define a commit type

this helps us use a map later. Signed-off-by: Spencer Schrock <[email protected]>
ossf · Sep 24, 2024 · 2f11571 · 2f11571
1 parent 5b52898
commit 2f11571
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 10 deletions.
diff --git a/app/server/github_verifier.go b/app/server/github_verifier.go
@@ -29,7 +29,8 @@ type githubVerifier struct {
 
 // contains makes two "core" API calls: one for the default branch, and one to compare the target hash to a branch
 // if the repo is "github/codeql-action", also check releases/v1 before failing.
-func (g *githubVerifier) contains(owner, repo, hash string) (bool, error) {
+func (g *githubVerifier) contains(c commit) (bool, error) {
+	owner, repo, hash := c.owner, c.repo, c.hash
 	defaultBranch, err := g.defaultBranch(owner, repo)
 	if err != nil {
 		return false, err

diff --git a/app/server/github_verifier_test.go b/app/server/github_verifier_test.go
@@ -40,7 +40,7 @@ func Test_githubVerifier_contains_codeql_v1(t *testing.T) {
 		ctx:    context.Background(),
 		client: client,
 	}
-	got, err := gv.contains("github", "codeql-action", "somehash")
+	got, err := gv.contains(commit{"github", "codeql-action", "somehash"})
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -66,7 +66,7 @@ func Test_githubVerifier_contains_codeql_v2(t *testing.T) {
 		ctx:    context.Background(),
 		client: client,
 	}
-	got, err := gv.contains("github", "codeql-action", "somehash")
+	got, err := gv.contains(commit{"github", "codeql-action", "somehash"})
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}

diff --git a/app/server/post_results_e2e_test.go b/app/server/post_results_e2e_test.go
@@ -134,14 +134,14 @@ var _ = Describe("E2E Test: githubVerifier_contains", func() {
 	Context("E2E Test: Validate known good commits", func() {
 		It("can detect actions/upload-artifact v3-node20 commits", func() {
 			gv := getGithubVerifier()
-			c, err := gv.contains("actions", "upload-artifact", "97a0fba1372883ab732affbe8f94b823f91727db")
+			c, err := gv.contains(commit{"actions", "upload-artifact", "97a0fba1372883ab732affbe8f94b823f91727db"})
 			Expect(err).Should(BeNil())
 			Expect(c).To(BeTrue())
 		})
 
 		It("can detect github/codeql-action backport commits", func() {
 			gv := getGithubVerifier()
-			c, err := gv.contains("github", "codeql-action", "a82bad71823183e5b120ab52d521460ecb0585fe")
+			c, err := gv.contains(commit{"github", "codeql-action", "a82bad71823183e5b120ab52d521460ecb0585fe"})
 			Expect(err).Should(BeNil())
 			Expect(c).To(BeTrue())
 		})

diff --git a/app/server/verify_workflow.go b/app/server/verify_workflow.go
@@ -56,8 +56,12 @@ var ubuntuRunners = map[string]bool{
 	"ubuntu-18.04":  true,
 }
 
+type commit struct {
+	owner, repo, hash string
+}
+
 type commitVerifier interface {
-	contains(owner, repo, hash string) (bool, error)
+	contains(c commit) (bool, error)
 }
 
 type verificationError struct {
@@ -169,8 +173,12 @@ func verifyScorecardWorkflow(workflowContent string, verifier commitVerifier) er
 			if isCommitHash(ref) {
 				s := strings.Split(stepName, "/")
 				// no need to length check as the step name is one of the ones above
-				owner, repo := s[0], s[1]
-				contains, err := verifier.contains(owner, repo, ref)
+				c := commit{
+					owner: s[0],
+					repo:  s[1],
+					hash:  ref,
+				}
+				contains, err := verifier.contains(c)
 				if err != nil {
 					return err
 				}

diff --git a/app/server/verify_workflow_test.go b/app/server/verify_workflow_test.go
@@ -28,8 +28,8 @@ type allowListVerifier struct {
 	allowed map[string]bool
 }
 
-func (a *allowListVerifier) contains(owner, repo, hash string) (bool, error) {
-	return a.allowed[hash], nil
+func (a *allowListVerifier) contains(c commit) (bool, error) {
+	return a.allowed[c.hash], nil
 }
 
 var allowCommitVerifier = &allowListVerifier{