public void LogPackagesToRetire()
{
var packagesToRetire = _retireApiClient.GetPackagesToRetire();
foreach (var p in packagesToRetire)
{
_logger.LogDebug($"Looking for {p.Id}/{p.Affected}".Orange());
}
IEnumerable <NugetReference> nugetReferences = new List <NugetReference>();
try
{
nugetReferences = _nugetreferenceservice.GetNugetReferences();
}
catch (NoAssetsFoundException)
{
_logger.LogWarning($"No assets found. Could not check dependencies. Missing 'dotnet restore'?");
Environment.Exit(0);
return;
}
_logger.LogInformation($"Found in total {nugetReferences.Count()} references of NuGets (direct & transient)");
var usages = _usageFinder.FindUsagesOf(nugetReferences, packagesToRetire);
if (usages.Any())
{
foreach (var usage in usages)
{
_logger.LogError($"Found direct reference to {usage.NugetReference}".Red());
}
}
else
{
_logger.LogInformation($"Found no usages of vulnerable libs!".Green());
}
}
public void LogPackagesToRetire()
{
// removing this line breaks logging somehow.
_logger.LogInformation("Scan starting".Green());
var packagesToRetire = _retireApiClient.GetPackagesToRetire().ToList();
foreach (var p in packagesToRetire)
{
_logger.LogTrace($"Looking for {p.Id}/{p.Affected}".Orange());
}
var status = _restorer.Restore();
if (status.IsSuccess)
{
_logger.LogDebug("`dotnet restore:`" + status.Output);
}
else
{
_logger.LogDebug("`dotnet restore output:`" + status.Output);
_logger.LogDebug("`dotnet restore errors:`" + status.Errors);
_logger.LogDebug("`dotnet restore exitcode:`" + status.ExitCode);
_logger.LogError("Failed to `dotnet restore`. Is the current dir missing a csproj?");
return;
}
List <NugetReference> nugetReferences;
try
{
nugetReferences = _nugetreferenceservice.GetNugetReferences().ToList();
}
catch (NoAssetsFoundException)
{
_logger.LogError("No assets found. Are you running the tool from a folder missing a csproj?");
return;
}
_logger.LogDebug($"Found in total {nugetReferences.Count} references of NuGets (direct & transient)");
var usages = _usageFinder.FindUsagesOf(nugetReferences, packagesToRetire);
if (usages.Any())
{
var plural = usages.Count > 1 ? "s" : "";
var grouped = usages.GroupBy(g => g.NugetReference.ToString());
var errorLog = $"Found use of {grouped.Count()} vulnerable libs in {usages.Count} dependency path{plural}.";
foreach (var group in grouped)
{
errorLog += $"\n\n* {group.Key}".Red();
if (_logger.IsEnabled(LogLevel.Debug))
{
foreach (var usage in group)
{
if (!usage.IsDirect)
{
errorLog += $"\n{usage.ReadPath()}";
}
}
}
}
errorLog += "\n";
_logger.LogError(errorLog);
}
else
{
_logger.LogInformation($"Found no usages of vulnerable libs!".Green());
}
_logger.LogInformation($"Scan complete.");
}
