Exemple #1
0
        /// <summary>
        /// Gets the repository's details and updates the status field in the dependencies
        /// </summary>
        /// <param name="repository"> A Repository object</param>
        /// <returns>An updated repository object with the status field.</returns>
        internal async Task <Repository> UpdateRepositoryStatus(Repository repository)
        {
            var vulnerabilityCount       = repository?.VulnerabilityAlerts?.TotalCount;
            var dependencyGraphManifests = repository?.DependencyGraphManifests?.Nodes;

            if (dependencyGraphManifests == null)
            {
                return(repository);
            }

            // Go through the various dependency manifests in the repo
            foreach (var dependencyManifest in dependencyGraphManifests)
            {
                var dependencies = dependencyManifest?.Dependencies?.Nodes;
                if (dependencies == null)
                {
                    continue;
                }
                PackageStatus highestStatus = PackageStatus.Unknown;

                // Go through each dependency in the dependency manifest
                foreach (var dependency in dependencies)
                {
                    var currentVersion = dependency.requirements;
                    if (string.IsNullOrEmpty(currentVersion))
                    {
                        continue;
                    }

                    //getting latest versions from the respective packagemanagers,azure sdks and the default values from github
                    string latestVersion;
                    string azureSdkVersion = String.Empty;
                    switch (dependency.packageManager)
                    {
                    case "NUGET":
                        latestVersion = await GetLatestNugetVersion(dependency.packageName, currentVersion);

                        azureSdkVersion = await _azureSdkService.GetAzureSdkVersions(dependency.packageName);

                        break;

                    case "NPM":
                        latestVersion = await _npmService.GetLatestVersion(dependency.packageName);

                        break;

                    default:
                        latestVersion = dependency.repository?.releases?.nodes?.FirstOrDefault()?.tagName;
                        break;
                    }
                    dependency.latestVersion   = latestVersion;
                    dependency.azureSdkVersion = azureSdkVersion;

                    //calculate status normally for repos without security alerts
                    if (vulnerabilityCount == 0)
                    {
                        dependency.status = CalculateStatus(currentVersion.Substring(2), latestVersion);
                    }

                    //check if a repo has security alerts
                    else if (vulnerabilityCount > 0)
                    {
                        var librariesWithAlerts = repository?.VulnerabilityAlerts.Edges.Select(p => p.Node?.SecurityVulnerability.Package.Name);

                        //if the name of the dependency is in the list of libraries with alerts, set status to urgent update
                        if (librariesWithAlerts.Contains(dependency.packageName))
                        {
                            dependency.status = PackageStatus.UrgentUpdate;
                        }
                        else
                        {
                            dependency.status = CalculateStatus(currentVersion.Substring(2), latestVersion);
                        }
                    }
                }
                //getting the highest status from a dependency node
                highestStatus = HighestStatus(dependencies);

                //comparing the highest statuses from different nodes
                if (highestStatus > repository.highestStatus)
                {
                    repository.highestStatus = highestStatus;
                }
            }
            return(repository);
        }
Exemple #2
0
        /// <summary>
        /// Gets the repository's details and updates the status field in the dependencies
        /// </summary>
        /// <param name="repository"> A Repository object</param>
        /// <returns>An updated repository object with the status field.</returns>
        internal async Task <Repository> UpdateRepositoryStatus(Repository repository)
        {
            var headerDetails = await GetYamlHeader(repository.Name,
                                                    repository.DefaultBranch == null? "master" : repository.DefaultBranch.Name);

            repository.IdentityStatus = PackageStatus.Unknown;
            repository.GraphStatus    = PackageStatus.Unknown;
            repository.highestStatus  = PackageStatus.Unknown;
            var vulnerabilityCount       = repository?.VulnerabilityAlerts?.TotalCount;
            var dependencyGraphManifests = repository?.DependencyGraphManifests?.Nodes;

            if (dependencyGraphManifests == null || dependencyGraphManifests.Count() == 0 && headerDetails != null)
            {
                var dependencyFile = headerDetails.DependencyFile ?? string.Empty;
                if (dependencyFile == "noDependencies")
                {
                    // Repository doesn't use dependencies, mark as
                    // up to date
                    repository.highestStatus = PackageStatus.UpToDate;
                    return(repository);
                }

                if (string.IsNullOrEmpty(dependencyFile))
                {
                    return(repository);
                }

