/probes/requiresApproversForPullRequests/def.yml +++ b/probes/requiresApproversForPullRequests/def.yml @@ -25,8 +25,8 @@ remediation: text: - Configure the project so that it requires approval to merge PRs. - For GitHub-hosted projects, see ["Approving a pull request with required reviews"](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/approving-a-pull-request-with-required-reviews). - - For Gitlab-hosted projects, see ["Merge request approvals"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/). + - For GitLab-hosted projects, see ["Merge request approvals"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/). markdown: - Configure the project so that it requires approval to merge PRs. - For GitHub-hosted projects, see ["Approving a pull request with required reviews"](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/approving-a-pull-request-with-required-reviews). - - For Gitlab-hosted projects, see ["Merge request approvals"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/). \ No newline at end of file + - For GitLab-hosted projects, see ["Merge request approvals"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/). \ No newline at end of file diff --git a/probes/requiresCodeOwnersReview/def.yml b/probes/requiresCodeOwnersReview/def.yml index d6eeb6d7e20..b7816b36e74 100644 --- a/probes/requiresCodeOwnersReview/def.yml +++ b/probes/requiresCodeOwnersReview/def.yml @@ -25,8 +25,8 @@ remediation: text: - Configure the project such that code owners must review PRs. - For GitHub-hosted projects, see [the About code owners documentation](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners). - - For Gitlab-hosted projects, see [the Code Owners documentation](https://docs.gitlab.com/ee/user/project/codeowners/). + - For GitLab-hosted projects, see [the Code Owners documentation](https://docs.gitlab.com/ee/user/project/codeowners/). markdown: - Configure the project such that code owners must review PRs. - For GitHub-hosted projects, see [the About code owners documentation](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners). - - For Gitlab-hosted projects, see [the Code Owners documentation](https://docs.gitlab.com/ee/user/project/codeowners/). \ No newline at end of file + - For GitLab-hosted projects, see [the Code Owners documentation](https://docs.gitlab.com/ee/user/project/codeowners/). \ No newline at end of file diff --git a/probes/requiresLastPushApproval/def.yml b/probes/requiresLastPushApproval/def.yml index 03c22634fe5..42df216db70 100644 --- a/probes/requiresLastPushApproval/def.yml +++ b/probes/requiresLastPushApproval/def.yml @@ -25,8 +25,8 @@ remediation: text: - Configure the project such that it requires approval of the most recent push. - For GitHub-hosted projects, see [the documentation on protected branches](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) and how to require approval of the last push from someone who did not make the last push. - - For Gitlab-hosted projects, see how to [remove all approvals when commits a added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). + - For GitLab-hosted projects, see how to [remove all approvals when commits a added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). markdown: - Configure the project such that it requires approval of the most recent push. - For GitHub-hosted projects, see [the documentation on protected branches](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) and how to require approval of the last push from someone who did not make the last push. - - For Gitlab-hosted projects, see how to [remove all approvals when commits a added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). \ No newline at end of file + - For GitLab-hosted projects, see how to [remove all approvals when commits a added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). \ No newline at end of file diff --git a/probes/requiresUpToDateBranches/def.yml b/probes/requiresUpToDateBranches/def.yml index 44769b37563..05cd6b64e57 100644 --- a/probes/requiresUpToDateBranches/def.yml +++ b/probes/requiresUpToDateBranches/def.yml @@ -25,8 +25,8 @@ remediation: text: - Configure the repository such that it requires PRs to be in sync with the base branch. - For GitHub-hosted projects, followed [these instructions](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging) - - For Gitlab-hosted projects, use [semi-linear merge methods](https://docs.gitlab.com/ee/user/project/merge_requests/methods/#rebasing-in-semi-linear-merge-methods). + - For GitLab-hosted projects, use [semi-linear merge methods](https://docs.gitlab.com/ee/user/project/merge_requests/methods/#rebasing-in-semi-linear-merge-methods). markdown: - Configure the repository such that it requires PRs to be in sync with the base branch. - For GitHub-hosted projects, followed [these instructions](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging) - - For Gitlab-hosted projects, use [semi-linear merge methods](https://docs.gitlab.com/ee/user/project/merge_requests/methods/#rebasing-in-semi-linear-merge-methods). \ No newline at end of file + - For GitLab-hosted projects, use [semi-linear merge methods](https://docs.gitlab.com/ee/user/project/merge_requests/methods/#rebasing-in-semi-linear-merge-methods). \ No newline at end of file From 54ca0ed23c24e7c833df28df07c3d0cd6366a223 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:20:07 -0500 Subject: [PATCH 43/88] spelling: ignoreed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- e2e/binary_artifacts_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/e2e/binary_artifacts_test.go b/e2e/binary_artifacts_test.go index 8a180a57eb0..1905e1f662f 100644 --- a/e2e/binary_artifacts_test.go +++ b/e2e/binary_artifacts_test.go @@ -75,7 +75,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Dlogger: &dl, } // TODO: upload real binaries to the repo as well. - // There are 24 dummy binaries that are ignoreed because they only contain ASCII characters. + // There are 24 dummy binaries that are ignored because they only contain ASCII characters. expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore - 1, @@ -102,7 +102,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Dlogger: &dl, } // TODO: upload real binaries to the repo as well. - // There are 24 dummy binaries that are ignoreed because they only contain ASCII characters. + // There are 24 dummy binaries that are ignored because they only contain ASCII characters. expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore - 1, From 427ab81bdb70b103d50ed755f0c2dca41287fe67 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:20:25 -0500 Subject: [PATCH 44/88] spelling: implementation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/toolDependabotInstalled/def.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/toolDependabotInstalled/def.yml b/probes/toolDependabotInstalled/def.yml index 18a7ee463d4..1c7da6fcc22 100644 --- a/probes/toolDependabotInstalled/def.yml +++ b/probes/toolDependabotInstalled/def.yml @@ -18,7 +18,7 @@ motivation: > Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks. Dependabot automates the process of updating dependencies by scanning for outdated or insecure requirements, and opening a pull request to update them if found. implementation: > - The implemtation looks for the presence of files named ".github/dependabot.yml" or ".github/dependabot.yaml". If none of these files are found, + The implementation looks for the presence of files named ".github/dependabot.yml" or ".github/dependabot.yaml". If none of these files are found, the implementation checks whether commits are authored by Dependabot. If none of these succeed, Dependabot is not installed. NOTE: if the configuration files are found, the probe does not ensure that the Dependabot is run or that the Dependabot's pull requests are merged. outcome: From 26ecde7c509a8fe729262d8016daa01b13dd4925 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:20:16 -0500 Subject: [PATCH 45/88] spelling: implements Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- docs/checks/impl.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/checks/impl.go b/docs/checks/impl.go index 82c5d6f0e30..f10713f4f06 100644 --- a/docs/checks/impl.go +++ b/docs/checks/impl.go @@ -77,7 +77,7 @@ func (d DocImpl) CheckExists(name string) bool { return exists } -// CheckDocImpl implementts `CheckDoc` interface and +// CheckDocImpl implements `CheckDoc` interface and // stores documentation about a check. type CheckDocImpl struct { internalCheck internal.Check From dfda20cc6f3aa579979d64d6f5f3becf584afabe Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:21:04 -0500 Subject: [PATCH 46/88] spelling: increase Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/evaluation/branch_protection.