public override bool Execute(string command, string arguments, out ProcessExecuteStatus process_status, out string process_output, out string process_error, Action <string> OutputDataReceived = null, Action <string> OutputErrorReceived = null, [CallerMemberName] string memberName = "", [CallerFilePath] string fileName = "", [CallerLineNumber] int lineNumber = 0)
{
if (!this.IsConnected)
{
throw new InvalidOperationException("The SSH session is not connected.");
}
CallerInformation caller = new CallerInformation(memberName, fileName, lineNumber);
if (!this.IsConnected)
{
throw new InvalidOperationException("The SSH session is not connected.");
}
process_status = ProcessExecuteStatus.Unknown;
process_output = "";
process_error = "";
SshCommand ssh_command = this.SshClient.RunCommand(command + " " + arguments);
process_output = ssh_command.Result.Trim();
process_error = ssh_command.Error.Trim();
if (!string.IsNullOrEmpty(ssh_command.Result))
{
Debug(caller, "Command {0} completed successfully, output: {1}", command + " " + arguments, process_output);
process_status = ProcessExecuteStatus.Completed;
return(true);
}
else
{
process_status = ProcessExecuteStatus.Error;
Debug(caller, "Send command {0} did not complete successfully, output: {1}", command + " " + arguments, process_error);
return(false);
}
}
public override LocalAuditFileInfo GetAsLocalFile()
{
CallerInformation caller = this.AuditEnvironment.Here();
List <string> components = this.Directory.FullName.Split(this.AuditEnvironment.PathSeparator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries).ToList();
components.RemoveAll(c => c.Contains(this.AuditEnvironment.PathSeparator) || c.Contains(":")); //Remove any drive or device parts
DirectoryInfo parent = this.AuditEnvironment.WorkDirectory;
if (components.Count > 1)
{
foreach (string c in components.Take(components.Count - 1))
{
DirectoryInfo d = new DirectoryInfo(Path.Combine(parent.FullName, c));
if (!d.Exists)
{
d.Create();
this.AuditEnvironment.Debug(caller, "Created sub-directory {0} in work directory.", c);
parent = d;
}
}
}
FileInfo lf = this.DockerAuditEnvironment.GetFileAsLocal(this.FullName, this.CombinePaths(parent.FullName, this.FullName));
if (lf != null)
{
return(new LocalAuditFileInfo(this.AuditEnvironment.HostEnvironment, lf));
}
else
{
return(null);
}
}
public override Dictionary <AuditFileInfo, string> ReadFilesAsText(List <AuditFileInfo> files)
{
CallerInformation here = this.Here();
Stopwatch sw = new Stopwatch();
sw.Start();
Dictionary <AuditFileInfo, string> results = new Dictionary <AuditFileInfo, string>(files.Count);
object results_lock = new object();
Parallel.ForEach(files, new ParallelOptions()
{
MaxDegreeOfParallelism = 20
}, (_f, state) =>
{
LocalAuditFileInfo _lf = _f as LocalAuditFileInfo;
string text = _lf.ReadAsText();
if (text != string.Empty)
{
lock (results_lock)
{
results.Add(_f, text);
}
}
});
sw.Stop();
Info("Read text for {0} out of {1} files in {2} ms.", results.Count(r => r.Value.Length > 0), results.Count, sw.ElapsedMilliseconds);
return(results);
}
public EnvironmentEventArgs(CallerInformation caller, EventMessageType message_type, string message_format, object[] m)
{
this.CurrentThread = Thread.CurrentThread;
this.Caller = caller;
this.MessageType = message_type;
this.Message = string.Format(message_format, m);
}
protected override async Task GetWorkspaceAsync()
{
CallerInformation here = this.AuditEnvironment.Here();
await base.GetWorkspaceAsync();
this.WorkspaceFile = this.HostEnvironment.ConstructFile(this.WorkspaceFilePath) as LocalAuditFileInfo;
this.HostEnvironment.Status("Loading Drupal 8 module files.");
