private void AddConfigurationRules(OSSIndexProject project, IEnumerable <OSSIndexProjectConfigurationRule> rules)
{
lock (configuration_rules_lock)
{
this._ConfigurationRulesForProject.Add(project, rules);
}
}
protected void GetVulnerabilties()
{
CallerInformation caller = this.AuditEnvironment.Here();
this.AuditEnvironment.Status("Searching OSS Index for vulnerabilities for {0} artifacts.", this.Artifacts.Count());
Stopwatch sw = new Stopwatch();
sw.Start();
this.GetVulnerabilitiesExceptions = new ConcurrentDictionary <OSSIndexArtifact, Exception>(5, this.Artifacts.Count());
List <Task> tasks = new List <Task>();
foreach (var artifact in this.ArtifactsWithProjects)
{
Task t = Task.Factory.StartNew(async(o) =>
{
OSSIndexProject project = await this.HttpClient.GetProjectForIdAsync(artifact.ProjectId);
List <OSSIndexPackageVulnerability> package_vulnerabilities = await this.HttpClient.GetPackageVulnerabilitiesAsync(artifact.PackageId);
project.Artifact = artifact;
project.Package = artifact.Package;
lock (artifact_project_lock)
{
if (!ArtifactProject.Keys.Any(a => a.ProjectId == project.Id.ToString()))
{
this._ArtifactProject.Add(Artifacts.Where(a => a.ProjectId == project.Id.ToString()).First(), project);
}
}
IEnumerable <OSSIndexProjectVulnerability> project_vulnerabilities = null;
try
{
project_vulnerabilities = await this.HttpClient.GetVulnerabilitiesForIdAsync(project.Id.ToString());
this.AddPackageVulnerability(artifact.Package, package_vulnerabilities);
this.AddProjectVulnerability(project, project_vulnerabilities);
this.AuditEnvironment.Debug("Found {0} project vulnerabilities and {1} package vulnerabilities for package artifact {2}.", project_vulnerabilities.Count(), package_vulnerabilities.Count, artifact.PackageName);
}
catch (AggregateException ae)
{
this.GetVulnerabilitiesExceptions.TryAdd(artifact, ae.InnerException);
}
catch (Exception e)
{
this.GetVulnerabilitiesExceptions.TryAdd(artifact, e.InnerException);
}
}, artifact, CancellationToken.None, TaskCreationOptions.DenyChildAttach, TaskScheduler.Default).Unwrap();
tasks.Add(t);
}
try
{
Task.WaitAll(tasks.ToArray());
}
catch (AggregateException ae)
{
this.AuditEnvironment.Error(caller, ae, "Exception thrown waiting for Http task to complete in {0}.", ae.InnerException.TargetSite.Name);
}
finally
{
sw.Stop();
}
this.AuditEnvironment.Success("Found {0} total vulnerabilities for {1} artifacts in {2} ms with errors searching vulnerabilities for {3} artifacts.", this.PackageVulnerabilities.Sum(kv => kv.Value.Count()) + this.ProjectVulnerabilities.Sum(kv => kv.Value.Count()), this.ArtifactsWithProjects.Count(), sw.ElapsedMilliseconds, this.GetVulnerabilitiesExceptions.Count);
}
AddProjectVulnerability(OSSIndexProject project, IEnumerable <OSSIndexProjectVulnerability> vulnerability)
{
lock (project_vulnerabilities_lock)
{
this._VulnerabilitiesForProject.Add(project, vulnerability);
return(new KeyValuePair <OSSIndexProject, IEnumerable <OSSIndexProjectVulnerability> >(project, vulnerability));
}
}
private void AddConfigurationRules(string project_name, IEnumerable <OSSIndexProjectConfigurationRule> rules)
{
lock (configuration_rules_lock)
{
OSSIndexProject project = ArtifactProject.Values.Where(p => p.Name == project_name).FirstOrDefault();
if (project == null)
{
project = new OSSIndexProject()
{
Name = project_name
};
}
foreach (OSSIndexProjectConfigurationRule r in rules)
{
r.Project = project;
}
this._ConfigurationRulesForProject.Add(project, rules);
}
}
protected void GetConfigurationRules()
{
this.AuditEnvironment.Info("Searching OSS Index for configuration rules for {0} artifact(s).", this.ArtifactsWithProjects.Count);
Stopwatch sw = new Stopwatch();
List <Task> tasks = new List <Task>();
this.GetProjectConfigurationRulesExceptions = new ConcurrentDictionary <OSSIndexArtifact, Exception>();
this.ProjectConfigurationRulesEvaluations = new Dictionary <OSSIndexProjectConfigurationRule, Tuple <bool, List <string>, string> >();
Int32 i = new Int32();
sw.Start();
foreach (OSSIndexArtifact a in this.ArtifactsWithProjects)
{
Task t = Task.Factory.StartNew(async(o) =>
{
OSSIndexProject project = null;
lock (artifact_project_lock)
{
if (ArtifactProject.Values.Any(p => p.Id.ToString() == a.ProjectId))
{
project = ArtifactProject.Values.Where(ap => ap.Id.ToString() == a.ProjectId).First();
}
}
try
{
if (project == null)
{
project = await this.HttpClient.GetProjectForIdAsync(a.ProjectId);
project.Artifact = a;
lock (artifact_project_lock)
{
if (!ArtifactProject.Values.Any(p => p.Id.ToString() == a.ProjectId))
{
this._ArtifactProject.Add(a, project);
}
}
}
IEnumerable <OSSIndexProjectConfigurationRule> rules = await this.HttpClient.GetConfigurationRulesForIdAsync(project.Id.ToString());
if (rules != null && rules.Count() > 0)
{
this.AddConfigurationRules(project, rules);
this.AuditEnvironment.Debug("Found {0} rule(s) for artifact {1}.", rules.Count(), project.Artifact.PackageName);
Interlocked.Add(ref i, 1);
}
}
catch (AggregateException ae)
{
this.GetProjectConfigurationRulesExceptions.TryAdd(a, ae.InnerException);
this.AuditEnvironment.Warning("Exception thrown in {0} task: {1}", ae.InnerException.TargetSite.Name, ae.Message);
}
catch (Exception e)
{
this.GetProjectConfigurationRulesExceptions.TryAdd(a, e);
this.AuditEnvironment.Warning("Exception thrown in {0} task: {1}", e.TargetSite.Name, e.Message);
}
finally
{
sw.Stop();
}
}, i, CancellationToken.None, TaskCreationOptions.DenyChildAttach, TaskScheduler.Default).Unwrap();
tasks.Add(t);
}
Task.WaitAll(tasks.ToArray());
sw.Stop();
this.AuditEnvironment.Info("Found {0} configuration rule(s) on OSS Index in {1} ms.", i, sw.ElapsedMilliseconds);
return;
}
