Example #1
0
        public IEnumerable <PackageVerifierIssue> Validate(IPackageRepository packageRepo, IPackage package, IPackageVerifierLogger logger)
        {
            string packagePath     = packageRepo.Source + "\\" + package.Id + "." + package.Version.ToString() + ".nupkg";
            string nupkgWithoutExt = Path.Combine(Path.GetDirectoryName(packagePath), Path.GetFileNameWithoutExtension(packagePath));

            try
            {
                UnzipPackage(nupkgWithoutExt);

                foreach (IPackageFile current in package.GetFiles())
                {
                    //string packagePath = package.FileSystem.Root + "\\" + Id + "." + Version + ".nupkg"
                    string extension = Path.GetExtension(current.Path);

                    // TODO: Need to add more extensions?
                    if (extension.Equals(".dll", StringComparison.OrdinalIgnoreCase) ||
                        extension.Equals(".exe", StringComparison.OrdinalIgnoreCase))
                    {
                        string pathOfFileToScan = Path.Combine(nupkgWithoutExt, current.Path);
                        var    realAssemblyPath = pathOfFileToScan;
                        if (!File.Exists(realAssemblyPath))
                        {
                            realAssemblyPath = pathOfFileToScan.Replace("+", "%2B").Replace("#", "%23");
                            if (!File.Exists(realAssemblyPath))
                            {
                                logger.LogError("The assembly '{0}' in this package can't be found (a bug in this tool, most likely).", current.Path);
                                continue;
                            }
                        }
                        bool isAuthenticodeSigned = WinTrust.IsAuthenticodeSigned(realAssemblyPath);
                        if (!isAuthenticodeSigned)
                        {
                            yield return(PackageIssueFactory.PEFileNotAuthenticodeSigned(current.Path));
                        }
                    }
                }
            }
            finally
            {
                CleanUpFolder(nupkgWithoutExt, logger);
            }

            yield break;
        }
Example #2
0
        public IEnumerable <PackageVerifierIssue> Validate(PackageAnalysisContext context)
        {
            var extractPath = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());

            try
            {
                UnzipPackage(context.PackageFileInfo, extractPath);
                foreach (var current in context.PackageReader.GetFiles())
                {
                    //string packagePath = package.FileSystem.Root + "\\" + Id + "." + Version + ".nupkg"
                    var extension = Path.GetExtension(current);

                    // TODO: Need to add more extensions?
                    if (extension.Equals(".dll", StringComparison.OrdinalIgnoreCase) ||
                        extension.Equals(".exe", StringComparison.OrdinalIgnoreCase))
                    {
                        var pathOfFileToScan = Path.Combine(extractPath, current);
                        var realAssemblyPath = pathOfFileToScan;
                        if (!File.Exists(realAssemblyPath))
                        {
                            realAssemblyPath = pathOfFileToScan.Replace("+", "%2B").Replace("#", "%23");
                            if (!File.Exists(realAssemblyPath))
                            {
                                context.Logger.LogError(
                                    "The assembly '{0}' in this package can't be found (a bug in this tool, most likely).",
                                    current);

                                continue;
                            }
                        }

                        var isAuthenticodeSigned = WinTrust.IsAuthenticodeSigned(realAssemblyPath);
                        if (!isAuthenticodeSigned)
                        {
                            yield return(PackageIssueFactory.PEFileNotAuthenticodeSigned(current));
                        }
                    }
                }
            }
            finally
            {
                CleanUpFolder(extractPath, context.Logger);
            }
        }