From 3b948257fc1fd83d54d527bf8c54e0fd15b65074 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Fri, 26 Jan 2024 18:08:26 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=96=20Fix=20spelling=20(#3804)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * spelling: accurate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: administrator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: analyze Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: andtwenty Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ascii Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: association Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: at least Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: attestor Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: barbaric Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: bucket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: by Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: can Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: case-insensitive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: case-sensitive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: checking Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: command-line Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: commit Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: committed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: conclusion Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: corresponding Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: created Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dataset Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: default Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: defines Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dependabot Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dependency Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: depending Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: desired Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: different Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: disclose Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: download Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: each Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: enforce Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: exist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: existing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: fields Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: files Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: for Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: force-push Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ignoreed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: implementation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: implements Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: increase Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: indicates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: initialized Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: instructions Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: invalid Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: marshal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: match Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: name Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: organization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: package Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: provenance Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: query Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: readers Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: receive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: registered Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: remediate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: representation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: requests Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: requires Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: return Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: scorecard Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: serialization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: sign up Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: specifications Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: specified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: success Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: successfully Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: the Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: their Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: twenty Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unexpected Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unused Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unverified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: validate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vendor Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vulnerabilities Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vulns Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: will Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: without Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: workflow Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: workflows Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- .github/workflows/scdiff.yml | 2 +- Makefile | 4 +- README.md | 4 +- attestor/policy/attestation_policy.go | 2 +- checker/raw_result.go | 4 +- checks/dependency_update_tool.go | 2 +- checks/evaluation/branch_protection.go | 4 +- checks/evaluation/dangerous_workflow_test.go | 2 +- checks/evaluation/pinned_dependencies.go | 14 ++-- checks/evaluation/pinned_dependencies_test.go | 66 +++++++++---------- checks/evaluation/sast.go | 2 +- checks/fileparser/github_workflow.go | 2 +- checks/fileparser/github_workflow_test.go | 2 +- checks/fileparser/listing_test.go | 26 ++++---- checks/raw/binary_artifact.go | 2 +- checks/raw/binary_artifact_test.go | 2 +- checks/raw/dependency_update_tool.go | 2 +- checks/raw/fuzzing.go | 2 +- checks/raw/pinned_dependencies.go | 8 +-- checks/raw/pinned_dependencies_test.go | 12 ++-- checks/raw/shell_download_validate.go | 6 +- checks/raw/testdata/Dockerfile-gsutil-file | 16 ++--- checks/raw/testdata/Dockerfile-script-ok | 4 +- checks/sast_test.go | 2 +- checks/security_policy.go | 2 +- checks/security_policy_test.go | 4 +- ...ithub-workflow-shells-specified-step.yaml} | 0 .../workflows/verify-outdated-action.yaml | 2 +- .../binaryartifacts/workflows/verify.yaml | 2 +- ...sclosureVuls => 04_textAndDisclosureVulns} | 0 ...10_linkedContentAndTextAndDisclosureVulns} | 0 checks/webhook_test.go | 2 +- clients/githubrepo/branches_e2e_test.go | 4 +- clients/githubrepo/branches_test.go | 2 +- clients/githubrepo/client.go | 2 +- clients/githubrepo/githubrepo_suite_test.go | 2 +- clients/githubrepo/graphql.go | 22 +++---- clients/githubrepo/repo_test.go | 6 +- clients/githubrepo/roundtripper/rate_limit.go | 2 +- clients/gitlabrepo/checkruns.go | 2 +- clients/gitlabrepo/issues.go | 2 +- clients/gitlabrepo/languages_e2e_test.go | 2 +- clients/gitlabrepo/repo.go | 4 +- clients/gitlabrepo/searchCommits.go | 4 +- clients/gitlabrepo/search_test.go | 2 +- clients/ossfuzz/client_test.go | 14 ++-- clients/user.go | 2 +- cmd/internal/nuget/client.go | 2 +- cmd/internal/nuget/client_test.go | 2 +- .../scdiff/app/compare/compare_test.go | 2 +- cmd/internal/scdiff/app/compare_test.go | 2 +- cmd/internal/scdiff/app/stats_test.go | 6 +- cmd/internal/scdiff/main.go | 2 +- cmd/package_managers.go | 6 +- cmd/package_managers_test.go | 4 +- cmd/root.go | 2 +- cmd/serve.go | 2 +- cron/config/config.go | 2 +- cron/config/config_test.go | 4 +- cron/data/format.go | 2 +- cron/internal/controller/bucket_test.go | 2 +- cron/internal/emulator/README.md | 4 +- cron/internal/format/json_raw_results.go | 6 +- cron/internal/pubsub/subscriber_gcs.go | 2 +- dependencydiff/dependencydiff.go | 2 +- dependencydiff/raw_dependencies.go | 2 +- docs/checks.md | 8 +-- docs/checks/impl.go | 2 +- docs/checks/internal/checks.yaml | 8 +-- e2e/binary_artifacts_test.go | 8 +-- e2e/branch_protection_test.go | 2 +- e2e/e2e_suite_test.go | 2 +- e2e/searchCommits_test.go | 2 +- finding/finding.go | 4 +- main.go | 2 +- pkg/json_raw_results.go | 8 +-- pkg/json_raw_results_test.go | 16 ++--- pkg/sarif.go | 4 +- probes/blocksDeleteOnBranches/def.yml | 2 +- probes/blocksForcePushOnBranches/def.yml | 4 +- .../branchProtectionAppliesToAdmins/def.yml | 8 +-- probes/dismissesStaleReviews/def.yml | 2 +- probes/freeOfAnyBinaryArtifacts/def.yml | 2 +- .../def.yml | 2 +- .../def.yml | 2 +- probes/hasFSFOrOSIApprovedLicense/def.yml | 2 +- probes/hasLicenseFile/def.yml | 4 +- probes/hasRecentCommits/impl_test.go | 10 +-- .../issueActivityByProjectMember/impl_test.go | 16 ++--- probes/notCreatedRecently/def.yml | 2 +- probes/notCreatedRecently/impl_test.go | 2 +- probes/packagedWithAutomatedWorkflow/impl.go | 2 +- probes/releasesAreSigned/def.yml | 6 +- probes/releasesHaveProvenance/def.yml | 6 +- probes/releasesHaveProvenance/impl_test.go | 4 +- .../requiresApproversForPullRequests/def.yml | 4 +- probes/requiresCodeOwnersReview/def.yml | 4 +- probes/requiresCodeOwnersReview/impl_test.go | 2 +- probes/requiresLastPushApproval/def.yml | 4 +- probes/requiresLastPushApproval/impl_test.go | 2 +- probes/requiresUpToDateBranches/def.yml | 4 +- probes/sastToolRunsOnAllCommits/def.yml | 4 +- probes/securityPolicyContainsText/def.yml | 2 +- probes/securityPolicyPresent/def.yml | 2 +- probes/testsRunInCI/def.yml | 2 +- probes/testsRunInCI/impl_test.go | 2 +- probes/toolDependabotInstalled/def.yml | 6 +- remediation/remediations_test.go | 2 +- 109 files changed, 258 insertions(+), 258 deletions(-) rename checks/testdata/.github/workflows/{github-workflow-shells-speficied-step.yaml => github-workflow-shells-specified-step.yaml} (100%) rename checks/testdata/securitypolicy/{04_textAndDisclosureVuls => 04_textAndDisclosureVulns} (100%) rename checks/testdata/securitypolicy/{10_linkedContentAndTextAndDisclosureVuls => 10_linkedContentAndTextAndDisclosureVulns} (100%) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 8dccc7f4291..2a88fe80868 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -65,7 +65,7 @@ jobs: permissions: contents: read needs: docs_only_check - # ideally we put one "if" here, but due to how skipped matrix jobs work, we need one for each each step + # ideally we put one "if" here, but due to how skipped matrix jobs work, we need one for each step # https://github.com/orgs/community/discussions/9141 steps: - name: Harden Runner diff --git a/.github/workflows/scdiff.yml b/.github/workflows/scdiff.yml index 3221f2ab545..cc439933095 100644 --- a/.github/workflows/scdiff.yml +++ b/.github/workflows/scdiff.yml @@ -30,7 +30,7 @@ jobs: if: ${{ (github.event.issue.pull_request) && (contains(github.event.comment.body, '/scdiff generate')) }} runs-on: [ubuntu-latest] steps: - - name: create file of repos to anlayze + - name: create file of repos to analyze run: | cat < $HOME/repos.txt https://github.com/airbnb/lottie-web diff --git a/Makefile b/Makefile index 61f769401b4..80b812753c8 100644 --- a/Makefile +++ b/Makefile @@ -116,7 +116,7 @@ validate-projects: ./cron/internal/data/projects.csv | build-validate-script ./cron/internal/data/validate/validate ./cron/internal/data/gitlab-projects-releasetest.csv tree-status: | all-targets-update-dependencies ## Verify tree is clean and all changes are committed - # Verify the tree is clean and all changes are commited + # Verify the tree is clean and all changes are committed ./scripts/tree-status ############################################################################### @@ -255,7 +255,7 @@ build-attestor-docker: ## Build scorecard-attestor Docker image build-attestor-docker: DOCKER_BUILDKIT=1 docker build . --file attestor/Dockerfile \ --tag scorecard-attestor:latest \ - --tag scorecard-atttestor:$(GIT_HASH) + --tag scorecard-attestor:$(GIT_HASH) TOKEN_SERVER_DEPS = $(shell find clients/githubrepo/roundtripper/tokens/ -iname "*.go") build-github-server: ## Build GitHub token server diff --git a/README.md b/README.md index 08febe4bec1..c86c2166f8f 100644 --- a/README.md +++ b/README.md @@ -413,7 +413,7 @@ RESULTS | | | | review dismissal enabled on | | | | | | branch 'main' Info: Owner | | | | | | review required on branch | | -| | | | 'main' Info: 'admininistrator' | | +| | | | 'main' Info: 'administrator' | | | | | | PRs need reviews before being | | | | | | merged on branch 'main' | | |---------|------------------------|--------------------------------|--------------------------------|---------------------------------------------------------------------------| @@ -559,7 +559,7 @@ risk level. ### Report Problems If you have what looks like a bug, please use the -[Github issue tracking system.](https://github.com/ossf/scorecard/issues) Before +[GitHub issue tracking system.](https://github.com/ossf/scorecard/issues) Before you file an issue, please search existing issues to see if your issue is already covered. diff --git a/attestor/policy/attestation_policy.go b/attestor/policy/attestation_policy.go index cfc991db1fd..36d97c06e39 100644 --- a/attestor/policy/attestation_policy.go +++ b/attestor/policy/attestation_policy.go @@ -120,7 +120,7 @@ func (ap *AttestationPolicy) EvaluateResults(raw *checker.RawResults) (PolicyRes if ap.EnsureCodeReviewed { // By default, if code review reqs. aren't specified, we assume - // the user wants there to be atleast one reviewer + // the user wants there to be at least one reviewer if len(ap.CodeReviewRequirements.RequiredApprovers) == 0 && ap.CodeReviewRequirements.MinReviewers == 0 { ap.CodeReviewRequirements.MinReviewers = 1 diff --git a/checker/raw_result.go b/checker/raw_result.go index afeb848b7f6..011bd106cb5 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -331,7 +331,7 @@ type Run struct { URL string } -// ArchivedStatus definess the archived status. +// ArchivedStatus defines the archived status. type ArchivedStatus struct { Status bool // TODO: add fields, e.g., date of archival. @@ -348,7 +348,7 @@ type File struct { // TODO: add hash. } -// CIIBestPracticesData contains data foor CIIBestPractices check. +// CIIBestPracticesData contains data for CIIBestPractices check. type CIIBestPracticesData struct { Badge clients.BadgeLevel } diff --git a/checks/dependency_update_tool.go b/checks/dependency_update_tool.go index 4022b389796..486c4a19149 100644 --- a/checks/dependency_update_tool.go +++ b/checks/dependency_update_tool.go @@ -23,7 +23,7 @@ import ( "github.com/ossf/scorecard/v4/probes/zrunner" ) -// CheckDependencyUpdateTool is the exported name for Automatic-Depdendency-Update. +// CheckDependencyUpdateTool is the exported name for Dependency-Update-Tool. const CheckDependencyUpdateTool = "Dependency-Update-Tool" //nolint:gochecknoinits diff --git a/checks/evaluation/branch_protection.go b/checks/evaluation/branch_protection.go index cccf2e28977..f5848d521dc 100644 --- a/checks/evaluation/branch_protection.go +++ b/checks/evaluation/branch_protection.go @@ -70,7 +70,7 @@ func BranchProtection(name string, dl checker.DetailLogger, var score levelScore b := r.Branches[i] - // Protected field only indates that the branch matches + // Protected field only indicates that the branch matches // one `Branch protection rules`. All settings may be disabled, // so it does not provide any guarantees. protected := !