public async Task ExecuteAsync(DependencyManagerTypes dependencyManager, string dependencyName, string dependencyVersion)
{
_check.AddSource(dependencyManager, new OssIndexVulnerabilitySource("https://ossindex.sonatype.org"));
var results = await _check.ExecuteAsync(dependencyName, dependencyVersion);
Assert.NotEmpty(results);
}
private PackageManagerTypes DependencyManagerTypesToPackageManager(DependencyManagerTypes dependencyManager)
{
if (s_packageManagerTypesByDependencyManagerTypes.TryGetValue(dependencyManager, out var packageManager))
{
return(packageManager);
}
throw new InvalidOperationException($"Unknown dependency manager type: {dependencyManager.ToString()}");
}
public async Task <IEnumerable <Vulnerability> > GetVulnerabilitiesAsync(DependencyManagerTypes dependencyManager, string dependencyName, string dependencyVersion)
{
if (!s_packageManagerTypesByDependencyManagerTypes.Keys.Contains(dependencyManager))
{
return(Enumerable.Empty <Vulnerability>());
}
var packageManager = DependencyManagerTypesToPackageManager(dependencyManager);
return((await _client.GetPackageVersionAsync(packageManager, dependencyName, dependencyVersion))
.Vulnerabilities
?.Select(x => new Vulnerability
{
DependencyName = dependencyName,
DependencyVersion = dependencyVersion,
DependencyType = dependencyManager,
Title = x.Title,
Description = x.Description,
References = x.References,
Versions = x.Versions
}));
}
public async Task GetVulnerabilitiesAsync(DependencyManagerTypes dependencyManager, string dependencyName, string dependencyVersion)
{
var results = await _source.GetVulnerabilitiesAsync(dependencyManager, dependencyName, dependencyVersion);
Assert.NotEmpty(results);
}
public void GetDependencyManagerTypes(DependencyManagerTypes dependencyManager)
{
var types = _source.GetDependencyManagerTypes();
Assert.Contains(dependencyManager, types);
}
public void AddSource(DependencyManagerTypes dependencyManager, IVulnerabilitySource source)
{
_sources[dependencyManager] = source;
}