DirectoryInfo d = this.WorkspaceDirectory.GetAsSysDirectoryInfo();
FileInfo wf = d.GetFiles(this.WorkspaceFilePath)?.First();
if (wf == null)
{
this.AuditEnvironment.Error(here, "Could not find local Drupal 8 file {0} in local directory {1}.", wf.Name,
d.FullName);
throw new Exception(string.Format("Could not find local Drupal 8 file {0} in local directory {1}.", wf.Name,
d.FullName));
}
try
{
IDeserializer yaml_deserializer = new DeserializerBuilder()
.WithNamingConvention(new CamelCaseNamingConvention())
.IgnoreUnmatchedProperties()
.Build();
this.DrupalModuleInfo = yaml_deserializer.Deserialize <DrupalModuleInfo>(new StringReader(File.ReadAllText(wf.FullName)));
this.DrupalModuleInfo.ShortName = wf.Name.Split('.')[0];
}
catch (Exception e)
{
this.HostEnvironment.Error("Exception thrown reading {0} as YAML file.", wf.FullName);
this.HostEnvironment.Error(e);
throw;
}
}
protected void GetVulnerabilties()
{
CallerInformation caller = this.AuditEnvironment.Here();
this.AuditEnvironment.Status("Searching OSS Index for vulnerabilities for {0} artifacts.", this.Artifacts.Count());
Stopwatch sw = new Stopwatch();
sw.Start();
this.GetVulnerabilitiesExceptions = new ConcurrentDictionary <OSSIndexArtifact, Exception>(5, this.Artifacts.Count());
List <Task> tasks = new List <Task>();
foreach (var artifact in this.ArtifactsWithProjects)
{
Task t = Task.Factory.StartNew(async(o) =>
{
OSSIndexProject project = await this.HttpClient.GetProjectForIdAsync(artifact.ProjectId);
List <OSSIndexPackageVulnerability> package_vulnerabilities = await this.HttpClient.GetPackageVulnerabilitiesAsync(artifact.PackageId);
project.Artifact = artifact;
project.Package = artifact.Package;
lock (artifact_project_lock)
{
if (!ArtifactProject.Keys.Any(a => a.ProjectId == project.Id.ToString()))
{
this._ArtifactProject.Add(Artifacts.Where(a => a.ProjectId == project.Id.ToString()).First(), project);
}
}
IEnumerable <OSSIndexProjectVulnerability> project_vulnerabilities = null;
try
{
project_vulnerabilities = await this.HttpClient.GetVulnerabilitiesForIdAsync(project.Id.ToString());
this.AddPackageVulnerability(artifact.Package, package_vulnerabilities);
this.AddProjectVulnerability(project, project_vulnerabilities);
this.AuditEnvironment.Debug("Found {0} project vulnerabilities and {1} package vulnerabilities for package artifact {2}.", project_vulnerabilities.Count(), package_vulnerabilities.Count, artifact.PackageName);
}
catch (AggregateException ae)
{
this.GetVulnerabilitiesExceptions.TryAdd(artifact, ae.InnerException);
}
catch (Exception e)
{
this.GetVulnerabilitiesExceptions.TryAdd(artifact, e.InnerException);
}
}, artifact, CancellationToken.None, TaskCreationOptions.DenyChildAttach, TaskScheduler.Default).Unwrap();
tasks.Add(t);
}
try
{
Task.WaitAll(tasks.ToArray());
}
catch (AggregateException ae)
{
this.AuditEnvironment.Error(caller, ae, "Exception thrown waiting for Http task to complete in {0}.", ae.InnerException.TargetSite.Name);
}
finally
{
sw.Stop();
}
this.AuditEnvironment.Success("Found {0} total vulnerabilities for {1} artifacts in {2} ms with errors searching vulnerabilities for {3} artifacts.", this.PackageVulnerabilities.Sum(kv => kv.Value.Count()) + this.ProjectVulnerabilities.Sum(kv => kv.Value.Count()), this.ArtifactsWithProjects.Count(), sw.ElapsedMilliseconds, this.GetVulnerabilitiesExceptions.Count);
}
public virtual string GetEnvironmentVar(string name)
{
CallerInformation here = Here();
string var = "", cmd = "", args = "";
if (this.IsWindows)
{
var = "%" + name + "%";
cmd = "powershell";
args = "(Get-Childitem env:" + name + ").Value";
}
