private bool AuditSolutionPackagesInternal()
{
VSPackage.AssertOnMainThread();
IEnumerable <IVsPackageMetadata> packages = null;
try
{
packages = ServiceLocator.GetInstance <IVsPackageInstallerServices>().GetInstalledPackages();
}
catch (InvalidOperationException ioe)
{
if (ioe.Source == "NuGet.PackageManagement.VisualStudio")
{
WriteLine("Could not retrieve package metadata on solution load. Exception : {0}.", ioe.Message);
WriteLine("This may happen when initially loading .NET Core projetcs. See https://github.com/OSSIndex/audit.net/issues/22");
WriteLine("Try audiiting the project or solution again once the solution has completed loading.");
return(true);
}
else
{
throw;
}
}
WriteLine(Resources.AuditingPackagesInSolution, packages.Count(), _dte.Solution.GetName());
return(AuditPackagesInternal(packages));
}
private bool AuditSolutionPackagesInternal()
{
VSPackage.AssertOnMainThread();
var packages = ServiceLocator.GetInstance <IVsPackageInstallerServices>().GetInstalledPackages();
WriteLine(Resources.AuditingPackagesInSolution, packages.Count(), _dte.Solution.GetName());
return(AuditPackagesInternal(packages));
}
/// <summary>
/// Initializes a new instance of the <see cref="VSPackage"/> class.
/// </summary>
public VSPackage()
{
// Inside this method you can place any initialization code that does not require
// any Visual Studio service because at this point the package object is created but
// not sited yet inside Visual Studio environment. The place to do all the other
// initialization is the Initialize method.
_instance = this;
ServiceLocator.InitializePackageServiceProvider(this);
}
private bool AuditProjectPackagesInternal(Project project)
{
VSPackage.AssertOnMainThread();
if (project == null)
{
throw new ArgumentNullException("project");
}
var packages = ServiceLocator.GetInstance <IVsPackageInstallerServices>().GetInstalledPackages(project);
WriteLine(Resources.AuditingPackagesInProject, packages.Count(), project.Name);
return(AuditPackagesInternal(packages));
}
internal static bool IsProjectSupported(this Project project)
{
VSPackage.AssertOnMainThread();
if (project.Kind != null && _supportedProjectTypes.Contains(project.Kind))
{
return(true);
}
// Check if packages.config exists
//return File.Exists(project.GetPackageReferenceFilePath());
// IVsPackageInstallerServices.IsPackageInstalled throws InvalidOperationException if project does not support NuGet packages.
// TODO: Find a better way to detect support for NuGet packages.
try
{
// FIXME: This should not happen
if (project == null)
{
return(false);
}
IVsPackageInstallerServices locator = ServiceLocator.GetInstance <IVsPackageInstallerServices>();
// FIXME: This should not happen
if (locator == null)
{
return(false);
}
locator.IsPackageInstalled(project, "__dummy__");
return(true);
}
catch (InvalidOperationException)
{
return(false);
}
catch (Exception e)
{
ExceptionHelper.WriteToActivityLog(e);
// FIXME: A variety of project types which do not work with the IsPackageInstalled method will throw exceptions of various sorts.
// FIXME: Surely there is a better way to check for Nuget support?
