public async Task VulnerabilityReports(string version, bool isVulnerable)
{
var client = new ReportGenerator();
var report = await client.GetReport(AppRunTimeDetails.Build(version));
Assert.Equal(isVulnerable, report.IsVulnerable);
}
public async Task <Report> GetReport(AppRunTimeDetails appRunTimeDetails)
{
var channel = await _client.GetChannel(appRunTimeDetails.AppRuntimeVersion);
if (channel == null)
{
return(new Report
{
AppRuntimeDetails = appRunTimeDetails,
Details = $"Running on unknown runtime {appRunTimeDetails.AppRuntimeVersion}. Not able to check for security patches."
});
}
var securityRelease = channel?.Releases.FirstOrDefault(r => r.Security);
if (securityRelease == null || securityRelease.RuntimeVersion == appRunTimeDetails.AppRuntimeVersion)
{
return(new Report
{
AppRuntimeDetails = appRunTimeDetails,
IsVulnerable = false
});
}
return(new Report
{
IsVulnerable = true,
AppRuntimeDetails = appRunTimeDetails,
SecurityRelease = securityRelease
});
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
var optionsCheckInterval = _options.CheckInterval;
var timespan = new TimeSpan(0, 0, 0, 0, optionsCheckInterval);
_logger.LogDebug($"Runtime vulnerability check is starting. Check interval: {timespan.ToString()}");
stoppingToken.Register(() => _logger.LogDebug("Vulnerability check is stopping."));
while (!stoppingToken.IsCancellationRequested)
{
_logger.LogDebug("Running runtime vulnerability check");
var report = await _reportGenerator.GetReport(AppRunTimeDetails.Build());
if (report.IsVulnerable.HasValue && report.IsVulnerable.Value)
{
_logger.LogWarning("Running on vulnerable runtime {appruntime}. Security release {securityrelease}", report.AppRuntimeDetails.AppRuntimeVersion, report.SecurityRelease.RuntimeVersion);
}
await Task.Delay(optionsCheckInterval, stoppingToken);
}
_logger.LogDebug($"GracePeriod background task is stopping.");
}
public async Task UnknownRuntimes()
{
var client = new ReportGenerator();
var report = await client.GetReport(AppRunTimeDetails.Build("abc"));
Assert.Null(report.IsVulnerable);
Assert.Equal("Running on unknown runtime abc. Not able to check for security patches.", report.Details);
}
public async Task InvokeAsync(HttpContext context)
{
var report = await _client.GetReport(AppRunTimeDetails.Build());
var json = JsonConvert.SerializeObject(report, new JsonSerializerSettings
{
ContractResolver = new CamelCasePropertyNamesContractResolver(),
NullValueHandling = NullValueHandling.Ignore
});
context.Response.OnStarting(state =>
{
context.Response.ContentType = "application/json";
return(Task.CompletedTask);
}, null);
await context.Response.WriteAsync(json);
}
public async Task InvokeAsync(HttpContext context)
{
var report = await _client.GetReport(AppRunTimeDetails.Build());
var json = JsonSerializer.Serialize(report, new JsonSerializerOptions
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
IgnoreNullValues = true,
});
context.Response.OnStarting(state =>
{
context.Response.ContentType = "application/json";
return(Task.CompletedTask);
}, null);
await context.Response.WriteAsync(json);
}
public async Task CanGetReportForAllRuntimes()
{
var httpClient = new ReleaseMetadataHttpClient();
var allChannels = await httpClient.GetAllChannelsAsync();
foreach (var channel in allChannels)
{
foreach (var release in channel.Releases)
{
var releaseMetadataClient = new ReleaseMetadataClient();
var client = new ReportGenerator(releaseMetadataClient);
if (release.Runtime != null)
{
var report = await client.GetReport(AppRunTimeDetails.Build(release.Runtime.Version));
Assert.NotNull(report);
}
}
}
}