(b.Protected != nil && !*b.Protected) @@ -361,7 +361,7 @@ func adminThoroughReviewProtection(branch *clients.BranchRef, dl checker.DetailL // nil typically means we do not have access to the value. if branch.BranchProtectionRule.EnforceAdmins != nil { - // Note: we don't inrecase max possible score for non-admin viewers. + // Note: we don't increase max possible score for non-admin viewers. max++ switch *branch.BranchProtectionRule.EnforceAdmins { case true: diff --git a/checks/evaluation/dangerous_workflow_test.go b/checks/evaluation/dangerous_workflow_test.go index 7a12fd7bbfc..261ba0e7509 100644 --- a/checks/evaluation/dangerous_workflow_test.go +++ b/checks/evaluation/dangerous_workflow_test.go @@ -56,7 +56,7 @@ func TestDangerousWorkflow(t *testing.T) { }, }, { - name: "DangerousWorkflow - no worklflows", + name: "DangerousWorkflow - no workflows", findings: []finding.Finding{ { Probe: "hasDangerousWorkflowScriptInjection", diff --git a/checks/evaluation/pinned_dependencies.go b/checks/evaluation/pinned_dependencies.go index 9e9180464f6..6344c9bf82c 100644 --- a/checks/evaluation/pinned_dependencies.go +++ b/checks/evaluation/pinned_dependencies.go @@ -32,7 +32,7 @@ type pinnedResult struct { // Structure to host information about pinned github // or third party dependencies. -type worklowPinningResult struct { +type workflowPinningResult struct { thirdParties pinnedResult gitHubOwned pinnedResult } @@ -209,7 +209,7 @@ func PinningDependencies(name string, c *checker.CheckRequest, return checker.CreateRuntimeErrorResult(name, e) } - var wp worklowPinningResult + var wp workflowPinningResult pr := make(map[checker.DependencyUseType]pinnedResult) dl := c.Dlogger @@ -269,7 +269,7 @@ func PinningDependencies(name string, c *checker.CheckRequest, // Go through all dependency types // GitHub Actions need to be handled separately since they are not in pr scores = append(scores, createScoreForGitHubActionsWorkflow(&wp, dl)...) - // Only exisiting dependencies will be found in pr + // Only existing dependencies will be found in pr // We will only score the ecosystem if there are dependencies // This results in only existing ecosystems being included in the final score for t := range pr { @@ -300,10 +300,10 @@ func PinningDependencies(name string, c *checker.CheckRequest, func updatePinningResults(dependencyType checker.DependencyUseType, outcome finding.Outcome, snippet *string, - wp *worklowPinningResult, pr map[checker.DependencyUseType]pinnedResult, + wp *workflowPinningResult, pr map[checker.DependencyUseType]pinnedResult, ) { if dependencyType == checker.DependencyUseTypeGHAction { - // Note: `Snippet` contains `action/name@xxx`, so we cna use it to infer + // Note: `Snippet` contains `action/name@xxx`, so we can use it to infer // if it's a GitHub-owned action or not. gitHubOwned := fileparser.IsGitHubOwnedAction(*snippet) addWorkflowPinnedResult(outcome, wp, gitHubOwned) @@ -345,7 +345,7 @@ func addPinnedResult(outcome finding.Outcome, r *pinnedResult) { r.total += 1 } -func addWorkflowPinnedResult(outcome finding.Outcome, w *worklowPinningResult, isGitHub bool) { +func addWorkflowPinnedResult(outcome finding.Outcome, w *workflowPinningResult, isGitHub bool) { if isGitHub { addPinnedResult(outcome, &w.gitHubOwned) } else { @@ -359,7 +359,7 @@ func logPinnedResult(dl checker.DetailLogger, p pinnedResult, name string) { }) } -func createScoreForGitHubActionsWorkflow(wp *worklowPinningResult, dl checker.DetailLogger, +func createScoreForGitHubActionsWorkflow(wp *workflowPinningResult, dl checker.DetailLogger, ) []checker.ProportionalScoreWeighted { if wp.gitHubOwned.total == 0 && wp.thirdParties.total == 0 { return []checker.ProportionalScoreWeighted{} diff --git a/checks/evaluation/pinned_dependencies_test.go b/checks/evaluation/pinned_dependencies_test.go index 41b6d6c6850..50c38c12282 100644 --- a/checks/evaluation/pinned_dependencies_test.go +++ b/checks/evaluation/pinned_dependencies_test.go @@ -30,12 +30,12 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { //nolint:govet tests := []struct { name string - r worklowPinningResult + r workflowPinningResult scores []checker.ProportionalScoreWeighted }{ { name: "GitHub-owned and Third-Party actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 1, total: 1, @@ -60,7 +60,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "only GitHub-owned actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 1, total: 1, @@ -85,7 +85,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "only Third-Party actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 1, @@ -110,7 +110,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no GitHub actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 1, @@ -135,7 +135,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no GitHub-owned actions and Third-party actions unpinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 0, @@ -155,7 +155,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no Third-party actions and GitHub-owned actions unpinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 1, @@ -175,7 +175,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no GitHub-owned actions and Third-party actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 0, total: 0, @@ -195,7 +195,7 @@ func Test_createScoreForGitHubActionsWorkflow(t *testing.T) { }, { name: "no Third-party actions and GitHub-owned actions pinned", - r: worklowPinningResult{ + r: workflowPinningResult{ gitHubOwned: pinnedResult{ pinned: 1, total: 1, @@ -884,23 +884,23 @@ func Test_generateOwnerToDisplay(t *testing.T) { func Test_addWorkflowPinnedResult(t *testing.T) { t.Parallel() type args struct { - w *worklowPinningResult + w *workflowPinningResult outcome finding.Outcome isGitHub bool } tests := []struct { name string - want *worklowPinningResult + want *workflowPinningResult args args }{ { name: "add pinned GitHub-owned action dependency", args: args{ outcome: finding.OutcomePositive, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, isGitHub: true, }, - want: &worklowPinningResult{ + want: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 0, @@ -915,10 +915,10 @@ func Test_addWorkflowPinnedResult(t *testing.T) { name: "add unpinned GitHub-owned action dependency", args: args{ outcome: finding.OutcomeNegative, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, isGitHub: true, }, - want: &worklowPinningResult{ + want: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 0, @@ -933,10 +933,10 @@ func Test_addWorkflowPinnedResult(t *testing.T) { name: "add pinned Third-Party action dependency", args: args{ outcome: finding.OutcomePositive, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, isGitHub: false, }, - want: &worklowPinningResult{ + want: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 1, total: 1, @@ -951,10 +951,10 @@ func Test_addWorkflowPinnedResult(t *testing.T) { name: "add unpinned Third-Party action dependency", args: args{ outcome: finding.OutcomeNegative, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, isGitHub: false, }, - want: &worklowPinningResult{ + want: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 1, @@ -1032,13 +1032,13 @@ func TestUpdatePinningResults(t *testing.T) { t.Parallel() type args struct { snippet *string - w *worklowPinningResult + w *workflowPinningResult pr map[checker.DependencyUseType]pinnedResult dependencyType checker.DependencyUseType outcome finding.Outcome } type want struct { - w *worklowPinningResult + w *workflowPinningResult pr map[checker.DependencyUseType]pinnedResult } tests := []struct { //nolint:govet @@ -1052,11 +1052,11 @@ func TestUpdatePinningResults(t *testing.T) { dependencyType: checker.DependencyUseTypeGHAction, outcome: finding.OutcomePositive, snippet: stringAsPointer("actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675"), - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{ + w: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 0, @@ -1075,11 +1075,11 @@ func TestUpdatePinningResults(t *testing.T) { dependencyType: checker.DependencyUseTypeGHAction, outcome: finding.OutcomeNegative, snippet: stringAsPointer("actions/checkout@v2"), - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{ + w: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 0, @@ -1097,12 +1097,12 @@ func TestUpdatePinningResults(t *testing.T) { args: args{ dependencyType: checker.DependencyUseTypeGHAction, outcome: finding.OutcomePositive, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, snippet: stringAsPointer("other/checkout@ffa6706ff2127a749973072756f83c532e43ed02"), pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{ + w: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 1, total: 1, @@ -1121,11 +1121,11 @@ func TestUpdatePinningResults(t *testing.T) { dependencyType: checker.DependencyUseTypeGHAction, snippet: stringAsPointer("other/checkout@v2"), outcome: finding.OutcomeNegative, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{ + w: &workflowPinningResult{ thirdParties: pinnedResult{ pinned: 0, total: 1, @@ -1143,11 +1143,11 @@ func TestUpdatePinningResults(t *testing.T) { args: args{ dependencyType: checker.DependencyUseTypePipCommand, outcome: finding.OutcomePositive, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: map[checker.DependencyUseType]pinnedResult{ checker.DependencyUseTypePipCommand: { pinned: 1, @@ -1161,11 +1161,11 @@ func TestUpdatePinningResults(t *testing.T) { args: args{ dependencyType: checker.DependencyUseTypePipCommand, outcome: finding.OutcomeNegative, - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: make(map[checker.DependencyUseType]pinnedResult), }, want: want{ - w: &worklowPinningResult{}, + w: &workflowPinningResult{}, pr: map[checker.DependencyUseType]pinnedResult{ checker.DependencyUseTypePipCommand: { pinned: 0, diff --git a/checks/evaluation/sast.go b/checks/evaluation/sast.go index 63c7beb82de..f6a6897cc98 100644 --- a/checks/evaluation/sast.go +++ b/checks/evaluation/sast.go @@ -93,7 +93,7 @@ func SAST(name string, if sastScore == checker.InconclusiveResultScore && codeQlScore == checker.InconclusiveResultScore { // That can never happen since sastToolInCheckRuns can never - // retun checker.InconclusiveResultScore. + // return checker.InconclusiveResultScore. return checker.CreateRuntimeErrorResult(name, sce.ErrScorecardInternal) } diff --git a/checks/fileparser/github_workflow.go b/checks/fileparser/github_workflow.go index 3dda4f3e581..5ffc9722933 100644 --- a/checks/fileparser/github_workflow.go +++ b/checks/fileparser/github_workflow.go @@ -343,7 +343,7 @@ type JobMatcherStep struct { Run string } -// JobMatchResult represents the result of a matche. +// JobMatchResult represents the result of a match. type JobMatchResult struct { Msg string File checker.File diff --git a/checks/fileparser/github_workflow_test.go b/checks/fileparser/github_workflow_test.go index 77d721dd405..29f378bb5b2 100644 --- a/checks/fileparser/github_workflow_test.go +++ b/checks/fileparser/github_workflow_test.go @@ -103,7 +103,7 @@ func TestGitHubWorkflowShell(t *testing.T) { }, { name: "shell specified in step", - filename: "../testdata/.github/workflows/github-workflow-shells-speficied-step.yaml", + filename: "../testdata/.github/workflows/github-workflow-shells-specified-step.yaml", expectedShells: []string{"pwsh"}, }, { diff --git a/checks/fileparser/listing_test.go b/checks/fileparser/listing_test.go index bb4e619b7aa..1b09c921fd7 100644 --- a/checks/fileparser/listing_test.go +++ b/checks/fileparser/listing_test.go @@ -202,7 +202,7 @@ func Test_isMatchingPath(t *testing.T) { want: true, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "dockerfile", @@ -211,7 +211,7 @@ func Test_isMatchingPath(t *testing.T) { want: true, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "dockerfile", @@ -220,7 +220,7 @@ func Test_isMatchingPath(t *testing.T) { want: false, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -229,7 +229,7 @@ func Test_isMatchingPath(t *testing.T) { want: false, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -238,7 +238,7 @@ func Test_isMatchingPath(t *testing.T) { want: false, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -247,7 +247,7 @@ func Test_isMatchingPath(t *testing.T) { want: false, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -255,7 +255,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -263,7 +263,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -271,7 +271,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -279,7 +279,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -287,7 +287,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -295,7 +295,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", @@ -303,7 +303,7 @@ func Test_isMatchingPath(t *testing.T) { }, }, { - name: "matching path with case insensitive", + name: "matching path with case-insensitive", args: args{ pattern: "Dockerfile", fullpath: "Dockerfile.template", diff --git a/checks/raw/binary_artifact.go b/checks/raw/binary_artifact.go index c2fc925c097..1c7a82f246d 100644 --- a/checks/raw/binary_artifact.go +++ b/checks/raw/binary_artifact.go @@ -278,7 +278,7 @@ func checkWorkflowValidatesGradleWrapper(path string, content []byte, args ...in return true, nil } -// fileExists checks if a file of name name exists, including within +// fileExists checks if a file named `name` exists, including within // subdirectories. func fileExists(files []checker.File, name string) bool { for _, f := range files { diff --git a/checks/raw/binary_artifact_test.go b/checks/raw/binary_artifact_test.go index 22362c40c19..590e86a7833 100644 --- a/checks/raw/binary_artifact_test.go +++ b/checks/raw/binary_artifact_test.go @@ -82,7 +82,7 @@ func TestBinaryArtifacts(t *testing.T) { name: "non binary file", err: nil, files: [][]string{ - {"../doesnotexist"}, + {"../nonexistent"}, }, getFileContentCount: 1, }, diff --git a/checks/raw/dependency_update_tool.go b/checks/raw/dependency_update_tool.go index 63b262c70a1..5b9cc819b06 100644 --- a/checks/raw/dependency_update_tool.go +++ b/checks/raw/dependency_update_tool.go @@ -29,7 +29,7 @@ const ( dependabotID = 49699333 ) -// DependencyUpdateTool is the exported name for Depdendency-Update-Tool. +// DependencyUpdateTool is the exported name for Dependency-Update-Tool. func DependencyUpdateTool(c clients.RepoClient) (checker.DependencyUpdateToolData, error) { var tools []checker.Tool err := fileparser.OnAllFilesDo(c, checkDependencyFileExists, &tools) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 16d91b457f7..c26cd028906 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -44,7 +44,7 @@ type languageFuzzConfig struct { filePatterns []string } -// Contains fuzzing speficications for programming languages. +// Contains fuzzing specifications for programming languages. // Please use the type Language defined in clients/languages.go rather than a raw string. var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{ // Default fuzz patterns for Go. diff --git a/checks/raw/pinned_dependencies.go b/checks/raw/pinned_dependencies.go index afc352873de..be251571dac 100644 --- a/checks/raw/pinned_dependencies.go +++ b/checks/raw/pinned_dependencies.go @@ -231,8 +231,8 @@ func collectDockerfilePinning(c *checker.CheckRequest, r *checker.PinningDepende for i := range r.Dependencies { rr := &r.Dependencies[i] if !*rr.Pinned { - remdtion := remediation.CreateDockerfilePinningRemediation(rr, remediation.CraneDigester{}) - rr.Remediation = remdtion + remediate := remediation.CreateDockerfilePinningRemediation(rr, remediation.CraneDigester{}) + rr.Remediation = remediate } } return nil @@ -486,8 +486,8 @@ func collectGitHubActionsWorkflowPinning(c *checker.CheckRequest, r *checker.Pin for i := range r.Dependencies { rr := &r.Dependencies[i] if !*rr.Pinned { - remdtion := remediationMetadata.CreateWorkflowPinningRemediation(rr.Location.Path) - rr.Remediation = remdtion + remediate := remediationMetadata.CreateWorkflowPinningRemediation(rr.Location.Path) + rr.Remediation = remediate } } return nil diff --git a/checks/raw/pinned_dependencies_test.go b/checks/raw/pinned_dependencies_test.go index f734075005d..82b0588511c 100644 --- a/checks/raw/pinned_dependencies_test.go +++ b/checks/raw/pinned_dependencies_test.go @@ -124,7 +124,7 @@ func TestGithubWorkflowPinningPattern(t *testing.T) { ispinned: false, }, { - desc: "hecking out mutable tag", + desc: "checking out mutable tag", uses: "actions/checkout@v3.2.0", ispinned: false, }, @@ -144,12 +144,12 @@ func TestGithubWorkflowPinningPattern(t *testing.T) { ispinned: false, }, { - desc: "checking out specific commmit from github with truncated SHA-1", + desc: "checking out specific commit from github with truncated SHA-1", uses: "actions/checkout@a81bbbf", ispinned: false, }, { - desc: "checking out specific commmit from github with SHA-1", + desc: "checking out specific commit from github with SHA-1", uses: "actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675", ispinned: true, }, @@ -449,7 +449,7 @@ func TestFileIsInVendorDir(t *testing.T) { }, { name: "misspelled vendor dir", - filename: "a/vendorr/Dockerfile", + filename: "a/vendor_/Dockerfile", expected: false, }, } @@ -1220,7 +1220,7 @@ func TestShellscriptInsecureDownloadsLineNumber(t *testing.T) { } } -func TestDockerfilePinningWihoutHash(t *testing.T) { +func TestDockerfilePinningWithoutHash(t *testing.T) { t.Parallel() //nolint:govet tests := []struct { @@ -1578,7 +1578,7 @@ func TestShellScriptDownloadPinned(t *testing.T) { } } -func TestGitHubWorflowRunDownload(t *testing.T) { +func TestGitHubWorkflowRunDownload(t *testing.T) { t.Parallel() //nolint:govet tests := []struct { diff --git a/checks/raw/shell_download_validate.go b/checks/raw/shell_download_validate.go index b2149bbf656..3688bd02bac 100644 --- a/checks/raw/shell_download_validate.go +++ b/checks/raw/shell_download_validate.go @@ -456,7 +456,7 @@ func isNpmDownload(cmd []string) bool { func isNpmUnpinnedDownload(cmd []string) bool { for i := 1; i < len(cmd); i++ { - // `npm ci` wil verify all hashes are present. + // `npm ci` will verify all hashes are present. if strings.EqualFold(cmd[i], "ci") { return false } @@ -805,7 +805,7 @@ func isNugetUnpinnedDownload(cmd []string) bool { return false } -func collectUnpinnedPakageManagerDownload(startLine, endLine uint, node syntax.Node, +func collectUnpinnedPackageManagerDownload(startLine, endLine uint, node syntax.Node, cmd, pathfn string, r *checker.PinningDependenciesData, ) { ce, ok := node.(*syntax.CallExpr) @@ -1146,7 +1146,7 @@ func validateShellFileAndRecord(pathfn string, startLine, endLine uint, content collectFetchProcSubsExecute(startLine, endLine, node, cmdStr, pathfn, r) // Package manager's unpinned installs. - collectUnpinnedPakageManagerDownload(startLine, endLine, node, cmdStr, pathfn, r) + collectUnpinnedPackageManagerDownload(startLine, endLine, node, cmdStr, pathfn, r) // TODO(laurent): add check for cat file | bash. // TODO(laurent): detect downloads of zip/tar files containing scripts. diff --git a/checks/raw/testdata/Dockerfile-gsutil-file b/checks/raw/testdata/Dockerfile-gsutil-file index 359984546c4..f7ffaedabfe 100644 --- a/checks/raw/testdata/Dockerfile-gsutil-file +++ b/checks/raw/testdata/Dockerfile-gsutil-file @@ -21,11 +21,11 @@ RUN /tmp/exe RUN gsutil gs://exe /tmp/exe1 && /tmp/exe1 RUN gsutil gs://exe /tmp/exe2 ; /tmp/exe2 -RUN gsutil gs://bucet/exe6 /path/to/ +RUN gsutil gs://bucket/exe6 /path/to/ RUN gsutil gs://bucket/exe . && ./exe -RUN gsutil gs://bucet/exe3 /path/to/ && /path/to/exe3 -RUN gsutil gs://bucet/exe4 /path/to/ && /path/to/exe4 +RUN gsutil gs://bucket/exe3 /path/to/ && /path/to/exe3 +RUN gsutil gs://bucket/exe4 /path/to/ && /path/to/exe4 RUN /path/to/exe6 @@ -35,19 +35,19 @@ RUN bash /tmp/file RUN gsutil gs://file /tmp/file1 && bash /tmp/file1 RUN gsutil gs://file /tmp/file2 ; bash /tmp/file2 -RUN gsutil gs://bucet/file6 /path/to/ +RUN gsutil gs://bucket/file6 /path/to/ RUN gsutil gs://bucket/file . && bash ./file -RUN gsutil gs://bucet/file3 /path/to/ && bash /path/to/file3 -RUN gsutil gs://bucet/file4 /path/to/ && bash /path/to/file4 +RUN gsutil gs://bucket/file3 /path/to/ && bash /path/to/file3 +RUN gsutil gs://bucket/file4 /path/to/ && bash /path/to/file4 RUN bash /path/to/file6 RUN ["gsutil", "gs://exe11", "/tmp/exe11"] RUN ["/tmp/exe11"] -RUN ["sh", "-c", "\"gsutil gs://bucet/file3xx /path/to/ && bash /path/to/file3xx\""] -RUN ["sh", "-c", "\"gsutil gs://bucet/file3yy /path/to/ \""] +RUN ["sh", "-c", "\"gsutil gs://bucket/file3xx /path/to/ && bash /path/to/file3xx\""] +RUN ["sh", "-c", "\"gsutil gs://bucket/file3yy /path/to/ \""] RUN ["sh", "-c", "\"bash /path/to/file3yy\""] FROM scratch diff --git a/checks/raw/testdata/Dockerfile-script-ok b/checks/raw/testdata/Dockerfile-script-ok index 37261b0e4ea..fbaf3032f4f 100644 --- a/checks/raw/testdata/Dockerfile-script-ok +++ b/checks/raw/testdata/Dockerfile-script-ok @@ -49,8 +49,8 @@ RUN gsutil gs://file /tmp/file1 && bash /tmp/fileqw RUN gsutil gs://file /tmp/file2 ; bash /tmp/file122 RUN gsutil gs://bucket/file . && bash ./file2222 -RUN gsutil gs://bucet/file /path/to/ && bash /path/to/fileqqq -RUN gsutil gs://bucet/file2 /path/to/ && bash /path/to/file2234 +RUN gsutil gs://bucket/file /path/to/ && bash /path/to/fileqqq +RUN gsutil gs://bucket/file2 /path/to/ && bash /path/to/file2234 RUN bash /path/to/fileshsj RUN bash somescript.sh diff --git a/checks/sast_test.go b/checks/sast_test.go index 745bda731ef..75cab0293bc 100644 --- a/checks/sast_test.go +++ b/checks/sast_test.go @@ -201,7 +201,7 @@ func Test_SAST(t *testing.T) { }, { name: `Airflow Workflow has CodeQL and two check runs one of - which has wrong type of conlusion. The other is 'success'`, + which has wrong type of conclusion. The other is 'success'`, err: nil, commits: []clients.Commit{ { diff --git a/checks/security_policy.go b/checks/security_policy.go index 1046c566e13..30410d024f0 100644 --- a/checks/security_policy.go +++ b/checks/security_policy.go @@ -23,7 +23,7 @@ import ( "github.com/ossf/scorecard/v4/probes/zrunner" ) -// CheckSecurityPolicy is the registred name for SecurityPolicy. +// CheckSecurityPolicy is the registered name for SecurityPolicy. const CheckSecurityPolicy = "Security-Policy" //nolint:gochecknoinits diff --git a/checks/security_policy_test.go b/checks/security_policy_test.go index 8ea34b76a23..4a2596b8189 100644 --- a/checks/security_policy_test.go +++ b/checks/security_policy_test.go @@ -61,7 +61,7 @@ func TestSecurityPolicy(t *testing.T) { }, { name: "docs/security.md", - path: "./testdata/securitypolicy/04_textAndDisclosureVuls", + path: "./testdata/securitypolicy/04_textAndDisclosureVulns", files: []string{ "docs/security.md", }, @@ -133,7 +133,7 @@ func TestSecurityPolicy(t *testing.T) { }, { name: ".github/security.adoc", - path: "./testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVuls", + path: "./testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVulns", files: []string{ ".github/security.adoc", }, diff --git a/checks/testdata/.github/workflows/github-workflow-shells-speficied-step.yaml b/checks/testdata/.github/workflows/github-workflow-shells-specified-step.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-shells-speficied-step.yaml rename to checks/testdata/.github/workflows/github-workflow-shells-specified-step.yaml diff --git a/checks/testdata/binaryartifacts/workflows/verify-outdated-action.yaml b/checks/testdata/binaryartifacts/workflows/verify-outdated-action.yaml index 41237b99dee..477c45ffcb9 100644 --- a/checks/testdata/binaryartifacts/workflows/verify-outdated-action.yaml +++ b/checks/testdata/binaryartifacts/workflows/verify-outdated-action.yaml @@ -2,7 +2,7 @@ name: "GW Validate Workflow" on: [push, pull_request] jobs: - gw_validat3: + gw_validate: name: "GW Validate Job" runs-on: ubuntu-latest steps: diff --git a/checks/testdata/binaryartifacts/workflows/verify.yaml b/checks/testdata/binaryartifacts/workflows/verify.yaml index bcc9f989eab..28214fcfe7e 100644 --- a/checks/testdata/binaryartifacts/workflows/verify.yaml +++ b/checks/testdata/binaryartifacts/workflows/verify.yaml @@ -2,7 +2,7 @@ name: "GW Validate Workflow" on: [push, pull_request] jobs: - gw_validat3: + gw_validate: name: "GW Validate Job" runs-on: ubuntu-latest steps: diff --git a/checks/testdata/securitypolicy/04_textAndDisclosureVuls b/checks/testdata/securitypolicy/04_textAndDisclosureVulns similarity index 100% rename from checks/testdata/securitypolicy/04_textAndDisclosureVuls rename to checks/testdata/securitypolicy/04_textAndDisclosureVulns diff --git a/checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVuls b/checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVulns similarity index 100% rename from checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVuls rename to checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVulns diff --git a/checks/webhook_test.go b/checks/webhook_test.go index df9c1b2dc24..30663139a35 100644 --- a/checks/webhook_test.go +++ b/checks/webhook_test.go @@ -73,7 +73,7 @@ func TestWebhooks(t *testing.T) { }, }, { - name: "With 2 Webhooks with and whitout secrets configured", + name: "With 2 Webhooks with and without secrets configured", uri: "github.com/owner/repo", expected: checker.CheckResult{ Score: 5, diff --git a/clients/githubrepo/branches_e2e_test.go b/clients/githubrepo/branches_e2e_test.go index f84d81f7fa8..1e842d88b65 100644 --- a/clients/githubrepo/branches_e2e_test.go +++ b/clients/githubrepo/branches_e2e_test.go @@ -95,7 +95,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { Expect(branchRef).ShouldNot(BeNil()) }) - It("Should return an error for non-existent branch", func() { + It("Should return an error for nonexistent branch", func() { skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ @@ -105,7 +105,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { } brancheshandler.init(context.Background(), repourl) - branchRef, err := brancheshandler.getBranch("non-existent-branch") + branchRef, err := brancheshandler.getBranch("nonexistent-branch") Expect(err).Should(BeNil()) Expect(branchRef).Should(BeNil()) }) diff --git a/clients/githubrepo/branches_test.go b/clients/githubrepo/branches_test.go index e8467422449..f41316a7ae4 100644 --- a/clients/githubrepo/branches_test.go +++ b/clients/githubrepo/branches_test.go @@ -290,7 +290,7 @@ func Test_applyRepoRules(t *testing.T) { BranchProtectionRule: clients.BranchProtectionRule{ AllowDeletions: &falseVal, AllowForcePushes: &falseVal, - EnforceAdmins: &falseVal, // Maintain: deletion enforces but forcepush does not + EnforceAdmins: &falseVal, // Maintain: deletion enforces but force-push does not RequireLinearHistory: &falseVal, RequiredPullRequestReviews: clients.PullRequestReviewRule{ Required: &falseVal, diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index 53f8da718a2..dbef2cf9134 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -343,7 +343,7 @@ func CreateGithubRepoClient(ctx context.Context, logger *log.Logger) clients.Rep } // CreateOssFuzzRepoClient returns a RepoClient implementation -// intialized to `google/oss-fuzz` GitHub repository. +// initialized to `google/oss-fuzz` GitHub repository. // // Deprecated: Searching the github.com/google/oss-fuzz repo for projects is flawed. Use a constructor // from clients/ossfuzz instead. https://github.com/ossf/scorecard/issues/2670 diff --git a/clients/githubrepo/githubrepo_suite_test.go b/clients/githubrepo/githubrepo_suite_test.go index f86ac76ce26..399656fd887 100644 --- a/clients/githubrepo/githubrepo_suite_test.go +++ b/clients/githubrepo/githubrepo_suite_test.go @@ -76,6 +76,6 @@ var _ = BeforeSuite(func() { case "GITHUB_TOKEN": tokType = githubWorkflowDefaultTokenType default: - panic(fmt.Sprintf("invald TOKEN_TYPE: %s", tt)) + panic(fmt.Sprintf("invalid TOKEN_TYPE: %s", tt)) } }) diff --git a/clients/githubrepo/graphql.go b/clients/githubrepo/graphql.go index e3fa19128b2..3a5940cc45c 100644 --- a/clients/githubrepo/graphql.go +++ b/clients/githubrepo/graphql.go @@ -266,7 +266,7 @@ func commitsFrom(data *graphqlData, repoOwner, repoName string) ([]clients.Commi continue } // ResourcePath: e.g., for dependabot, "/apps/dependabot", or "/apps/renovate" - // Path that can be appended to "https://github.com" for a Github resource + // Path that can be appended to "https://github.com" for a GitHub resource openedByBot := strings.HasPrefix(string(pr.Author.ResourcePath), "/apps/") associatedPR = clients.PullRequest{ Number: int(pr.Number), @@ -341,26 +341,26 @@ func getRepoAssociation(association *string) *clients.RepoAssociation { if association == nil { return nil } - var repoAssociaton clients.RepoAssociation + var repoAssociation clients.RepoAssociation switch *association { case "COLLABORATOR": - repoAssociaton = clients.RepoAssociationCollaborator + repoAssociation = clients.RepoAssociationCollaborator case "CONTRIBUTOR": - repoAssociaton = clients.RepoAssociationContributor + repoAssociation = clients.RepoAssociationContributor case "FIRST_TIMER": - repoAssociaton = clients.RepoAssociationFirstTimer + repoAssociation = clients.RepoAssociationFirstTimer case "FIRST_TIME_CONTRIBUTOR": - repoAssociaton = clients.RepoAssociationFirstTimeContributor + repoAssociation = clients.RepoAssociationFirstTimeContributor case "MANNEQUIN": - repoAssociaton = clients.RepoAssociationMannequin + repoAssociation = clients.RepoAssociationMannequin case "MEMBER": - repoAssociaton = clients.RepoAssociationMember + repoAssociation = clients.RepoAssociationMember case "NONE": - repoAssociaton = clients.RepoAssociationNone + repoAssociation = clients.RepoAssociationNone case "OWNER": - repoAssociaton = clients.RepoAssociationOwner + repoAssociation = clients.RepoAssociationOwner default: return nil } - return &repoAssociaton + return &repoAssociation } diff --git a/clients/githubrepo/repo_test.go b/clients/githubrepo/repo_test.go index b0fdca7703d..7b8b2977e77 100644 --- a/clients/githubrepo/repo_test.go +++ b/clients/githubrepo/repo_test.go @@ -50,7 +50,7 @@ func TestRepoURL_IsValid(t *testing.T) { wantErr: false, }, { - name: "Non github repository", + name: "Non GitHub repository", expected: repoURL{ host: "gitlab.com", owner: "foo", @@ -60,7 +60,7 @@ func TestRepoURL_IsValid(t *testing.T) { wantErr: true, }, { - name: "Github repository", + name: "GitHub repository", expected: repoURL{ host: "github.com", owner: "foo", @@ -70,7 +70,7 @@ func TestRepoURL_IsValid(t *testing.T) { wantErr: false, }, { - name: "Github repository with host", + name: "GitHub repository with host", expected: repoURL{ host: "github.com", owner: "foo", diff --git a/clients/githubrepo/roundtripper/rate_limit.go b/clients/githubrepo/roundtripper/rate_limit.go index 6d7d76b482c..5b0e064f4b0 100644 --- a/clients/githubrepo/roundtripper/rate_limit.go +++ b/clients/githubrepo/roundtripper/rate_limit.go @@ -36,7 +36,7 @@ func MakeRateLimitedTransport(innerTransport http.RoundTripper, logger *log.Logg } } -// rateLimitTransport is a rate-limit aware http.Transport for Github. +// rateLimitTransport is a rate-limit aware http.Transport for GitHub. type rateLimitTransport struct { logger *log.Logger innerTransport http.RoundTripper diff --git a/clients/gitlabrepo/checkruns.go b/clients/gitlabrepo/checkruns.go index 0dbbf8c214b..6ae8133682c 100644 --- a/clients/gitlabrepo/checkruns.go +++ b/clients/gitlabrepo/checkruns.go @@ -43,7 +43,7 @@ func (handler *checkrunsHandler) listCheckRunsForRef(ref string) ([]clients.Chec options.Ref = &ref } - // Notes for Gitlab ListProjectPipelines endpoint: + // Notes for GitLab ListProjectPipelines endpoint: // Only full SHA works for SHA param, Short SHA does not work // Branch names work for Ref Param, tags and SHAs do not work // Reference: https://docs.gitlab.com/ee/api/pipelines.html#list-project-pipelines diff --git a/clients/gitlabrepo/issues.go b/clients/gitlabrepo/issues.go index 5447c7de3bd..c438e09c3e4 100644 --- a/clients/gitlabrepo/issues.go +++ b/clients/gitlabrepo/issues.go @@ -48,7 +48,7 @@ func (handler *issuesHandler) setup() error { } // There doesn't seem to be a good way to get user access_levels in gitlab so the following way may seem incredibly - // barberic, however I couldn't find a better way in the docs. + // barbaric, however I couldn't find a better way in the docs. projMemberships, resp, err := handler.glClient.ProjectMembers.ListAllProjectMembers( handler.repourl.projectID, &gitlab.ListProjectMembersOptions{}) if err != nil && resp.StatusCode != 401 { diff --git a/clients/gitlabrepo/languages_e2e_test.go b/clients/gitlabrepo/languages_e2e_test.go index 2e16a460707..61d24c63f45 100644 --- a/clients/gitlabrepo/languages_e2e_test.go +++ b/clients/gitlabrepo/languages_e2e_test.go @@ -39,7 +39,7 @@ var _ = Describe("E2E TEST: gitlabrepo.ListProgrammingLanguages", func() { // Check for the presence of some languages isPythonPresent := false for _, lang := range programmingLang { - // compare case insensitive + // compare case-insensitive if strings.EqualFold(string(lang.Name), "Python") { isPythonPresent = true break diff --git a/clients/gitlabrepo/repo.go b/clients/gitlabrepo/repo.go index 1241fecb4b6..5d51c4f83d9 100644 --- a/clients/gitlabrepo/repo.go +++ b/clients/gitlabrepo/repo.go @@ -12,8 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -// NOTE: In Gitlab repositories are called projects, however to ensure compatibility, -// this package will regard to Gitlab projects as repositories. +// NOTE: In GitLab repositories are called projects, however to ensure compatibility, +// this package will regard to GitLab projects as repositories. package gitlabrepo import ( diff --git a/clients/gitlabrepo/searchCommits.go b/clients/gitlabrepo/searchCommits.go index 1fa1ea9f727..88617b9c8f0 100644 --- a/clients/gitlabrepo/searchCommits.go +++ b/clients/gitlabrepo/searchCommits.go @@ -38,7 +38,7 @@ func (handler *searchCommitsHandler) search(request clients.SearchCommitsOptions } query, err := handler.buildQuery(request) if err != nil { - return nil, fmt.Errorf("handler.buildQuiery: %w", err) + return nil, fmt.Errorf("handler.buildQuery: %w", err) } commits, _, err := handler.glClient.Search.CommitsByProject(handler.repourl.projectID, query, &gitlab.SearchOptions{}) @@ -48,7 +48,7 @@ func (handler *searchCommitsHandler) search(request clients.SearchCommitsOptions // Gitlab returns a list of commits that does not contain the committer's id, unlike in // githubrepo/searchCommits.go so to limit the number of requests we are mapping each unique user - // email to thei gitlab user data. + // email to their gitlab user data. userMap := make(map[string]*gitlab.User) var ret []clients.Commit for _, commit := range commits { diff --git a/clients/gitlabrepo/search_test.go b/clients/gitlabrepo/search_test.go index 2286ae4d5c3..ea6be1668c5 100644 --- a/clients/gitlabrepo/search_test.go +++ b/clients/gitlabrepo/search_test.go @@ -94,7 +94,7 @@ func TestBuildQuery(t *testing.T) { expectedQuery: "testquery project:testowner/1234 in:file filename:filename1.txt path:dir1/dir2", }, { - name: "WithFilenameAndPathWithSeperator", + name: "WithFilenameAndPathWithSeparator", repourl: &repoURL{ owner: "testowner", projectID: "1234", diff --git a/clients/ossfuzz/client_test.go b/clients/ossfuzz/client_test.go index cb7d455b087..fd0ad92a612 100644 --- a/clients/ossfuzz/client_test.go +++ b/clients/ossfuzz/client_test.go @@ -43,14 +43,14 @@ func TestClient(t *testing.T) { wantErr: false, }, { - name: "non existent project", + name: "nonexistent project", project: "github.com/not/here", statusFile: "status.json", wantHit: false, wantErr: false, }, { - name: "non existent project which is a substring of a present project", + name: "nonexistent project which is a substring of a present project", project: "github.com/ossf/score", statusFile: "status.json", wantHit: false, @@ -64,14 +64,14 @@ func TestClient(t *testing.T) { wantErr: false, }, { - name: "project case insensitive", + name: "project case-insensitive", project: "github.com/FFTW/fftw3", statusFile: "status.json", wantHit: true, wantErr: false, }, { - name: "non existent status file", + name: "nonexistent status file", project: "github.com/ossf/scorecard", statusFile: "not_here.json", wantHit: false, @@ -123,7 +123,7 @@ func TestClientEager(t *testing.T) { wantCreateErr: false, }, { - name: "non existent project", + name: "nonexistent project", project: "github.com/not/here", statusFile: "status.json", wantHit: false, @@ -131,7 +131,7 @@ func TestClientEager(t *testing.T) { wantCreateErr: false, }, { - name: "non existent project which is a substring of a present project", + name: "nonexistent project which is a substring of a present project", project: "github.com/ossf/score", statusFile: "status.json", wantHit: false, @@ -139,7 +139,7 @@ func TestClientEager(t *testing.T) { wantCreateErr: false, }, { - name: "non existent status file", + name: "nonexistent status file", project: "github.com/ossf/scorecard", statusFile: "not_here.json", wantHit: false, diff --git a/clients/user.go b/clients/user.go index ffbd2ce5805..489d0b2f763 100644 --- a/clients/user.go +++ b/clients/user.go @@ -28,7 +28,7 @@ type User struct { type RepoAssociation uint32 // Values taken from https://docs.github.com/en/graphql/reference/enums#commentauthorassociation. -// Additional values may be added in the future for non-Github projects. +// Additional values may be added in the future for non-GitHub projects. // NOTE: Values are present in increasing order of privilege. If adding new values // maintain the order of privilege to ensure Gte() functionality is preserved. const ( diff --git a/cmd/internal/nuget/client.go b/cmd/internal/nuget/client.go index 7eb23e4cfab..0de4c6b047e 100644 --- a/cmd/internal/nuget/client.go +++ b/cmd/internal/nuget/client.go @@ -239,7 +239,7 @@ func isSupportedProjectURL(projectURL string) bool { } // Nuget semver diverges from Semantic Versioning. -// This method returns the Nuget represntation of version and pre release strings. +// This method returns the Nuget representation of version and pre release strings. // //nolint:lll // https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#where-nugetversion-diverges-from-semantic-versioning func parseNugetSemVer(versionString string) (base, preReleaseSuffix string) { diff --git a/cmd/internal/nuget/client_test.go b/cmd/internal/nuget/client_test.go index 350386d42f6..4379c238332 100644 --- a/cmd/internal/nuget/client_test.go +++ b/cmd/internal/nuget/client_test.go @@ -503,7 +503,7 @@ func Test_fetchGitRepositoryFromNuget(t *testing.T) { wantErr: true, }, { - name: "error marhsal entry", + name: "error marshal entry", args: nugetTestArgs{ inputPackageName: "nuget-package", resultIndex: "index.json", diff --git a/cmd/internal/scdiff/app/compare/compare_test.go b/cmd/internal/scdiff/app/compare/compare_test.go index 3625e650499..c24874d773a 100644 --- a/cmd/internal/scdiff/app/compare/compare_test.go +++ b/cmd/internal/scdiff/app/compare/compare_test.go @@ -153,7 +153,7 @@ func TestResults(t *testing.T) { wantEqual: false, }, { - name: "details have differnet levels", + name: "details have different levels", a: &pkg.ScorecardResult{ Checks: []checker.CheckResult{ { diff --git a/cmd/internal/scdiff/app/compare_test.go b/cmd/internal/scdiff/app/compare_test.go index f4bfc5b3816..83aa8514e1b 100644 --- a/cmd/internal/scdiff/app/compare_test.go +++ b/cmd/internal/scdiff/app/compare_test.go @@ -117,7 +117,7 @@ func Test_compare_reader_err(t *testing.T) { `), }, { - name: "error in both readesr", + name: "error in both readers", x: alwaysErrorReader{}, y: alwaysErrorReader{}, }, diff --git a/cmd/internal/scdiff/app/stats_test.go b/cmd/internal/scdiff/app/stats_test.go index 7896a80d38a..9434de355aa 100644 --- a/cmd/internal/scdiff/app/stats_test.go +++ b/cmd/internal/scdiff/app/stats_test.go @@ -47,13 +47,13 @@ func Test_countScores(t *testing.T) { want: [12]int{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1}, }, { - name: "check name case insensitive", + name: "check name case-insensitive", check: "fOo", results: common, want: [12]int{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1}, }, { - name: "non existent check", + name: "nonexistent check", check: "not present", results: common, wantErr: true, @@ -96,7 +96,7 @@ func Test_calcStats(t *testing.T) { input := strings.NewReader(`{"date":"0001-01-01T00:00:00Z","repo":{"name":"repo1"},"score":10}`) var output bytes.Buffer if err := calcStats(input, &output); err != nil { - t.Fatalf("unexepected error: %v", err) + t.Fatalf("unexpected error: %v", err) } got := output.String() // this is a bit of a simplification, but keeps the test simple diff --git a/cmd/internal/scdiff/main.go b/cmd/internal/scdiff/main.go index 4d56b3a1b62..639c9925cce 100644 --- a/cmd/internal/scdiff/main.go +++ b/cmd/internal/scdiff/main.go @@ -14,7 +14,7 @@ /* Scdiff is a tool to create and diff goldens when analyzing results. -These results can be from different points in time, or generated by differnet versions of Scorecard. +These results can be from different points in time, or generated by different versions of Scorecard. Intended usage: diff --git a/cmd/package_managers.go b/cmd/package_managers.go index 878235ceeec..cfd1c281ba1 100644 --- a/cmd/package_managers.go +++ b/cmd/package_managers.