STRLCPY/scorecard

🐛 Check OSS Fuzz build file for Fuzzing check (#2719)

* Check OSS-Fuzz using project list

Signed-off-by: Spencer Schrock <[email protected]>

* Use clients.RepoClient interface to perform the new OSS Fuzz check

Signed-off-by: Spencer Schrock <[email protected]>

* wip: add eager client for better repeated lookup of projects

Signed-off-by: Spencer Schrock <[email protected]>

* Split lazy and eager behavior into different implementations.

Signed-off-by: Spencer Schrock <[email protected]>

* Add tests and benchmarks

Signed-off-by: Spencer Schrock <[email protected]>

* Switch to always parsing JSON to determine if a project is present. The other approach of looking for a substring match would lead to false positives.

Signed-off-by: Spencer Schrock <[email protected]>

* Add eager constructor to surface status file errors sooner.

Signed-off-by: Spencer Schrock <[email protected]>

* Switch existing users to new OSS Fuzz client

Signed-off-by: Spencer Schrock <[email protected]>

* Mark old method as deprecated in the godoc

Signed-off-by: Spencer Schrock <[email protected]>

* remove unused comment.

Signed-off-by: Spencer Schrock <[email protected]>

* Use new OSS Fuzz client in e2e test.

Signed-off-by: Spencer Schrock <[email protected]>

* fix typo.

Signed-off-by: Spencer Schrock <[email protected]>

* Fix potential path bug with test server.

Signed-off-by: Spencer Schrock <[email protected]>

* Force include the two JSON files which were being ignored by .gitignore

Signed-off-by: Spencer Schrock <[email protected]>

* trim the status json file

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>

Spencer Schrock committed with GitHub 1 year ago

61866a06

1 parent c06ac740

Total 9 files Show one by one

■ ■ ■ ■ ■ ■

checker/client.go

		skipped 20 lines
21	21		"github.com/ossf/scorecard/v4/clients"
22	22		ghrepo "github.com/ossf/scorecard/v4/clients/githubrepo"
23	23		"github.com/ossf/scorecard/v4/clients/localdir"
	24	+	"github.com/ossf/scorecard/v4/clients/ossfuzz"
24	25		"github.com/ossf/scorecard/v4/log"
25	26		)
26	27
		skipped 32 lines
59	60		fmt.Errorf("getting local directory client: %w", errGitHub)
60	61		}
61	62
62		-	ossFuzzRepoClient, errOssFuzz := ghrepo.CreateOssFuzzRepoClient(ctx, logger)
63		-	var retErr error
64		-	if errOssFuzz != nil {
65		-	retErr = fmt.Errorf("getting OSS-Fuzz repo client: %w", errOssFuzz)
66		-	}
67		-	// TODO(repo): Should we be handling the OSS-Fuzz client error like this?
68	63		return githubRepo, /repo/
69	64		ghrepo.CreateGithubRepoClient(ctx, logger), /repoClient/
70		-	ossFuzzRepoClient, /ossFuzzClient/
	65	+	ossfuzz.CreateOSSFuzzClient(ossfuzz.StatusURL), /ossFuzzClient/
71	66		clients.DefaultCIIBestPracticesClient(), /ciiClient/
72	67		clients.DefaultVulnerabilitiesClient(), /vulnClient/
73		-	retErr
	68	+	nil
74	69		}
75	70

■ ■ ■ ■ ■ ■

clients/githubrepo/client.go

		skipped 303 lines
304	304
305	305		// CreateOssFuzzRepoClient returns a RepoClient implementation
306	306		// intialized to `google/oss-fuzz` GitHub repository.
	307	+	//
	308	+	// Deprecated: Searching the github.com/google/oss-fuzz repo for projects is flawed. Use a constructor
	309	+	// from clients/ossfuzz instead. https://github.com/ossf/scorecard/issues/2670
307	310		func CreateOssFuzzRepoClient(ctx context.Context, logger *log.Logger) (clients.RepoClient, error) {
308	311		ossFuzzRepo, err := MakeGithubRepo("google/oss-fuzz")
309	312		if err != nil {
		skipped 10 lines