else
{
var = "$" + name;
cmd = "echo";
args = var;
}
string output;
if (this.ExecuteCommand(cmd, args, out output))
{
Debug(here, "GetEnvironmentVar({0}) returned {1}.", name, output);
return(output);
}
else
{
Error("GetEnvironmentVar({0}) failed.", var);
return(string.Empty);
}
}
public virtual string FindFiles(string path, string pattern, [CallerMemberName] string memberName = "", [CallerFilePath] string fileName = "", [CallerLineNumber] int lineNumber = 0)
{
if (this.IsUnix)
{
CallerInformation here = Here();
string output;
string cmd = "find";
string args = string.Format("{0} -name {1} -type f", path, pattern);
if (this.ExecuteCommand(cmd, args, out output, false))
{
Debug(here, "FindFiles({0}, {1}) returned {2}.", path, pattern, output);
return(output);
}
else
{
string[] error = output.Split(this.LineTerminator.ToCharArray());
if (error.All(e => e.EndsWith("Permission denied")))
{
Debug(here, "FindFiles({0}, {1}) returned empty.", path, pattern);
return(string.Empty);
}
else
{
Error(here, "Did not successfully execute FindFiles({0}, {1}). Error: {2}.)", path, pattern, output);
return(string.Empty);
}
}
}
else
{
throw new NotSupportedException();
}
}
protected virtual async Task GetWorkspaceAsync()
{
CallerInformation here = this.AuditEnvironment.Here();
if (!(this.AuditEnvironment is LocalEnvironment))
{
this.HostEnvironment.Status("Downloading {0} as local directory for code analysis.", this.RootDirectory.FullName);
}
this.WorkspaceDirectory = await Task.Run(() => this.RootDirectory.GetAsLocalDirectory());
if (this.WorkspaceDirectory == null && !(this.AuditEnvironment is LocalEnvironment))
{
this.HostEnvironment.Error(here, "Could not download {0} as local directory.", this.WorkspaceDirectory);
throw new Exception(string.Format("Could not download {0} as local directory.", this.WorkspaceDirectory));
}
else if (this.WorkspaceDirectory == null)
{
this.HostEnvironment.Error(here, "Could not get {0} as local directory.", this.WorkspaceDirectory);
throw new Exception(string.Format("Could not get {0} as local directory.", this.WorkspaceDirectory));
}
else if (this.WorkspaceDirectory != null && !(this.AuditEnvironment is LocalEnvironment))
{
this.HostEnvironment.Success("Using {0} as workspace directory for code analysis.", this.WorkspaceDirectory.FullName);
return;
}
else // (this.AuditEnvironment is LocalEnvironment)
{
this.HostEnvironment.Info("Using local directory {0} for code analysis.", this.WorkspaceDirectory.FullName);
return;
}
}
public FileInfo GetFileAsLocal(string container_path, string local_path)
{
CallerInformation here = this.Here();
Stopwatch sw = new Stopwatch();
sw.Start();
string process_output = "", process_error = "";
ProcessExecuteStatus process_status;
bool r = this.HostEnvironment.Execute("docker", string.Format("cp {0}:{1} {2}", this.Container, container_path, local_path), out process_status, out process_output, out process_error);
sw.Stop();
if (r)
{
FileInfo f = new FileInfo(local_path);
if (f.Exists)
{
return(f);
}
else
{
this.Error("docker cp {0}:{1} {2} executed successfully but the file with path {3} does not exist.", this.Container, container_path, local_path, f.FullName);
return(null);
}
}
else
{
this.Error("docker cp {0}:{1} {2} did not execute successfully. Output: {3}.", this.Container, container_path, local_path, process_error);
return(null);
}
}
protected string ResolveXPathFunctionArgVariables(string arg, AlpheusXsltContext context)
{
CallerInformation here = this.AuditEnvironment.Here();
Match m = Regex.Match(arg, @"\%\((\S+)\:(\S+)\)");
if (m.Success)
{
string p = m.Groups[1].Value;
string n = m.Groups[2].Value;