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package cmd implements Scorecard commandline. +// Package cmd implements Scorecard command-line. package cmd import ( @@ -45,8 +45,8 @@ func makeGithubRepo(urlAndPathParts []string) string { return fmt.Sprintf("https://github.com/%s/%s", userOrOrg, repoName) } -// Both GitHub and GitLab are case insensitive (and thus we lowercase those URLS) -// however generic URLs are indeed case sensitive! +// Both GitHub and GitLab are case-insensitive (and thus we lowercase those URLS) +// however generic URLs are indeed case-sensitive! var pypiMatchers = []func(string) string{ func(url string) string { return makeGithubRepo(githubDomainRegexp.FindStringSubmatch(url)) diff --git a/cmd/package_managers_test.go b/cmd/package_managers_test.go index a8ba8ec1e97..0dee9a2b6f5 100644 --- a/cmd/package_managers_test.go +++ b/cmd/package_managers_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package cmd implements Scorecard commandline. +// Package cmd implements Scorecard command-line. package cmd import ( @@ -336,7 +336,7 @@ func Test_fetchGitRepositoryFromPYPI(t *testing.T) { "description": "UNKNOWN", "description_content_type": null, "docs_url": null, - "downoad_url": null, + "download_url": null, "downloads": { "last_day": -1, "last_month": -1, diff --git a/cmd/root.go b/cmd/root.go index b66272c0bca..2c1bf71f14e 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package cmd implements Scorecard commandline. +// Package cmd implements Scorecard command-line. package cmd import ( diff --git a/cmd/serve.go b/cmd/serve.go index 0aecc321681..b9d0e92e247 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -96,7 +96,7 @@ func serveCmd(o *options.Options) *cobra.Command { port = "8080" } logger.Info("Listening on localhost:" + port + "\n") - //nolint:gosec // unsused. + //nolint:gosec // unused. err = http.ListenAndServe(fmt.Sprintf("0.0.0.0:%s", port), nil) if err != nil { // TODO(log): Should this actually panic? diff --git a/cron/config/config.go b/cron/config/config.go index a3c1a091457..16e83da3473 100644 --- a/cron/config/config.go +++ b/cron/config/config.go @@ -239,7 +239,7 @@ func GetRequestTopicURL() (string, error) { return getStringConfigValue(requestTopicURL, configYAML, "RequestTopicURL", "request-topic-url") } -// GetRequestSubscriptionURL returns the subscription name of the PubSub topic for cron job reuests. +// GetRequestSubscriptionURL returns the subscription name of the PubSub topic for cron job requests. func GetRequestSubscriptionURL() (string, error) { return getStringConfigValue(requestSubscriptionURL, configYAML, "RequestSubscriptionURL", "request-subscription-url") } diff --git a/cron/config/config_test.go b/cron/config/config_test.go index 6fe09b22a7d..335575336e8 100644 --- a/cron/config/config_test.go +++ b/cron/config/config_test.go @@ -343,7 +343,7 @@ func TestGetBigQueryDataset(t *testing.T) { os.Unsetenv(bigqueryDataset) dataset, err := GetBigQueryDataset() if err != nil { - t.Errorf("failed to get production BQ datset from config: %v", err) + t.Errorf("failed to get production BQ dataset from config: %v", err) } if dataset != prodBigQueryDataset { t.Errorf("test failed: expected - %s, got = %s", prodBigQueryDataset, dataset) @@ -510,7 +510,7 @@ func TestGetAdditionalParams(t *testing.T) { wantErr: false, }, { - name: "nonexistant value", + name: "nonexistent value", mapName: "this-value-should-never-exist", want: map[string]string{}, wantErr: true, diff --git a/cron/data/format.go b/cron/data/format.go index 11b4800682f..77fb2cd6c4d 100644 --- a/cron/data/format.go +++ b/cron/data/format.go @@ -24,7 +24,7 @@ func (s CSVStrings) MarshalCSV() ([]byte, error) { return []byte(strings.Join(s, ",")), nil } -// UnmarshalCSV implements []byte -> []string de-serializtion. +// UnmarshalCSV implements []byte -> []string de-serialization. func (s *CSVStrings) UnmarshalCSV(input []byte) error { if len(input) == 0 { *s = nil diff --git a/cron/internal/controller/bucket_test.go b/cron/internal/controller/bucket_test.go index 2b041353174..acc88337f89 100644 --- a/cron/internal/controller/bucket_test.go +++ b/cron/internal/controller/bucket_test.go @@ -63,7 +63,7 @@ func TestGetPrefix(t *testing.T) { wantErr: false, }, { - name: "non existent prefix file", + name: "nonexistent prefix file", url: "testdata/getPrefix", prefix: "", prefixFile: "baz", diff --git a/cron/internal/emulator/README.md b/cron/internal/emulator/README.md index 09174774e4f..7b0a86c5491 100644 --- a/cron/internal/emulator/README.md +++ b/cron/internal/emulator/README.md @@ -23,7 +23,7 @@ fake-gcs-server -scheme http -public-host 0.0.0.0:4443 \ ``` ## pubsub emulator: -Google Cloud has a [pubsub emulator](https://cloud.google.com/pubsub/docs/emulator) with complete install ininstructions. +Google Cloud has a [pubsub emulator](https://cloud.google.com/pubsub/docs/emulator) with complete install instructions. I've summarized some of them below. @@ -41,7 +41,7 @@ cd python-pubsub/samples/snippet pip install -r requirements.txt ``` -### Running the pubsub emulator (needed to do everytime) +### Running the pubsub emulator (needed to do every time) In a second window from any directory, run the emulator itself: diff --git a/cron/internal/format/json_raw_results.go b/cron/internal/format/json_raw_results.go index 7fda0f62dc5..5cf4b6dacf4 100644 --- a/cron/internal/format/json_raw_results.go +++ b/cron/internal/format/json_raw_results.go @@ -144,7 +144,7 @@ func addCodeReviewRawResults(r *jsonScorecardRawResult, cr *checker.CodeReviewDa } //nolint:unparam -func addVulnerbilitiesRawResults(r *jsonScorecardRawResult, vd *checker.VulnerabilitiesData) error { +func addVulnerabilitiesRawResults(r *jsonScorecardRawResult, vd *checker.VulnerabilitiesData) error { r.Results.DatabaseVulnerabilities = []jsonDatabaseVulnerability{} for _, v := range vd.Vulnerabilities { r.Results.DatabaseVulnerabilities = append(r.Results.DatabaseVulnerabilities, @@ -229,8 +229,8 @@ func addBranchProtectionRawResults(r *jsonScorecardRawResult, bp *checker.Branch } func fillJSONRawResults(r *jsonScorecardRawResult, raw *checker.RawResults) error { - // Vulnerabiliries. - if err := addVulnerbilitiesRawResults(r, &raw.VulnerabilitiesResults); err != nil { + // Vulnerabilities. + if err := addVulnerabilitiesRawResults(r, &raw.VulnerabilitiesResults); err != nil { return sce.WithMessage(sce.ErrScorecardInternal, err.Error()) } diff --git a/cron/internal/pubsub/subscriber_gcs.go b/cron/internal/pubsub/subscriber_gcs.go index e223642d345..a03a5176823 100644 --- a/cron/internal/pubsub/subscriber_gcs.go +++ b/cron/internal/pubsub/subscriber_gcs.go @@ -90,7 +90,7 @@ func (subscriber *gcsSubscriber) SynchronousPull() (*data.ScorecardBatchRequest, MaxMessages: maxMessagesToPull, }) if err != nil { - log.Printf("error during Recieive: %v", err) + log.Printf("error during Receive: %v", err) return nil, nil } numReceivedMessages = len(result.GetReceivedMessages()) diff --git a/dependencydiff/dependencydiff.go b/dependencydiff/dependencydiff.go index 78012426ad0..aa1c13b1a6f 100644 --- a/dependencydiff/dependencydiff.go +++ b/dependencydiff/dependencydiff.go @@ -158,7 +158,7 @@ func getScorecardCheckResults(dCtx *dependencydiffContext) error { // Run scorecard on those types of dependencies that the caller would like to check. // If the input map changeTypesToCheck is empty, by default, we run the checks for all valid types. - // TODO (#2064): use the Scorecare REST API to retrieve the Scorecard result statelessly. + // TODO (#2064): use the Scorecard REST API to retrieve the Scorecard result statelessly. scorecardResult, err := pkg.RunScorecard( dCtx.ctx, dCtx.ghRepo, diff --git a/dependencydiff/raw_dependencies.go b/dependencydiff/raw_dependencies.go index d06684c4f30..de83cff625f 100644 --- a/dependencydiff/raw_dependencies.go +++ b/dependencydiff/raw_dependencies.go @@ -26,7 +26,7 @@ import ( ) // dependency is a raw dependency fetched from the GitHub Dependency Review API. -// Fields of a dependnecy correspondings to those of pkg.DependencyCheckResult. +// Fields of a dependency corresponding to those of pkg.DependencyCheckResult. type dependency struct { // Package URL is a short link for a package. PackageURL *string `json:"package_url"` diff --git a/docs/checks.md b/docs/checks.md index 402544fbded..4bc62dba4c4 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -328,7 +328,7 @@ low score is therefore not a definitive indication that the project is at risk. **Remediation steps** -- Signup for automatic dependency updates with one of the previously listed dependency update tools and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on. +- Sign up for automatic dependency updates with one of the previously listed dependency update tools and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on. - Unlike Dependabot, Renovate bot has support to migrate dockerfiles' dependencies from version pinning to hash pinning via the [pinDigests setting](https://docs.renovatebot.com/configuration-options/#pindigests) without additional manual effort. ## Fuzzing @@ -413,7 +413,7 @@ need maintenance unless an underlying implementation language definition changed. A lack of active maintenance should signal that potential users should investigate further to judge the situation. -This check will only succeed if a Github project is >90 days old. Projects +This check will only succeed if a GitHub project is >90 days old. Projects that are younger than this are too new to assess whether they are maintained or not, and users should inspect the contents of those projects to ensure they are as expected. @@ -526,7 +526,7 @@ SAST is testing run on source code before the application is run. Using SAST tools can prevent known classes of bugs from being inadvertently introduced in the codebase. -The checks currently looks for known Github apps such as +The checks currently looks for known GitHub apps such as [CodeQL](https://codeql.github.com/) (github-code-scanning) or [SonarCloud](https://sonarcloud.io/) in the recent (~30) merged PRs, or the use of "github/codeql-action" in a GitHub workflow. It also checks for the deprecated @@ -570,7 +570,7 @@ Free Form Text (3/10 points): Security Policy Specific Text (1/10 points): - Specific text providing basic or general information about vulnerability and disclosure practices, expectations, and/or timelines - - Text should include a total of 2 or more hits which match (case insensitive) + - Text should include a total of 2 or more hits which match (case-insensitive) `vuln` and as in "Vulnerability" or "vulnerabilities"; `disclos` as "Disclosure" or "disclose"; and numbers which convey expectations of times, e.g., 30 days or 90 days diff --git a/docs/checks/impl.go b/docs/checks/impl.go index 82c5d6f0e30..f10713f4f06 100644 --- a/docs/checks/impl.go +++ b/docs/checks/impl.go @@ -77,7 +77,7 @@ func (d DocImpl) CheckExists(name string) bool { return exists } -// CheckDocImpl implementts `CheckDoc` interface and +// CheckDocImpl implements `CheckDoc` interface and // stores documentation about a check. type CheckDocImpl struct { internalCheck internal.Check diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 889589c0c58..4c25be6b714 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -38,7 +38,7 @@ checks: changed. A lack of active maintenance should signal that potential users should investigate further to judge the situation. - This check will only succeed if a Github project is >90 days old. Projects + This check will only succeed if a GitHub project is >90 days old. Projects that are younger than this are too new to assess whether they are maintained or not, and users should inspect the contents of those projects to ensure they are as expected. @@ -77,7 +77,7 @@ checks: remediation: - >- - Signup for automatic dependency updates with one of the previously listed dependency update tools and place + Sign up for automatic dependency updates with one of the previously listed dependency update tools and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects @@ -544,7 +544,7 @@ checks: tools can prevent known classes of bugs from being inadvertently introduced in the codebase. - The checks