■ ■ ■ ■ ■ ■

clients/ossfuzz/client.go

1	+	// Copyright 2023 OpenSSF Scorecard Authors
2	+	//
3	+	// Licensed under the Apache License, Version 2.0 (the "License");
4	+	// you may not use this file except in compliance with the License.
5	+	// You may obtain a copy of the License at
6	+	//
7	+	// http://www.apache.org/licenses/LICENSE-2.0
8	+	//
9	+	// Unless required by applicable law or agreed to in writing, software
10	+	// distributed under the License is distributed on an "AS IS" BASIS,
11	+	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	+	// See the License for the specific language governing permissions and
13	+	// limitations under the License.
14	+
15	+	package ossfuzz
16	+
17	+	import (
18	+	"encoding/json"
19	+	"errors"
20	+	"fmt"
21	+	"io"
22	+	"net/http"
23	+	"net/url"
24	+	"strings"
25	+	"sync"
26	+	"time"
27	+
28	+	"github.com/ossf/scorecard/v4/clients"
29	+	)
30	+
31	+	const (
32	+	StatusURL = "https://oss-fuzz-build-logs.storage.googleapis.com/status.json"
33	+	)
34	+
35	+	var (
36	+	errUnreachableStatusFile = errors.New("could not fetch OSS Fuzz status file")
37	+	errMalformedURL = errors.New("malformed repo url")
38	+	)
39	+
40	+	type client struct {
41	+	err error
42	+	projects map[string]bool
43	+	statusURL string
44	+	once sync.Once
45	+	}
46	+
47	+	type ossFuzzStatus struct {
48	+	Projects []struct {
49	+	RepoURI string `json:"main_repo"`
50	+	} `json:"projects"`
51	+	}
52	+
53	+	// CreateOSSFuzzClient returns a client which implements RepoClient interface.
54	+	func CreateOSSFuzzClient(ossFuzzStatusURL string) clients.RepoClient {
55	+	return &client{
56	+	statusURL: ossFuzzStatusURL,
57	+	projects: map[string]bool{},
58	+	}
59	+	}
60	+
61	+	// CreateOSSFuzzClientEager returns a OSS Fuzz Client which has already fetched and parsed the status file.
62	+	func CreateOSSFuzzClientEager(ossFuzzStatusURL string) (clients.RepoClient, error) {
63	+	c := client{
64	+	statusURL: ossFuzzStatusURL,
65	+	projects: map[string]bool{},
66	+	}
67	+	c.once.Do(func() {
68	+	c.init()
69	+	})
70	+	if c.err != nil {
71	+	return nil, c.err
72	+	}
73	+	return &c, nil
74	+	}
75	+
76	+	// Search implements RepoClient.Search.
77	+	func (c *client) Search(request clients.SearchRequest) (clients.SearchResponse, error) {
78	+	c.once.Do(func() {
79	+	c.init()
80	+	})
81	+	var sr clients.SearchResponse
82	+	if c.err != nil {
83	+	return sr, c.err
84	+	}
85	+	if c.projects[request.Query] {
86	+	sr.Hits = 1
87	+	}
88	+	return sr, nil
89	+	}
90	+
91	+	func (c *client) init() {
92	+	b, err := fetchStatusFile(c.statusURL)
93	+	if err != nil {
94	+	c.err = err
95	+	return
96	+	}
97	+	if err = parseStatusFile(b, c.projects); err != nil {
98	+	c.err = err
99	+	return
100	+	}
101	+	}
102	+
103	+	func parseStatusFile(contents []byte, m map[string]bool) error {
104	+	status := ossFuzzStatus{}
105	+	if err := json.Unmarshal(contents, &status); err != nil {
106	+	return fmt.Errorf("parse status file: %w", err)
107	+	}
108	+	for i := range status.Projects {
109	+	repoURI := status.Projects[i].RepoURI