return(false);
}
}
private void OnAuditCompleted(object sender, AuditCompletedEventArgs e)
{
VSPackage.AssertOnMainThread();
if (e.Exception != null)
{
WriteLine(Resources.AuditingPackageError, e.Exception.Message);
ExceptionHelper.WriteToActivityLog(e.Exception);
}
else if (e.Results.Count() == 0)
{
WriteLine(Resources.NoPackagesToAudit);
}
else
{
var vulnerableCount = e.Results.Count(x => x.Status == AuditStatus.HasVulnerabilities);
if (vulnerableCount > 0)
{
WriteLine(Resources.VulnerabilitiesFound, vulnerableCount);
}
else
{
WriteLine(Resources.NoVulnarebilitiesFound);
}
//update audit results dictionary
foreach (var auditResult in e.Results)
{
_auditResults[auditResult.PackageId] = auditResult;
}
//refresh tasks
RefreshTasks();
if (vulnerableCount > 0)
{
_taskProvider.BringToFront();
}
}
}
private void RefreshTasks()
{
VSPackage.AssertOnMainThread();
var supportedProjects = _dte.Solution.GetSupportedProjects().ToList();
_taskProvider.SuspendRefresh();
_taskProvider.Tasks.Clear();
foreach (var task in GetVulnerabilityTasks(supportedProjects))
{
_taskProvider.Tasks.Add(task);
}
_taskProvider.Refresh();
_taskProvider.ResumeRefresh();
foreach (var project in supportedProjects)
{
CreateMarkers(project.GetPackageReferenceFilePath());
}
}
protected override void Dispose(bool disposing)
{
try
{
if (disposing)
{
if (this._auditManager != null)
{
this._auditManager.Dispose();
this._auditManager = null;
}
GC.SuppressFinalize(this);
}
_vsMonitorSelection = null;
_uiCtx = null;
_instance = null;
}
finally
{
base.Dispose(disposing);
}
}
private IVsOutputWindowPane GetOutputPane()
{
VSPackage.AssertOnMainThread();
return(VSPackage.Instance.GetOutputPane(VSConstants.SID_SVsGeneralOutputWindowPane, "Audit.Net"));
}
protected override void Dispose(bool disposing)
{
try
{
if (disposing)
{
if (this._auditManager!=null)
{
this._auditManager.Dispose();
this._auditManager = null;
}
GC.SuppressFinalize(this);
}
_vsMonitorSelection = null;
_uiCtx = null;
_instance = null;
}
finally
{
base.Dispose(disposing);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="VSPackage"/> class.
/// </summary>
public VSPackage()
{
// Inside this method you can place any initialization code that does not require
// any Visual Studio service because at this point the package object is created but
// not sited yet inside Visual Studio environment. The place to do all the other
// initialization is the Initialize method.
_instance = this;
ServiceLocator.InitializePackageServiceProvider(this);
}
private void OnAuditCompleted(object sender, AuditCompletedEventArgs e)
{
VSPackage.AssertOnMainThread();
if (e.Exception != null)
{
WriteLine(Resources.AuditingPackageError, e.Exception.Message);
WriteLine("");
WriteLine(Resources.AuditingPackageError, e.Exception.StackTrace);
ExceptionHelper.WriteToActivityLog(e.Exception);
}
else if (e.Results.Count() == 0)
{
WriteLine(Resources.NoPackagesToAudit);
}
else
{
WriteLine("Packages audited:");
foreach (var result in e.Results)
{
WriteLine(" * " + result.PackageId.Id + "@" + result.PackageId.VersionString);
}
var vulnerableCount = e.Results.Count(x => x.Status == AuditStatus.HasVulnerabilities);
if (vulnerableCount > 0)
{
WriteLine(Resources.VulnerabilitiesFound, vulnerableCount);
foreach (AuditResult r in e.Results.Where(x => x.Status == AuditStatus.HasVulnerabilities))
{
if (r.MatchedVulnerabilities == 1)
{
WriteLine("Package: {0} is vulnerable. 1 vulnerability found.", r.PackageId);
}
else
{
WriteLine("Package: {0} is vulnerable. {1} vulnerabilities found.", r.PackageId, r.MatchedVulnerabilities);
}
foreach (var v in r.Vulnerabilities)
{
WriteLine(" {0} {1} {2} CWE: {3} CvssS: {4} CvssV: {5}", v.Id, v.Title, v.Description, v.Cwe, v.CvssScore, v.CvssVector);
}
}
}
else
{
foreach (AuditResult r in e.Results)
{
WriteLine("No vulnerabilities found for package {0}.", r.PackageId);
}
}
//update audit results dictionary
foreach (var auditResult in e.Results)
{
_auditResults[auditResult.PackageId] = auditResult;
}
//refresh tasks
RefreshTasks();
if (vulnerableCount > 0)
{
_taskProvider.BringToFront();
}
}
}