currently looks for known Github apps such as + The checks currently looks for known GitHub apps such as [CodeQL](https://codeql.github.com/) (github-code-scanning) or [SonarCloud](https://sonarcloud.io/) in the recent (~30) merged PRs, or the use of "github/codeql-action" in a GitHub workflow. It also checks for the deprecated @@ -591,7 +591,7 @@ checks: Security Policy Specific Text (1/10 points): - Specific text providing basic or general information about vulnerability and disclosure practices, expectations, and/or timelines - - Text should include a total of 2 or more hits which match (case insensitive) + - Text should include a total of 2 or more hits which match (case-insensitive) `vuln` and as in "Vulnerability" or "vulnerabilities"; `disclos` as "Disclosure" or "disclose"; and numbers which convey expectations of times, e.g., 30 days or 90 days diff --git a/e2e/binary_artifacts_test.go b/e2e/binary_artifacts_test.go index b8577552f21..1905e1f662f 100644 --- a/e2e/binary_artifacts_test.go +++ b/e2e/binary_artifacts_test.go @@ -75,7 +75,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Dlogger: &dl, } // TODO: upload real binaries to the repo as well. - // There are 24 dummy binaries that are ignoreed because they only contain ASCII characters. + // There are 24 dummy binaries that are ignored because they only contain ASCII characters. expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore - 1, @@ -102,7 +102,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Dlogger: &dl, } // TODO: upload real binaries to the repo as well. - // There are 24 dummy binaries that are ignoreed because they only contain ASCII characters. + // There are 24 dummy binaries that are ignored because they only contain ASCII characters. expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore - 1, @@ -129,7 +129,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Dlogger: &dl, } // TODO: upload real binaries to the repo as well. - // Existing binaries only contain SCII characters and are ignored. + // Existing binaries only contain ASCII characters and are ignored. expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore, @@ -157,7 +157,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { Dlogger: &dl, } // TODO: upload real binaries to the repo. - // Existing binaries only contain SCII characters and are ignored. + // Existing binaries only contain ASCII characters and are ignored. expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore, diff --git a/e2e/branch_protection_test.go b/e2e/branch_protection_test.go index 29a547157c3..07f617333f1 100644 --- a/e2e/branch_protection_test.go +++ b/e2e/branch_protection_test.go @@ -138,7 +138,7 @@ var _ = Describe("E2E TEST GITHUB_TOKEN:"+checks.CheckBranchProtection, func() { result := checks.BranchProtection(&req) Expect(result.Error).ShouldNot(BeNil()) // There should be an error with the GITHUB_TOKEN, until it's supported - // byt GitHub. + // by GitHub. Expect(repoClient.Close()).Should(BeNil()) }) }) diff --git a/e2e/e2e_suite_test.go b/e2e/e2e_suite_test.go index e1f59f2e84f..9eb76f9cba0 100644 --- a/e2e/e2e_suite_test.go +++ b/e2e/e2e_suite_test.go @@ -63,6 +63,6 @@ var _ = BeforeSuite(func() { case "GITLAB_PAT": tokType = gitlabPATTokenType default: - panic(fmt.Sprintf("invald TOKEN_TYPE: %s", tt)) + panic(fmt.Sprintf("invalid TOKEN_TYPE: %s", tt)) } }) diff --git a/e2e/searchCommits_test.go b/e2e/searchCommits_test.go index db6e42c3b17..b0e5b6c87a7 100644 --- a/e2e/searchCommits_test.go +++ b/e2e/searchCommits_test.go @@ -43,7 +43,7 @@ var _ = Describe("E2E TEST:SearchCommits", func() { err = repoClient.InitRepo(repo, "123456789", 0) Expect(err).ShouldNot(Not(BeNil())) }) - It("Should return error as the user does not exists", func() { + It("Should return error as the user does not exist", func() { repo, err := githubrepo.MakeGithubRepo("ossf/scorecard") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) diff --git a/finding/finding.go b/finding/finding.go index a2df9b6472c..451a4b8f160 100644 --- a/finding/finding.go +++ b/finding/finding.go @@ -103,7 +103,7 @@ type Finding struct { Outcome Outcome `json:"outcome"` } -// AnonymousFinding is a finding without a corerpsonding probe ID. +// AnonymousFinding is a finding without a corresponding probe ID. type AnonymousFinding struct { Probe string `json:"probe,omitempty"` Finding @@ -141,7 +141,7 @@ func New(loc embed.FS, probeID string) (*Finding, error) { return f, nil } -// NewWith create a finding with the desried location and outcome. +// NewWith create a finding with the desired location and outcome. func NewWith(efs embed.FS, probeID, text string, loc *Location, o Outcome, ) (*Finding, error) { diff --git a/main.go b/main.go index 78224862cb5..97f8e058cc3 100644 --- a/main.go +++ b/main.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package main of OSSF Scoreard. +// Package main of OSSF Scorecard. package main import ( diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index cb4fbf354ff..21107145404 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -86,7 +86,7 @@ type jsonReview struct { type jsonUser struct { RepoAssociation *string `json:"repoAssociation,omitempty"` Login string `json:"login"` - // Orgnization refers to a GitHub org. + // Organization refers to a GitHub org. Organizations []jsonOrganization `json:"organization,omitempty"` // Companies refer to a claim by a user in their profile. Companies []jsonCompany `json:"company,omitempty"` @@ -146,7 +146,7 @@ type jsonCreatedAtTime struct { type jsonComment struct { CreatedAt *time.Time `json:"createdAt"` Author *jsonUser `json:"author"` - // TODO: add ields if needed, e.g., content. + // TODO: add fields if needed, e.g., content. } type jsonIssue struct { @@ -614,7 +614,7 @@ func (r *jsonScorecardRawResult) addLicenseRawResults(ld *checker.LicenseData) e } //nolint:unparam -func (r *jsonScorecardRawResult) addVulnerbilitiesRawResults(vd *checker.VulnerabilitiesData) error { +func (r *jsonScorecardRawResult) addVulnerabilitiesRawResults(vd *checker.VulnerabilitiesData) error { r.Results.DatabaseVulnerabilities = []jsonDatabaseVulnerability{} for _, v := range vd.Vulnerabilities { r.Results.DatabaseVulnerabilities = append(r.Results.DatabaseVulnerabilities, @@ -741,7 +741,7 @@ func (r *jsonScorecardRawResult) fillJSONRawResults(raw *checker.RawResults) err } // Vulnerabilities. - if err := r.addVulnerbilitiesRawResults(&raw.VulnerabilitiesResults); err != nil { + if err := r.addVulnerabilitiesRawResults(&raw.VulnerabilitiesResults); err != nil { return sce.WithMessage(sce.ErrScorecardInternal, err.Error()) } diff --git a/pkg/json_raw_results_test.go b/pkg/json_raw_results_test.go index 261e6f81cee..4af7c5fc088 100644 --- a/pkg/json_raw_results_test.go +++ b/pkg/json_raw_results_test.go @@ -935,9 +935,9 @@ func TestAddVulnerabilitiesRawResults(t *testing.T) { }, } - err := r.addVulnerbilitiesRawResults(vd) + err := r.addVulnerabilitiesRawResults(vd) if err != nil { - t.Errorf("addVulnerbilitiesRawResults returned an error: %v", err) + t.Errorf("addVulnerabilitiesRawResults returned an error: %v", err) } expected := []jsonDatabaseVulnerability{ @@ -950,12 +950,12 @@ func TestAddVulnerabilitiesRawResults(t *testing.T) { } if len(r.Results.DatabaseVulnerabilities) != len(expected) { - t.Errorf("addVulnerbilitiesRawResults did not add the correct number of vulnerabilities. Expected %d, got %d", len(expected), len(r.Results.DatabaseVulnerabilities)) + t.Errorf("addVulnerabilitiesRawResults did not add the correct number of vulnerabilities. Expected %d, got %d", len(expected), len(r.Results.DatabaseVulnerabilities)) } for i, vuln := range r.Results.DatabaseVulnerabilities { if vuln.ID != expected[i].ID { - t.Errorf("addVulnerbilitiesRawResults did not add the correct vulnerability. Expected %s, got %s", expected[i].ID, vuln.ID) + t.Errorf("addVulnerabilitiesRawResults did not add the correct vulnerability. Expected %s, got %s", expected[i].ID, vuln.ID) } } } @@ -1136,17 +1136,17 @@ func TestJsonScorecardRawResult(t *testing.T) { }, } - // test addVulnerbilitiesRawResults - err := r.addVulnerbilitiesRawResults(vd) + // test addVulnerabilitiesRawResults + err := r.addVulnerabilitiesRawResults(vd) if err != nil { - t.Errorf("addVulnerbilitiesRawResults returned an error: %v", err) + t.Errorf("addVulnerabilitiesRawResults returned an error: %v", err) } expectedVulnerabilities := []jsonDatabaseVulnerability{ {ID: "CVE-2021-1234"}, {ID: "CVE-2021-5678"}, } if cmp.Diff(r.Results.DatabaseVulnerabilities, expectedVulnerabilities) != "" { - t.Errorf("addVulnerbilitiesRawResults did not produce the expected results %v", cmp.Diff(r.Results.DatabaseVulnerabilities, expectedVulnerabilities)) + t.Errorf("addVulnerabilitiesRawResults did not produce the expected results %v", cmp.Diff(r.Results.DatabaseVulnerabilities, expectedVulnerabilities)) } // test addBinaryArtifactRawResults diff --git a/pkg/sarif.go b/pkg/sarif.go index bcb9849d695..ca47619b0d6 100644 --- a/pkg/sarif.go +++ b/pkg/sarif.go @@ -381,7 +381,7 @@ func addDefaultLocation(locs []location, policyFile string) []location { return locs } - detaultLine := checker.OffsetDefault + defaultLine := checker.OffsetDefault loc := location{ PhysicalLocation: physicalLocation{ ArtifactLocation: artifactLocation{ @@ -391,7 +391,7 @@ func addDefaultLocation(locs []location, policyFile string) []location { Region: region{ // TODO: set the line to the check if it's overwritten, // or to the global policy. - StartLine: &detaultLine, + StartLine: &defaultLine, }, }, } diff --git a/probes/blocksDeleteOnBranches/def.yml b/probes/blocksDeleteOnBranches/def.yml index fdda8657bd8..9e9db3a3f87 100644 --- a/probes/blocksDeleteOnBranches/def.yml +++ b/probes/blocksDeleteOnBranches/def.yml @@ -24,4 +24,4 @@ remediation: effort: Low text: - Disallow deletion of branches in your project to remove negative outcomes. - - GitHub and Gitlab by default disable deleting a protected branch. \ No newline at end of file + - GitHub and GitLab by default disable deleting a protected branch. \ No newline at end of file diff --git a/probes/blocksForcePushOnBranches/def.yml b/probes/blocksForcePushOnBranches/def.yml index 502ccb29a95..35e1cf03a11 100644 --- a/probes/blocksForcePushOnBranches/def.yml +++ b/probes/blocksForcePushOnBranches/def.yml @@ -26,8 +26,8 @@ remediation: text: - Disallow force pushes branches in your project to remove negative outcomes. - For GitHub-hosted projects, force pushes are disabled by default. To make sure it has not been enabled, see ["Allow force pushes"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#allow-force-pushes). - - For Gitlab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. + - For GitLab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. markdown: - Disallow force pushes branches in your project to remove negative outcomes. - For GitHub-hosted projects, force pushes are disabled by default. To make sure it has not been enabled, see ["Allow force pushes"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#allow-force-pushes). - - For Gitlab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. \ No newline at end of file + - For GitLab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project. \ No newline at end of file diff --git a/probes/branchProtectionAppliesToAdmins/def.yml b/probes/branchProtectionAppliesToAdmins/def.yml index 6c27b98d75d..a00f3404c0e 100644 --- a/probes/branchProtectionAppliesToAdmins/def.yml +++ b/probes/branchProtectionAppliesToAdmins/def.yml @@ -23,12 +23,12 @@ outcome: remediation: effort: Medium text: - - The remediation effort can be Low to High dependening on other branch protection settings. + - The remediation effort can be Low to High depending on other branch protection settings. - Enforce protection rules for admins on all branches. - For GitHub-hosted projects, see the ["Do not allow bypassing the above settings"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings) section in the GitHub docs. - - For Gitlab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. + - For GitLab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. markdown: - - The remediation effort can be Low to High dependening on other branch protection settings. + - The remediation effort can be Low to High depending on other branch protection settings. - Enforce protection rules for admins on all branches. - For GitHub-hosted projects, see the ["Do not allow bypassing the above settings"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings) section in the GitHub docs. - - For Gitlab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. \ No newline at end of file + - For GitLab-hosted projects, see the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation. \ No newline at end of file diff --git a/probes/dismissesStaleReviews/def.yml b/probes/dismissesStaleReviews/def.yml index 9dfd90fdeee..26039782b53 100644 --- a/probes/dismissesStaleReviews/def.yml +++ b/probes/dismissesStaleReviews/def.yml @@ -25,4 +25,4 @@ remediation: text: - Configure your repository so that the stale status of PRs is dismissed when users make new commits. - For GitHub-hosted projects, see ["Require pull request reviews before merging"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging). - - For Gitlab-hosted projects, see ["Remove all approvals when commits are added to the source branch"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). \ No newline at end of file + - For GitLab-hosted projects, see ["Remove all approvals when commits are added to the source branch"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). \ No newline at end of file diff --git a/probes/freeOfAnyBinaryArtifacts/def.yml b/probes/freeOfAnyBinaryArtifacts/def.yml index 858a882f45c..317c853c41d 100644 --- a/probes/freeOfAnyBinaryArtifacts/def.yml +++ b/probes/freeOfAnyBinaryArtifacts/def.yml @@ -17,7 +17,7 @@ short: Checks if the project has any binary files in its source tree. motivation: > Binary files are not readable so users can't see what they do. Many programming language systems can generate executables from source code (e.g., C/C++ generated machine code, Java .class files, Python .pyc files, and minified JavaScript). Users will often directly use executables if they are included in the source repository, leading to many dangerous behaviors. implementation: > - The implementation looks for the presence of binary files. This is a more restrictive probe than "freeOfUnverifiededBinaryArtifacts" which excludes verified binary files. + The implementation looks for the presence of binary files. This is a more restrictive probe than "freeOfUnverifiedBinaryArtifacts" which excludes verified binary files. outcome: - If the probe finds binary files, it returns a number of negative outcomes equal to the number of binary files found. Each outcome includes a location of the file. - If the probe finds no verified binary files, it returns a single positive outcome. diff --git a/probes/hasDangerousWorkflowScriptInjection/def.yml b/probes/hasDangerousWorkflowScriptInjection/def.yml index f2c30529506..ede46e87986 100644 --- a/probes/hasDangerousWorkflowScriptInjection/def.yml +++ b/probes/hasDangerousWorkflowScriptInjection/def.yml @@ -13,7 +13,7 @@ # limitations under the License. id: hasDangerousWorkflowScriptInjection -short: Check whether the project has Github Actions workflows that enable script injection. +short: Check whether the project has GitHub Actions workflows that enable script injection. motivation: > Script Injection with Untrusted Context Variables: This pattern detects whether a workflow's inline script may execute untrusted input from attackers. This occurs when an attacker adds malicious commands and scripts to a context. When a workflow runs, these strings may be interpreted as code that is executed on the runner. Attackers can add their own content to certain github context variables that are considered untrusted, for example, github.event.issue.title. These values should not flow directly into executable code. implementation: > diff --git a/probes/hasDangerousWorkflowUntrustedCheckout/def.yml b/probes/hasDangerousWorkflowUntrustedCheckout/def.yml index 0a6e9c0cddf..be7e87ff2de 100644 --- a/probes/hasDangerousWorkflowUntrustedCheckout/def.yml +++ b/probes/hasDangerousWorkflowUntrustedCheckout/def.yml @@ -13,7 +13,7 @@ # limitations under the License. id: hasDangerousWorkflowUntrustedCheckout -short: Check whether the project has Github Actions workflows that does untrusted checkouts. +short: Check whether the project has GitHub Actions workflows that does untrusted checkouts. motivation: > Untrusted Code Checkout: This is the misuse of potentially dangerous triggers. This checks if a pull_request_target or workflow_run workflow trigger was used in conjunction with an explicit pull request checkout. Workflows triggered with pull_request_target / workflow_run have write permission to the target repository and access to target repository secrets. With the PR checkout, PR authors may compromise the repository, for example, by using build scripts controlled by the author of the PR or reading token in memory. This check does not detect whether untrusted code checkouts are used safely, for example, only on pull request that have been assigned a label. implementation: > diff --git a/probes/hasFSFOrOSIApprovedLicense/def.yml b/probes/hasFSFOrOSIApprovedLicense/def.yml index 06e429c43a4..9e9269fa09b 100644 --- a/probes/hasFSFOrOSIApprovedLicense/def.yml +++ b/probes/hasFSFOrOSIApprovedLicense/def.yml @@ -25,4 +25,4 @@ outcome: remediation: effort: Low text: - - Update the license file format in the Github repository to be of an approved format. \ No newline at end of file + - Update the license file format in the GitHub repository to be of an approved format. \ No newline at end of file diff --git a/probes/hasLicenseFile/def.yml b/probes/hasLicenseFile/def.yml index d283bbef2f8..43c5dbeb29b 100644 --- a/probes/hasLicenseFile/def.yml +++ b/probes/hasLicenseFile/def.yml @@ -24,6 +24,6 @@ outcome: remediation: effort: Low text: - - For Github projects, follow [this guide](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository) to determine which license to apply to your project and establish a license file for your project. - - For Gitlab projects, create the license in a .adoc, .asc, .docx, .doc, .ext, .html, .markdown, .md, .rst, .txt, or .xml, named LICENSE, COPYRIGHT, or COPYING, and place it in the top-level directory. To identify a specific license, use an SPDX license identifier in the filename. Examples include LICENSE.md, Apache-2.0-LICENSE.md or LICENSE-Apache-2.0. + - For GitHub projects, follow [this guide](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository) to determine which license to apply to your project and establish a license file for your project. + - For GitLab projects, create the license in a .adoc, .asc, .docx, .doc, .ext, .html, .markdown, .md, .rst, .txt, or .xml, named LICENSE, COPYRIGHT, or COPYING, and place it in the top-level directory. To identify a specific license, use an SPDX license identifier in the filename. Examples include LICENSE.md, Apache-2.0-LICENSE.md or LICENSE-Apache-2.0. - Alternately, create a LICENSE directory and add a license file(s) with a name that matches your SPDX license identifier. such as LICENSES/Apache-2.0.txt. \ No newline at end of file diff --git a/probes/hasRecentCommits/impl_test.go b/probes/hasRecentCommits/impl_test.go index e603e6e7e21..383c7f376c3 100644 --- a/probes/hasRecentCommits/impl_test.go +++ b/probes/hasRecentCommits/impl_test.go @@ -38,15 +38,15 @@ func fiveCommitsInThreshold() []clients.Commit { return fiveCommitsInThreshold } -func twentyCommitsInThresholdAndtwentyNot() []clients.Commit { - twentyCommitsInThresholdAndtwentyNot := make([]clients.Commit, 0) +func twentyCommitsInThresholdAndTwentyNot() []clients.Commit { + twentyCommitsInThresholdAndTwentyNot := make([]clients.Commit, 0) for i := 70; i < 111; i++ { commit := clients.Commit{ CommittedDate: time.Now().AddDate(0 /*years*/, 0 /*months*/, -1*i /*days*/), } - twentyCommitsInThresholdAndtwentyNot = append(twentyCommitsInThresholdAndtwentyNot, commit) + twentyCommitsInThresholdAndTwentyNot = append(twentyCommitsInThresholdAndTwentyNot, commit) } - return twentyCommitsInThresholdAndtwentyNot + return twentyCommitsInThresholdAndTwentyNot } func Test_Run(t *testing.T) { @@ -85,7 +85,7 @@ func Test_Run(t *testing.T) { name: "Has twenty in threshold", raw: &checker.RawResults{ MaintainedResults: checker.MaintainedData{ - DefaultBranchCommits: twentyCommitsInThresholdAndtwentyNot(), + DefaultBranchCommits: twentyCommitsInThresholdAndTwentyNot(), }, }, values: map[string]int{ diff --git a/probes/issueActivityByProjectMember/impl_test.go b/probes/issueActivityByProjectMember/impl_test.go index 9f750671b3c..0b762fdbd3f 100644 --- a/probes/issueActivityByProjectMember/impl_test.go +++ b/probes/issueActivityByProjectMember/impl_test.go @@ -62,17 +62,17 @@ func fiveInThresholdByCollabAndFiveByFirstTimeUser() []clients.Issue { return fiveInThresholdByCollabAndFiveByFirstTimeUser } -func twentyIssuesInThresholdAndtwentyNot() []clients.Issue { - twentyIssuesInThresholdAndtwentyNot := make([]clients.Issue, 0) +func twentyIssuesInThresholdAndTwentyNot() []clients.Issue { + twentyIssuesInThresholdAndTwentyNot := make([]clients.Issue, 0) for i := 70; i < 111; i++ { createdAt := time.Now().AddDate(0 /*years*/, 0 /*months*/, -1*i /*days*/) commit := clients.Issue{ CreatedAt: &createdAt, AuthorAssociation: &collab, } - twentyIssuesInThresholdAndtwentyNot = append(twentyIssuesInThresholdAndtwentyNot, commit) + twentyIssuesInThresholdAndTwentyNot = append(twentyIssuesInThresholdAndTwentyNot, commit) } - return twentyIssuesInThresholdAndtwentyNot + return twentyIssuesInThresholdAndTwentyNot } func Test_Run(t *testing.T) { @@ -110,7 +110,7 @@ func Test_Run(t *testing.T) { name: "Has 20 issues in threshold", raw: &checker.RawResults{ MaintainedResults: checker.MaintainedData{ - Issues: twentyIssuesInThresholdAndtwentyNot(), + Issues: twentyIssuesInThresholdAndTwentyNot(), }, }, values: map[string]int{ @@ -168,7 +168,7 @@ func Test_Run(t *testing.T) { func Test_hasActivityByCollaboratorOrHigher(t *testing.T) { t.Parallel() r := clients.RepoAssociationCollaborator - twentDaysAgo := time.Now().AddDate(0 /*years*/, 0 /*months*/, -20 /*days*/) + twentyDaysAgo := time.Now().AddDate(0 /*years*/, 0 /*months*/, -20 /*days*/) type args struct { issue *clients.Issue threshold time.Time @@ -200,7 +200,7 @@ func Test_hasActivityByCollaboratorOrHigher(t *testing.T) { name: "twentyDaysAgo", args: args{ issue: &clients.Issue{ - CreatedAt: &twentDaysAgo, + CreatedAt: &twentyDaysAgo, AuthorAssociation: &r, }, }, @@ -214,7 +214,7 @@ func Test_hasActivityByCollaboratorOrHigher(t *testing.T) { AuthorAssociation: &r, Comments: []clients.IssueComment{ { - CreatedAt: &twentDaysAgo, + CreatedAt: &twentyDaysAgo, AuthorAssociation: &r, }, }, diff --git a/probes/notCreatedRecently/def.yml b/probes/notCreatedRecently/def.yml index b8a2b20e089..9fd3a560d69 100644 --- a/probes/notCreatedRecently/def.yml +++ b/probes/notCreatedRecently/def.yml @@ -15,7 +15,7 @@ id: notCreatedRecently short: Checks that the project was not created in the last 90 days. motivation: > - When Scorecard checks the activity of a project in the last 90 days, the project may not have been created before the last 90 days. As such, Scorecard cannot give an accurate score. This probe helps Scorecard assess whether it can give an accurrate score when checking the project activity in the last 90 days. + When Scorecard checks the activity of a project in the last 90 days, the project may not have been created before the last 90 days. As such, Scorecard cannot give an accurate score. This probe helps Scorecard assess whether it can give an accurate score when checking the project activity in the last 90 days. implementation: > The implementation checks the creation date is within the last 90 days. outcome: diff --git a/probes/notCreatedRecently/impl_test.go b/probes/notCreatedRecently/impl_test.go index f5d1a10ed8e..4309adb7393 100644 --- a/probes/notCreatedRecently/impl_test.go +++ b/probes/notCreatedRecently/impl_test.go @@ -48,7 +48,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "Was creted 100 days ago", + name: "Was created 100 days ago", raw: &checker.RawResults{ MaintainedResults: checker.MaintainedData{ CreatedAt: time.Now().AddDate(0 /*years*/, 0 /*months*/, -100 /*days*/), diff --git a/probes/packagedWithAutomatedWorkflow/impl.go b/probes/packagedWithAutomatedWorkflow/impl.go index 5c30e2766d2..2eb13d30651 100644 --- a/probes/packagedWithAutomatedWorkflow/impl.go +++ b/probes/packagedWithAutomatedWorkflow/impl.go @@ -44,7 +44,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { // Presence of a single non-debug message means the // check passes. f, err := finding.NewWith(fs, Probe, - "Project packages its releases by way of Github Actions.", nil, + "Project packages its releases by way of GitHub Actions.", nil, finding.OutcomePositive) if err != nil { return nil, Probe, fmt.Errorf("create finding: %w", err) diff --git a/probes/releasesAreSigned/def.yml b/probes/releasesAreSigned/def.yml index 5c77599a067..44b1c597205 100644 --- a/probes/releasesAreSigned/def.yml +++ b/probes/releasesAreSigned/def.yml @@ -13,14 +13,14 @@ # limitations under the License. id: releasesAreSigned -short: Check that the projects Github and Gitlab releases are signed. +short: Check that the projects GitHub and GitLab releases are signed. motivation: > Signed releases allow consumers to verify their artifacts before consuming them. implementation: > - The implementation checks whether a signature file is present in release assets. The probe checks the last 5 releases on Github and Gitlab. + The implementation checks whether a signature file is present in release assets. The probe checks the last 5 releases on GitHub and GitLab. outcome: - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a signature file in the release assets. - - For each of the last 5 releases, the probe returns OutcomeNegative, if the the release does not have a signature file in the release assets. + - For each of the last 5 releases, the probe returns OutcomeNegative, if the release does not have a signature file in the release assets. - If the project has no releases, the probe returns OutcomeNotApplicable. remediation: effort: Medium diff --git a/probes/releasesHaveProvenance/def.yml b/probes/releasesHaveProvenance/def.yml index 4cb0dc70b74..a121adbc9ad 100644 --- a/probes/releasesHaveProvenance/def.yml +++ b/probes/releasesHaveProvenance/def.yml @@ -13,14 +13,14 @@ # limitations under the License. id: releasesHaveProvenance -short: Check that the projects releases on Github and Gitlab have provenance. +short: Check that the projects releases on GitHub and GitLab have provenance. motivation: > Provenance give users security-critical, verifiable information so that consumers can verify their artifacts before consuming them. implementation: > - The probe checks whether any of the assets in any of the last five releases on Github or Gitlab have a provenance file. + The probe checks whether any of the assets in any of the last five releases on GitHub or GitLab have a provenance file. outcome: - For each of the last 5 releases, the probe returns OutcomePositive, if the release has a provenance file in the release assets. - - For each of the last 5 releases, the probe returns OutcomeNegative, if the the release does not have a provenance file in the release assets. + - For each of the last 5 releases, the