public override IEnumerable <Package> GetPackages(params string[] o) ////Get NuGet packages from reading packages.config { try { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); IEnumerable <Package> packages = from el in root.Elements("package") select new Package("nuget", el.Attribute("id").Value, el.Attribute("version").Value, ""); return(packages); } catch (XmlException e) { throw new Exception("XML exception thrown parsing file: " + this.PackageManagerConfigurationFile, e); } catch (Exception e) { throw new Exception("Unknown exception thrown attempting to get packages from file: " + this.PackageManagerConfigurationFile, e); } }
//Get bower packages from reading bower.json public override IEnumerable <Package> GetPackages(params string[] o) { var packages = new List <Package>(); AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); if (json.Properties().Any(j => j.Name == "name") && json.Properties().Any(j => j.Name == "version")) { packages.AddRange(GetDeveloperPackages( json.Properties().First(j => j.Name == "name").Value.ToString(), json.Properties().First(j => j.Name == "version").Value.ToString())); } JObject dependencies = (JObject)json["dependencies"]; JObject dev_dependencies = (JObject)json["devDependencies"]; if (dev_dependencies != null) { packages.AddRange(dev_dependencies.Properties().SelectMany(d => GetDeveloperPackages(d.Name, d.Value.ToString()))); } if (dependencies != null) { packages.AddRange(dependencies.Properties().SelectMany(d => GetDeveloperPackages(d.Name, d.Value.ToString()))); } return(packages); }
protected override string GetVersion() { string core_version = "8.x"; Stopwatch sw = new Stopwatch(); sw.Start(); AuditFileInfo changelog = this.ApplicationFileSystemMap["ChangeLog"] as AuditFileInfo; string[] c = changelog.ReadAsText()?.Split(this.AuditEnvironment.LineTerminator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries); if (c != null && c.Count() > 0) { foreach (string l in c) { if (l.StartsWith("Drupal ")) { core_version = l.Split(',')[0].Substring(7); break; } } } this.Version = core_version; sw.Stop(); this.VersionInitialised = true; this.AuditEnvironment.Success("Got Drupal 8 version {0} in {1} ms.", this.Version, sw.ElapsedMilliseconds); Package core = this.ModulePackages["core"].Where(p => p.Name == "drupal_core").First(); core.Version = this.Version; return(this.Version); }
public override IEnumerable <Package> GetPackages(params string[] o) { List <Package> packages = new List <Package>(); AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject dependencies = (JObject)json["dependencies"]; JObject dev_dependencies = (JObject)json["devDependencies"]; JObject peer_dependencies = (JObject)json["peerDependencies"]; JObject optional_dependencies = (JObject)json["optionalDependencies"]; JObject bundled_dependencies = (JObject)json["bundledDependencies"]; if (dependencies != null) { packages.AddRange(dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } if (dev_dependencies != null) { packages.AddRange(dev_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } if (peer_dependencies != null) { packages.AddRange(peer_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } if (optional_dependencies != null) { packages.AddRange(optional_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } if (bundled_dependencies != null) { packages.AddRange(bundled_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } return(packages); }
//Get packages from reading composer.json public override IEnumerable <OSSIndexQueryObject> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject require = (JObject)json["require"]; JObject require_dev = (JObject)json["require-dev"]; if (require != null) { if (require_dev != null) { return(require.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First())) .Concat(require_dev.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First())))); } else { return(require.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First()))); } } else if (require_dev != null) { return(require_dev.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First()))); } else { this.AuditEnvironment.Warning("{0} file does not contain a require or require_dev element.", config_file.FullName); return(new List <OSSIndexQueryObject>()); } }
public override IEnumerable <Package> GetPackages(params string[] o) ////Get NuGet packages from reading packages.config { AuditFileInfo configfile = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = configfile.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); IEnumerable <Package> packages; if (root.Name.LocalName == "Project") { // dotnet core csproj file packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference") .SelectMany(r => GetDeveloperPackages(r.Attribute("Include").Value, r.Attribute("Version").Value)).ToList(); } else { packages = root .Elements("package") .SelectMany(el => GetDeveloperPackages(el.Attribute("id").Value, el.Attribute("version").Value)); } return(packages); }
