MCPcopy
hub / github.com/ossf/scorecard / TestGithubDangerousWorkflow

Function TestGithubDangerousWorkflow

checks/raw/dangerous_workflow_test.go:149–248  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

147}
148
149func TestGithubDangerousWorkflow(t *testing.T) {
150 t.Parallel()
151
152 type ret struct {
153 err error
154 nb int
155 }
156 tests := []struct {
157 name string
158 filename string
159 expected ret
160 }{
161 {
162 name: "Non-yaml file",
163 filename: "script.sh",
164 expected: ret{nb: 0},
165 },
166 {
167 name: "run untrusted code checkout test - workflow_run",
168 filename: ".github/workflows/github-workflow-dangerous-pattern-untrusted-checkout-workflow_run.yml",
169 expected: ret{nb: 1},
170 },
171 {
172 name: "run untrusted code checkout test",
173 filename: ".github/workflows/github-workflow-dangerous-pattern-untrusted-checkout.yml",
174 expected: ret{nb: 1},
175 },
176 {
177 name: "run trusted code checkout test",
178 filename: ".github/workflows/github-workflow-dangerous-pattern-trusted-checkout.yml",
179 expected: ret{nb: 0},
180 },
181 {
182 name: "run default code checkout test",
183 filename: ".github/workflows/github-workflow-dangerous-pattern-default-checkout.yml",
184 expected: ret{nb: 0},
185 },
186 {
187 name: "run script injection",
188 filename: ".github/workflows/github-workflow-dangerous-pattern-untrusted-script-injection.yml",
189 expected: ret{nb: 1},
190 },
191 {
192 name: "run safe script injection",
193 filename: ".github/workflows/github-workflow-dangerous-pattern-trusted-script-injection.yml",
194 expected: ret{nb: 0},
195 },
196 {
197 name: "run multiple script injection",
198 filename: ".github/workflows/github-workflow-dangerous-pattern-untrusted-multiple-script-injection.yml",
199 expected: ret{nb: 2},
200 },
201 {
202 name: "run inline script injection",
203 filename: ".github/workflows/github-workflow-dangerous-pattern-untrusted-inline-script-injection.yml",
204 expected: ret{nb: 1},
205 },
206 {

Callers

nothing calls this directly

Calls 7

EXPECTMethod · 0.95
DangerousWorkflowFunction · 0.70
errCmpFunction · 0.70
RunMethod · 0.65
ListFilesMethod · 0.65
GetFileReaderMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected