public void TestLoad()
{
var stream = File.OpenRead(@"..\..\..\feed\unsafepackages.xml");
var loader = new PackageListLoader();
var packages = loader.LoadPackages(stream);
Assert.IsTrue(packages.Count > 5);
}
public void TestLoad()
{
var stream = new MemoryStream(Encoding.UTF8.GetBytes(Properties.TestResources.unsafepackages));
var loader = new PackageListLoader();
var packages = loader.LoadPackages(stream);
Assert.AreEqual(1, packages.Count);
Assert.IsTrue(packages.Exists(p => p.Id == "AntiXss" && p.Before == "4.2.1"));
}
public override bool Execute()
{
var nugetFile = Path.Combine(ProjectPath, "packages.config");
int cacheTime = 0;
if (!String.IsNullOrEmpty(CacheTimeInMinutes) && !int.TryParse(CacheTimeInMinutes, out cacheTime))
{
BuildEngine.LogErrorEvent(new BuildErrorEventArgs("Configuration error", "CacheTimeInMinutes", BuildEngine.ProjectFileOfTaskNode, 0, 0, 0, 0, "Invalid value for CacheTimeInMinutes: " + CacheTimeInMinutes, "", "SafeNuGet"));
return(false);
}
BuildEngine.LogMessageEvent(new BuildMessageEventArgs("Checking " + nugetFile + " ...", "", _id, MessageImportance.High));
if (File.Exists(nugetFile))
{
var packages = new NuGetPackageLoader().LoadPackages(nugetFile);
UnsafePackages unsafePackages;
if (cacheTime > 0)
{
bool cacheHit = false;
var cacheFolder = Path.Combine(new FileInfo(BuildEngine.ProjectFileOfTaskNode).Directory.FullName, "cache");
unsafePackages = new PackageListLoader().GetCachedUnsafePackages(cacheFolder, cacheTime, out cacheHit);
if (cacheHit)
{
BuildEngine.LogMessageEvent(new BuildMessageEventArgs("Using cached list of unsafe packages", "", _id, MessageImportance.High));
}
}
else
{
unsafePackages = new PackageListLoader().GetUnsafePackages();
}
var failures = new DecisionMaker().Evaluate(packages, unsafePackages);
if (failures.Count() == 0)
{
BuildEngine.LogMessageEvent(new BuildMessageEventArgs("No vulnerable packages found", "", _id, MessageImportance.High));
}
else
{
foreach (var k in failures)
{
var s = k.Key.Id + " " + k.Key.Version;
BuildEngine.LogWarningEvent(new BuildWarningEventArgs("SECURITY WARNING", s, nugetFile, 0, 0, 0, 0, "Library is vulnerable: " + s + " " + k.Value.InfoUri, "", _id));
}
return("true".Equals(DontBreakBuild, StringComparison.InvariantCultureIgnoreCase));
}
}
else
{
BuildEngine.LogMessageEvent(new BuildMessageEventArgs("No packages.config found", "", "SafeNuGet", MessageImportance.High));
}
return(true);
}
