permissions.go at 1471c807da2981c6f783fc08d6f84ff0a6828804 - STRLCPY/scorecard

ROOT /

permissions.go

616 lines | ISO-8859-1 | 20 KB

Blame Outline

Outline

CheckTokenPermissions

jobLevelPermission

topLevelPermission

permissionStatuses

permissionChecks

permissionSecurityEvents

permissionDeployments

permissionContents

permissionPackages

permissionActions

permissionsOfInterest

topLevelWritePermissions : map[permission]bool

jobLevelWritePermissions : map[permission]bool

permissionCbData

workflows : map[string]permissions

TokenPermissions(c *checker.CheckRequest) : checker.CheckResult

validateGitHubActionTokenPermissions : fileparser.DoWhileTrueOnFileContent

validatePermission(permissionKey permission, permissionValue *actionlint.PermissionScope, permLevel, path string, dl checker.DetailLogger, pPermissions map[permission]bool, ignoredPermissions map[permission]bool, ) : error

validateMapPermissions(scopes map[string]*actionlint.PermissionScope, permLevel, path string, dl checker.DetailLogger, pPermissions map[permission]bool, ignoredPermissions map[permission]bool, ) : error

recordPermissionWrite(pPermissions map[permission]bool, perm permission)

getWritePermissionsMap(p *permissionCbData, path, permLevel string) : map[permission]bool

recordAllPermissionsWrite(p *permissionCbData, permLevel, path string)

validatePermissions(permissions *actionlint.Permissions, permLevel, path string, dl checker.DetailLogger, pdata *permissionCbData, ignoredPermissions map[permission]bool, ) : error

validateTopLevelPermissions(workflow *actionlint.Workflow, path string, dl checker.DetailLogger, pdata *permissionCbData, ) : error

validatejobLevelPermissions(workflow *actionlint.Workflow, path string, dl checker.DetailLogger, pdata *permissionCbData, ignoredPermissions map[permission]bool, ) : error

isPermissionOfInterest(name permission, ignoredPermissions map[permission]bool) : bool

permissionIsPresent(perms permissions, name permission) : bool

permissionIsPresentInTopLevel(perms permissions, name permission) : bool

permissionIsPresentInRunLevel(perms permissions, name permission) : bool

calculateScore(result permissionCbData) : int

createResultForLeastPrivilegeTokens(result permissionCbData, err error) : checker.CheckResult

createIgnoredPermissions(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) : map[permission]bool

isSARIFUploadWorkflow(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) : bool

isSARIFUploadAction(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) : bool

isCodeQlAnalysisWorkflow(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) : bool

requiresPackagesPermissions(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) : bool

requiresContentsPermissions(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) : bool

isGitHubPagesDeploymentWorkflow(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) : bool

isReleasingWorkflow(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) : bool

Please wait...

Page is in error, reload to recover