object v = EvaluateXPathVariable(new AlpheusXPathVariable(p, n), context);
if (v is string || v is bool || v is double)
{
Debug("Resolving XPath variable reference ${0}:{1} in arg {2} to {3}.", p, n, arg, (string)v);
return(arg.Replace(m.Groups[0].Value, (string)v));
}
else
{
Error("Variable ${0}:{1} is not a value type.", p, n);
return(arg);
}
}
else
{
return(arg);
}
}
protected void GetVulnerabiltiesApiv2()
{
CallerInformation here = this.HostEnvironment.Here();
this.HostEnvironment.Status("Searching OSS Index for vulnerabilities for {0} packages.", this.Packages.Count());
Stopwatch sw = new Stopwatch();
sw.Start();
int i = 0;
IGrouping <int, Package>[] packages_groups = this.Packages.GroupBy(x => i++ / 100).ToArray();
IEnumerable <Package>[] queries = packages_groups.Select(group => packages_groups.Where(g => g.Key == group.Key).SelectMany(g => g)).ToArray();
List <Task> tasks = new List <Task>();
foreach (IEnumerable <Package> q in queries)
{
Task t = Task.Factory.StartNew(async(o) =>
{
try
{
List <OSSIndexApiv2Result> results = await this.HttpClient.SearchVulnerabilitiesAsync(q, this.VulnerabilitiesResultsTransform);
foreach (OSSIndexApiv2Result r in results)
{
if (r.Vulnerabilities != null && r.Vulnerabilities.Count > 0)
{
this.AddVulnerability(r.Package, r.Vulnerabilities);
}
}
}
catch (Exception e)
{
if (e is HttpException)
{
this.HostEnvironment.Error(here, e, "An HTTP error occured attempting to query the OSS Index API for the following {1} packages: {0}.",
q.Select(query => query.Name).Aggregate((q1, q2) => q1 + "," + q2), this.PackageSource.PackageManagerLabel);
}
else
{
this.HostEnvironment.Error(here, e, "An error occurred attempting to query the OSS Index API for the following {1} packages: {0}.",
q.Select(query => query.Name).Aggregate((q1, q2) => q1 + "," + q2), this.PackageSource.PackageManagerLabel);
}
}
}, i, CancellationToken.None, TaskCreationOptions.DenyChildAttach, TaskScheduler.Default).Unwrap();
tasks.Add(t);
}
try
{
Task.WaitAll(tasks.ToArray());
}
catch (AggregateException ae)
{
this.HostEnvironment.Error(here, ae, "An error occurred waiting for SearchVulnerabilitiesAsync task to complete in {0}.", ae.InnerException.TargetSite.Name);
}
finally
{
sw.Stop();
}
return;
}
public EnvironmentEventArgs(CallerInformation caller, Exception e)
{
this.CurrentThread = Thread.CurrentThread;
this.Caller = caller;
this.MessageType = EventMessageType.ERROR;
this.Message = string.Format("Exception occurred.");
this.Exception = e;
}
public override bool FileExists(string file_path)
{
CallerInformation here = this.Here();
if (file_path.StartsWith(this.PathSeparator))
{
file_path = file_path.Remove(0, 1);
}
throw new NotImplementedException();
}
internal void Error(CallerInformation caller, AggregateException ae, string message_format, params object[] message)
{
Error(caller, message_format, message);
if (ae.InnerExceptions != null && ae.InnerExceptions.Count >= 1)
{
foreach (Exception e in ae.InnerExceptions)
{
Error(caller, e);
}
}
}
protected override async Task GetWorkspaceAsync()
{
CallerInformation here = this.AuditEnvironment.Here();
await base.GetWorkspaceAsync();
this.HostEnvironment.Status("Compiling workspace projects.");
DirectoryInfo d = this.WorkspaceDirectory.GetAsSysDirectoryInfo();
FileInfo wf = d.GetFiles(this.WorkspaceFilePath.Substring(1)).First();
if (wf == null)
{
this.AuditEnvironment.Error(here, "Could not find local workspace file {0} in local directory {1}.", wf.Name,
d.FullName);
throw new Exception(string.Format("Could not find local workspace file {0} in local directory {1}.", wf.Name,
d.FullName));
}
