(t *testing.T)
| 459 | } |
| 460 | |
| 461 | func TestGithubTokenPermissionsLineNumber(t *testing.T) { |
| 462 | t.Parallel() |
| 463 | tests := []struct { |
| 464 | name string |
| 465 | filename string |
| 466 | expected []struct { |
| 467 | lineNumber uint |
| 468 | } |
| 469 | }{ |
| 470 | { |
| 471 | name: "Job level write permission", |
| 472 | filename: "./testdata/.github/workflows/github-workflow-permissions-run-no-codeql-write.yaml", |
| 473 | expected: []struct { |
| 474 | lineNumber uint |
| 475 | }{ |
| 476 | { |
| 477 | lineNumber: 22, |
| 478 | }, |
| 479 | }, |
| 480 | }, |
| 481 | { |
| 482 | name: "Workflow level write permission", |
| 483 | filename: "./testdata/.github/workflows/github-workflow-permissions-writeall.yaml", |
| 484 | expected: []struct { |
| 485 | lineNumber uint |
| 486 | }{ |
| 487 | { |
| 488 | lineNumber: 16, |
| 489 | }, |
| 490 | }, |
| 491 | }, |
| 492 | } |
| 493 | for _, tt := range tests { |
| 494 | t.Run(tt.name, func(t *testing.T) { |
| 495 | t.Parallel() |
| 496 | p := strings.Replace(tt.filename, "./testdata/", "", 1) |
| 497 | ctrl := gomock.NewController(t) |
| 498 | mockRepo := mockrepo.NewMockRepoClient(ctrl) |
| 499 | |
| 500 | main := "main" |
| 501 | mockRepo.EXPECT().URI().Return("github.com/ossf/scorecard").AnyTimes() |
| 502 | mockRepo.EXPECT().GetDefaultBranchName().Return(main, nil).AnyTimes() |
| 503 | mockRepo.EXPECT().ListFiles(gomock.Any()).DoAndReturn(func(predicate func(string) (bool, error)) ([]string, error) { |
| 504 | return []string{p}, nil |
| 505 | }).AnyTimes() |
| 506 | mockRepo.EXPECT().GetFileReader(gomock.Any()).DoAndReturn(func(fn string) (io.ReadCloser, error) { |
| 507 | return os.Open(tt.filename) |
| 508 | }).AnyTimes() |
| 509 | dl := scut.TestDetailLogger{} |
| 510 | c := checker.CheckRequest{ |
| 511 | RepoClient: mockRepo, |
| 512 | Dlogger: &dl, |
| 513 | } |
| 514 | |
| 515 | _ = TokenPermissions(&c) |
| 516 | |
| 517 | for _, expectedLog := range tt.expected { |
| 518 | isExpectedLog := func(logMessage checker.LogMessage, logType checker.DetailType) bool { |
nothing calls this directly
no test coverage detected