public override IEnumerable <Package> GetPackages(params string[] o) ////Get NuGet packages from reading packages.config
{
try
{
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble());
string xml = config_file.ReadAsText();
if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal))
{
var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length;
xml = xml.Remove(0, lastIndexOfUtf8);
}
XElement root = XElement.Parse(xml);
IEnumerable <Package> packages =
from el in root.Elements("package")
select new Package("nuget", el.Attribute("id").Value, el.Attribute("version").Value, "");
return(packages);
}
catch (XmlException e)
{
throw new Exception("XML exception thrown parsing file: " + this.PackageManagerConfigurationFile, e);
}
catch (Exception e)
{
throw new Exception("Unknown exception thrown attempting to get packages from file: "
+ this.PackageManagerConfigurationFile, e);
}
}
//Get bower packages from reading bower.json
public override IEnumerable <Package> GetPackages(params string[] o)
{
var packages = new List <Package>();
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
JObject json = (JObject)JToken.Parse(config_file.ReadAsText());
if (json.Properties().Any(j => j.Name == "name") && json.Properties().Any(j => j.Name == "version"))
{
packages.AddRange(GetDeveloperPackages(
json.Properties().First(j => j.Name == "name").Value.ToString(),
json.Properties().First(j => j.Name == "version").Value.ToString()));
}
JObject dependencies = (JObject)json["dependencies"];
JObject dev_dependencies = (JObject)json["devDependencies"];
if (dev_dependencies != null)
{
packages.AddRange(dev_dependencies.Properties().SelectMany(d => GetDeveloperPackages(d.Name, d.Value.ToString())));
}
if (dependencies != null)
{
packages.AddRange(dependencies.Properties().SelectMany(d => GetDeveloperPackages(d.Name, d.Value.ToString())));
}
return(packages);
}
protected override string GetVersion()
{
string core_version = "8.x";
Stopwatch sw = new Stopwatch();
sw.Start();
AuditFileInfo changelog = this.ApplicationFileSystemMap["ChangeLog"] as AuditFileInfo;
string[] c = changelog.ReadAsText()?.Split(this.AuditEnvironment.LineTerminator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
if (c != null && c.Count() > 0)
{
foreach (string l in c)
{
if (l.StartsWith("Drupal "))
{
core_version = l.Split(',')[0].Substring(7);
break;
}
}
}
this.Version = core_version;
sw.Stop();
this.VersionInitialised = true;
this.AuditEnvironment.Success("Got Drupal 8 version {0} in {1} ms.", this.Version, sw.ElapsedMilliseconds);
Package core = this.ModulePackages["core"].Where(p => p.Name == "drupal_core").First();
core.Version = this.Version;
return(this.Version);
}
public override IEnumerable <Package> GetPackages(params string[] o)
{
List <Package> packages = new List <Package>();
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
JObject json = (JObject)JToken.Parse(config_file.ReadAsText());
JObject dependencies = (JObject)json["dependencies"];
JObject dev_dependencies = (JObject)json["devDependencies"];
JObject peer_dependencies = (JObject)json["peerDependencies"];
JObject optional_dependencies = (JObject)json["optionalDependencies"];
JObject bundled_dependencies = (JObject)json["bundledDependencies"];
if (dependencies != null)
{
packages.AddRange(dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), "")));
}
if (dev_dependencies != null)
{
packages.AddRange(dev_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), "")));
}
if (peer_dependencies != null)
{
packages.AddRange(peer_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), "")));
}
if (optional_dependencies != null)
{
packages.AddRange(optional_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), "")));
}
if (bundled_dependencies != null)
{
packages.AddRange(bundled_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), "")));
}
return(packages);
}
//Get packages from reading composer.json
public override IEnumerable <OSSIndexQueryObject> GetPackages(params string[] o)
{
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