//Get bower packages from reading bower.json public override IEnumerable <OSSIndexQueryObject> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject dependencies = (JObject)json["dependencies"]; JObject dev_dependencies = (JObject)json["devDependencies"]; if (dev_dependencies != null) { return(dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), "")) .Concat(dev_dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), "")))); } else { return(dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), ""))); } }
public override IEnumerable <Package> GetPackages(params string[] o) { List <Package> packages = new List <Package>(); AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject dependencies = (JObject)json["dependencies"]; JObject dev_dependencies = (JObject)json["devDependencies"]; JObject peer_dependencies = (JObject)json["peerDependencies"]; JObject optional_dependencies = (JObject)json["optionalDependencies"]; JObject bundled_dependencies = (JObject)json["bundledDependencies"]; if (dependencies != null) { packages.AddRange(dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (dev_dependencies != null) { packages.AddRange(dev_dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (peer_dependencies != null) { packages.AddRange(peer_dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (optional_dependencies != null) { packages.AddRange(optional_dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (bundled_dependencies != null) { packages.AddRange(bundled_dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (!string.IsNullOrEmpty(this.PackageSourceLockFile)) { this.GetPackageManagerLockFilePackages(packages); } return(packages); }
public override IEnumerable <Package> GetPackages(params string[] o) { try { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); IEnumerable <Package> packages; if (root.Name == "Project") { // dotnet core csproj file packages = root.Descendants().Where(x => x.Name == "PackageReference").Select(r => new Package("nuget", r.Attribute("Include").Value, r.Attribute("Version").Value)).ToList(); } else { packages = from el in root.Elements("package") select new Package("nuget", el.Attribute("id").Value, el.Attribute("version").Value, ""); } return(packages); } catch (XmlException e) { throw new Exception("XML exception thrown parsing file: " + this.PackageManagerConfigurationFile, e); } catch (Exception e) { throw new Exception("Unknown exception thrown attempting to get packages from file: " + this.PackageManagerConfigurationFile, e); } }
protected int GetDefaultConfigurationRules() { this.AuditEnvironment.Info("Loading default configuration rules for {0} application.", this.ApplicationLabel); Stopwatch sw = new Stopwatch(); sw.Start(); AuditFileInfo rules_file = this.HostEnvironment.ConstructFile(Path.Combine(this.DevAuditDirectory, "Rules", this.ApplicationId + "." + "yml")); if (!rules_file.Exists) { throw new Exception(string.Format("The default rules file {0} does not exist.", rules_file.FullName)); } Deserializer yaml_deserializer = new Deserializer(namingConvention: new CamelCaseNamingConvention(), ignoreUnmatched: true); Dictionary <string, List <ConfigurationRule> > rules; rules = yaml_deserializer.Deserialize <Dictionary <string, List <ConfigurationRule> > >(new StringReader(rules_file.ReadAsText())); if (rules == null) { sw.Stop(); throw new Exception(string.Format("Parsing the default rules file {0} returned null.", rules_file.FullName)); } if (rules.ContainsKey(this.ApplicationId + "_default")) { rules.Remove(this.ApplicationId + "_default"); } foreach (KeyValuePair <string, List <ConfigurationRule> > kv in rules) { this.AddConfigurationRules(kv.Key, kv.Value); } sw.Stop(); this.AuditEnvironment.Info("Got {0} default configuration rule(s) for {1} module(s) from {2}.yml in {3} ms.", rules.Sum(kv => kv.Value.Count()), rules.Keys.Count, this.ApplicationId, sw.ElapsedMilliseconds); return(rules.Count); }