if (this.HostEnvironment.IsMonoRuntime)
{
this.HostEnvironment.Error("Using the MSBuild workspace is not yet supported on Mono. See " + @"https://gitter.im/dotnet/roslyn/archives/2016/09/25");
throw new Exception("Using the MSBuild workspace is not yet supported on Mono. See " + @"https://gitter.im/dotnet/roslyn/archives/2016/09/25");
}
this.HostEnvironment.Status("Compiling project file {0}.", wf.FullName);
Stopwatch sw = new Stopwatch();
sw.Start();
try
{
this.MSBuildWorkspace = MSBuildWorkspace.Create();
Project p = this.MSBuildWorkspace.OpenProjectAsync(wf.FullName).Result;
this.OutputFile = new FileInfo(p.OutputFilePath);
this.OutputDirectory = this.OutputFile.Directory;
Compilation c = await p.GetCompilationAsync();
this.Project = p;
this.Compilation = c;
this.WorkSpace = this.MSBuildWorkspace;
sw.Stop();
this.HostEnvironment.Success("Roslyn compiled {2} file(s) in project {0} in {1} ms.", p.Name, sw.ElapsedMilliseconds, c.SyntaxTrees.Count());
}
catch (Exception e)
{
sw.Stop();
this.HostEnvironment.Error(here, e);
this.MSBuildWorkspace.Dispose();
throw;
}
foreach (SyntaxTree st in (this.Compilation as Compilation).SyntaxTrees)
{
this.HostEnvironment.Debug("Compiled {0}", st.FilePath);
}
return;
}
protected Tuple <int, int> GetArtifacts()
{
CallerInformation caller = this.AuditEnvironment.Here();
this.AuditEnvironment.Status("Searching OSS Index for artifacts for {0} packages.", this.Packages.Count());
Stopwatch sw = new Stopwatch();
sw.Start();
object artifacts_lock = new object();
int package_count = 0, artifact_count = 0;
int i = 0;
IGrouping <int, OSSIndexQueryObject>[] packages_groups = this.Packages.GroupBy(x => i++ / 100).ToArray();
IEnumerable <OSSIndexQueryObject>[] queries = packages_groups.Select(group => packages_groups.Where(g => g.Key == group.Key).SelectMany(g => g)).ToArray();
List <Task> tasks = new List <Task>();
foreach (IEnumerable <OSSIndexQueryObject> q in queries)
{
Task t = Task.Factory.StartNew(async(o) =>
{
IEnumerable <OSSIndexArtifact> artifacts = await this.HttpClient.SearchAsync(this.PackageManagerId, q, this.ArtifactsTransform);
lock (artifacts_lock)
{
var aa = AddArtifiact(q, artifacts);
package_count += aa.Key.Count();
artifact_count += aa.Value.Count();
}
}, q, CancellationToken.None, TaskCreationOptions.DenyChildAttach, TaskScheduler.Default).Unwrap();
tasks.Add(t);
}
try
{
Task.WaitAll(tasks.ToArray());
}
catch (Exception e)
{
this.AuditEnvironment.Error(caller, "Exception thrown waiting for tasks,", e);
}
finally
{
sw.Stop();
}
if (artifact_count > 0)
{
this.AuditEnvironment.Success("Found {0} artifacts on OSS Index in {1} ms.", artifact_count, sw.ElapsedMilliseconds);
}
else
{
this.AuditEnvironment.Warning("Found 0 artifacts on OSS Index in {0} ms.", sw.ElapsedMilliseconds);
}
return(new Tuple <int, int>(package_count, artifact_count));
}
public override Dictionary <AuditFileInfo, string> ReadFilesAsText(List <AuditFileInfo> files)
{
CallerInformation here = this.Here();
Dictionary <AuditFileInfo, string> results = new Dictionary <AuditFileInfo, string>(files.Count);
object results_lock = new object();
Stopwatch sw = new Stopwatch();
sw.Start();
int read_count = 0;
string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble());
var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length;
Parallel.ForEach(files, new ParallelOptions()
{
MaxDegreeOfParallelism = 20
}, (_f, state) =>
{
string process_output = "";
string process_error = "";
ProcessExecuteStatus process_status;
bool r = this.Execute("cat", _f.FullName, out process_status, out process_output, out process_error);
if (r)
{
/* May need this in the future.