JObject json = (JObject)JToken.Parse(config_file.ReadAsText());
JObject require = (JObject)json["require"];
JObject require_dev = (JObject)json["require-dev"];
if (require != null)
{
if (require_dev != null)
{
return(require.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First()))
.Concat(require_dev.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First()))));
}
else
{
return(require.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First())));
}
}
else if (require_dev != null)
{
return(require_dev.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First())));
}
else
{
this.AuditEnvironment.Warning("{0} file does not contain a require or require_dev element.", config_file.FullName);
return(new List <OSSIndexQueryObject>());
}
}
public override IEnumerable <Package> GetPackages(params string[] o) ////Get NuGet packages from reading packages.config
{
AuditFileInfo configfile = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble());
string xml = configfile.ReadAsText();
if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal))
{
var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length;
xml = xml.Remove(0, lastIndexOfUtf8);
}
XElement root = XElement.Parse(xml);
IEnumerable <Package> packages;
if (root.Name.LocalName == "Project")
{
// dotnet core csproj file
packages =
root
.Descendants()
.Where(x => x.Name.LocalName == "PackageReference")
.SelectMany(r => GetDeveloperPackages(r.Attribute("Include").Value, r.Attribute("Version").Value)).ToList();
}
else
{
packages =
root
.Elements("package")
.SelectMany(el => GetDeveloperPackages(el.Attribute("id").Value, el.Attribute("version").Value));
}
return(packages);
}
//Get bower packages from reading bower.json
public override IEnumerable <OSSIndexQueryObject> GetPackages(params string[] o)
{
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
JObject json = (JObject)JToken.Parse(config_file.ReadAsText());
JObject dependencies = (JObject)json["dependencies"];
JObject dev_dependencies = (JObject)json["devDependencies"];
if (dev_dependencies != null)
{
return(dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), ""))
.Concat(dev_dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), ""))));
}
else
{
return(dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), "")));
}
}
public override IEnumerable <Package> GetPackages(params string[] o)
{
List <Package> packages = new List <Package>();
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
JObject json = (JObject)JToken.Parse(config_file.ReadAsText());
JObject dependencies = (JObject)json["dependencies"];
JObject dev_dependencies = (JObject)json["devDependencies"];
JObject peer_dependencies = (JObject)json["peerDependencies"];
JObject optional_dependencies = (JObject)json["optionalDependencies"];
JObject bundled_dependencies = (JObject)json["bundledDependencies"];
if (dependencies != null)
{
packages.AddRange(dependencies.Properties()
.SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString())));
}
if (dev_dependencies != null)
{
packages.AddRange(dev_dependencies.Properties()
.SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString())));
}
if (peer_dependencies != null)
{
packages.AddRange(peer_dependencies.Properties()
.SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString())));
}
if (optional_dependencies != null)
{
packages.AddRange(optional_dependencies.Properties()
.SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString())));
}
if (bundled_dependencies != null)
{
packages.AddRange(bundled_dependencies.Properties()
.SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString())));
}
if (!string.IsNullOrEmpty(this.PackageSourceLockFile))
{
this.GetPackageManagerLockFilePackages(packages);
}
return(packages);
}
public override IEnumerable <Package> GetPackages(params string[] o)
{
try
{
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble());
string xml = config_file.ReadAsText();
if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal))
{
var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length;