110	+	normalizedRepoURI, err := normalize(repoURI)
111	+	if err != nil {
112	+	continue
113	+	}
114	+	m[normalizedRepoURI] = true
115	+	}
116	+	return nil
117	+	}
118	+
119	+	func fetchStatusFile(uri string) ([]byte, error) {
120	+	//nolint:gosec // URI comes from a constant or a test HTTP server, not user input
121	+	resp, err := http.Get(uri)
122	+	if err != nil {
123	+	return nil, fmt.Errorf("http.Get: %w", err)
124	+	}
125	+	defer resp.Body.Close()
126	+	if resp.StatusCode >= 400 {
127	+	return nil, fmt.Errorf("%s: %w", resp.Status, errUnreachableStatusFile)
128	+	}
129	+	b, err := io.ReadAll(resp.Body)
130	+	if err != nil {
131	+	return nil, fmt.Errorf("io.ReadAll: %w", err)
132	+	}
133	+	return b, nil
134	+	}
135	+
136	+	func normalize(rawURL string) (string, error) {
137	+	u, err := url.Parse(rawURL)
138	+	if err != nil {
139	+	return "", fmt.Errorf("url.Parse: %w", err)
140	+	}
141	+	const splitLen = 2
142	+	split := strings.SplitN(strings.Trim(u.Path, "/"), "/", splitLen)
143	+	if len(split) != splitLen {
144	+	return "", fmt.Errorf("%s: %w", rawURL, errMalformedURL)
145	+	}
146	+	org := split[0]
147	+	repo := strings.TrimSuffix(split[1], ".git")
148	+	return fmt.Sprintf("%s/%s/%s", u.Host, org, repo), nil
149	+	}
150	+
151	+	// URI implements RepoClient.URI.
152	+	func (c *client) URI() string {
153	+	return c.statusURL
154	+	}
155	+
156	+	// InitRepo implements RepoClient.InitRepo.
157	+	func (c *client) InitRepo(inputRepo clients.Repo, commitSHA string, commitDepth int) error {
158	+	return fmt.Errorf("InitRepo: %w", clients.ErrUnsupportedFeature)
159	+	}
160	+
161	+	// IsArchived implements RepoClient.IsArchived.
162	+	func (c *client) IsArchived() (bool, error) {
163	+	return false, fmt.Errorf("IsArchived: %w", clients.ErrUnsupportedFeature)
164	+	}
165	+
166	+	// LocalPath implements RepoClient.LocalPath.
167	+	func (c *client) LocalPath() (string, error) {
168	+	return "", fmt.Errorf("LocalPath: %w", clients.ErrUnsupportedFeature)
169	+	}
170	+
171	+	// ListFiles implements RepoClient.ListFiles.
172	+	func (c *client) ListFiles(predicate func(string) (bool, error)) ([]string, error) {
173	+	return nil, fmt.Errorf("ListFiles: %w", clients.ErrUnsupportedFeature)
174	+	}
175	+
176	+	// GetFileContent implements RepoClient.GetFileContent.
177	+	func (c *client) GetFileContent(filename string) ([]byte, error) {
178	+	return nil, fmt.Errorf("GetFileContent: %w", clients.ErrUnsupportedFeature)
179	+	}
180	+
181	+	// GetBranch implements RepoClient.GetBranch.
182	+	func (c client) GetBranch(branch string) (clients.BranchRef, error) {
183	+	return nil, fmt.Errorf("GetBranch: %w", clients.ErrUnsupportedFeature)
184	+	}
185	+
186	+	// GetDefaultBranch implements RepoClient.GetDefaultBranch.
187	+	func (c client) GetDefaultBranch() (clients.BranchRef, error) {
188	+	return nil, fmt.Errorf("GetDefaultBranch: %w", clients.ErrUnsupportedFeature)
189	+	}
190	+
191	+	// GetDefaultBranchName implements RepoClient.GetDefaultBranchName.
192	+	func (c *client) GetDefaultBranchName() (string, error) {