* if (process_output.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal))
* {
* process_output = process_output.Remove(0, lastIndexOfUtf8);
* }*/
if (process_output == string.Format("cat: {0}: No such file or directory", _f.FullName))
{
this.Error(here, "File {0} does not exist.", _f.FullName);
}
else
{
lock (results_lock)
{
results.Add(_f, process_output);
}
Interlocked.Increment(ref read_count);
Debug(here, string.Format("Read {1} chars from local file {0}.", _f.FullName, process_output.Length), files.Count, read_count);
}
}
else
{
Error(here, "Could not read {0} as text. Command returned: {1} {2}", _f.FullName, process_output, process_error);
}
});
sw.Stop();
Success("Read text for {0} out of {1} files in {2} ms.", results.Count(r => r.Value.Length > 0), results.Count(), sw.ElapsedMilliseconds);
return(results);
}
public List <Tuple <string, ProcessExecuteStatus, string, string> > ExecuteMany(List <Tuple <string, string> > commands)
{
CallerInformation caller = this.Here();
if (!this.IsConnected)
{
throw new InvalidOperationException("The SSH session is not connected.");
}
List <Tuple <string, ProcessExecuteStatus, string, string> > results = new List <Tuple <string, ProcessExecuteStatus, string, string> >(commands.Count);
object results_lock = new object();
Stopwatch sw = new Stopwatch();
sw.Start();
Parallel.ForEach(commands, new ParallelOptions()
{
MaxDegreeOfParallelism = 20
}, (_c, state) =>
{
string process_output = string.Empty;
string process_error = string.Empty;
SshCommand cmd = this.SshClient.CreateCommand(_c.Item1 + " " + _c.Item2);
Stopwatch cs = new Stopwatch();
cs.Start();
CommandAsyncResult result = cmd.BeginExecute(new AsyncCallback(SshCommandAsyncCallback), new KeyValuePair <SshCommand, Stopwatch>(cmd, cs)) as CommandAsyncResult;
cmd.EndExecute(result);
KeyValuePair <SshCommand, Stopwatch> s = (KeyValuePair <SshCommand, Stopwatch>)result.AsyncState;
process_output = s.Key.Result.Trim();
process_error = s.Key.Error.Trim();
if (s.Value.IsRunning)
{
s.Value.Stop();
}
if (process_output != string.Empty)
{
lock (results_lock)
{
results.Add(new Tuple <string, ProcessExecuteStatus, string, string>(_c.Item1, ProcessExecuteStatus.Completed, process_output, process_error));
}
Debug(caller, "Execute {0} completed with {1} {2}.", s.Key.Result.Length, cmd.CommandText, process_output, process_error);
}
else
{
lock (results_lock)
{
results.Add(new Tuple <string, ProcessExecuteStatus, string, string>(_c.Item1, ProcessExecuteStatus.Error, process_output, process_error));
}
Debug(caller, "Execute {0} did not complete successfully: {1} {2}.", s.Key.Result.Length, cmd.CommandText, process_output, process_error);
}
});
return(results);
}
public CodeProject(Dictionary <string, object> project_options, EventHandler <EnvironmentEventArgs> message_handler, Dictionary <string, string[]> default_file_location_paths, string analyzer_type) : base(project_options, message_handler)
{
CallerInformation here = this.AuditEnvironment.Here();
this.CodeProjectOptions = project_options;
this.DefaultFileLocationPaths = default_file_location_paths;
if (this.CodeProjectOptions.ContainsKey("RootDirectory"))
{
if (!this.AuditEnvironment.DirectoryExists((string)this.CodeProjectOptions["RootDirectory"]))
{
throw new ArgumentException(string.Format("The root directory {0} was not found.", CodeProjectOptions["RootDirectory"]), "package_source_options");
}
else
{
this.CodeProjectFileSystemMap.Add("RootDirectory", this.AuditEnvironment.ConstructDirectory((string)CodeProjectOptions["RootDirectory"]));
}
}
else
{
throw new ArgumentException(string.Format("The root application directory was not specified."), "application_options");
}
if (this.CodeProjectOptions.ContainsKey("ProjectName"))
{
this.ProjectName = (string)CodeProjectOptions["ProjectName"];