xml = xml.Remove(0, lastIndexOfUtf8);
}
XElement root = XElement.Parse(xml);
IEnumerable <Package> packages;
if (root.Name == "Project")
{
// dotnet core csproj file
packages = root.Descendants().Where(x => x.Name == "PackageReference").Select(r =>
new Package("nuget", r.Attribute("Include").Value, r.Attribute("Version").Value)).ToList();
}
else
{
packages =
from el in root.Elements("package")
select new Package("nuget", el.Attribute("id").Value, el.Attribute("version").Value, "");
}
return(packages);
}
catch (XmlException e)
{
throw new Exception("XML exception thrown parsing file: " + this.PackageManagerConfigurationFile, e);
}
catch (Exception e)
{
throw new Exception("Unknown exception thrown attempting to get packages from file: "
+ this.PackageManagerConfigurationFile, e);
}
}
protected int GetDefaultConfigurationRules()
{
this.AuditEnvironment.Info("Loading default configuration rules for {0} application.", this.ApplicationLabel);
Stopwatch sw = new Stopwatch();
sw.Start();
AuditFileInfo rules_file = this.HostEnvironment.ConstructFile(Path.Combine(this.DevAuditDirectory, "Rules", this.ApplicationId + "." + "yml"));
if (!rules_file.Exists)
{
throw new Exception(string.Format("The default rules file {0} does not exist.", rules_file.FullName));
}
Deserializer yaml_deserializer = new Deserializer(namingConvention: new CamelCaseNamingConvention(), ignoreUnmatched: true);
Dictionary <string, List <ConfigurationRule> > rules;
rules = yaml_deserializer.Deserialize <Dictionary <string, List <ConfigurationRule> > >(new StringReader(rules_file.ReadAsText()));
if (rules == null)
{
sw.Stop();
throw new Exception(string.Format("Parsing the default rules file {0} returned null.", rules_file.FullName));
}
if (rules.ContainsKey(this.ApplicationId + "_default"))
{
rules.Remove(this.ApplicationId + "_default");
}
foreach (KeyValuePair <string, List <ConfigurationRule> > kv in rules)
{
this.AddConfigurationRules(kv.Key, kv.Value);
}
sw.Stop();
this.AuditEnvironment.Info("Got {0} default configuration rule(s) for {1} module(s) from {2}.yml in {3} ms.", rules.Sum(kv => kv.Value.Count()), rules.Keys.Count, this.ApplicationId, sw.ElapsedMilliseconds);
return(rules.Count);
}
public override IEnumerable <Package> GetPackages(params string[] o)
{
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
List <Package> packages = new List <Package>();
var isSnlSolution = config_file.Name.EndsWith(".sln");
var isCsProj = config_file.Name.EndsWith(".csproj");
var isBuildTargets = config_file.Name.EndsWith(".Build.targets");
var isDepsJson = config_file.Name.EndsWith(".deps.json");
if (isSnlSolution)
{
var Content = File.ReadAllText(this.PackageManagerConfigurationFile);
Regex projReg = new Regex("Project\\(\"\\{[\\w-]*\\}\"\\) = \"([\\w _]*.*)\", \"(.*\\.(cs|vcx|vb)proj)\"", RegexOptions.Compiled);
var matches = projReg.Matches(Content).Cast <Match>();
var Projects = matches.Select(x => x.Groups[2].Value).ToList();
for (int i = 0; i < Projects.Count; ++i)
{
if (!Path.IsPathRooted(Projects[i]))
{
Projects[i] = Path.Combine(Path.GetDirectoryName(this.PackageManagerConfigurationFile),
Projects[i]);
}
Projects[i] = Path.GetFullPath(Projects[i]);
}
foreach (var project in Projects)
{
var tmpProject = GetPackagesFromProjectFile(project, true);
if (tmpProject.Count != 0)
{
this.AuditEnvironment.Info($"Found {tmpProject.Count} packages in {project}");
foreach (var tmpPacket in tmpProject)
{
if (!packages.Contains(tmpPacket))
{
packages.Add(tmpPacket);
}
}
}
}
return(packages);
}
if (isCsProj || isBuildTargets)
{
return(GetPackagesFromProjectFile(this.PackageManagerConfigurationFile, isCsProj));
}
if (isDepsJson)
{
try
{
this.AuditEnvironment.Info("Reading packages from .NET Core dependencies manifest..");
JObject json = (JObject)JToken.Parse(config_file.ReadAsText());
JObject libraries = (JObject)json["libraries"];
if (libraries != null)
{
foreach (JProperty p in libraries.Properties())
{
string[] name = p.Name.Split('/');
// Packages with version 0.0.0.0 can show up if the are part of .net framework.