public override IEnumerable <Package> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); List <Package> packages = new List <Package>(); var isSnlSolution = config_file.Name.EndsWith(".sln"); var isCsProj = config_file.Name.EndsWith(".csproj"); var isBuildTargets = config_file.Name.EndsWith(".Build.targets"); var isDepsJson = config_file.Name.EndsWith(".deps.json"); if (isSnlSolution) { var Content = File.ReadAllText(this.PackageManagerConfigurationFile); Regex projReg = new Regex("Project\\(\"\\{[\\w-]*\\}\"\\) = \"([\\w _]*.*)\", \"(.*\\.(cs|vcx|vb)proj)\"", RegexOptions.Compiled); var matches = projReg.Matches(Content).Cast <Match>(); var Projects = matches.Select(x => x.Groups[2].Value).ToList(); for (int i = 0; i < Projects.Count; ++i) { if (!Path.IsPathRooted(Projects[i])) { Projects[i] = Path.Combine(Path.GetDirectoryName(this.PackageManagerConfigurationFile), Projects[i]); } Projects[i] = Path.GetFullPath(Projects[i]); } foreach (var project in Projects) { var tmpProject = GetPackagesFromProjectFile(project, true); if (tmpProject.Count != 0) { this.AuditEnvironment.Info($"Found {tmpProject.Count} packages in {project}"); foreach (var tmpPacket in tmpProject) { if (!packages.Contains(tmpPacket)) { packages.Add(tmpPacket); } } } } return(packages); } if (isCsProj || isBuildTargets) { return(GetPackagesFromProjectFile(this.PackageManagerConfigurationFile, isCsProj)); } if (isDepsJson) { try { this.AuditEnvironment.Info("Reading packages from .NET Core dependencies manifest.."); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject libraries = (JObject)json["libraries"]; if (libraries != null) { foreach (JProperty p in libraries.Properties()) { string[] name = p.Name.Split('/'); // Packages with version 0.0.0.0 can show up if the are part of .net framework. // Checking this version number is quite useless and might give a false positive. if (name[1] != "0.0.0.0") { packages.Add(new Package("nuget", name[0], name[1])); } } } return(packages); } catch (Exception e) { this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName); return(packages); } } this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName); return(packages); }
private List <Package> GetPackagesFromProjectFile(string filename, bool isCsProj) { List <Package> packages = new List <Package>(); AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(filename); var fileType = isCsProj ? ".csproj" : "build targets"; this.AuditEnvironment.Info($"Reading packages from .NET Core C# {fileType} file."); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); var package = isCsProj ? "Include" : "Update"; if (root.Name.LocalName == "Project") { packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") != null) .SelectMany(r => GetDeveloperPackages(r.Attribute(package).Value, r.Attribute("Version").Value)) .ToList(); IEnumerable <string> skipped_packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") == null) .Select(r => r.Attribute(package).Value); if (skipped_packages.Count() > 0) { this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(), skipped_packages.Aggregate((s1, s2) => s1 + "," + s2)); } var helper = new NuGetApiHelper(this.AuditEnvironment, config_file.DirectoryName); var nuGetFrameworks = helper.GetFrameworks(root); if (!nuGetFrameworks.Any()) { AuditEnvironment.Warning("Scanning from project file found 0 packages, checking for packages.config file. "); nuGetFrameworks = helper.GetFrameworks(); } if (!nuGetFrameworks.Any()) { AuditEnvironment.Warning("Scanning NuGet transitive dependencies failed because no target framework is found in {0}...", config_file.Name); } foreach (var framework in nuGetFrameworks) { AuditEnvironment.Info("Scanning NuGet transitive dependencies for {0}...", framework.GetFrameworkString()); var deps = helper.GetPackageDependencies(packages, framework); Task.WaitAll(deps); packages = helper.AddPackageDependencies(deps.Result, packages); } return(packages); } else { this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName); return(packages); } }
public void GetPackageManagerLockFilePackages(List <Package> packages) { int origCount = packages.Count; AuditFileInfo f = this.AuditEnvironment.ConstructFile(this.PackageSourceLockFile); string text = f.ReadAsText(); string[] lines = text.Split(new[] { "\n" }, StringSplitOptions.None); bool insideDeps = false; List <string> deps = new List <string>(); for (int i = 0; i < lines.Length; i++) { string line = lines[i]; if (!insideDeps && line.Trim().StartsWith("dependencies:")) { insideDeps = true; continue; } else if (insideDeps && string.IsNullOrEmpty(line.Trim()) || line.Trim() == "optionalDependencies:") { insideDeps = false; continue; } else if (insideDeps) { deps.Add(line); } else { continue; } } foreach (var d in deps) { var m = dRegEx.Match(d); if (m.Success) { string n = m.Groups[1].Value.Replace("@", "").Trim(); string v = m.Groups[2].Value.Trim(); var depPackages = GetDeveloperPackages(n, v); foreach (var package in depPackages) { if (!packages.Any(p => p.Name == package.Name && p.Version == package.Version)) { packages.Add(package); } } } else { this.AuditEnvironment.Error("Could not parse lock file dependency line {0}. Skipping.", d.Trim()); } } //var m = l.Matches(text); if (packages.Count > origCount) { this.AuditEnvironment.Info("Added {0} package dependencies from Yarn lock file {1}.", packages.Count - origCount, this.PackageSourceLockFile); } }