193	+	return "", fmt.Errorf("GetDefaultBranchName: %w", clients.ErrUnsupportedFeature)
194	+	}
195	+
196	+	// ListCommits implements RepoClient.ListCommits.
197	+	func (c *client) ListCommits() ([]clients.Commit, error) {
198	+	return nil, fmt.Errorf("ListCommits: %w", clients.ErrUnsupportedFeature)
199	+	}
200	+
201	+	// ListIssues implements RepoClient.ListIssues.
202	+	func (c *client) ListIssues() ([]clients.Issue, error) {
203	+	return nil, fmt.Errorf("ListIssues: %w", clients.ErrUnsupportedFeature)
204	+	}
205	+
206	+	// ListReleases implements RepoClient.ListReleases.
207	+	func (c *client) ListReleases() ([]clients.Release, error) {
208	+	return nil, fmt.Errorf("ListReleases: %w", clients.ErrUnsupportedFeature)
209	+	}
210	+
211	+	// ListContributors implements RepoClient.ListContributors.
212	+	func (c *client) ListContributors() ([]clients.User, error) {
213	+	return nil, fmt.Errorf("ListContributors: %w", clients.ErrUnsupportedFeature)
214	+	}
215	+
216	+	// ListSuccessfulWorkflowRuns implements RepoClient.ListSuccessfulWorkflowRuns.
217	+	func (c *client) ListSuccessfulWorkflowRuns(filename string) ([]clients.WorkflowRun, error) {
218	+	return nil, fmt.Errorf("ListSuccessfulWorkflowRuns: %w", clients.ErrUnsupportedFeature)
219	+	}
220	+
221	+	// ListCheckRunsForRef implements RepoClient.ListCheckRunsForRef.
222	+	func (c *client) ListCheckRunsForRef(ref string) ([]clients.CheckRun, error) {
223	+	return nil, fmt.Errorf("ListCheckRunsForRef: %w", clients.ErrUnsupportedFeature)
224	+	}
225	+
226	+	// ListStatuses implements RepoClient.ListStatuses.
227	+	func (c *client) ListStatuses(ref string) ([]clients.Status, error) {
228	+	return nil, fmt.Errorf("ListStatuses: %w", clients.ErrUnsupportedFeature)
229	+	}
230	+
231	+	// ListWebhooks implements RepoClient.ListWebhooks.
232	+	func (c *client) ListWebhooks() ([]clients.Webhook, error) {
233	+	return nil, fmt.Errorf("ListWebhooks: %w", clients.ErrUnsupportedFeature)
234	+	}
235	+
236	+	// SearchCommits implements RepoClient.SearchCommits.
237	+	func (c *client) SearchCommits(request clients.SearchCommitsOptions) ([]clients.Commit, error) {
238	+	return nil, fmt.Errorf("SearchCommits: %w", clients.ErrUnsupportedFeature)
239	+	}
240	+
241	+	// Close implements RepoClient.Close.
242	+	func (c *client) Close() error {
243	+	return nil
244	+	}
245	+
246	+	// ListProgrammingLanguages implements RepoClient.ListProgrammingLanguages.
247	+	func (c *client) ListProgrammingLanguages() ([]clients.Language, error) {
248	+	return nil, fmt.Errorf("ListProgrammingLanguages: %w", clients.ErrUnsupportedFeature)
249	+	}
250	+
251	+	// ListLicenses implements RepoClient.ListLicenses.
252	+	func (c *client) ListLicenses() ([]clients.License, error) {
253	+	return nil, fmt.Errorf("ListLicenses: %w", clients.ErrUnsupportedFeature)
254	+	}
255	+
256	+	// GetCreatedAt implements RepoClient.GetCreatedAt.
257	+	func (c *client) GetCreatedAt() (time.Time, error) {
258	+	return time.Time{}, fmt.Errorf("GetCreatedAt: %w", clients.ErrUnsupportedFeature)
259	+	}
260	+