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/evaluation/branch_protection.go b/checks/evaluation/branch_protection.go index cccf2e28977..c8ba6c471ca 100644 --- a/checks/evaluation/branch_protection.go +++ b/checks/evaluation/branch_protection.go @@ -361,7 +361,7 @@ func adminThoroughReviewProtection(branch *clients.BranchRef, dl checker.DetailL // nil typically means we do not have access to the value. if branch.BranchProtectionRule.EnforceAdmins != nil { - // Note: we don't inrecase max possible score for non-admin viewers. + // Note: we don't increase max possible score for non-admin viewers. max++ switch *branch.BranchProtectionRule.EnforceAdmins { case true: From d2b6b7dcd1af9ebcd22ca556cb10c9c99a729b05 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:20:43 -0500 Subject: [PATCH 47/88] spelling: indicates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/evaluation/branch_protection.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/evaluation/branch_protection.go b/checks/evaluation/branch_protection.go index c8ba6c471ca..f5848d521dc 100644 --- a/checks/evaluation/branch_protection.go +++ b/checks/evaluation/branch_protection.go @@ -70,7 +70,7 @@ func BranchProtection(name string, dl checker.DetailLogger, var score levelScore b := r.Branches[i] - // Protected field only indates that the branch matches + // Protected field only indicates that the branch matches // one `Branch protection rules`. All settings may be disabled, // so it does not provide any guarantees. protected := !(b.Protected != nil && !*b.Protected) From 6e9a890b546e78f0019d08f3243c16284ec9f9a8 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:21:13 -0500 Subject: [PATCH 48/88] spelling: initialized Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/githubrepo/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 53f8da718a2..dbef2cf9134 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -343,7 +343,7 @@ func CreateGithubRepoClient(ctx context.Context, logger *log.Logger) clients.Rep } // CreateOssFuzzRepoClient returns a RepoClient implementation -// intialized to `google/oss-fuzz` GitHub repository. +// initialized to `google/oss-fuzz` GitHub repository. // // Deprecated: Searching the github.com/google/oss-fuzz repo for projects is flawed. Use a constructor // from clients/ossfuzz instead. https://github.com/ossf/scorecard/issues/2670 From 9615774989ed629f6502d5281ed313372559b562 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:20:54 -0500 Subject: [PATCH 49/88] spelling: instructions Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cron/internal/emulator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/emulator/README.md b/cron/internal/emulator/README.md index 391c2174b90..7b0a86c5491 100644 --- a/cron/internal/emulator/README.md +++ b/cron/internal/emulator/README.md @@ -23,7 +23,7 @@ fake-gcs-server -scheme http -public-host 0.0.0.0:4443 \ ``` ## pubsub emulator: -Google Cloud has a [pubsub emulator](https://cloud.google.com/pubsub/docs/emulator) with complete install ininstructions. +Google Cloud has a [pubsub emulator](https://cloud.google.com/pubsub/docs/emulator) with complete install instructions. I've summarized some of them below. From ee188d1b7033274bb62e69b3abb80b7198ff4b6d Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:21:22 -0500 Subject: [PATCH 50/88] spelling: invalid Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/githubrepo/githubrepo_suite_test.go | 2 +- e2e/e2e_suite_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/clients/githubrepo/githubrepo_suite_test.go b/clients/githubrepo/githubrepo_suite_test.go index f86ac76ce26..399656fd887 100644 --- a/clients/githubrepo/githubrepo_suite_test.go +++ b/clients/githubrepo/githubrepo_suite_test.go @@ -76,6 +76,6 @@ var _ = BeforeSuite(func() { case "GITHUB_TOKEN": tokType = githubWorkflowDefaultTokenType default: - panic(fmt.Sprintf("invald TOKEN_TYPE: %s", tt)) + panic(fmt.Sprintf("invalid TOKEN_TYPE: %s", tt)) } }) diff --git a/e2e/e2e_suite_test.go b/e2e/e2e_suite_test.go index e1f59f2e84f..9eb76f9cba0 100644 --- a/e2e/e2e_suite_test.go +++ b/e2e/e2e_suite_test.go @@ -63,6 +63,6 @@ var _ = BeforeSuite(func() { case "GITLAB_PAT": tokType = gitlabPATTokenType default: - panic(fmt.Sprintf("invald TOKEN_TYPE: %s", tt)) + panic(fmt.Sprintf("invalid TOKEN_TYPE: %s", tt)) } }) From 62ee5c05e0bdd7d6c6ef06f789b8a128eee45bec Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:21:52 -0500 Subject: [PATCH 51/88] spelling: marshal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/internal/nuget/client_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/internal/nuget/client_test.go b/cmd/internal/nuget/client_test.go index 350386d42f6..4379c238332 100644 --- a/cmd/internal/nuget/client_test.go +++ b/cmd/internal/nuget/client_test.go @@ -503,7 +503,7 @@ func Test_fetchGitRepositoryFromNuget(t *testing.T) { wantErr: true, }, { - name: "error marhsal entry", + name: "error marshal entry", args: nugetTestArgs{ inputPackageName: "nuget-package", resultIndex: "index.json", From e6decada7ed5528e898685f84fb513dc57ee438a Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:21:59 -0500 Subject: [PATCH 52/88] spelling: match Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/fileparser/github_workflow.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/fileparser/github_workflow.go b/checks/fileparser/github_workflow.go index 3dda4f3e581..5ffc9722933 100644 --- a/checks/fileparser/github_workflow.go +++ b/checks/fileparser/github_workflow.go @@ -343,7 +343,7 @@ type JobMatcherStep struct { Run string } -// JobMatchResult represents the result of a matche. +// JobMatchResult represents the result of a match. type JobMatchResult struct { Msg string File checker.File From 2ddb490770598be88b3ef7983dadd385ceb18825 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:11:27 -0500 Subject: [PATCH 53/88] spelling: name Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/binary_artifact.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/raw/binary_artifact.go b/checks/raw/binary_artifact.go index c2fc925c097..1c7a82f246d 100644 --- a/checks/raw/binary_artifact.go +++ b/checks/raw/binary_artifact.go @@ -278,7 +278,7 @@ func checkWorkflowValidatesGradleWrapper(path string, content []byte, args ...in return true, nil } -// fileExists checks if a file of name name exists, including within +// fileExists checks if a file named `name` exists, including within // subdirectories. func fileExists(files []checker.File, name string) bool { for _, f := range files { From 9a16d86671a4350f0c3deb9bb6e86f36cdf8ac4e Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:10:45 -0500 Subject: [PATCH 54/88] spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/binary_artifact_test.go | 2 +- clients/githubrepo/branches_e2e_test.go | 4 ++-- clients/ossfuzz/client_test.go | 12 ++++++------ cmd/internal/scdiff/app/stats_test.go | 2 +- cron/config/config_test.go | 2 +- cron/internal/controller/bucket_test.go | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/checks/raw/binary_artifact_test.go b/checks/raw/binary_artifact_test.go index 22362c40c19..590e86a7833 100644 --- a/checks/raw/binary_artifact_test.go +++ b/checks/raw/binary_artifact_test.go @@ -82,7 +82,7 @@ func TestBinaryArtifacts(t *testing.T) { name: "non binary file", err: nil, files: [][]string{ - {"../doesnotexist"}, + {"../nonexistent"}, }, getFileContentCount: 1, }, diff --git a/clients/githubrepo/branches_e2e_test.go b/clients/githubrepo/branches_e2e_test.go index f84d81f7fa8..1e842d88b65 100644 --- a/clients/githubrepo/branches_e2e_test.go +++ b/clients/githubrepo/branches_e2e_test.go @@ -95,7 +95,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { Expect(branchRef).ShouldNot(BeNil()) }) - It("Should return an error for non-existent branch", func() { + It("Should return an error for nonexistent branch", func() { skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ @@ -105,7 +105,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { } brancheshandler.init(context.Background(), repourl) - branchRef, err := brancheshandler.getBranch("non-existent-branch") + branchRef, err := brancheshandler.getBranch("nonexistent-branch") Expect(err).Should(BeNil()) Expect(branchRef).Should(BeNil()) }) diff --git a/clients/ossfuzz/client_test.go