                // Build dependency graph from file
                dependencyGraphManifests = await BuildDependencyGraphFromFile(repository.Name,
                                                                              repository.DefaultBranch?.Name ?? "master", dependencyFile);

                repository.DependencyGraphManifests.Nodes = dependencyGraphManifests;
                if (dependencyGraphManifests == null)
                {
                    return(repository);
                }
            }

            // Go through the various dependency manifests in the repo
            foreach (var dependencyManifest in dependencyGraphManifests)
            {
                var dependencies = dependencyManifest?.Dependencies?.Nodes;
                if (dependencies == null)
                {
                    continue;
                }
                PackageStatus highestStatus = PackageStatus.Unknown;

                // Go through each dependency in the dependency manifest
                foreach (var dependency in dependencies)
                {
                    var currentVersion = dependency.requirements;
                    if (string.IsNullOrEmpty(currentVersion))
                    {
                        continue;
                    }

                    //getting latest versions from the respective packagemanagers,azure sdks and the default values from github
                    string latestVersion;
                    string azureSdkVersion = String.Empty;
                    switch (dependency.packageManager)
                    {
                    case "NUGET":
                        latestVersion = await GetLatestNugetVersion(dependency.packageName, currentVersion);

                        azureSdkVersion = await _azureSdkService.GetAzureSdkVersions(dependency.packageName);

                        break;

                    case "NPM":
                        latestVersion = await _npmService.GetLatestVersion(dependency.packageName);

                        break;

                    case "GRADLE":
                    case "MAVEN":
                        // Check the Maven repositories for version information first
                        latestVersion = await _mavenService.GetLatestVersion(dependency.packageName, currentVersion);

                        if (string.IsNullOrEmpty(latestVersion))
                        {
                            // Fall back to GitHub's supplied value
                            latestVersion = dependency.repository?.releases?.nodes?.FirstOrDefault()?.tagName;
                        }
                        break;

                    case "COCOAPODS":
                        latestVersion = await _cocoaPodsService.GetLatestVersion(dependency.packageName);

                        break;

                    default:
                        latestVersion = dependency.repository?.releases?.nodes?.FirstOrDefault()?.tagName;
                        break;
                    }
                    dependency.latestVersion   = latestVersion;
                    dependency.azureSdkVersion = azureSdkVersion;

                    //calculate status normally for repos without security alerts
                    if (vulnerabilityCount == 0)
                    {
                        dependency.status = CalculateStatus(currentVersion.Substring(2), latestVersion);
                    }

                    //check if a repo has security alerts
                    else if (vulnerabilityCount > 0)
                    {
                        var librariesWithAlerts = repository?.VulnerabilityAlerts.Edges.Select(p => p.Node?.SecurityVulnerability.Package.Name);

                        //if the name of the dependency is in the list of libraries with alerts, set status to urgent update
                        if (librariesWithAlerts.Contains(dependency.packageName))
                        {
                            dependency.status = PackageStatus.UrgentUpdate;
                        }
                        else
                        {
                            dependency.status = CalculateStatus(currentVersion.Substring(2), latestVersion);
                        }
                    }

                    // Check if dependency is Identity library
                    if (IsIdentityLibrary(dependency) && dependency.status > repository.IdentityStatus)
                    {
                        repository.IdentityStatus = dependency.status;
                    }
                    // Check if dependency is Graph SDK
                    else if (IsGraphSdk(dependency) && dependency.status > repository.GraphStatus)
                    {
                        repository.GraphStatus = dependency.status;
                    }
                }
                //getting the highest status from a dependency node
                highestStatus = HighestStatus(dependencies);

                //comparing the highest statuses from different nodes
                if (highestStatus > repository.highestStatus)
                {
                    repository.highestStatus = highestStatus;
                }
            }
            return(repository);
        }