// Checking this version number is quite useless and might give a false positive.
if (name[1] != "0.0.0.0")
{
packages.Add(new Package("nuget", name[0], name[1]));
}
}
}
return(packages);
}
catch (Exception e)
{
this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName);
return(packages);
}
}
this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName);
return(packages);
}
private List <Package> GetPackagesFromProjectFile(string filename, bool isCsProj)
{
List <Package> packages = new List <Package>();
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(filename);
var fileType = isCsProj ? ".csproj" : "build targets";
this.AuditEnvironment.Info($"Reading packages from .NET Core C# {fileType} file.");
string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble());
string xml = config_file.ReadAsText();
if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal))
{
var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length;
xml = xml.Remove(0, lastIndexOfUtf8);
}
XElement root = XElement.Parse(xml);
var package = isCsProj ? "Include" : "Update";
if (root.Name.LocalName == "Project")
{
packages =
root
.Descendants()
.Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") != null)
.SelectMany(r => GetDeveloperPackages(r.Attribute(package).Value, r.Attribute("Version").Value))
.ToList();
IEnumerable <string> skipped_packages =
root
.Descendants()
.Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") == null)
.Select(r => r.Attribute(package).Value);
if (skipped_packages.Count() > 0)
{
this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(),
skipped_packages.Aggregate((s1, s2) => s1 + "," + s2));
}
var helper = new NuGetApiHelper(this.AuditEnvironment, config_file.DirectoryName);
var nuGetFrameworks = helper.GetFrameworks(root);
if (!nuGetFrameworks.Any())
{
AuditEnvironment.Warning("Scanning from project file found 0 packages, checking for packages.config file. ");
nuGetFrameworks = helper.GetFrameworks();
}
if (!nuGetFrameworks.Any())
{
AuditEnvironment.Warning("Scanning NuGet transitive dependencies failed because no target framework is found in {0}...", config_file.Name);
}
foreach (var framework in nuGetFrameworks)
{
AuditEnvironment.Info("Scanning NuGet transitive dependencies for {0}...", framework.GetFrameworkString());
var deps = helper.GetPackageDependencies(packages, framework);
Task.WaitAll(deps);
packages = helper.AddPackageDependencies(deps.Result, packages);
}
return(packages);
}
else
{
this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName);
return(packages);
}
}
public void GetPackageManagerLockFilePackages(List <Package> packages)
{
int origCount = packages.Count;
AuditFileInfo f = this.AuditEnvironment.ConstructFile(this.PackageSourceLockFile);
string text = f.ReadAsText();
string[] lines = text.Split(new[] { "\n" }, StringSplitOptions.None);
bool insideDeps = false;
List <string> deps = new List <string>();
for (int i = 0; i < lines.Length; i++)
{
string line = lines[i];
if (!insideDeps && line.Trim().StartsWith("dependencies:"))
{
insideDeps = true;
continue;
}
else if (insideDeps && string.IsNullOrEmpty(line.Trim()) || line.Trim() == "optionalDependencies:")
{
insideDeps = false;
continue;
}
else if (insideDeps)
{
deps.Add(line);
}
else
{
continue;
}
}
foreach (var d in deps)
{
var m = dRegEx.Match(d);
if (m.Success)
{
string n = m.Groups[1].Value.Replace("@", "").Trim();
string v = m.Groups[2].Value.Trim();
var depPackages = GetDeveloperPackages(n, v);
foreach (var package in depPackages)
{
if (!packages.Any(p => p.Name == package.Name && p.Version == package.Version))
{
packages.Add(package);
}
}
}
else
{
this.AuditEnvironment.Error("Could not parse lock file dependency line {0}. Skipping.", d.Trim());
}
}
//var m = l.Matches(text);
if (packages.Count > origCount)
{
this.AuditEnvironment.Info("Added {0} package dependencies from Yarn lock file {1}.",
packages.Count - origCount, this.PackageSourceLockFile);
}
}
public override IEnumerable <Package> GetPackages(params string[] o)
{
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
List <Package> packages = new List <Package>();
if (config_file.Name.EndsWith(".csproj"))
{
this.AuditEnvironment.Info("Reading packages from .NET Core C# .csproj file.");
string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble());
string xml = config_file.ReadAsText();
if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal))
{
var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length;