probe returns OutcomeNegative, if the release does not have a provenance file in the release assets. - If the project has no releases, the probe returns OutcomeNotApplicable. remediation: effort: Medium diff --git a/probes/releasesHaveProvenance/impl_test.go b/probes/releasesHaveProvenance/impl_test.go index dd4a929e024..5202f5057c3 100644 --- a/probes/releasesHaveProvenance/impl_test.go +++ b/probes/releasesHaveProvenance/impl_test.go @@ -115,7 +115,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "Has two releases without provenace and one with.", + name: "Has two releases without provenance and one with.", raw: &checker.RawResults{ SignedReleasesResults: checker.SignedReleasesData{ Releases: []clients.Release{ @@ -154,7 +154,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "enforece lookback limit of 5 releases", + name: "enforce lookback limit of 5 releases", raw: &checker.RawResults{ SignedReleasesResults: checker.SignedReleasesData{ Releases: []clients.Release{ diff --git a/probes/requiresApproversForPullRequests/def.yml b/probes/requiresApproversForPullRequests/def.yml index ace826c4ac4..e778c093d41 100644 --- a/probes/requiresApproversForPullRequests/def.yml +++ b/probes/requiresApproversForPullRequests/def.yml @@ -25,8 +25,8 @@ remediation: text: - Configure the project so that it requires approval to merge PRs. - For GitHub-hosted projects, see ["Approving a pull request with required reviews"](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/approving-a-pull-request-with-required-reviews). - - For Gitlab-hosted projects, see ["Merge request approvals"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/). + - For GitLab-hosted projects, see ["Merge request approvals"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/). markdown: - Configure the project so that it requires approval to merge PRs. - For GitHub-hosted projects, see ["Approving a pull request with required reviews"](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/approving-a-pull-request-with-required-reviews). - - For Gitlab-hosted projects, see ["Merge request approvals"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/). \ No newline at end of file + - For GitLab-hosted projects, see ["Merge request approvals"](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/). \ No newline at end of file diff --git a/probes/requiresCodeOwnersReview/def.yml b/probes/requiresCodeOwnersReview/def.yml index d6eeb6d7e20..b7816b36e74 100644 --- a/probes/requiresCodeOwnersReview/def.yml +++ b/probes/requiresCodeOwnersReview/def.yml @@ -25,8 +25,8 @@ remediation: text: - Configure the project such that code owners must review PRs. - For GitHub-hosted projects, see [the About code owners documentation](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners). - - For Gitlab-hosted projects, see [the Code Owners documentation](https://docs.gitlab.com/ee/user/project/codeowners/). + - For GitLab-hosted projects, see [the Code Owners documentation](https://docs.gitlab.com/ee/user/project/codeowners/). markdown: - Configure the project such that code owners must review PRs. - For GitHub-hosted projects, see [the About code owners documentation](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners). - - For Gitlab-hosted projects, see [the Code Owners documentation](https://docs.gitlab.com/ee/user/project/codeowners/). \ No newline at end of file + - For GitLab-hosted projects, see [the Code Owners documentation](https://docs.gitlab.com/ee/user/project/codeowners/). \ No newline at end of file diff --git a/probes/requiresCodeOwnersReview/impl_test.go b/probes/requiresCodeOwnersReview/impl_test.go index 132d88b5b7a..b58a00c716a 100644 --- a/probes/requiresCodeOwnersReview/impl_test.go +++ b/probes/requiresCodeOwnersReview/impl_test.go @@ -41,7 +41,7 @@ func Test_Run(t *testing.T) { err error }{ { - name: "1 branch requires code owner reviews with viles = 1 positive outcome", + name: "1 branch requires code owner reviews with files = 1 positive outcome", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ diff --git a/probes/requiresLastPushApproval/def.yml b/probes/requiresLastPushApproval/def.yml index 03c22634fe5..42df216db70 100644 --- a/probes/requiresLastPushApproval/def.yml +++ b/probes/requiresLastPushApproval/def.yml @@ -25,8 +25,8 @@ remediation: text: - Configure the project such that it requires approval of the most recent push. - For GitHub-hosted projects, see [the documentation on protected branches](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) and how to require approval of the last push from someone who did not make the last push. - - For Gitlab-hosted projects, see how to [remove all approvals when commits a added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). + - For GitLab-hosted projects, see how to [remove all approvals when commits a added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). markdown: - Configure the project such that it requires approval of the most recent push. - For GitHub-hosted projects, see [the documentation on protected branches](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) and how to require approval of the last push from someone who did not make the last push. - - For Gitlab-hosted projects, see how to [remove all approvals when commits a added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). \ No newline at end of file + - For GitLab-hosted projects, see how to [remove all approvals when commits a added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch). \ No newline at end of file diff --git a/probes/requiresLastPushApproval/impl_test.go b/probes/requiresLastPushApproval/impl_test.go index 6e4eac365d3..3864797c46b 100644 --- a/probes/requiresLastPushApproval/impl_test.go +++ b/probes/requiresLastPushApproval/impl_test.go @@ -59,7 +59,7 @@ func Test_Run(t *testing.T) { }, }, { - name: "2 branches requirs last push approval = 2 positive outcomes", + name: "2 branches requires last push approval = 2 positive outcomes", raw: &checker.RawResults{ BranchProtectionResults: checker.BranchProtectionsData{ Branches: []clients.BranchRef{ diff --git a/probes/requiresUpToDateBranches/def.yml b/probes/requiresUpToDateBranches/def.yml index 44769b37563..05cd6b64e57 100644 --- a/probes/requiresUpToDateBranches/def.yml +++ b/probes/requiresUpToDateBranches/def.yml @@ -25,8 +25,8 @@ remediation: text: - Configure the repository such that it requires PRs to be in sync with the base branch. - For GitHub-hosted projects, followed [these instructions](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging) - - For Gitlab-hosted projects, use [semi-linear merge methods](https://docs.gitlab.com/ee/user/project/merge_requests/methods/#rebasing-in-semi-linear-merge-methods). + - For GitLab-hosted projects, use [semi-linear merge methods](https://docs.gitlab.com/ee/user/project/merge_requests/methods/#rebasing-in-semi-linear-merge-methods). markdown: - Configure the repository such that it requires PRs to be in sync with the base branch. - For GitHub-hosted projects, followed [these instructions](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging) - - For Gitlab-hosted projects, use [semi-linear merge methods](https://docs.gitlab.com/ee/user/project/merge_requests/methods/#rebasing-in-semi-linear-merge-methods). \ No newline at end of file + - For GitLab-hosted projects, use [semi-linear merge methods](https://docs.gitlab.com/ee/user/project/merge_requests/methods/#rebasing-in-semi-linear-merge-methods). \ No newline at end of file diff --git a/probes/sastToolRunsOnAllCommits/def.yml b/probes/sastToolRunsOnAllCommits/def.yml index d11b30857d1..18d491db47c 100644 --- a/probes/sastToolRunsOnAllCommits/def.yml +++ b/probes/sastToolRunsOnAllCommits/def.yml @@ -20,8 +20,8 @@ implementation: > The implementation iterates through the projects commits and checks whether any of the check runs for the commits associated merge request was any of the SAST tools that Scorecard supports. outcome: - If the project had no commits merged, the probe returns a finding with OutcomeNotApplicable. - - If the project runs SAST tools successfuly on every pull request before merging, the probe returns one finding with OutcomePositive (1). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. - - If the project does not run any SAST tools successfuly on every pull request before merging, the probe returns one finding with OutcomeNegative (0). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. + - If the project runs SAST tools successfully on every pull request before merging, the probe returns one finding with OutcomePositive (1). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. + - If the project does not run any SAST tools successfully on every pull request before merging, the probe returns one finding with OutcomeNegative (0). In addition, the finding will include two values. 1) How many commits were tested by a SAST tool, and 2) How many commits in total were merged. remediation: effort: Low text: diff --git a/probes/securityPolicyContainsText/def.yml b/probes/securityPolicyContainsText/def.yml index 82dccd87adf..d8f2f66c976 100644 --- a/probes/securityPolicyContainsText/def.yml +++ b/probes/securityPolicyContainsText/def.yml @@ -15,7 +15,7 @@ id: securityPolicyContainsText short: Check that the security policy contains enough text and not just links. motivation: > - Telling security researchers how to privately dislose problems with your project is important. The more details available, the better. + Telling security researchers how to privately disclose problems with your project is important. The more details available, the better. implementation: > The implementation checks that the content of the SECURITY.md contains more than just a link or an email address. It does this by comparing the length of the content to the lengths of the links and email addresses. outcome: diff --git a/probes/securityPolicyPresent/def.yml b/probes/securityPolicyPresent/def.yml index e5cbe4ffa2c..b2252fd81f8 100644 --- a/probes/securityPolicyPresent/def.yml +++ b/probes/securityPolicyPresent/def.yml @@ -16,7 +16,7 @@ id: securityPolicyPresent short: Check if a security policy is defined in the repository or in the org's .github repository. motivation: > A security policy (typically a SECURITY.md file) can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. - If you have a large orgnization, having a unified security policy across all your repositories may simplify the vulnerability disclosure response. + If you have a large organization, having a unified security policy across all your repositories may simplify the vulnerability disclosure response. implementation: > The implementation looks for the presence of security policy files in the repository or in '/.github' repository. See https://github.com/ossf/scorecard/blob/main/checks/raw/security_policy.go#L139 for a detailed list of filenames. outcome: diff --git a/probes/testsRunInCI/def.yml b/probes/testsRunInCI/def.yml index 447dbeaa78b..1594ce34f87 100644 --- a/probes/testsRunInCI/def.yml +++ b/probes/testsRunInCI/def.yml @@ -13,7 +13,7 @@ # limitations under the License. id: testsRunInCI -short: Checks that the project runs tests in the CI for example with Github Actions or Prow. +short: Checks that the project runs tests in the CI for example with GitHub Actions or Prow. motivation: > Running tests helps developers catch mistakes early on, which can reduce the number of vulnerabilities that find their way into a project. implementation: > diff --git a/probes/testsRunInCI/impl_test.go b/probes/testsRunInCI/impl_test.go index 670be5dfddb..2569e167252 100644 --- a/probes/testsRunInCI/impl_test.go +++ b/probes/testsRunInCI/impl_test.go @@ -452,7 +452,7 @@ func Test_prHasSuccessfulCheckAdditional(t *testing.T) { }, }, { - name: "conclusion is succesls with a valid app slug", + name: "conclusion is success with a valid app slug", args: args{ r: checker.RevisionCIInfo{ CheckRuns: []clients.CheckRun{ diff --git a/probes/toolDependabotInstalled/def.yml b/probes/toolDependabotInstalled/def.yml index 5b1935ea76e..1c7da6fcc22 100644 --- a/probes/toolDependabotInstalled/def.yml +++ b/probes/toolDependabotInstalled/def.yml @@ -18,12 +18,12 @@ motivation: > Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks. Dependabot automates the process of updating dependencies by scanning for outdated or insecure requirements, and opening a pull request to update them if found. implementation: > - The implemtation looks for the presence of files named ".github/dependabot.yml" or ".github/dependabot.yaml". If none of these files are found, + The implementation looks for the presence of files named ".github/dependabot.yml" or ".github/dependabot.yaml". If none of these files are found, the implementation checks whether commits are authored by Dependabot. If none of these succeed, Dependabot is not installed. NOTE: if the configuration files are found, the probe does not ensure that the Dependabot is run or that the Dependabot's pull requests are merged. outcome: - - If dependendabot is installed, the probe returns OutcomePositive (1) for each configuration. - - If dependendabot is not installed, the probe returns one OutcomeNegative (0). + - If dependabot is installed, the probe returns OutcomePositive (1) for each configuration. + - If dependabot is not installed, the probe returns one OutcomeNegative (0). remediation: effort: Low text: diff --git a/remediation/remediations_test.go b/remediation/remediations_test.go index a2906659822..dd0ae914ce4 100644 --- a/remediation/remediations_test.go +++ b/remediation/remediations_test.go @@ -80,7 +80,7 @@ func TestCreateDockerfilePinningRemediation(t *testing.T) { name string }{ { - name: "no depdendency", + name: "no dependency", dep: checker.Dependency{}, expected: nil, },