b/clients/ossfuzz/client_test.go index 9ab4b3fa014..fd0ad92a612 100644 --- a/clients/ossfuzz/client_test.go +++ b/clients/ossfuzz/client_test.go @@ -43,14 +43,14 @@ func TestClient(t *testing.T) { wantErr: false, }, { - name: "non existent project", + name: "nonexistent project", project: "github.com/not/here", statusFile: "status.json", wantHit: false, wantErr: false, }, { - name: "non existent project which is a substring of a present project", + name: "nonexistent project which is a substring of a present project", project: "github.com/ossf/score", statusFile: "status.json", wantHit: false, @@ -71,7 +71,7 @@ func TestClient(t *testing.T) { wantErr: false, }, { - name: "non existent status file", + name: "nonexistent status file", project: "github.com/ossf/scorecard", statusFile: "not_here.json", wantHit: false, @@ -123,7 +123,7 @@ func TestClientEager(t *testing.T) { wantCreateErr: false, }, { - name: "non existent project", + name: "nonexistent project", project: "github.com/not/here", statusFile: "status.json", wantHit: false, @@ -131,7 +131,7 @@ func TestClientEager(t *testing.T) { wantCreateErr: false, }, { - name: "non existent project which is a substring of a present project", + name: "nonexistent project which is a substring of a present project", project: "github.com/ossf/score", statusFile: "status.json", wantHit: false, @@ -139,7 +139,7 @@ func TestClientEager(t *testing.T) { wantCreateErr: false, }, { - name: "non existent status file", + name: "nonexistent status file", project: "github.com/ossf/scorecard", statusFile: "not_here.json", wantHit: false, diff --git a/cmd/internal/scdiff/app/stats_test.go b/cmd/internal/scdiff/app/stats_test.go index 1931c97e3aa..9d86c62cf7e 100644 --- a/cmd/internal/scdiff/app/stats_test.go +++ b/cmd/internal/scdiff/app/stats_test.go @@ -53,7 +53,7 @@ func Test_countScores(t *testing.T) { want: [12]int{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1}, }, { - name: "non existent check", + name: "nonexistent check", check: "not present", results: common, wantErr: true, diff --git a/cron/config/config_test.go b/cron/config/config_test.go index 609b1c1cbdf..335575336e8 100644 --- a/cron/config/config_test.go +++ b/cron/config/config_test.go @@ -510,7 +510,7 @@ func TestGetAdditionalParams(t *testing.T) { wantErr: false, }, { - name: "nonexistant value", + name: "nonexistent value", mapName: "this-value-should-never-exist", want: map[string]string{}, wantErr: true, diff --git a/cron/internal/controller/bucket_test.go b/cron/internal/controller/bucket_test.go index 2b041353174..acc88337f89 100644 --- a/cron/internal/controller/bucket_test.go +++ b/cron/internal/controller/bucket_test.go @@ -63,7 +63,7 @@ func TestGetPrefix(t *testing.T) { wantErr: false, }, { - name: "non existent prefix file", + name: "nonexistent prefix file", url: "testdata/getPrefix", prefix: "", prefixFile: "baz", From 9bee8f7eb6f5691da0f5d063791862e572efae68 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:22:55 -0500 Subject: [PATCH 55/88] spelling: organization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- pkg/json_raw_results.go | 2 +- probes/securityPolicyPresent/def.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index d9a2014235f..01ed16cf224 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -86,7 +86,7 @@ type jsonReview struct { type jsonUser struct { RepoAssociation *string `json:"repoAssociation,omitempty"` Login string `json:"login"` - // Orgnization refers to a GitHub org. + // Organization refers to a GitHub org. Organizations []jsonOrganization `json:"organization,omitempty"` // Companies refer to a claim by a user in their profile. Companies []jsonCompany `json:"company,omitempty"` diff --git a/probes/securityPolicyPresent/def.yml b/probes/securityPolicyPresent/def.yml index e5cbe4ffa2c..b2252fd81f8 100644 --- a/probes/securityPolicyPresent/def.yml +++ b/probes/securityPolicyPresent/def.yml @@ -16,7 +16,7 @@ id: securityPolicyPresent short: Check if a security policy is defined in the repository or in the org's .github repository. motivation: > A security policy (typically a SECURITY.md file) can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. - If you have a large orgnization, having a unified security policy across all your repositories may simplify the vulnerability disclosure response. + If you have a large organization, having a unified security policy across all your repositories may simplify the vulnerability disclosure response. implementation: > The implementation looks for the presence of security policy files in the repository or in '/.github' repository. See https://github.com/ossf/scorecard/blob/main/checks/raw/security_policy.go#L139 for a detailed list of filenames. outcome: From f9dc606cf908535d8e4de6b4f0e321b347d3f91f Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:23:08 -0500 Subject: [PATCH 56/88] spelling: package Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/shell_download_validate.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/raw/shell_download_validate.go b/checks/raw/shell_download_validate.go index b2149bbf656..93a69fc5dcd 100644 --- a/checks/raw/shell_download_validate.go +++ b/checks/raw/shell_download_validate.go @@ -805,7 +805,7 @@ func isNugetUnpinnedDownload(cmd []string) bool { return false } -func collectUnpinnedPakageManagerDownload(startLine, endLine uint, node syntax.Node, +func collectUnpinnedPackageManagerDownload(startLine, endLine uint, node syntax.Node, cmd, pathfn string, r *checker.PinningDependenciesData, ) { ce, ok := node.(*syntax.CallExpr) @@ -1146,7 +1146,7 @@ func validateShellFileAndRecord(pathfn string, startLine, endLine uint, content collectFetchProcSubsExecute(startLine, endLine, node, cmdStr, pathfn, r) // Package manager's unpinned installs. - collectUnpinnedPakageManagerDownload(startLine, endLine, node, cmdStr, pathfn, r) + collectUnpinnedPackageManagerDownload(startLine, endLine, node, cmdStr, pathfn, r) // TODO(laurent): add check for cat file | bash. // TODO(laurent): detect downloads of zip/tar files containing scripts. From 92a6680b28f82e0a090b5a6cce6f65d408a04bc6 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:23:27 -0500 Subject: [PATCH 57/88] spelling: provenance Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/releasesHaveProvenance/impl_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/releasesHaveProvenance/impl_test.go b/probes/releasesHaveProvenance/impl_test.go index 6d9ddc010d1..5202f5057c3 100644 --- a/probes/releasesHaveProvenance/impl_test.go +++ b/probes/releasesHaveProvenance/impl_test.go @@ -115,7 +115,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "Has two releases without provenace and one with.", + name: "Has two releases without provenance and one with.", raw: &checker.RawResults{ SignedReleasesResults: checker.SignedReleasesData{ Releases: []clients.Release{ From 837653bc87a4f07d25584864c452e092ab984dc1 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:23:46 -0500 Subject: [PATCH 58/88] spelling: query Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/gitlabrepo/searchCommits.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/gitlabrepo/searchCommits.go b/clients/gitlabrepo/searchCommits.go index 1fa1ea9f727..dc44817ee8b 100644 --- a/clients/gitlabrepo/searchCommits.go +++ b/clients/gitlabrepo/searchCommits.go @@ -38,7 +38,7 @@ func (handler *searchCommitsHandler) search(request clients.SearchCommitsOptions } query, err := handler.buildQuery(request) if err != nil { - return nil, fmt.Errorf("handler.buildQuiery: %w", err) + return nil, fmt.Errorf("handler.buildQuery: %w", err) } commits, _, err := handler.glClient.Search.CommitsByProject(handler.repourl.projectID, query, &gitlab.SearchOptions{}) From 9cfaf2ff725cf420adfe0a075a425659fe067502 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:59:36 -0500 Subject: [PATCH 59/88] spelling: readers Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/internal/scdiff/app/compare_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/internal/scdiff/app/compare_test.go b/cmd/internal/scdiff/app/compare_test.go index f4bfc5b3816..83aa8514e1b 100644 --- a/cmd/internal/scdiff/app/compare_test.go +++ b/cmd/internal/scdiff/app/compare_test.go @@ -117,7 +117,7 @@ func Test_compare_reader_err(t *testing.T) { `), }, { - name: "error in both readesr", + name: "error in both readers", x: alwaysErrorReader{}, y: alwaysErrorReader{}, }, From c0c495bbbc88d366cbc62fb1d40fa0aea14e552e Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:23:56 -0500 Subject: [PATCH 60/88] spelling: receive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cron/internal/pubsub/subscriber_gcs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/pubsub/subscriber_gcs.go b/cron/internal/pubsub/subscriber_gcs.go index e223642d345..a03a5176823 100644 --- a/cron/internal/pubsub/subscriber_gcs.go +++ b/cron/internal/pubsub/subscriber_gcs.go @@ -90,7 +90,7 @@ func (subscriber *gcsSubscriber) SynchronousPull() (*data.ScorecardBatchRequest, MaxMessages: maxMessagesToPull, }) if err != nil { - log.Printf("error during Recieive: %v", err) + log.Printf("error during Receive: %v", err) return nil, nil } numReceivedMessages = len(result.GetReceivedMessages()) From 170347abe31644fd22f27b70b9bd54ad35aa048a Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:24:04 -0500 Subject: [PATCH 61/88] spelling: registered Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/security_policy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/security_policy.go b/checks/security_policy.go index 1046c566e13..30410d024f0 100644 --- a/checks/security_policy.go +++ b/checks/security_policy.go @@ -23,7 +23,7 @@ import ( "github.com/ossf/scorecard/v4/probes/zrunner" ) -// CheckSecurityPolicy is the registred name for SecurityPolicy. +// CheckSecurityPolicy is the registered name for SecurityPolicy. const CheckSecurityPolicy = "Security-Policy" //nolint:gochecknoinits From 31b4e1c6aa7bebb90facbb78bba41a9a38869452 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 18 Jan 2024 09:54:26 -0500 Subject: [PATCH 62/88] spelling: remediate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/pinned_dependencies.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/checks/raw/pinned_dependencies.go b/checks/raw/pinned_dependencies.go index afc352873de..be251571dac 100644 --- a/checks/raw/pinned_dependencies.go +++ b/checks/raw/pinned_dependencies.go @@ -231,8 +231,8 @@ func collectDockerfilePinning(c *checker.CheckRequest, r *checker.PinningDepende for i := range r.Dependencies { rr := &r.Dependencies[i] if !*rr.Pinned { - remdtion := remediation.CreateDockerfilePinningRemediation(rr, remediation.CraneDigester{}) - rr.Remediation = remdtion + remediate := remediation.CreateDockerfilePinningRemediation(rr, remediation.CraneDigester{}) + rr.Remediation = remediate } } return nil @@ -486,8 +486,8 @@ func collectGitHubActionsWorkflowPinning(c *checker.CheckRequest, r *checker.Pin for i := range r.Dependencies { rr := &r.Dependencies[i] if !*rr.Pinned { - remdtion := remediationMetadata.CreateWorkflowPinningRemediation(rr.Location.Path) - rr.Remediation = remdtion + remediate := remediationMetadata.CreateWorkflowPinningRemediation(rr.Location.Path) + rr.Remediation = remediate } } return nil From 0568d56c7298750d82e3ff6509a4d708caa621bb Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:24:51 -0500 Subject: [PATCH 63/88] spelling: representation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/internal/nuget/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/internal/nuget/client.go b/cmd/internal/nuget/client.go index 7eb23e4cfab..0de4c6b047e 100644 --- a/cmd/internal/nuget/client.go +++ b/cmd/internal/nuget/client.go @@ -239,7 +239,7 @@ func isSupportedProjectURL(projectURL string) bool { } // Nuget semver diverges from Semantic Versioning. -// This method returns the Nuget represntation of version and pre release strings. +// This method returns the Nuget representation of version and pre release strings. // //nolint:lll // https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#where-nugetversion-diverges-from-semantic-versioning func parseNugetSemVer(versionString string) (base, preReleaseSuffix string) { From 05fd5255a4338c5277d9fb4895f9824d1ccc3e97 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:25:08 -0500 Subject: [PATCH 64/88] spelling: requests Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cron/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/config/config.go b/cron/config/config.go index a3c1a091457..16e83da3473 100644 --- a/cron/config/config.go +++ b/cron/config/config.go @@ -239,7 +239,7 @@ func GetRequestTopicURL() (string, error) { return getStringConfigValue(requestTopicURL, configYAML, "RequestTopicURL", "request-topic-url") } -// GetRequestSubscriptionURL returns the subscription name of the PubSub topic for cron job reuests. +// GetRequestSubscriptionURL returns the subscription name of the PubSub topic for cron job requests. func GetRequestSubscriptionURL() (string, error) { return getStringConfigValue(requestSubscriptionURL, configYAML, "RequestSubscriptionURL", "request-subscription-url") } From 89a5217f7c122a34ede073ad87fc9a83cf982e83 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:24:59 -0500 Subject: [PATCH 65/88] spelling: requires Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/requiresLastPushApproval/impl_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/requiresLastPushApproval/impl_test.go b/probes/requiresLastPushApproval/impl_test.go index 6e4eac365d3..3864797c46b 100644 --- a/probes/requiresLastPushApproval/impl_test.go +++ b/probes/requiresLastPushApproval/impl_test.go @@ -59,7 +59,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "2 branches requirs last push approval = 2 positive outcomes", + name: "2 branches requires last push approval = 2 positive outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ From e69716965a78bfd088027b9fb8a742340c27a352 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:25:03 -0500 Subject: [PATCH 66/88] spelling: return Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/evaluation/sast.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/evaluation/sast.go b/checks/evaluation/sast.go index 63c7beb82de..f6a6897cc98 100644 --- a/checks/evaluation/sast.go +++ b/checks/evaluation/sast.go @@ -93,7 +93,7 @@ func SAST(name string, if sastScore == checker.InconclusiveResultScore && codeQlScore == checker.InconclusiveResultScore { // That can never happen since sastToolInCheckRuns can never - // retun checker.InconclusiveResultScore. + // return checker.InconclusiveResultScore. return checker.CreateRuntimeErrorResult(name, sce.ErrScorecardInternal) } From eea2ba1f5f7513566e5b0e1552ba85d83178229f Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:25:21 -0500 Subject: [PATCH 67/88] spelling: scorecard Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- dependencydiff/dependencydiff.go | 2 +- main.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dependencydiff/dependencydiff.go b/dependencydiff/dependencydiff.go index 78012426ad0..aa1c13b1a6f 100644 --- a/dependencydiff/dependencydiff.go +++ b/dependencydiff/dependencydiff.go @@ -158,7 +158,7 @@ func getScorecardCheckResults(dCtx *dependencydiffContext) error { // Run scorecard on those types of dependencies that the caller would like to check. // If the input map changeTypesToCheck is empty, by default, we run the checks for all valid types. - // TODO (#2064): use the Scorecare REST API to retrieve the Scorecard result statelessly. + // TODO (#2064): use the Scorecard REST API to retrieve the Scorecard result statelessly. scorecardResult, err := pkg.RunScorecard( dCtx.ctx, dCtx.ghRepo, diff --git a/main.go b/main.go index 78224862cb5..97f8e058cc3 100644 --- a/main.go +++ b/main.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package main of OSSF Scoreard. +// Package main of OSSF Scorecard. package main import ( From 8074d39e16b15d1f16939a404a249915b5ce99a9 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:25:41 -0500 Subject: [PATCH 68/88] spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/gitlabrepo/search_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/gitlabrepo/search_test.go b/clients/gitlabrepo/search_test.go index 2286ae4d5c3..ea6be1668c5 100644 --- a/clients/gitlabrepo/search_test.go +++ b/clients/gitlabrepo/search_test.go @@ -94,7 +94,7 @@ func TestBuildQuery(t *testing.T) { expectedQuery: "testquery project:testowner/1234 in:file filename:filename1.txt path:dir1/dir2", }, { - name: "WithFilenameAndPathWithSeperator", + name: "WithFilenameAndPathWithSeparator", repourl: &repoURL{ owner: "testowner", projectID: "1234", From c035b87df8497510815b03bc8254787da3e9a09f Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:25:46 -0500 Subject: [PATCH 69/88] spelling: serialization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cron/data/format.