■ ■ ■ ■ ■ ■

clients/ossfuzz/client_test.go

1	+	// Copyright 2023 OpenSSF Scorecard Authors
2	+	//
3	+	// Licensed under the Apache License, Version 2.0 (the "License");
4	+	// you may not use this file except in compliance with the License.
5	+	// You may obtain a copy of the License at
6	+	//
7	+	// http://www.apache.org/licenses/LICENSE-2.0
8	+	//
9	+	// Unless required by applicable law or agreed to in writing, software
10	+	// distributed under the License is distributed on an "AS IS" BASIS,
11	+	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	+	// See the License for the specific language governing permissions and
13	+	// limitations under the License.
14	+
15	+	package ossfuzz
16	+
17	+	import (
18	+	"fmt"
19	+	"net/http"
20	+	"net/http/httptest"
21	+	"os"
22	+	"testing"
23	+
24	+	"github.com/ossf/scorecard/v4/clients"
25	+	)
26	+
27	+	func TestClient(t *testing.T) {
28	+	t.Parallel()
29	+	tests := []struct {
30	+	name string
31	+	project string
32	+	statusFile string
33	+	wantHit bool
34	+	wantErr bool
35	+	}{
36	+	{
37	+	name: "present project",
38	+	project: "github.com/ossf/scorecard",
39	+	statusFile: "status.json",
40	+	wantHit: true,
41	+	wantErr: false,
42	+	},
43	+	{
44	+	name: "non existent project",
45	+	project: "github.com/not/here",
46	+	statusFile: "status.json",
47	+	wantHit: false,
48	+	wantErr: false,
49	+	},
50	+	{
51	+	name: "non existent project which is a substring of a present project",
52	+	project: "github.com/ossf/score",
53	+	statusFile: "status.json",
54	+	wantHit: false,
55	+	wantErr: false,
56	+	},
57	+	{
58	+	name: "non existent status file",
59	+	project: "github.com/ossf/scorecard",
60	+	statusFile: "not_here.json",
61	+	wantHit: false,
62	+	wantErr: true,
63	+	},
64	+	{
65	+	name: "invalid status file",
66	+	project: "github.com/ossf/scorecard",
67	+	statusFile: "invalid.json",
68	+	wantHit: false,
69	+	wantErr: true,
70	+	},
71	+	}
72	+	for _, tt := range tests {
73	+	tt := tt
74	+	t.Run(tt.name, func(t *testing.T) {
75	+	t.Parallel()
76	+	url := setupServer(t)
77	+	statusURL := fmt.Sprintf("%s/%s", url, tt.statusFile)
78	+	c := CreateOSSFuzzClient(statusURL)
79	+	req := clients.SearchRequest{Query: tt.project}
80	+	resp, err := c.Search(req)
81	+	if (err != nil) != tt.wantErr {
82	+	t.Fatalf("got err %v, wantedErr: %t", err, tt.wantErr)
83	+	}
84	+	if (resp.Hits > 0) != tt.wantHit {
85	+	t.Errorf("wantHit: %t, got %d hits", tt.wantHit, resp.Hits)
86	+	}
87	+	})
88	+	}
89	+	}
90	+
91	+	func TestClientEager(t *testing.T) {
92	+	t.Parallel()
93	+	tests := []struct {
94	+	name string
95	+	project string
96	+	statusFile string
97	+	wantHit bool
98	+	wantSearchErr bool
99	+	wantCreateErr bool
100	+	}{
101	+	{
102	+	name: "present project",
103	+	project: "github.com/ossf/scorecard",
104	+	statusFile: "status.json",
105	+	wantHit: true,
106	+	wantSearchErr: false,
107	+	wantCreateErr: false,
108	+	},
109	+	{
110	+	name: "non existent project",
111	+	project: "github.com/not/here",
112	+	statusFile: "status.json",
113	+	wantHit: false,
114	+	wantSearchErr: false,
115	+	wantCreateErr: false,
116	+	},
117	+	{
118	+	name: "non existent project which is a substring of a present project",
119	+	project: "github.com/ossf/score",
120	+	statusFile: "status.json",
121	+	wantHit: false,
122	+	wantSearchErr: false,
123	+	wantCreateErr: false,
124	+	},
125	+	{
126	+	name: "non existent status file",
127	+	project: "github.com/ossf/scorecard",
128	+	statusFile: "not_here.json",
129	+	wantHit: false,
130	+	wantSearchErr: false,
131	+	wantCreateErr: true,
132	+	},
133	+	{
134	+	name: "invalid status file",
135	+	project: "github.com/ossf/scorecard",
136	+	statusFile: "invalid.json",
137	+	wantHit: false,
138	+	wantSearchErr: false,
139	+	wantCreateErr: true,
140	+	},
141	+	}
142	+	for _, tt := range tests {
143	+	tt := tt
144	+	t.Run(tt.name, func(t *testing.T) {
145	+	t.Parallel()
146	+	url := setupServer(t)
147	+	statusURL := fmt.Sprintf("%s/%s", url, tt.statusFile)
148	+	c, err := CreateOSSFuzzClientEager(statusURL)
149	+	if (err != nil) != tt.wantCreateErr {
150	+	t.Fatalf("got err %v, wantCreateErr: %t", err, tt.wantCreateErr)
151	+	}
152	+	if c == nil && tt.wantCreateErr {
153	+	return
154	+	}
155	+	req := clients.SearchRequest{Query: tt.project}
156	+	resp, err := c.Search(req)
157	+	if (err != nil) != tt.wantSearchErr {
158	+	t.Fatalf("got err %v, wantSearchErr: %t", err, tt.wantSearchErr)
159	+	}
160	+	if (resp.Hits > 0) != tt.wantHit {
161	+	t.Errorf("wantHit: %t, got %d hits", tt.wantHit, resp.Hits)
162	+	}
163	+	})
164	+	}
165	+	}
166	+
167	+	func setupServer(t *testing.T) string {
168	+	t.Helper()
169	+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
170	+	b, err := os.ReadFile("./testdata" + r.URL.Path)
171	+	if err != nil {
172	+	t.Logf("os.ReadFile: %v", err)
173	+	w.WriteHeader(http.StatusInternalServerError)
174	+	return
175	+	}
176	+	w.WriteHeader(http.StatusOK)
177	+	//nolint:errcheck
178	+	w.Write(b)
179	+	}))
180	+	t.Cleanup(server.Close)
181	+	return server.URL
182	+	}
183	+