}
if (this.CodeProjectOptions.ContainsKey("File"))
{
string fn = (string)this.CodeProjectOptions["File"];
if (!fn.StartsWith("@"))
{
throw new ArgumentException("The workspace file parameter must be relative to the root directory for this audit target.", "project_options");
}
AuditFileInfo wf = this.AuditEnvironment.ConstructFile(this.CombinePath("@", fn.Substring(1)));
if (wf.Exists)
{
this.WorkspaceFilePath = wf.FullName;
}
else
{
throw new ArgumentException(string.Format("The workspace file {0} was not found.", wf.FullName), "project_options");
}
}
this.AnalyzerType = analyzer_type;
if (this.CodeProjectOptions.ContainsKey("ListCodeProjectAnalyzers"))
{
this.ListCodeProjectAnalyzers = true;
}
}
public virtual Task GetPackagesTask(CancellationToken ct)
{
CallerInformation caller = this.AuditEnvironment.Here();
if (this.SkipPackagesAudit)
{
this.PackagesTask = this.ArtifactsTask = this.VulnerabilitiesTask = this.EvaluateVulnerabilitiesTask = Task.CompletedTask;
this.Packages = new List <OSSIndexQueryObject>();
}
else
{
this.AuditEnvironment.Status("Scanning {0} packages.", this.PackageManagerLabel);
this.PackagesTask = Task.Run(() => this.Packages = this.GetPackages(), ct);
}
return(this.PackagesTask);
}
internal override Task GetPackagesTask(CancellationToken ct)
{
CallerInformation caller = this.AuditEnvironment.Here();
if (this.SkipPackagesAudit || this.PrintConfiguration || this.ListConfigurationRules)
{
this.PackagesTask = this.ArtifactsTask = this.VulnerabilitiesTask = this.EvaluateVulnerabilitiesTask = Task.CompletedTask;
this.Packages = new List <Package>();
}
else
{
this.AuditEnvironment.Status("Scanning {0} packages.", this.PackageManagerLabel);
this.PackagesTask = Task.Run(() => this.Packages = this.GetPackages(), ct);
}
return(this.PackagesTask);
}
public override bool FileExists(string file_path)
{
CallerInformation caller = this.Here();
string process_output = "";
if (this.ExecuteCommand("stat", file_path, out process_output, false) || !string.IsNullOrEmpty(process_output))
{
this.Debug(caller, "Execute returned true for stat {0}. Output: {1}.", file_path, process_output);
return(!process_output.Contains("no such file or directory") && (process_output.Contains("regular file") || process_output.Contains("symbolic link")));
}
else
{
this.Debug(caller, "Execute returned false for stat {0}.", file_path);
return(false);
}
}
internal void DestroyScpClient(ScpClient c, [CallerMemberName] string memberName = "", [CallerFilePath] string fileName = "", [CallerLineNumber] int lineNumber = 0)
{
CallerInformation caller = new CallerInformation(memberName, fileName, lineNumber);
if (!scp_clients.Contains(c))
{
throw new ArgumentException("The ScpClient does not exist in the scp_clients dictionary.");
}
if (c.IsConnected)
{
c.Disconnect();
}
c.ErrorOccurred -= ScpClient_ErrorOccurred;
c.Downloading -= ScpClient_Downloading;
c.Dispose();
scp_clients.Remove(c);
Debug(caller, "Destroyed SCP connection to {0}.", this.HostName);
}
public override bool DirectoryExists(string dir_path)
{
CallerInformation here = this.Here();
IReadOnlyList <RepositoryContent> f = this.GetContent(dir_path);
if (f == null || f.Count == 0)
{
return(false);
}
else if (f.First().Type != ContentType.Dir)
{
return(true);
}
else
{
return(true);
}
}
public override bool DirectoryExists(string dir_path)
{
CallerInformation caller = this.Here();
string process_output = "";
string process_error = "";
ProcessExecuteStatus process_status;
if (this.Execute("stat", dir_path, out process_status, out process_output, out process_error))
{
this.Debug(caller, "Execute returned true for stat {0}. Output: {1}. Error: {2}.", dir_path, process_output, process_error);