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/data/format.go b/cron/data/format.go index 11b4800682f..77fb2cd6c4d 100644 --- a/cron/data/format.go +++ b/cron/data/format.go @@ -24,7 +24,7 @@ func (s CSVStrings) MarshalCSV() ([]byte, error) { return []byte(strings.Join(s, ",")), nil } -// UnmarshalCSV implements []byte -> []string de-serializtion. +// UnmarshalCSV implements []byte -> []string de-serialization. func (s *CSVStrings) UnmarshalCSV(input []byte) error { if len(input) == 0 { *s = nil From dddd6ae88a5db0a97e419533c1d922f55b666282 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:19:23 -0500 Subject: [PATCH 70/88] spelling: sign up Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- docs/checks.md | 2 +- docs/checks/internal/checks.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/checks.md b/docs/checks.md index e5fe78f4c73..4bc62dba4c4 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -328,7 +328,7 @@ low score is therefore not a definitive indication that the project is at risk. **Remediation steps** -- Signup for automatic dependency updates with one of the previously listed dependency update tools and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on. +- Sign up for automatic dependency updates with one of the previously listed dependency update tools and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on. - Unlike Dependabot, Renovate bot has support to migrate dockerfiles' dependencies from version pinning to hash pinning via the [pinDigests setting](https://docs.renovatebot.com/configuration-options/#pindigests) without additional manual effort. ## Fuzzing diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 75023f42995..4c25be6b714 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -77,7 +77,7 @@ checks: remediation: - >- - Signup for automatic dependency updates with one of the previously listed dependency update tools and place + Sign up for automatic dependency updates with one of the previously listed dependency update tools and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects From 46e637105bfa0ce3146bdd4c3104563f2ef95dec Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:26:02 -0500 Subject: [PATCH 71/88] spelling: specifications Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/fuzzing.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 16d91b457f7..c26cd028906 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -44,7 +44,7 @@ type languageFuzzConfig struct { filePatterns []string } -// Contains fuzzing speficications for programming languages. +// Contains fuzzing specifications for programming languages. // Please use the type Language defined in clients/languages.go rather than a raw string. var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{ // Default fuzz patterns for Go. From 357996434593445cedc22779e83fbb05e92bcc78 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:26:14 -0500 Subject: [PATCH 72/88] spelling: specified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/fileparser/github_workflow_test.go | 2 +- ...ied-step.yaml => github-workflow-shells-specified-step.yaml} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename checks/testdata/.github/workflows/{github-workflow-shells-speficied-step.yaml => github-workflow-shells-specified-step.yaml} (100%) diff --git a/checks/fileparser/github_workflow_test.go b/checks/fileparser/github_workflow_test.go index 77d721dd405..29f378bb5b2 100644 --- a/checks/fileparser/github_workflow_test.go +++ b/checks/fileparser/github_workflow_test.go @@ -103,7 +103,7 @@ func TestGitHubWorkflowShell(t *testing.T) { }, { name: "shell specified in step", - filename: "../testdata/.github/workflows/github-workflow-shells-speficied-step.yaml", + filename: "../testdata/.github/workflows/github-workflow-shells-specified-step.yaml", expectedShells: []string{"pwsh"}, }, { diff --git a/checks/testdata/.github/workflows/github-workflow-shells-speficied-step.yaml b/checks/testdata/.github/workflows/github-workflow-shells-specified-step.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-shells-speficied-step.yaml rename to checks/testdata/.github/workflows/github-workflow-shells-specified-step.yaml From e04c3baf53e08ef865e6f8d47dfbeaa7e3ac1f7d Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:26:37 -0500 Subject: [PATCH 73/88] spelling: success Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/testsRunInCI/impl_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/testsRunInCI/impl_test.go b/probes/testsRunInCI/impl_test.go index 670be5dfddb..2569e167252 100644 --- a/probes/testsRunInCI/impl_test.go +++ b/probes/testsRunInCI/impl_test.go @@ -452,7 +452,7 @@ func Test_prHasSuccessfulCheckAdditional(t *testing.T) { }, }, { - name: "conclusion is succesls with a valid app slug", + name: "conclusion is success with a valid app slug", args: args{ r: checker.RevisionCIInfo{ CheckRuns: []clients.CheckRun{ From 8a7585269a555184d100727e7bd9484aa012f381 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:26:42 -0500 Subject: [PATCH 74/88] spelling: successfully Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/sastToolRunsOnAllCommits/def.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/probes/sastToolRunsOnAllCommits/def.yml b/probes/sastToolRunsOnAllCommits/def.yml index d11b30857d1..18d491db47c 100644 --- a/probes/sastToolRunsOnAllCommits/def.yml +++ b/probes/sastToolRunsOnAllCommits/def.yml @@ -20,8 +20,8 @@ implementation: > The implementation iterates through the projects commits and checks whether any of the check runs for the commits associated merge request was any of the SAST tools that Scorecard supports. outcome: - If the project had no commits merged, the probe returns a finding with OutcomeNotApplicable. - - If the project runs SAST tools successfuly on every pull request before merging, the probe returns one finding with OutcomePositive (1). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. - - If the project does not run any SAST tools successfuly on every pull request before merging, the probe returns one finding with OutcomeNegative (0). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. + - If the project runs SAST tools successfully on every pull request before merging, the probe returns one finding with OutcomePositive (1). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. + - If the project does not run any SAST tools successfully on every pull request before merging, the probe returns one finding with OutcomeNegative (0). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. remediation: effort: Low text: From e32fd3ef7ac7dcf9659555c54b3c2d95328ac21f Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:11:34 -0500 Subject: [PATCH 75/88] spelling: the Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/releasesAreSigned/def.yml | 2 +- probes/releasesHaveProvenance/def.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/probes/releasesAreSigned/def.yml b/probes/releasesAreSigned/def.yml index ff12cc6692a..44b1c597205 100644 --- a/probes/releasesAreSigned/def.yml +++ b/probes/releasesAreSigned/def.yml @@ -20,7 +20,7 @@ implementation: > The implementation checks whether a signature file is present in release assets. The probe checks the last 5 releases on GitHub and GitLab. outcome: - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a signature file in the release assets. - - For each of the last 5 releases, the probe returns OutcomeNegative, if the the release does not have a signature file in the release assets. + - For each of the last 5 releases, the probe returns OutcomeNegative, if the release does not have a signature file in the release assets. - If the project has no releases, the probe returns OutcomeNotApplicable. remediation: effort: Medium diff --git a/probes/releasesHaveProvenance/def.yml b/probes/releasesHaveProvenance/def.yml index 3567cf4a55f..a121adbc9ad 100644 --- a/probes/releasesHaveProvenance/def.yml +++ b/probes/releasesHaveProvenance/def.yml @@ -20,7 +20,7 @@ implementation: > The probe checks whether any of the assets in any of the last five releases on GitHub or GitLab have a provenance file. outcome: - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a provenance file in the release assets. - - For each of the last 5 releases, the probe returns OutcomeNegative, if the the release does not have a provenance file in the release assets. + - For each of the last 5 releases, the probe returns OutcomeNegative, if the release does not have a provenance file in the release assets. - If the project has no releases, the probe returns OutcomeNotApplicable. remediation: effort: Medium From d86a0313986007c3b175a0b44a46d7950a0ad9fd Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sat, 20 Jan 2024 18:15:36 -0500 Subject: [PATCH 76/88] spelling: their Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- clients/gitlabrepo/searchCommits.