■ ■ ■ ■ ■ ■

clients/ossfuzz/testdata/invalid.json

1 + }
2 + "projects": [
3 + {
4 + "name": "ansible"
5 + },
6 + {
7 + "name": "zydis"
8 + }
9 + ]
10 + {
11 +

All occurrences

■ ■ ■ ■ ■ ■

clients/ossfuzz/testdata/status.json

1	+	{
2	+	"projects": [
3	+	{
4	+	"name": "ossf-scorecard",
5	+	"main_repo": "https://github.com/ossf/scorecard"
6	+	},
7	+	{
8	+	"name": "scorecard-web",
9	+	"main_repo": "https://github.com/ossf/scorecard-webapp"
10	+	},
11	+	{
12	+	"name": "xz",
13	+	"main_repo": "https://git.tukaani.org/xz.git"
14	+	},
15	+	{
16	+	"name": "zetasql",
17	+	"main_repo": null
18	+	},
19	+	{
20	+	"name": "zydis",
21	+	"main_repo": "https://github.com/zyantific/zydis.git"
22	+	}
23	+	]
24	+	}
25	+

■ ■ ■ ■ ■ ■

cmd/serve.go

		skipped 25 lines
26	26		"github.com/ossf/scorecard/v4/checks"
27	27		"github.com/ossf/scorecard/v4/clients"
28	28		"github.com/ossf/scorecard/v4/clients/githubrepo"
	29	+	"github.com/ossf/scorecard/v4/clients/ossfuzz"
29	30		"github.com/ossf/scorecard/v4/log"
30	31		"github.com/ossf/scorecard/v4/options"
31	32		"github.com/ossf/scorecard/v4/pkg"
		skipped 28 lines
60	61		}
61	62		ctx := r.Context()
62	63		repoClient := githubrepo.CreateGithubRepoClient(ctx, logger)
63		-	ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(ctx, logger)
	64	+	ossFuzzRepoClient, err := ossfuzz.CreateOSSFuzzClientEager(ossfuzz.StatusURL)
64	65		vulnsClient := clients.DefaultVulnerabilitiesClient()
65	66		if err != nil {
66	67		logger.Error(err, "initializing clients")
		skipped 58 lines

■ ■ ■ ■ ■ ■

cron/internal/worker/main.go

		skipped 29 lines
30	30		"github.com/ossf/scorecard/v4/clients"
31	31		"github.com/ossf/scorecard/v4/clients/githubrepo"
32	32		githubstats "github.com/ossf/scorecard/v4/clients/githubrepo/stats"
	33	+	"github.com/ossf/scorecard/v4/clients/ossfuzz"
33	34		"github.com/ossf/scorecard/v4/cron/config"
34	35		"github.com/ossf/scorecard/v4/cron/data"
35	36		format "github.com/ossf/scorecard/v4/cron/internal/format"
		skipped 56 lines
92	93		sw.logger = log.NewLogger(log.InfoLevel)
93	94		sw.repoClient = githubrepo.CreateGithubRepoClient(sw.ctx, sw.logger)
94	95		sw.ciiClient = clients.BlobCIIBestPracticesClient(ciiDataBucketURL)
95		-	if sw.ossFuzzRepoClient, err = githubrepo.CreateOssFuzzRepoClient(sw.ctx, sw.logger); err != nil {
96		-	return nil, fmt.Errorf("githubrepo.CreateOssFuzzRepoClient: %w", err)
	96	+	if sw.ossFuzzRepoClient, err = ossfuzz.CreateOSSFuzzClientEager(ossfuzz.StatusURL); err != nil {
	97	+	return nil, fmt.Errorf("ossfuzz.CreateOSSFuzzClientEager: %w", err)
97	98		}
98	99
99	100		sw.vulnsClient = clients.DefaultVulnerabilitiesClient()
		skipped 179 lines

