/// <summary>
/// args[0] is expected to be the path to the project file.
/// </summary>
/// <param name="args"></param>
private static void Main(string[] args)
{
_settings = Settings.LoadSettings(Path.GetDirectoryName(args[0]));
var pkgConfig = Path.Combine(Path.GetDirectoryName(args[0]), "packages.config");
_nuGetFile = File.Exists(pkgConfig) ? pkgConfig : args[0];
_pkgs = LoadPackages(_nuGetFile);
if (_settings.ErrorSettings.BlackListedPackages.Length > 0)
{
CheckForBlacklistedPackages();
}
if (_settings.ErrorSettings.WhiteListedPackages.Length > 0)
{
foreach (var pkg in _pkgs.Where(p => !_settings.ErrorSettings.WhiteListedPackages.Any(b =>
b.Id == p.Id && VersionRange.Parse(p.Version).Satisfies(new NuGetVersion(b.Version)))))
{
Console.WriteLine(
$"{_nuGetFile}({pkg.LineNumber},{pkg.LinePosition}) : Error : {pkg.Id} has not been whitelisted and may not be used in this project");
}
}
Dictionary <string, Dictionary <string, Vulnerability> > vulnDict = null;
if (_settings.OssIndex.Enabled)
{
vulnDict =
new Scanner(_nuGetFile, _settings.OssIndex.BreakIfCannotRun).GetVulnerabilitiesForPackages(_pkgs);
}
if (_settings.NVD.Enabled)
{
vulnDict =
new NVD.Scanner(_nuGetFile, TimeSpan.FromSeconds(_settings.NVD.TimeoutInSeconds),
_settings.NVD.BreakIfCannotRun, _settings.NVD.SelfUpdate)
.GetVulnerabilitiesForPackages(_pkgs,
vulnDict);
}
if (_settings.ErrorSettings.IgnoredCvEs.Length > 0)
{
IgnoreCVEs(vulnDict);
}
if (vulnDict != null)
{
VulnerabilityReports.ReportVulnerabilities(vulnDict, _pkgs, _nuGetFile, _settings.WarnOnly,
_settings.ErrorSettings.CVSS3Threshold);
}
}
/// <summary>
/// args[0] is expected to be the path to the project file.
/// </summary>
/// <param name="args"></param>
private static void Main(string[] args)
{
_settings = Settings.LoadSettings(Path.GetDirectoryName(args[0]));
var pkgConfig = Path.Combine(Path.GetDirectoryName(args[0]), "packages.config");
_nuGetFile = File.Exists(pkgConfig) ? pkgConfig : args[0];
string framework;
if (args.Length > 1)
{
framework = args[1];
}
else
{
var targetFrameworkVersion = XElement.Load(File.OpenRead(args[0])).Descendants()
.First(x => x.Name.LocalName == "TargetFrameworkVersion").Value;
framework = targetFrameworkVersion switch
{
"v2.0" => "net20",
"v3.0" => "net30",
"v3.5" => "net35",
"v4.5" => "net45",
"v4.5.1" => "net451",
"v4.5.2" => "net452",
"v4.6" => "net46",
"v4.6.1" => "net461",
"v4.6.2" => "net462",
"v4.7" => "net27",
"v4.7.1" => "net471",
"v4.7.2" => "net472",
"v4.8" => "net48",
_ => "netstandard2.0"
};
}
_pkgs = LoadPackages(_nuGetFile, framework);
if (_settings.ErrorSettings.BlackListedPackages.Length > 0)
{
CheckForBlacklistedPackages();
}
if (_settings.ErrorSettings.WhiteListedPackages.Length > 0)
{
foreach (var pkg in _pkgs.Where(p => !_settings.ErrorSettings.WhiteListedPackages.Any(b =>
b.Id == p.Id && VersionRange.Parse(p.Version).Satisfies(new NuGetVersion(b.Version)))))
{
Console.WriteLine(
$"{_nuGetFile}({pkg.LineNumber},{pkg.LinePosition}) : Error : {pkg.Id} has not been whitelisted and may not be used in this project");
}
}
Dictionary <string, Dictionary <string, Vulnerability> > vulnDict = null;
if (_settings.OssIndex.Enabled)
{
vulnDict =
new Scanner(_nuGetFile, _settings.OssIndex.BreakIfCannotRun).GetVulnerabilitiesForPackages(_pkgs);
}
if (_settings.NVD.Enabled)
{
vulnDict =
new NVD.Scanner(_nuGetFile, _settings.NVD.BreakIfCannotRun, _settings.NVD.SelfUpdate)
.GetVulnerabilitiesForPackages(_pkgs,
vulnDict);
}
if (_settings.ErrorSettings.IgnoredCvEs.Length > 0)
{
IgnoreCVEs(vulnDict);
}
VulnerabilityReports.ReportVulnerabilities(vulnDict, _pkgs, _nuGetFile, _settings.WarnOnly,
_settings.ErrorSettings.CVSS3Threshold);
}