Check OSS-Fuzz using project list

Signed-off-by: Spencer Schrock <sschrock@google.com>
ossf · Mar 1, 2023 · 5335f4b · 5335f4b
1 parent 8add330
commit 5335f4b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go
@@ -17,6 +17,8 @@ package raw
 import (
 	"bytes"
 	"fmt"
+	"io"
+	"net/http"
 	"regexp"
 	"strings"
 
@@ -29,6 +31,7 @@ import (
 
 const (
 	fuzzerOSSFuzz         = "OSSFuzz"
+	ossFuzzProjectURL     = "https://oss-fuzz-build-logs.storage.googleapis.com/status.json"
 	fuzzerClusterFuzzLite = "ClusterFuzzLite"
 	oneFuzz               = "OneFuzz"
 	fuzzerBuiltInGo       = "GoBuiltInFuzzer"
@@ -167,20 +170,19 @@ func checkOneFuzz(c *checker.CheckRequest) (bool, error) {
 }
 
 func checkOSSFuzz(c *checker.CheckRequest) (bool, error) {
-	if c.OssFuzzRepo == nil {
-		return false, nil
+	resp, err := http.Get(ossFuzzProjectURL)
+	if err != nil {
+		return false, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("http.Get: %v", err))
 	}
-
-	req := clients.SearchRequest{
-		Query:    c.RepoClient.URI(),
-		Filename: "project.yaml",
+	defer resp.Body.Close()
+	if resp.StatusCode >= 400 {
+		return false, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("fetch OSS-Fuzz project list: %s", resp.Status))
 	}
-	result, err := c.OssFuzzRepo.Search(req)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("Client.Search.Code: %v", err))
-		return false, e
+		return false, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("io.ReadAll: %v", err))
 	}
-	return result.Hits > 0, nil
+	return bytes.Contains(body, []byte(c.RepoClient.URI())), nil
 }
 
 func checkFuzzFunc(c *checker.CheckRequest, lang clients.LanguageName) (bool, []checker.File, error) {

diff --git a/e2e/fuzzing_test.go b/e2e/fuzzing_test.go
@@ -31,8 +31,6 @@ import (
 var _ = Describe("E2E TEST:"+checks.CheckFuzzing, func() {
 	Context("E2E TEST:Validating use of fuzzing tools", func() {
 		It("Should return use of OSS-Fuzz", func() {
-			//nolint:lll
-			Skip("Skipping OSS-Fuzz test due to issues searching google/oss-fuzz with the REST API. https://github.com/ossf/scorecard/issues/2670")
 			dl := scut.TestDetailLogger{}
 			repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow")
 			Expect(err).Should(BeNil())