Handling of faulty shell scripts
13 views
Skip to first unread message
Arnaud Le Hors
Nov 18, 2021, 11:31:10 AM11/18/21
to OSSF Scorecard dev
Hi,
I'm new here so I apologize if this isn't the right place to post this. The doc directs one here for discussion but the low traffic makes me wonder...
On trying scorecard against the main Hyperledger Fabric repo I discovered that we had a syntax error in one of our CI scripts which led scorecard to give up on the whole Pinned-Dependencies check.
I'm thankful for scorecard uncovering the problem which allowed me to fix it but I'd like to know if the current behavior - giving up - is really the desired behavior.
Admittedly I don't know yet how the scoring is done and what the general philosophy is with regard to faulty files but rather than abandoning the test entirely it would seem desirable to continue in a case where a file can't be successfully parsed and maybe issue a warning and/or lower the score somehow.
The source code has an interesting comment showing that this isn't the first time this kind of situation has been met:
// Note: this is caught by internal caller and only printed
// to avoid failing on shell scripts that our parser does not understand.
// Example: https://github.com/openssl/openssl/blob/master/util/shlib_wrap.sh.in
// to avoid failing on shell scripts that our parser does not understand.
// Example: https://github.com/openssl/openssl/blob/master/util/shlib_wrap.sh.in
I'd appreciate if someone could tell me whether this is just a know problem that is meant to be addressed later on or what.
Thank you.
--
Arnaud Le Hors - Senior Technical Staff Member - Open Technologies: Blockchain, Edge Computing, Web - IBM
Arnaud Le Hors - Senior Technical Staff Member - Open Technologies: Blockchain, Edge Computing, Web - IBM
Arnaud Le Hors
Nov 19, 2021, 10:29:34 AM11/19/21
to OSSF Scorecard dev
Upon further inspection
I see in the code that the parsing error is actually meant to be discarded
but it is not.
I will submit an issue and PR.
Regards.
--
Arnaud Le Hors - Senior Technical Staff Member - Open Technologies: Blockchain, Edge Computing, Web - IBM
From: "Arnaud Le Hors" <leh...@us.ibm.com>
To: "OSSF Scorecard dev" <ossf-scor...@googlegroups.com>
Date: 11/18/2021 05:31 PM
Subject: [EXTERNAL] Handling of faulty shell scripts
Sent by: ossf-scor...@googlegroups.com
Hi, I'm new here so I apologize if this isn't the right place to post this. The doc directs one here for discussion but the low traffic makes me wonder... On trying scorecard against the main Hyperledger Fabric repo I discovered that we had ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
ZjQcmQRYFpfptBannerEnd--
You received this message because you are subscribed to the Google Groups "OSSF Scorecard dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossf-scorecard-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossf-scorecard-dev/ccaa2db9-60b9-45b8-9ae4-18f1ba4efe5en%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
I will submit an issue and PR.
Regards.
--
Arnaud Le Hors - Senior Technical Staff Member - Open Technologies: Blockchain, Edge Computing, Web - IBM
From: "Arnaud Le Hors" <leh...@us.ibm.com>
To: "OSSF Scorecard dev" <ossf-scor...@googlegroups.com>
Date: 11/18/2021 05:31 PM
Subject: [EXTERNAL] Handling of faulty shell scripts
Sent by: ossf-scor...@googlegroups.com
Hi, I'm new here so I apologize if this isn't the right place to post this. The doc directs one here for discussion but the low traffic makes me wonder... On trying scorecard against the main Hyperledger Fabric repo I discovered that we had ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
You received this message because you are subscribed to the Google Groups "OSSF Scorecard dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossf-scorecard-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossf-scorecard-dev/ccaa2db9-60b9-45b8-9ae4-18f1ba4efe5en%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Azeem Shaikh
Nov 19, 2021, 10:40:51 AM11/19/21
to OSSF Scorecard dev
Continuing the discussion of this thread through https://github.com/ossf/scorecard/issues/1307
Reply all
Reply to author
Forward
0 new messages