xml = xml.Remove(0, lastIndexOfUtf8);
}
XElement root = XElement.Parse(xml);
if (root.Name.LocalName == "Project")
{
packages =
root
.Descendants()
.Where(x => x.Name.LocalName == "PackageReference" && x.Attribute("Include") != null && x.Attribute("Version") != null)
.SelectMany(r => GetDeveloperPackages(r.Attribute("Include").Value, r.Attribute("Version").Value))
.ToList();
IEnumerable <string> skipped_packages =
root
.Descendants()
.Where(x => x.Name.LocalName == "PackageReference" && x.Attribute("Include") != null && x.Attribute("Version") == null)
.Select(r => r.Attribute("Include").Value);
if (skipped_packages.Count() > 0)
{
this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(),
skipped_packages.Aggregate((s1, s2) => s1 + "," + s2));
}
return(packages);
}
else
{
this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName);
return(packages);
}
}
else if (config_file.Name.EndsWith(".deps.json"))
{
try
{
this.AuditEnvironment.Info("Reading packages from .NET Core depedencies manifest..");
JObject json = (JObject)JToken.Parse(config_file.ReadAsText());
JObject libraries = (JObject)json["libraries"];
if (libraries != null)
{
foreach (JProperty p in libraries.Properties())
{
string[] name = p.Name.Split('/');
packages.Add(new Package("nuget", name[0], name[1]));
}
}
return(packages);
}
catch (Exception e)
{
this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName);
return(packages);
}
}
else
{
this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName);
return(packages);
}
}
public override IEnumerable <Package> GetPackages(params string[] o)
{
AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
List <Package> packages = new List <Package>();
var isCsProj = config_file.Name.EndsWith(".csproj");
var isBuildTargets = config_file.Name.EndsWith(".Build.targets");
var isDepsJson = config_file.Name.EndsWith(".deps.json");
if (isCsProj || isBuildTargets)
{
var fileType = isCsProj ? ".csproj" : "build targets";
this.AuditEnvironment.Info($"Reading packages from .NET Core C# {fileType} file.");
string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble());
string xml = config_file.ReadAsText();
if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal))
{
var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length;
xml = xml.Remove(0, lastIndexOfUtf8);
}
XElement root = XElement.Parse(xml);
var package = isCsProj ? "Include" : "Update";
if (root.Name.LocalName == "Project")
{
packages =
root
.Descendants()
.Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") != null)
.SelectMany(r => GetDeveloperPackages(r.Attribute(package).Value, r.Attribute("Version").Value))
.ToList();
IEnumerable <string> skipped_packages =
root
.Descendants()
.Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") == null)
.Select(r => r.Attribute(package).Value);
if (skipped_packages.Count() > 0)
{
this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(),
skipped_packages.Aggregate((s1, s2) => s1 + "," + s2));
}
var helper = new NuGetApiHelper(this.AuditEnvironment, config_file.DirectoryName);
var nuGetFrameworks = helper.GetFrameworks(root);
if (!nuGetFrameworks.Any())
{
AuditEnvironment.Warning("Scanning NuGet transitive dependencies failed because no target framework is found in {0}...", config_file.Name);
}
foreach (var framework in nuGetFrameworks)
{
AuditEnvironment.Info("Scanning NuGet transitive dependencies for {0}...", framework.GetFrameworkString());
var deps = helper.GetPackageDependencies(packages, framework);
Task.WaitAll(deps);
packages = helper.AddPackageDependencies(deps.Result, packages);
}
return(packages);
}
else
{
this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName);
return(packages);
}
}
if (isDepsJson)
{
try
{
this.AuditEnvironment.Info("Reading packages from .NET Core dependencies manifest..");
JObject json = (JObject)JToken.Parse(config_file.ReadAsText());
JObject libraries = (JObject)json["libraries"];
if (libraries != null)
{
foreach (JProperty p in libraries.Properties())
{
string[] name = p.Name.Split('/');
// Packages with version 0.0.0.0 can show up if the are part of .net framework.
// Checking this version number is quite useless and might give a false positive.
if (name[1] != "0.0.0.0")
{
packages.Add(new Package("nuget", name[0], name[1]));
}
}
}
return(packages);
}
catch (Exception e)
{
this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName);
return(packages);
}
}
this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName);
return(packages);
}
