private void AddConfigurationRules(OSSIndexProject project, IEnumerable <OSSIndexProjectConfigurationRule> rules) { lock (configuration_rules_lock) { this._ConfigurationRulesForProject.Add(project, rules); } }
protected void GetVulnerabilties() { CallerInformation caller = this.AuditEnvironment.Here(); this.AuditEnvironment.Status("Searching OSS Index for vulnerabilities for {0} artifacts.", this.Artifacts.Count()); Stopwatch sw = new Stopwatch(); sw.Start(); this.GetVulnerabilitiesExceptions = new ConcurrentDictionary <OSSIndexArtifact, Exception>(5, this.Artifacts.Count()); List <Task> tasks = new List <Task>(); foreach (var artifact in this.ArtifactsWithProjects) { Task t = Task.Factory.StartNew(async(o) => { OSSIndexProject project = await this.HttpClient.GetProjectForIdAsync(artifact.ProjectId); List <OSSIndexPackageVulnerability> package_vulnerabilities = await this.HttpClient.GetPackageVulnerabilitiesAsync(artifact.PackageId); project.Artifact = artifact; project.Package = artifact.Package; lock (artifact_project_lock) { if (!ArtifactProject.Keys.Any(a => a.ProjectId == project.Id.ToString())) { this._ArtifactProject.Add(Artifacts.Where(a => a.ProjectId == project.Id.ToString()).First(), project); } } IEnumerable <OSSIndexProjectVulnerability> project_vulnerabilities = null; try { project_vulnerabilities = await this.HttpClient.GetVulnerabilitiesForIdAsync(project.Id.ToString()); this.AddPackageVulnerability(artifact.Package, package_vulnerabilities); this.AddProjectVulnerability(project, project_vulnerabilities); this.AuditEnvironment.Debug("Found {0} project vulnerabilities and {1} package vulnerabilities for package artifact {2}.", project_vulnerabilities.Count(), package_vulnerabilities.Count, artifact.PackageName); } catch (AggregateException ae) { this.GetVulnerabilitiesExceptions.TryAdd(artifact, ae.InnerException); } catch (Exception e) { this.GetVulnerabilitiesExceptions.TryAdd(artifact, e.InnerException); } }, artifact, CancellationToken.None, TaskCreationOptions.DenyChildAttach, TaskScheduler.Default).Unwrap(); tasks.Add(t); } try { Task.WaitAll(tasks.ToArray()); } catch (AggregateException ae) { this.AuditEnvironment.Error(caller, ae, "Exception thrown waiting for Http task to complete in {0}.", ae.InnerException.TargetSite.Name); } finally { sw.Stop(); } this.AuditEnvironment.Success("Found {0} total vulnerabilities for {1} artifacts in {2} ms with errors searching vulnerabilities for {3} artifacts.", this.PackageVulnerabilities.Sum(kv => kv.Value.Count()) + this.ProjectVulnerabilities.Sum(kv => kv.Value.Count()), this.ArtifactsWithProjects.Count(), sw.ElapsedMilliseconds, this.GetVulnerabilitiesExceptions.Count); }
AddProjectVulnerability(OSSIndexProject project, IEnumerable <OSSIndexProjectVulnerability> vulnerability) { lock (project_vulnerabilities_lock) { this._VulnerabilitiesForProject.Add(project, vulnerability); return(new KeyValuePair <OSSIndexProject, IEnumerable <OSSIndexProjectVulnerability> >(project, vulnerability)); } }
private void AddConfigurationRules(string project_name, IEnumerable <OSSIndexProjectConfigurationRule> rules) { lock (configuration_rules_lock) { OSSIndexProject project = ArtifactProject.Values.Where(p => p.Name == project_name).FirstOrDefault(); if (project == null) { project = new OSSIndexProject() { Name = project_name }; } foreach (OSSIndexProjectConfigurationRule r in rules) { r.Project = project; } this._ConfigurationRulesForProject.Add(project, rules); } }
protected void GetConfigurationRules() { this.AuditEnvironment.Info("Searching OSS Index for configuration rules for {0} artifact(s).", this.ArtifactsWithProjects.Count); Stopwatch sw = new Stopwatch(); List <Task> tasks = new List <Task>(); this.GetProjectConfigurationRulesExceptions = new ConcurrentDictionary <OSSIndexArtifact, Exception>(); this.ProjectConfigurationRulesEvaluations = new Dictionary <OSSIndexProjectConfigurationRule, Tuple <bool, List <string>, string> >(); Int32 i = new Int32(); sw.Start(); foreach (OSSIndexArtifact a in this.ArtifactsWithProjects) { Task t = Task.Factory.StartNew(async(o) => { OSSIndexProject project = null; lock (artifact_project_lock) { if (ArtifactProject.Values.Any(p => p.Id.ToString() == a.ProjectId)) { project = ArtifactProject.Values.Where(ap => ap.Id.ToString() == a.ProjectId).First(); } } try { if (project == null) { project = await this.HttpClient.GetProjectForIdAsync(a.ProjectId); project.Artifact = a; lock (artifact_project_lock) { if (!ArtifactProject.Values.Any(p => p.Id.ToString() == a.ProjectId)) { this._ArtifactProject.Add(a, project); } } } IEnumerable <OSSIndexProjectConfigurationRule> rules = await this.HttpClient.GetConfigurationRulesForIdAsync(project.Id.ToString()); if (rules != null && rules.Count() > 0) { this.AddConfigurationRules(project, rules); this.AuditEnvironment.Debug("Found {0} rule(s) for artifact {1}.", rules.Count(), project.Artifact.PackageName); Interlocked.Add(ref i, 1); } } catch (AggregateException ae) { this.GetProjectConfigurationRulesExceptions.TryAdd(a, ae.InnerException); this.AuditEnvironment.Warning("Exception thrown in {0} task: {1}", ae.InnerException.TargetSite.Name, ae.Message); } catch (Exception e) { this.GetProjectConfigurationRulesExceptions.TryAdd(a, e); this.AuditEnvironment.Warning("Exception thrown in {0} task: {1}", e.TargetSite.Name, e.Message); } finally { sw.Stop(); } }, i, CancellationToken.None, TaskCreationOptions.DenyChildAttach, TaskScheduler.Default).Unwrap(); tasks.Add(t); } Task.WaitAll(tasks.ToArray()); sw.Stop(); this.AuditEnvironment.Info("Found {0} configuration rule(s) on OSS Index in {1} ms.", i, sw.ElapsedMilliseconds); return; }