private void AddVulnerability(OSSIndexQueryObject package, List <OSSIndexApiv2Vulnerability> vulnerabilities)
{
lock (vulnerabilities_lock)
{
this._Vulnerabilities.Add(package, vulnerabilities);
}
}
protected override string GetVersion()
{
string core_version = "8.x";
Stopwatch sw = new Stopwatch();
sw.Start();
AuditFileInfo changelog = this.ApplicationFileSystemMap["ChangeLog"] as AuditFileInfo;
string[] c = changelog.ReadAsText()?.Split(this.AuditEnvironment.LineTerminator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
if (c != null && c.Count() > 0)
{
foreach (string l in c)
{
if (l.StartsWith("Drupal "))
{
core_version = l.Split(',')[0].Substring(7);
break;
}
}
}
this.Version = core_version;
sw.Stop();
this.VersionInitialised = true;
this.AuditEnvironment.Success("Got Drupal 8 version {0} in {1} ms.", this.Version, sw.ElapsedMilliseconds);
OSSIndexQueryObject core = this.ModulePackages["core"].Where(p => p.Name == "drupal_core").First();
core.Version = this.Version;
return(this.Version);
}
AddPackageVulnerability(OSSIndexQueryObject package, IEnumerable <OSSIndexPackageVulnerability> vulnerability)
{
lock (package_vulnerabilities_lock)
{
this._VulnerabilitiesForPackage.Add(package, vulnerability);
return(new KeyValuePair <OSSIndexQueryObject, IEnumerable <OSSIndexPackageVulnerability> >(package, vulnerability));
}
}
protected override string GetVersion()
{
if (!this.ModulesInitialised)
{
throw new InvalidOperationException("Modules must be initialized before GetVersion is called.");
}
OSSIndexQueryObject core_module = this.ModulePackages["core"].Where(m => m.Name == "drupal_core").First();
if (!string.IsNullOrEmpty(core_module.Version))
{
this.AuditEnvironment.Success("Got Drupal 7 version {0}.", core_module.Version);
this.VersionInitialised = true;
return(this.Version);
}
else
{
return(string.Empty);
}
}
protected void BuildPackageSourceAuditReport()
{
int total_vulnerabilities = Source.Vulnerabilities.Sum(v => v.Value != null ? v.Value.Count(pv => pv.CurrentPackageVersionIsInRange) : 0);
PrintMessageLine(ConsoleColor.White, "\nPackage Source Audit Results\n============================");
PrintMessageLine(ConsoleColor.White, "{0} total vulnerabilit{2} found in {1} package source audit.\n", total_vulnerabilities, Source.PackageManagerLabel, total_vulnerabilities == 0 || total_vulnerabilities > 1 ? "ies" : "y");
int packages_count = Source.Vulnerabilities.Count;
int packages_processed = 0;
foreach (var pv in Source.Vulnerabilities.OrderByDescending(sv => sv.Value.Count(v => v.CurrentPackageVersionIsInRange)))
{
OSSIndexQueryObject package = pv.Key;
List<OSSIndexApiv2Vulnerability> package_vulnerabilities = pv.Value;
PrintMessage(ConsoleColor.White, "[{0}/{1}] {2}", ++packages_processed, packages_count, package.Name);
if (package_vulnerabilities.Count() == 0)
{
PrintMessage(" no known vulnerabilities.");
}
else if (package_vulnerabilities.Count(v => v.CurrentPackageVersionIsInRange) == 0)
{
PrintMessage(" {0} known vulnerabilit{1}, 0 affecting installed package version(s).", package_vulnerabilities.Count(), package_vulnerabilities.Count() > 1 ? "ies" : "y");
}
else
{
PrintMessage(ConsoleColor.Red, " [VULNERABLE] ");
PrintMessage(" {0} known vulnerabilities, ", package_vulnerabilities.Count());
PrintMessageLine(ConsoleColor.Magenta, " {0} affecting installed package version(s): [{1}]", package_vulnerabilities.Count(v => v.CurrentPackageVersionIsInRange), package_vulnerabilities.Where(v => v.CurrentPackageVersionIsInRange).Select(v => v.Package.Version).Distinct().Aggregate((s1, s2) => s1 + "," + s2));
var matched_vulnerabilities = package_vulnerabilities.Where(v => v.CurrentPackageVersionIsInRange).ToList();
int matched_vulnerabilities_count = matched_vulnerabilities.Count;
int c = 0;
matched_vulnerabilities.ForEach(v =>
{
PrintMessage(ConsoleColor.White, "--[{0}/{1}] ", ++c, matched_vulnerabilities_count);
PrintMessageLine(ConsoleColor.Red, "{0} ", v.Title.Trim());
PrintMessageLine(ConsoleColor.White, " --Description: {0}", v.Description.Trim());
PrintMessage(ConsoleColor.White, " --Affected versions: ");
PrintMessageLine(ConsoleColor.Red, "{0}", string.Join(", ", v.Versions.ToArray()));
});
}
PrintMessageLine("");
}
}
public async Task <IEnumerable <OSSIndexArtifact> > SearchAsync(string package_manager, OSSIndexQueryObject package, Func <List <OSSIndexArtifact>, List <OSSIndexArtifact> > transform)
{
string api_version = "1.1";
using (HttpClient client = CreateHttpClient())
{
HttpResponseMessage response = await client.GetAsync("v" + api_version + "/search/artifact/" +
string.Format("{0}/{1}/{2}", package_manager, package.Name, package.Version, package.Vendor));
if (response.IsSuccessStatusCode)
{
string r = await response.Content.ReadAsStringAsync();
List <OSSIndexArtifact> artifacts = JsonConvert.DeserializeObject <List <OSSIndexArtifact> >(r);
if (artifacts.Count() == 0 || transform == null)
{
return(artifacts);
}
else
{
return(transform(artifacts));
}
}
else
{
throw new OSSIndexHttpException(package_manager, response.StatusCode, response.ReasonPhrase, response.RequestMessage);
}
}
}
public async Task <IEnumerable <OSSIndexArtifact> > SearchAsync(string package_manager, OSSIndexQueryObject package, Func <List <OSSIndexArtifact>, List <OSSIndexArtifact> > transform)
{
string api_version = "1.1";
using (HttpClient client = new HttpClient())
{
client.BaseAddress = new Uri(@HOST);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("user-agent", "DevAudit");
HttpResponseMessage response = await client.GetAsync("v" + api_version + "/search/artifact/" +
string.Format("{0}/{1}/{2}", package_manager, package.Name, package.Version, package.Vendor));
if (response.IsSuccessStatusCode)
{
string r = await response.Content.ReadAsStringAsync();
List <OSSIndexArtifact> artifacts = JsonConvert.DeserializeObject <List <OSSIndexArtifact> >(r);
if (artifacts.Count() == 0 || transform == null)
{
return(artifacts);
}
else
{
return(transform(artifacts));
}
}
else
{
throw new OSSIndexHttpException(package_manager, response.StatusCode, response.ReasonPhrase, response.RequestMessage);
}
}
}