Ejemplo n.º 1
0
 public void TestLoad()
 {
     var stream = new MemoryStream(Encoding.UTF8.GetBytes(Properties.TestResources.unsafepackages));
     var loader = new PackageListLoader();
     var packages = loader.LoadPackages(stream);
     Assert.AreEqual(1, packages.Count);
     Assert.IsTrue(packages.Exists(p => p.Id == "AntiXss" && p.Before == "4.2.1"));
 }
Ejemplo n.º 2
0
        public void TestLoad()
        {
            var stream = File.OpenRead(@"..\..\..\feed\unsafepackages.xml");
            var loader = new PackageListLoader();
            var packages = loader.LoadPackages(stream);
            Assert.IsTrue(packages.Count > 5);

            Assert.IsTrue(packages.Any(p => p.Id == "NServiceBus"));
        }
Ejemplo n.º 3
0
        public override bool Execute()
        {
            var nugetFile = Path.Combine(ProjectPath, "packages.config");
            int cacheTime = 0;
            if (!String.IsNullOrEmpty(CacheTimeInMinutes) && !int.TryParse(CacheTimeInMinutes, out cacheTime))
            {
                BuildEngine.LogErrorEvent(new BuildErrorEventArgs("Configuration error", "CacheTimeInMinutes", BuildEngine.ProjectFileOfTaskNode, 0, 0, 0, 0, "Invalid value for CacheTimeInMinutes: " + CacheTimeInMinutes, "", "SafeNuGet"));
                return false;
            }

            BuildEngine.LogMessageEvent(new BuildMessageEventArgs("Checking " + nugetFile + " ...", "", _id, MessageImportance.High));
            if (File.Exists(nugetFile))
            {
                var packages = new NuGetPackageLoader().LoadPackages(nugetFile);
                UnsafePackages unsafePackages;
                if (cacheTime > 0)
                {
                    bool cacheHit = false;
                    var cacheFolder = Path.Combine(new FileInfo(BuildEngine.ProjectFileOfTaskNode).Directory.FullName, "cache");
                    unsafePackages = new PackageListLoader().GetCachedUnsafePackages(cacheFolder, cacheTime, out cacheHit);
                    if (cacheHit)
                    {
                        BuildEngine.LogMessageEvent(new BuildMessageEventArgs("Using cached list of unsafe packages", "", _id, MessageImportance.High));
                    }
                }
                else
                {
                    unsafePackages = new PackageListLoader().GetUnsafePackages();
                }
                var failures = new DecisionMaker().Evaluate(packages, unsafePackages);
                if (failures.Count() == 0) {
                    BuildEngine.LogMessageEvent(new BuildMessageEventArgs("No vulnerable packages found", "", _id, MessageImportance.High));
                } else {
                    foreach(var k in failures) {
                        var s = k.Key.Id + " " + k.Key.Version;
                        BuildEngine.LogWarningEvent(new BuildWarningEventArgs("SECURITY WARNING", s, nugetFile, 0, 0, 0, 0, "Library is vulnerable: " + s + " " + k.Value.InfoUri, "", _id));
                    }
                    return "true".Equals(DontBreakBuild, StringComparison.InvariantCultureIgnoreCase);
                }

            } else {
                BuildEngine.LogMessageEvent(new BuildMessageEventArgs("No packages.config found", "", "SafeNuGet", MessageImportance.High));
            }
            return true;
        }