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/gitlabrepo/searchCommits.go b/clients/gitlabrepo/searchCommits.go index dc44817ee8b..88617b9c8f0 100644 --- a/clients/gitlabrepo/searchCommits.go +++ b/clients/gitlabrepo/searchCommits.go @@ -48,7 +48,7 @@ func (handler *searchCommitsHandler) search(request clients.SearchCommitsOptions // Gitlab returns a list of commits that does not contain the committer's id, unlike in // githubrepo/searchCommits.go so to limit the number of requests we are mapping each unique user - // email to thei gitlab user data. + // email to their gitlab user data. userMap := make(map[string]*gitlab.User) var ret []clients.Commit for _, commit := range commits { From 2df3f56bcf59631e3b9faf1a65e9a499436b3112 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:20:40 -0500 Subject: [PATCH 77/88] spelling: twenty Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/issueActivityByProjectMember/impl_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/probes/issueActivityByProjectMember/impl_test.go b/probes/issueActivityByProjectMember/impl_test.go index e44de8e975d..0b762fdbd3f 100644 --- a/probes/issueActivityByProjectMember/impl_test.go +++ b/probes/issueActivityByProjectMember/impl_test.go @@ -168,7 +168,7 @@ func Test_Run(t *testing.T) { func Test_hasActivityByCollaboratorOrHigher(t *testing.T) { t.Parallel() r := clients.RepoAssociationCollaborator - twentDaysAgo := time.Now().AddDate(0 /*years*/, 0 /*months*/, -20 /*days*/) + twentyDaysAgo := time.Now().AddDate(0 /*years*/, 0 /*months*/, -20 /*days*/) type args struct { issue *clients.Issue threshold time.Time @@ -200,7 +200,7 @@ func Test_hasActivityByCollaboratorOrHigher(t *testing.T) { name: "twentyDaysAgo", args: args{ issue: &clients.Issue{ - CreatedAt: &twentDaysAgo, + CreatedAt: &twentyDaysAgo, AuthorAssociation: &r, }, }, @@ -214,7 +214,7 @@ func Test_hasActivityByCollaboratorOrHigher(t *testing.T) { AuthorAssociation: &r, Comments: []clients.IssueComment{ { - CreatedAt: &twentDaysAgo, + CreatedAt: &twentyDaysAgo, AuthorAssociation: &r, }, }, From 6b930f627ee40f232840be16198806cee8aeb380 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:27:34 -0500 Subject: [PATCH 78/88] spelling: unexpected Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/internal/scdiff/app/stats_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/internal/scdiff/app/stats_test.go b/cmd/internal/scdiff/app/stats_test.go index 9d86c62cf7e..9434de355aa 100644 --- a/cmd/internal/scdiff/app/stats_test.go +++ b/cmd/internal/scdiff/app/stats_test.go @@ -96,7 +96,7 @@ func Test_calcStats(t *testing.T) { input := strings.NewReader(`{"date":"0001-01-01T00:00:00Z","repo":{"name":"repo1"},"score":10}`) var output bytes.Buffer if err := calcStats(input, &output); err != nil { - t.Fatalf("unexepected error: %v", err) + t.Fatalf("unexpected error: %v", err) } got := output.String() // this is a bit of a simplification, but keeps the test simple From d82fc8ae3b1dded1c494740c102d2392065a84d3 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:27:44 -0500 Subject: [PATCH 79/88] spelling: unused Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cmd/serve.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/serve.go b/cmd/serve.go index 0aecc321681..b9d0e92e247 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -96,7 +96,7 @@ func serveCmd(o *options.Options) *cobra.Command { port = "8080" } logger.Info("Listening on localhost:" + port + "\n") - //nolint:gosec // unsused. + //nolint:gosec // unused. err = http.ListenAndServe(fmt.Sprintf("0.0.0.0:%s", port), nil) if err != nil { // TODO(log): Should this actually panic? From 57db9d60dc29d5e7813d3c82fa01430ccc4feb90 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:28:14 -0500 Subject: [PATCH 80/88] spelling: unverified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- probes/freeOfAnyBinaryArtifacts/def.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/probes/freeOfAnyBinaryArtifacts/def.yml b/probes/freeOfAnyBinaryArtifacts/def.yml index 858a882f45c..317c853c41d 100644 --- a/probes/freeOfAnyBinaryArtifacts/def.yml +++ b/probes/freeOfAnyBinaryArtifacts/def.yml @@ -17,7 +17,7 @@ short: Checks if the project has any binary files in its source tree. motivation: > Binary files are not readable so users can't see what they do. Many programming language systems can generate executables from source code (e.g., C/C++ generated machine code, Java .class files, Python .pyc files, and minified JavaScript). Users will often directly use executables if they are included in the source repository, leading to many dangerous behaviors. implementation: > - The implementation looks for the presence of binary files. This is a more restrictive probe than "freeOfUnverifiededBinaryArtifacts" which excludes verified binary files. + The implementation looks for the presence of binary files. This is a more restrictive probe than "freeOfUnverifiedBinaryArtifacts" which excludes verified binary files. outcome: - If the probe finds binary files, it returns a number of negative outcomes equal to the number of binary files found. Each outcome includes a location of the file. - If the probe finds no verified binary files, it returns a single positive outcome. From e3b9adeb9d29e2cd7e28d0e37f3a7ed2eab0247d Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:21:32 -0500 Subject: [PATCH 81/88] spelling: validate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- .../binaryartifacts/workflows/verify-outdated-action.yaml | 2 +- checks/testdata/binaryartifacts/workflows/verify.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/testdata/binaryartifacts/workflows/verify-outdated-action.yaml b/checks/testdata/binaryartifacts/workflows/verify-outdated-action.yaml index 41237b99dee..477c45ffcb9 100644 --- a/checks/testdata/binaryartifacts/workflows/verify-outdated-action.yaml +++ b/checks/testdata/binaryartifacts/workflows/verify-outdated-action.yaml @@ -2,7 +2,7 @@ name: "GW Validate Workflow" on: [push, pull_request] jobs: - gw_validat3: + gw_validate: name: "GW Validate Job" runs-on: ubuntu-latest steps: diff --git a/checks/testdata/binaryartifacts/workflows/verify.yaml b/checks/testdata/binaryartifacts/workflows/verify.yaml index bcc9f989eab..28214fcfe7e 100644 --- a/checks/testdata/binaryartifacts/workflows/verify.yaml +++ b/checks/testdata/binaryartifacts/workflows/verify.yaml @@ -2,7 +2,7 @@ name: "GW Validate Workflow" on: [push, pull_request] jobs: - gw_validat3: + gw_validate: name: "GW Validate Job" runs-on: ubuntu-latest steps: From d078a58895365f6ab234eea235c3fda766f004e5 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:28:58 -0500 Subject: [PATCH 82/88] spelling: vendor Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/pinned_dependencies_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/raw/pinned_dependencies_test.go b/checks/raw/pinned_dependencies_test.go index e7982934f4e..a3624ce5205 100644 --- a/checks/raw/pinned_dependencies_test.go +++ b/checks/raw/pinned_dependencies_test.go @@ -449,7 +449,7 @@ func TestFileIsInVendorDir(t *testing.T) { }, { name: "misspelled vendor dir", - filename: "a/vendorr/Dockerfile", + filename: "a/vendor_/Dockerfile", expected: false, }, } From ac728cb31e1518cdd85e5e47d777745e2f5c050c Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:29:21 -0500 Subject: [PATCH 83/88] spelling: vulnerabilities Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cron/internal/format/json_raw_results.go | 6 +++--- pkg/json_raw_results.go | 4 ++-- pkg/json_raw_results_test.go | 16 ++++++++-------- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/cron/internal/format/json_raw_results.go b/cron/internal/format/json_raw_results.go index 7fda0f62dc5..5cf4b6dacf4 100644 --- a/cron/internal/format/json_raw_results.go +++ b/cron/internal/format/json_raw_results.go @@ -144,7 +144,7 @@ func addCodeReviewRawResults(r *jsonScorecardRawResult, cr *checker.CodeReviewDa } //nolint:unparam -func addVulnerbilitiesRawResults(r *jsonScorecardRawResult, vd *checker.VulnerabilitiesData) error { +func addVulnerabilitiesRawResults(r *jsonScorecardRawResult, vd *checker.VulnerabilitiesData) error { r.Results.DatabaseVulnerabilities = []jsonDatabaseVulnerability{} for _, v := range vd.Vulnerabilities { r.Results.DatabaseVulnerabilities = append(r.Results.DatabaseVulnerabilities, @@ -229,8 +229,8 @@ func addBranchProtectionRawResults(r *jsonScorecardRawResult, bp *checker.Branch } func fillJSONRawResults(r *jsonScorecardRawResult, raw *checker.RawResults) error { - // Vulnerabiliries. - if err := addVulnerbilitiesRawResults(r, &raw.VulnerabilitiesResults); err != nil { + // Vulnerabilities. + if err := addVulnerabilitiesRawResults(r, &raw.VulnerabilitiesResults); err != nil { return sce.WithMessage(sce.ErrScorecardInternal, err.Error()) } diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index 01ed16cf224..21107145404 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -614,7 +614,7 @@ func (r *jsonScorecardRawResult) addLicenseRawResults(ld *checker.LicenseData) e } //nolint:unparam -func (r *jsonScorecardRawResult) addVulnerbilitiesRawResults(vd *checker.VulnerabilitiesData) error { +func (r *jsonScorecardRawResult) addVulnerabilitiesRawResults(vd *checker.VulnerabilitiesData) error { r.Results.DatabaseVulnerabilities = []jsonDatabaseVulnerability{} for _, v := range vd.Vulnerabilities { r.Results.DatabaseVulnerabilities = append(r.Results.DatabaseVulnerabilities, @@ -741,7 +741,7 @@ func (r *jsonScorecardRawResult) fillJSONRawResults(raw *checker.RawResults) err } // Vulnerabilities. - if err := r.addVulnerbilitiesRawResults(&raw.VulnerabilitiesResults); err != nil { + if err := r.addVulnerabilitiesRawResults(&raw.VulnerabilitiesResults); err != nil { return sce.WithMessage(sce.ErrScorecardInternal, err.Error()) } diff --git a/pkg/json_raw_results_test.go b/pkg/json_raw_results_test.go index 261e6f81cee..4af7c5fc088 100644 --- a/pkg/json_raw_results_test.go +++ b/pkg/json_raw_results_test.go @@ -935,9 +935,9 @@ func TestAddVulnerabilitiesRawResults(t *testing.T) { }, } - err := r.addVulnerbilitiesRawResults(vd) + err := r.addVulnerabilitiesRawResults(vd) if err != nil { - t.Errorf("addVulnerbilitiesRawResults returned an error: %v", err) + t.Errorf("addVulnerabilitiesRawResults returned an error: %v", err) } expected := []jsonDatabaseVulnerability{ @@ -950,12 +950,12 @@ func TestAddVulnerabilitiesRawResults(t *testing.T) { } if len(r.Results.DatabaseVulnerabilities) != len(expected) { - t.Errorf("addVulnerbilitiesRawResults did not add the correct number of vulnerabilities. Expected %d, got %d", len(expected), len(r.Results.DatabaseVulnerabilities)) + t.Errorf("addVulnerabilitiesRawResults did not add the correct number of vulnerabilities. Expected %d, got %d", len(expected), len(r.Results.DatabaseVulnerabilities)) } for i, vuln := range r.Results.DatabaseVulnerabilities { if vuln.ID != expected[i].ID { - t.Errorf("addVulnerbilitiesRawResults did not add the correct vulnerability. Expected %s, got %s", expected[i].ID, vuln.ID) + t.Errorf("addVulnerabilitiesRawResults did not add the correct vulnerability. Expected %s, got %s", expected[i].ID, vuln.ID) } } } @@ -1136,17 +1136,17 @@ func TestJsonScorecardRawResult(t *testing.T) { }, } - // test addVulnerbilitiesRawResults - err := r.addVulnerbilitiesRawResults(vd) + // test addVulnerabilitiesRawResults + err := r.addVulnerabilitiesRawResults(vd) if err != nil { - t.Errorf("addVulnerbilitiesRawResults returned an error: %v", err) + t.Errorf("addVulnerabilitiesRawResults returned an error: %v", err) } expectedVulnerabilities := []jsonDatabaseVulnerability{ {ID: "CVE-2021-1234"}, {ID: "CVE-2021-5678"}, } if cmp.Diff(r.Results.DatabaseVulnerabilities, expectedVulnerabilities) != "" { - t.Errorf("addVulnerbilitiesRawResults did not produce the expected results %v", cmp.Diff(r.Results.DatabaseVulnerabilities, expectedVulnerabilities)) + t.Errorf("addVulnerabilitiesRawResults did not produce the expected results %v", cmp.Diff(r.Results.DatabaseVulnerabilities, expectedVulnerabilities)) } // test addBinaryArtifactRawResults From 0972875a3e769f4898a449f5333bf39673d55c1c Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 22:22:42 -0500 Subject: [PATCH 84/88] spelling: vulns Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/security_policy_test.go | 4 ++-- .../{04_textAndDisclosureVuls => 04_textAndDisclosureVulns} | 0 ...sclosureVuls => 10_linkedContentAndTextAndDisclosureVulns} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename checks/testdata/securitypolicy/{04_textAndDisclosureVuls => 04_textAndDisclosureVulns} (100%) rename checks/testdata/securitypolicy/{10_linkedContentAndTextAndDisclosureVuls => 10_linkedContentAndTextAndDisclosureVulns} (100%) diff --git a/checks/security_policy_test.go b/checks/security_policy_test.go index 8ea34b76a23..4a2596b8189 100644 --- a/checks/security_policy_test.go +++ b/checks/security_policy_test.go @@ -61,7 +61,7 @@ func TestSecurityPolicy(t *testing.T) { }, { name: "docs/security.md", - path: "./testdata/securitypolicy/04_textAndDisclosureVuls", + path: "./testdata/securitypolicy/04_textAndDisclosureVulns", files: []string{ "docs/security.md", }, @@ -133,7 +133,7 @@ func TestSecurityPolicy(t *testing.T) { }, { name: ".github/security.adoc", - path: "./testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVuls", + path: "./testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVulns", files: []string{ ".github/security.adoc", }, diff --git a/checks/testdata/securitypolicy/04_textAndDisclosureVuls b/checks/testdata/securitypolicy/04_textAndDisclosureVulns similarity index 100% rename from checks/testdata/securitypolicy/04_textAndDisclosureVuls rename to checks/testdata/securitypolicy/04_textAndDisclosureVulns diff --git a/checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVuls b/checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVulns similarity index 100% rename from checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVuls rename to checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVulns From 02f0c2f4d13e33626556cb6436c21b2349249796 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:29:57 -0500 Subject: [PATCH 85/88] spelling: will Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/shell_download_validate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/raw/shell_download_validate.go b/checks/raw/shell_download_validate.go index 93a69fc5dcd..3688bd02bac 100644 --- a/checks/raw/shell_download_validate.go +++ b/checks/raw/shell_download_validate.go @@ -456,7 +456,7 @@ func isNpmDownload(cmd []string) bool { func isNpmUnpinnedDownload(cmd []string) bool { for i := 1; i < len(cmd); i++ { - // `npm ci` wil verify all hashes are present. + // `npm ci` will verify all hashes are present. if strings.EqualFold(cmd[i], "ci") { return false } From a71199cd66fde290e9f457237569b8e411f7f72f Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:29:42 -0500 Subject: [PATCH 86/88] spelling: without Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/raw/pinned_dependencies_test.go | 2 +- checks/webhook_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/raw/pinned_dependencies_test.go b/checks/raw/pinned_dependencies_test.go index a3624ce5205..5505707ad60 100644 --- a/checks/raw/pinned_dependencies_test.go +++ b/checks/raw/pinned_dependencies_test.go @@ -1220,7 +1220,7 @@ func TestShellscriptInsecureDownloadsLineNumber(t *testing.T) { } } -func TestDockerfilePinningWihoutHash(t *testing.T) { +func TestDockerfilePinningWithoutHash(t *testing.T) { t.Parallel() //nolint:govet tests := []struct { diff --git a/checks/webhook_test.go b/checks/webhook_test.go index df9c1b2dc24..30663139a35 100644 --- a/checks/webhook_test.go +++ b/checks/webhook_test.go @@ -73,7 +73,7 @@ func TestWebhooks(t *testing.T) { }, }, { - name: "With 2 Webhooks with and whitout secrets configured", + name: "With 2 Webhooks with and without secrets configured", uri: "github.com/owner/repo", expected: checker.CheckResult{ Score: 5, From ba05c9a5be418b66dec2ef40b7a96740cb73a7b0 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:30:04 -0500 Subject: [PATCH 87/88] spelling: workflow Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/evaluation/pinned_dependencies.go | 10 +-- checks/evaluation/pinned_dependencies_test.go | 66 +++++++++---------- checks/raw/pinned_dependencies_test.go | 2 +- 3 files changed, 39 insertions(+), 39 deletions(-) diff --git a/checks/evaluation/pinned_dependencies.go b/checks/evaluation/pinned_dependencies.go index 1e7e24ed4b2..6344c9bf82c 100644 --- a/checks/evaluation/pinned_dependencies.go +++ b/checks/evaluation/pinned_dependencies.go @@ -32,7 +32,7 @@ type pinnedResult struct { // Structure to host information about pinned github // or third party dependencies. -type worklowPinningResult struct { +type workflowPinningResult struct { thirdParties pinnedResult gitHubOwned pinnedResult } @@ -209,7 +209,7 @@ func PinningDependencies(name string, c *checker.CheckRequest, return checker.CreateRuntimeErrorResult(name, e) } - var wp worklowPinningResult + var wp workflowPinningResult pr := make(map[checker.DependencyUseType]pinnedResult) dl := c.Dlogger @@ -300,7 +300,7 @@ func PinningDependencies(name string, c *checker.CheckRequest, func updatePinningResults(dependencyType checker.DependencyUseType, outcome finding.Outcome, snippet *string, - wp *worklowPinningResult, pr map[checker.DependencyUseType]pinnedResult, + wp *workflowPinningResult, pr map[checker.DependencyUseType]pinnedResult, ) { if dependencyType == checker.DependencyUseTypeGHAction { // Note: `Snippet` contains `action/name@xxx`, so we can use it to infer @@ -345,7 +345,7 @@ func addPinnedResult(outcome finding.Outcome, r *pinnedResult) { r.total += 1 } -func addWorkflowPinnedResult(outcome finding.Outcome, w *worklowPinningResult, isGitHub bool) { +func addWorkflowPinnedResult(outcome finding.Outcome, w *workflowPinningResult, isGitHub bool) { if isGitHub { addPinnedResult(outcome, &w.gitHubOwned) } else { @@ -359,7 +359,7 @@ func logPinnedResult(dl checker.DetailLogger, p pinnedResult, name string) { }) } -func createScoreForGitHubActionsWorkflow(wp *worklowPinningResult, dl checker.DetailLogger, +func createScoreForGitHubActionsWorkflow(wp *workflowPinningResult, dl checker.DetailLogger, ) []checker.ProportionalScoreWeighted { if wp.gitHubOwned.total == 0 && wp.thirdParties.total == 0 { return []checker.ProportionalScoreWeighted{} diff --git a/checks/evaluation/pinned_dependencies_test.go b/checks/evaluation/pinned_dependencies_test.go index 41b6d6c6850..50c38c12282 100644 --- a/checks/evaluation/pinned_dependencies_test.go +++ b/checks/evaluation/pinned_dependencies_test.go @@ -30,12 +30,12 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { //nolint:govet tests := []struct { name string - r worklowPinningResult + r workflowPinningResult scores []checker.ProportionalScoreWeighted }{ { name: "GitHub-owned and Third-Party actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 1, total: 1, @@ -60,7 +60,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "only GitHub-owned actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 1, total: 1, @@ -85,7 +85,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "only Third-Party actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 1, @@ -110,7 +110,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no GitHub actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 1, @@ -135,7 +135,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no GitHub-owned actions and Third-party actions unpinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 0, @@ -155,7 +155,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no Third-party actions and GitHub-owned actions unpinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 1, @@ -175,7 +175,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no GitHub-owned actions and Third-party actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 0, @@ -195,7 +195,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no Third-party actions and GitHub-owned actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 1, total: 1, @@ -884,23 +884,23 @@ func Test_generateOwnerToDisplay(t *testing.T) { func Test_addWorkflowPinnedResult(t *testing.T) { t.Parallel() type args struct { - w *worklowPinningResult + w *workflowPinningResult outcome finding.Outcome isGitHub bool } tests := []struct { name string - want *worklowPinningResult + want *workflowPinningResult args args }{ { name: "add pinned GitHub-owned action dependency", args: args{ outcome: finding.OutcomePositive, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, isGitHub: true, }, - want: &worklowPinningResult{ + want: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 0, @@ -915,10 +915,10 @@ func Test_addWorkflowPinnedResult(t *testing.T) { name: "add unpinned GitHub-owned action dependency", args: args{ outcome: finding.OutcomeNegative, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, isGitHub: true, }, - want: &worklowPinningResult{ + want: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 0, @@ -933,10 +933,10 @@ func Test_addWorkflowPinnedResult(t *testing.T) { name: "add pinned Third-Party action dependency", args: args{ outcome: finding.OutcomePositive, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, isGitHub: false, }, - want: &worklowPinningResult{ + want: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 1, total: 1, @@ -951,10 +951,10 @@ func Test_addWorkflowPinnedResult(t *testing.T) { name: "add unpinned Third-Party action dependency", args: args{ outcome: finding.OutcomeNegative, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, isGitHub: false, }, - want: &worklowPinningResult{ + want: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 1, @@ -1032,13 +1032,13 @@ func TestUpdatePinningResults(t *testing.T) { t.Parallel() type args struct { snippet *string - w *worklowPinningResult + w *workflowPinningResult pr map[checker.DependencyUseType]pinnedResult dependencyType checker.DependencyUseType outcome finding.Outcome } type want struct { - w *worklowPinningResult + w *workflowPinningResult pr map[checker.DependencyUseType]pinnedResult } tests := []struct { //nolint:govet @@ -1052,11 +1052,11 @@ func TestUpdatePinningResults(t *testing.T) { dependencyType: checker.DependencyUseTypeGHAction, outcome: finding.OutcomePositive, snippet: stringAsPointer("actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675"), - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{ + w: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 0, @@ -1075,11 +1075,11 @@ func TestUpdatePinningResults(t *testing.T) { dependencyType: checker.DependencyUseTypeGHAction, outcome: finding.OutcomeNegative, snippet: stringAsPointer("actions/checkout@v2"), - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{ + w: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 0, @@ -1097,12 +1097,12 @@ func TestUpdatePinningResults(t *testing.T) { args: args{ dependencyType: checker.DependencyUseTypeGHAction, outcome: finding.OutcomePositive, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, snippet: stringAsPointer("other/checkout@ffa6706ff2127a749973072756f83c532e43ed02"), pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{ + w: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 1, total: 1, @@ -1121,11 +1121,11 @@ func TestUpdatePinningResults(t *testing.T) { dependencyType: checker.DependencyUseTypeGHAction, snippet: stringAsPointer("other/checkout@v2"), outcome: finding.OutcomeNegative, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{ + w: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 1, @@ -1143,11 +1143,11 @@ func TestUpdatePinningResults(t *testing.T) { args: args{ dependencyType: checker.DependencyUseTypePipCommand, outcome: finding.OutcomePositive, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: map[checker.DependencyUseType]pinnedResult{ checker.DependencyUseTypePipCommand: { pinned: 1, @@ -1161,11 +1161,11 @@ func TestUpdatePinningResults(t *testing.T) { args: args{ dependencyType: checker.DependencyUseTypePipCommand, outcome: finding.OutcomeNegative, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: map[checker.DependencyUseType]pinnedResult{ checker.DependencyUseTypePipCommand: { pinned: 0, diff --git a/checks/raw/pinned_dependencies_test.go b/checks/raw/pinned_dependencies_test.go index 5505707ad60..82b0588511c 100644 --- a/checks/raw/pinned_dependencies_test.go +++ b/checks/raw/pinned_dependencies_test.go @@ -1578,7 +1578,7 @@ func TestShellScriptDownloadPinned(t *testing.T) { } } -func TestGitHubWorflowRunDownload(t *testing.T) { +func TestGitHubWorkflowRunDownload(t *testing.T) { t.Parallel() //nolint:govet tests := []struct { From 90abed0de08e3c7cce4ab6295debd8f58828cdf4 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 17 Jan 2024 21:30:19 -0500 Subject: [PATCH 88/88] spelling: workflows Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- checks/evaluation/dangerous_workflow_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/evaluation/dangerous_workflow_test.go b/checks/evaluation/dangerous_workflow_test.go index 7a12fd7bbfc..261ba0e7509 100644 --- a/checks/evaluation/dangerous_workflow_test.go +++ b/checks/evaluation/dangerous_workflow_test.go @@ -56,7 +56,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { - name: "DangerousWorkflow - no worklflows", + name: "DangerousWorkflow - no workflows", findings: []finding.Finding{ { Probe: "hasDangerousWorkflowScriptInjection",