private IEnumerable <VulnerabilityTask> GetVulnerabilityTasks(IEnumerable <Project> supportedProjects) { foreach (var project in supportedProjects) { var projectHierarchy = project.GetHierarchy(); var packageReferencesFile = new PackageReferencesFile(project.GetPackageReferenceFilePath()); foreach (var packageReference in packageReferencesFile.GetPackageReferences()) { if (packageReference.Ignore) { continue; } AuditResult auditResult; if (!_auditResults.TryGetValue(packageReference.PackageId, out auditResult)) { continue; } if (auditResult == null || auditResult.Status == AuditStatus.NoActiveVulnerabilities || auditResult.Status == AuditStatus.UnknownPackage || auditResult.Status == AuditStatus.UnknownSource) { continue; } foreach (var vulnerability in auditResult.Vulnerabilities) { var affecting = true; // vulnerability.AffectsVersion(packageReference.PackageId.VersionString); if (affecting) { var task = new VulnerabilityTask(packageReference, vulnerability) { Priority = affecting ? TaskPriority.Normal : TaskPriority.Low, ErrorCategory = affecting ? TaskErrorCategory.Error : TaskErrorCategory.Message, Text = string.Format("{0}: {1}\nReference: https://ossindex.sonatype.org/resource/vulnerability/{2}\n{3}", packageReference.PackageId, vulnerability.Title, vulnerability.Id, vulnerability.Description), HierarchyItem = projectHierarchy, Category = TaskCategory.Misc, Document = packageReference.File, Line = packageReference.StartLine, Column = packageReference.StartPos, //HelpKeyword = vulnerability.CveId }; task.Navigate += Task_Navigate; task.Removed += Task_Removed; task.Help += Task_Help; yield return(task); } } } } }
private IEnumerable<VulnerabilityTask> GetVulnerabilityTasks(IEnumerable<Project> supportedProjects) { foreach (var project in supportedProjects) { var projectHierarchy = project.GetHierarchy(); var packageReferencesFile = new PackageReferencesFile(project.GetPackageReferenceFilePath()); foreach (var packageReference in packageReferencesFile.GetPackageReferences()) { if (packageReference.Ignore) { continue; } AuditResult auditResult; if (!_auditResults.TryGetValue(packageReference.PackageId, out auditResult)) { continue; } if (auditResult == null || auditResult.Status == AuditStatus.NoKnownVulnerabilities || auditResult.Status == AuditStatus.UnknownPackage || auditResult.Status == AuditStatus.UnknownSource) { continue; } foreach (var vulnerability in auditResult.Vulnerabilities) { var affecting = vulnerability.AffectsVersion(packageReference.PackageId.VersionString); if (affecting) { var task = new VulnerabilityTask(packageReference, vulnerability) { Priority = affecting ? TaskPriority.Normal : TaskPriority.Low, ErrorCategory = affecting ? TaskErrorCategory.Error : TaskErrorCategory.Message, Text = string.Format("{0}: {1}\n{2}", packageReference.PackageId, vulnerability.Title, vulnerability.Summary), HierarchyItem = projectHierarchy, Category = TaskCategory.Misc, Document = packageReference.File, Line = packageReference.StartLine, Column = packageReference.StartPos, //HelpKeyword = vulnerability.CveId }; task.Navigate += Task_Navigate; task.Removed += Task_Removed; task.Help += Task_Help; yield return task; } } } } }