MCPcopy
hub / github.com/ossf/scorecard / TestDangerousWorkflow

Function TestDangerousWorkflow

checks/dangerous_workflow_test.go:29–96  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

27)
28
29func TestDangerousWorkflow(t *testing.T) {
30 t.Parallel()
31 tests := []struct {
32 name string
33 workflowPaths []string
34 err error
35 expected scut.TestReturn
36 }{
37 {
38 name: "no workflows is an inconclusive score",
39 workflowPaths: nil,
40 err: nil,
41 expected: scut.TestReturn{
42 Score: checker.InconclusiveResultScore,
43 },
44 },
45 {
46 name: "untrusted checkout is a failing score",
47 workflowPaths: []string{".github/workflows/github-workflow-dangerous-pattern-untrusted-checkout.yml"},
48 err: nil,
49 expected: scut.TestReturn{
50 Score: checker.MinResultScore,
51 NumberOfWarn: 1,
52 },
53 },
54 {
55 name: "script injection is a failing score",
56 workflowPaths: []string{".github/workflows/github-workflow-dangerous-pattern-untrusted-script-injection.yml"},
57 err: nil,
58 expected: scut.TestReturn{
59 Score: checker.MinResultScore,
60 NumberOfWarn: 1,
61 },
62 },
63 {
64 name: "only safe workflows is passing score",
65 workflowPaths: []string{
66 ".github/workflows/github-workflow-dangerous-pattern-safe-trigger.yml",
67 ".github/workflows/github-workflow-dangerous-pattern-trusted-checkout.yml",
68 },
69 err: nil,
70 expected: scut.TestReturn{
71 Score: checker.MaxResultScore,
72 },
73 },
74 }
75 for _, tt := range tests {
76 t.Run(tt.name, func(t *testing.T) {
77 t.Parallel()
78 dl := scut.TestDetailLogger{}
79 ctrl := gomock.NewController(t)
80 mockRepoClient := mockrepo.NewMockRepoClient(ctrl)
81 mockRepoClient.EXPECT().ListFiles(gomock.Any()).Return(tt.workflowPaths, nil)
82 mockRepoClient.EXPECT().GetFileReader(gomock.Any()).DoAndReturn(func(file string) (io.ReadCloser, error) {
83 return os.Open("./testdata/" + file)
84 }).AnyTimes()
85
86 req := &checker.CheckRequest{

Callers

nothing calls this directly

Calls 5

EXPECTMethod · 0.95
DangerousWorkflowFunction · 0.70
RunMethod · 0.65
ListFilesMethod · 0.65
GetFileReaderMethod · 0.65

Tested by

no test coverage detected