public override IEnumerable <Package> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); List <Package> packages = new List <Package>(); if (config_file.Name.EndsWith(".csproj")) { this.AuditEnvironment.Info("Reading packages from .NET Core C# .csproj file."); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); if (root.Name.LocalName == "Project") { packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute("Include") != null && x.Attribute("Version") != null) .SelectMany(r => GetDeveloperPackages(r.Attribute("Include").Value, r.Attribute("Version").Value)) .ToList(); IEnumerable <string> skipped_packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute("Include") != null && x.Attribute("Version") == null) .Select(r => r.Attribute("Include").Value); if (skipped_packages.Count() > 0) { this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(), skipped_packages.Aggregate((s1, s2) => s1 + "," + s2)); } return(packages); } else { this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName); return(packages); } } else if (config_file.Name.EndsWith(".deps.json")) { try { this.AuditEnvironment.Info("Reading packages from .NET Core depedencies manifest.."); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject libraries = (JObject)json["libraries"]; if (libraries != null) { foreach (JProperty p in libraries.Properties()) { string[] name = p.Name.Split('/'); packages.Add(new Package("nuget", name[0], name[1])); } } return(packages); } catch (Exception e) { this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName); return(packages); } } else { this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName); return(packages); } }
public override IEnumerable <Package> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); List <Package> packages = new List <Package>(); var isCsProj = config_file.Name.EndsWith(".csproj"); var isBuildTargets = config_file.Name.EndsWith(".Build.targets"); var isDepsJson = config_file.Name.EndsWith(".deps.json"); if (isCsProj || isBuildTargets) { var fileType = isCsProj ? ".csproj" : "build targets"; this.AuditEnvironment.Info($"Reading packages from .NET Core C# {fileType} file."); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); var package = isCsProj ? "Include" : "Update"; if (root.Name.LocalName == "Project") { packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") != null) .SelectMany(r => GetDeveloperPackages(r.Attribute(package).Value, r.Attribute("Version").Value)) .ToList(); IEnumerable <string> skipped_packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") == null) .Select(r => r.Attribute(package).Value); if (skipped_packages.Count() > 0) { this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(), skipped_packages.Aggregate((s1, s2) => s1 + "," + s2)); } var helper = new NuGetApiHelper(this.AuditEnvironment, config_file.DirectoryName); var nuGetFrameworks = helper.GetFrameworks(root); if (!nuGetFrameworks.Any()) { AuditEnvironment.Warning("Scanning NuGet transitive dependencies failed because no target framework is found in {0}...", config_file.Name); } foreach (var framework in nuGetFrameworks) { AuditEnvironment.Info("Scanning NuGet transitive dependencies for {0}...", framework.GetFrameworkString()); var deps = helper.GetPackageDependencies(packages, framework); Task.WaitAll(deps); packages = helper.AddPackageDependencies(deps.Result, packages); } return(packages); } else { this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName); return(packages); } } if (isDepsJson) { try { this.AuditEnvironment.Info("Reading packages from .NET Core dependencies manifest.."); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject libraries = (JObject)json["libraries"]; if (libraries != null) { foreach (JProperty p in libraries.Properties()) { string[] name = p.Name.Split('/'); // Packages with version 0.0.0.0 can show up if the are part of .net framework. // Checking this version number is quite useless and might give a false positive. if (name[1] != "0.0.0.0") { packages.Add(new Package("nuget", name[0], name[1])); } } } return(packages); } catch (Exception e) { this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName); return(packages); } } this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName); return(packages); }