■ ■ ■ ■ ■ ■

e2e/fuzzing_test.go

		skipped 24 lines
25	25		"github.com/ossf/scorecard/v4/checks/raw"
26	26		"github.com/ossf/scorecard/v4/clients"
27	27		"github.com/ossf/scorecard/v4/clients/githubrepo"
	28	+	"github.com/ossf/scorecard/v4/clients/ossfuzz"
28	29		scut "github.com/ossf/scorecard/v4/utests"
29	30		)
30	31
31	32		var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() {
32	33		Context("E2E TEST:Validating use of fuzzing tools", func() {
33	34		It("Should return use of OSS-Fuzz", func() {
34		-	//nolint:lll
35		-	Skip("Skipping OSS-Fuzz test due to issues searching google/oss-fuzz with the REST API. https://github.com/ossf/scorecard/issues/2670")
36	35		dl := scut.TestDetailLogger{}
37	36		repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow")
38	37		Expect(err).Should(BeNil())
39	38		repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger)
40	39		err = repoClient.InitRepo(repo, clients.HeadSHA, 0)
41	40		Expect(err).Should(BeNil())
42		-	ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger)
	41	+	ossFuzzRepoClient, err := ossfuzz.CreateOSSFuzzClientEager(ossfuzz.StatusURL)
43	42		Expect(err).Should(BeNil())
44	43		req := checker.CheckRequest{
45	44		Ctx: context.Background(),
		skipped 21 lines
67	66		repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger)
68	67		err = repoClient.InitRepo(repo, clients.HeadSHA, 0)
69	68		Expect(err).Should(BeNil())
70		-	ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger)
	69	+	ossFuzzRepoClient, err := ossfuzz.CreateOSSFuzzClientEager(ossfuzz.StatusURL)
71	70		Expect(err).Should(BeNil())
72	71		req := checker.CheckRequest{
73	72		Ctx: context.Background(),
		skipped 21 lines
95	94		repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger)
96	95		err = repoClient.InitRepo(repo, clients.HeadSHA, 0)
97	96		Expect(err).Should(BeNil())
98		-	ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger)
	97	+	ossFuzzRepoClient, err := ossfuzz.CreateOSSFuzzClientEager(ossfuzz.StatusURL)
99	98		Expect(err).Should(BeNil())
100	99		req := checker.CheckRequest{
101	100		Ctx: context.Background(),
		skipped 21 lines
123	122		repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger)
124	123		err = repoClient.InitRepo(repo, clients.HeadSHA, 0)
125	124		Expect(err).Should(BeNil())
126		-	ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger)
	125	+	ossFuzzRepoClient, err := ossfuzz.CreateOSSFuzzClientEager(ossfuzz.StatusURL)
127	126		Expect(err).Should(BeNil())
128	127		req := checker.CheckRequest{
129	128		Ctx: context.Background(),
		skipped 13 lines
143	142		repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger)
144	143		err = repoClient.InitRepo(repo, clients.HeadSHA, 0)
145	144		Expect(err).Should(BeNil())
146		-	ossFuzzRepoClient, err := githubrepo.CreateOssFuzzRepoClient(context.Background(), logger)
	145	+	ossFuzzRepoClient, err := ossfuzz.CreateOSSFuzzClientEager(ossfuzz.StatusURL)
147	146		Expect(err).Should(BeNil())
148	147		req := checker.CheckRequest{
149	148		Ctx: context.Background(),
		skipped 20 lines

1	+	}
2	+	"projects": [
3	+	{
4	+	"name": "ansible"
5	+	},
6	+	{
7	+	"name": "zydis"
8	+	}
9	+	]
10	+	{
11	+