Exemplo n.º 1
0
        public void TestLoad()
        {
            var stream   = File.OpenRead(@"..\..\..\feed\unsafepackages.xml");
            var loader   = new PackageListLoader();
            var packages = loader.LoadPackages(stream);

            Assert.IsTrue(packages.Count > 5);
        }
Exemplo n.º 2
0
        public void TestLoad()
        {
            var stream   = new MemoryStream(Encoding.UTF8.GetBytes(Properties.TestResources.unsafepackages));
            var loader   = new PackageListLoader();
            var packages = loader.LoadPackages(stream);

            Assert.AreEqual(1, packages.Count);
            Assert.IsTrue(packages.Exists(p => p.Id == "AntiXss" && p.Before == "4.2.1"));
        }
        public override bool Execute()
        {
            var nugetFile = Path.Combine(ProjectPath, "packages.config");
            int cacheTime = 0;

            if (!String.IsNullOrEmpty(CacheTimeInMinutes) && !int.TryParse(CacheTimeInMinutes, out cacheTime))
            {
                BuildEngine.LogErrorEvent(new BuildErrorEventArgs("Configuration error", "CacheTimeInMinutes", BuildEngine.ProjectFileOfTaskNode, 0, 0, 0, 0, "Invalid value for CacheTimeInMinutes: " + CacheTimeInMinutes, "", "SafeNuGet"));
                return(false);
            }

            BuildEngine.LogMessageEvent(new BuildMessageEventArgs("Checking " + nugetFile + " ...", "", _id, MessageImportance.High));
            if (File.Exists(nugetFile))
            {
                var            packages = new NuGetPackageLoader().LoadPackages(nugetFile);
                UnsafePackages unsafePackages;
                if (cacheTime > 0)
                {
                    bool cacheHit    = false;
                    var  cacheFolder = Path.Combine(new FileInfo(BuildEngine.ProjectFileOfTaskNode).Directory.FullName, "cache");
                    unsafePackages = new PackageListLoader().GetCachedUnsafePackages(cacheFolder, cacheTime, out cacheHit);
                    if (cacheHit)
                    {
                        BuildEngine.LogMessageEvent(new BuildMessageEventArgs("Using cached list of unsafe packages", "", _id, MessageImportance.High));
                    }
                }
                else
                {
                    unsafePackages = new PackageListLoader().GetUnsafePackages();
                }
                var failures = new DecisionMaker().Evaluate(packages, unsafePackages);
                if (failures.Count() == 0)
                {
                    BuildEngine.LogMessageEvent(new BuildMessageEventArgs("No vulnerable packages found", "", _id, MessageImportance.High));
                }
                else
                {
                    foreach (var k in failures)
                    {
                        var s = k.Key.Id + " " + k.Key.Version;
                        BuildEngine.LogWarningEvent(new BuildWarningEventArgs("SECURITY WARNING", s, nugetFile, 0, 0, 0, 0, "Library is vulnerable: " + s + " " + k.Value.InfoUri, "", _id));
                    }
                    return("true".Equals(DontBreakBuild, StringComparison.InvariantCultureIgnoreCase));
                }
            }
            else
            {
                BuildEngine.LogMessageEvent(new BuildMessageEventArgs("No packages.config found", "", "SafeNuGet", MessageImportance.High));
            }
            return(true);
        }