return(!process_output.Contains("no such file or directory") && (process_output.Contains("directory") || process_output.Contains("symbolic link")));
}
else
{
this.Debug(caller, "Execute returned true for stat {0}. Output: {1}. Error: {2}.", dir_path, process_output, process_error);
return(false);
}
}
public override Dictionary <AuditFileInfo, string> ReadFilesAsText(List <AuditFileInfo> files)
{
CallerInformation here = this.Here();
Dictionary <AuditFileInfo, string> results = new Dictionary <AuditFileInfo, string>(files.Count);
object results_lock = new object();
Stopwatch sw = new Stopwatch();
sw.Start();
Parallel.ForEach(files, new ParallelOptions()
{
MaxDegreeOfParallelism = 20
}, (_f, state) =>
{
SshCommand cmd = this.SshClient.CreateCommand("cat " + _f.FullName);
Stopwatch cs = new Stopwatch();
cs.Start();
CommandAsyncResult result = cmd.BeginExecute(new AsyncCallback(SshCommandAsyncCallback), new KeyValuePair <SshCommand, Stopwatch> (cmd, cs)) as CommandAsyncResult;
cmd.EndExecute(result);
KeyValuePair <SshCommand, Stopwatch> s = (KeyValuePair <SshCommand, Stopwatch>)result.AsyncState;
if (s.Key.Result != string.Empty)
{
lock (results_lock)
{
results.Add(_f, s.Key.Result);
}
if (s.Value.IsRunning)
{
s.Value.Stop();
}
Debug(here, "Read {0} chars from {1}.", s.Key.Result.Length, _f.FullName);
Progress("Read environment files", files.Count, 3, s.Value.Elapsed);
}
else
{
Error(here, "Could not read {0} as text. Command returned: {1}", _f.FullName, s.Key.Error);
}
s.Key.Dispose();
cs = null;
});
sw.Stop();
Success("Read text for {0} out of {1} files in {2} ms.", results.Count(r => r.Value.Length > 0), results.Count(), sw.ElapsedMilliseconds);
return(results);
}
public override IDirectoryInfo[] GetDirectories()
{
CallerInformation here = this.AuditEnvironment.Here();
IReadOnlyList <RepositoryContent> c = this.GitHubAuditEnvironment.GetContent(this.FullName);
if (c == null)
{
this.AuditEnvironment.Warning("Could not get directories for path {0}.", this.FullName);
return(null);
}
else if (c.Count == 0 || c.Where(content => content.Type == ContentType.Dir).Count() == 0)
{
return(new GitHubAuditDirectoryInfo[] { });
}
else
{
return(c.Where(content => content.Type == ContentType.Dir).Select(content => this.GitHubAuditEnvironment.ConstructDirectory(content.Path)).ToArray());
}
}
protected string EnvironmentExecute(string command, string args, [CallerMemberName] string memberName = "", [CallerFilePath] string fileName = "", [CallerLineNumber] int lineNumber = 0)
{
CallerInformation caller = new CallerInformation(memberName, fileName, lineNumber);
AuditEnvironment.ProcessExecuteStatus process_status;
string process_output = "";
string process_error = "";
if (this.AuditEnvironment.Execute(command, args, out process_status, out process_output, out process_error))
{
this.AuditEnvironment.Debug(caller, "The command {0} {1} executed successfully. Output: {1}", command, args, process_output);
return(process_output);
}
else
{
this.AuditEnvironment.Debug(caller, "The command {0} {1} did not execute successfully. Output: {1}", command, args, process_output + process_error);
return(string.Empty);
}
}
internal override Task GetPackagesTask(CancellationToken ct)
{
CallerInformation caller = this.AuditEnvironment.Here();
if (this.SkipPackagesAudit || this.PrintConfiguration || this.ListConfigurationRules)
{
this.PackagesTask = Task.CompletedTask;
}
else if (!this.PackageSourceInitialized)
{
return(this.PackagesTask = Task.CompletedTask);
}
else
{
this.AuditEnvironment.Status("Scanning {0} packages.", this.PackageManagerLabel);
this.NugetPackageSource.GetPackagesTask(ct);
this.PackagesTask = this.NugetPackageSource.PackagesTask.ContinueWith((t) => this.Packages = this.NugetPackageSource.Packages, TaskContinuationOptions.OnlyOnRanToCompletion);
}
return(this.PackagesTask);
}
