Example #1
0
        /// <summary>
        /// Validates project dependencies according to their vulnerabilities and licenses.
        /// </summary>
        /// <param name="packages">List of packages of the project.</param>
        /// <param name="policy">Project policy.</param>
        /// <returns></returns>
        private static async Task <List <Dependency> > ValidateProjectDependencies(List <NuGetPackage> packages, ProjectPolicy policy)
        {
            List <Dependency> dependencies = new List <Dependency>();

            VulnerabilityEvaluationResult[] vulnerabilityEvaluationResult = null;
            try
            {
                vulnerabilityEvaluationResult = await VulnerabilityEvaluation.EvaluatePackage(packages, policy.ApiCacheTime);
            }
            catch (Exception e)
            {
                CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch dependencies vulnerabilities: {e.Message}");
                vulnerabilitiesFetchError = true;
            }

            List <License>[] dependenciesLicenses = new List <License> [packages.Count];
            int i = 0;

            foreach (NuGetPackage package in packages)
            {
                PackageInfo packageInfo        = PackageManager.GetPackageInfo(packagesRootPath, package.Id, package.Version);
                string      packageDescription = (packageInfo == null) ? "" : packageInfo.Description;
                dependencies.Add(new Dependency(package.Id, package.Version, packageDescription, package.Direct, package.Children));
                dependenciesLicenses[i] = new List <License>();
                // It is not necessary to analyze System libraries license, only vulnerabilities
                if (packageInfo != null && (packageInfo.ProjectUrl != "https://dot.net/" || !package.Id.StartsWith("System.")))
                {
                    try
                    {
                        dependenciesLicenses[i] = await LicenseManager.TryGetLicenseName(packageInfo, policy.ApiCacheTime);
                    }
                    catch (Exception e)
                    {
                        CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch {package.Id}.{package.Version} license: {e.Message}");
                        dependenciesLicenses[i] = new List <License>();
                        licensesFetchErrors.Add($"{package.Id}.{package.Version}");
                    }
                }
                ++i;
            }

            i = 0;
            foreach (List <License> licenses in dependenciesLicenses)
            {
                dependencies[i].Licenses = licenses.Select(license =>
                {
                    license.Valid = !policy.InvalidLicenses.Contains(license.Title);
                    return(license);
                })
                                           .ToList();
                if (!vulnerabilitiesFetchError)
                {
                    dependencies[i].VulnerabilitiesCount = vulnerabilityEvaluationResult[i].VulnerabilitiesNumber;
                    dependencies[i].Vulnerabilities      = vulnerabilityEvaluationResult[i].VulnerabilitiesFound;
                }
                ++i;
            }

            return(dependencies);
        }
        /// <summary>
        /// Validates project dependencies according to their vulnerabilities and licenses.
        /// </summary>
        /// <param name="packages">List of packages of the project.</param>
        /// <param name="policy">Project policy.</param>
        /// <returns></returns>
        private static async Task <List <Dependency> > ValidateProjectDependencies(List <NuGetPackage> packages, ProjectPolicy policy)
        {
            List <Dependency> dependencies = new List <Dependency>();

            VulnerabilityEvaluationResult[] vulnerabilityEvaluationResult = null;

            try
            {
                vulnerabilityEvaluationResult = await VulnerabilityEvaluation.EvaluatePackage(packages, policy.ApiCacheTime);
            }
            catch (Exception e)
            {
                CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch dependencies vulnerabilities: {e.Message}");
                vulnerabilitiesFetchError = true;
            }

            List <License>[] dependenciesLicenses = new List <License> [packages.Count];
            int i = 0;

            foreach (NuGetPackage package in packages)
            {
                String      packageDir  = $"{package.Id}.{package.Version}";
                PackageInfo packageInfo = PackageManager.GetPackageInfo(Path.Combine(projectPath, packagesPath, packageDir));
                dependencies.Add(new Dependency(packageInfo.Id, packageInfo.Version, packageInfo.Description));
                try
                {
                    dependenciesLicenses[i] = await LicenseManager.TryGetLicenseName(packageInfo, policy.ApiCacheTime);
                }
                catch (Exception e) {
                    CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch {package.Id}.{package.Version} license: {e.Message}");
                    dependenciesLicenses[i] = new List <License>();
                    licensesFetchErrors.Add($"{package.Id}.{package.Version}");
                }
                ++i;
            }

            i = 0;
            foreach (List <License> licenses in dependenciesLicenses)
            {
                dependencies[i].Licenses = licenses.Select(license =>
                {
                    license.Valid = !policy.InvalidLicenses.Contains(license.Title);
                    return(license);
                })
                                           .ToList();
                if (!vulnerabilitiesFetchError)
                {
                    dependencies[i].VulnerabilitiesCount = vulnerabilityEvaluationResult[i].VulnerabilitiesNumber;
                    dependencies[i].Vulnerabilities      = vulnerabilityEvaluationResult[i].VulnerabilitiesFound;
                }
                ++i;
            }

            return(dependencies);
        }