Exemplo n.º 1
0
        private void OnAuditCompleted(object sender, AuditCompletedEventArgs e)
        {
            VSPackage.AssertOnMainThread();

            if (e.Exception != null)
            {
                WriteLine(Resources.AuditingPackageError, e.Exception.Message);
                ExceptionHelper.WriteToActivityLog(e.Exception);
            }
            else if (e.Results.Count() == 0)
            {
                WriteLine(Resources.NoPackagesToAudit);
            }
            else
            {
                var vulnerableCount = e.Results.Count(x => x.Status == AuditStatus.HasVulnerabilities);

                if (vulnerableCount > 0)
                {
                    WriteLine(Resources.VulnerabilitiesFound, vulnerableCount);
                }
                else
                {
                    WriteLine(Resources.NoVulnarebilitiesFound);
                }

                //update audit results dictionary
                foreach (var auditResult in e.Results)
                {
                    _auditResults[auditResult.PackageId] = auditResult;
                }

                //refresh tasks
                RefreshTasks();

                if (vulnerableCount > 0)
                {
                    _taskProvider.BringToFront();
                }
            }
        }
Exemplo n.º 2
0
        private bool RunAudit(IEnumerable<PackageId> packageIds, EventHandler<AuditCompletedEventArgs> completedHandler)
        {
            if (!packageIds.Any())
            {
                if (completedHandler != null)
                {
                    var eventArgs = new AuditCompletedEventArgs(Enumerable.Empty<AuditResult>(), null);

                    completedHandler(null, eventArgs);
                }
                return true;
            }

            if (IsAuditRunning)
            {
                return false;
            }

            _auditRunning = true;

            // Now we will queue a delegate that will be run on a worker thread.
            ThreadPool.QueueUserWorkItem(
                delegate
                {
                    // !! WORKER THREAD CONTEXT !!
                    Exception exception = null;
                    IEnumerable<AuditResult> results = null;

                    try
                    {
                        results = Lib.NugetAuditor.AuditPackages(packageIds, VSPackage.Instance.Option_CacheSync);
                    }
                    catch (Exception ex)
                    {
                        // Just record the exception, we will handle it later.
                        exception = ex;
                    }

                    // Here we are still in the worker thread context. The completion event must be executed in
                    // the same thread context as caller of RunAsync(). To change the thread context we use the
                    // stored synchronization context.
                    VSPackage.Instance.UICtx.Send((x) =>
                    {
                        // !! MAIN THREAD CONTEXT !!
                        // Back to main thread. From here we can safely update our internal state and invoke the
                        // completion event.

                        // Reset process and running flag.
                        _auditRunning = false;

                        // notify event subscribers (if any).
                        if (completedHandler != null)
                        {
                            var eventArgs = new AuditCompletedEventArgs(results, exception);
                            completedHandler(null, eventArgs);
                        }
                    }, null);
                });

            return true;
        }
        private void OnAuditCompleted(object sender, AuditCompletedEventArgs e)
        {
            ThreadHelper.ThrowIfNotOnUIThread();
            if (e.Exception != null)
            {
                WriteLine(Resources.AuditingPackageError, e.Exception.Message);
                WriteLine("");
                WriteLine(Resources.AuditingPackageError, e.Exception.StackTrace);
                ExceptionHelper.WriteToActivityLog(e.Exception);
            }
            else if (e.Results.Count() == 0)
            {
                WriteLine(Resources.NoPackagesToAudit);
            }
            else
            {
                WriteLine("Packages audited:");
                foreach (var result in e.Results)
                {
                    WriteLine("  * " + result.PackageId.Id + "@" + result.PackageId.VersionString);
                }

                var vulnerableCount = e.Results.Count(x => x.Status == AuditStatus.HasVulnerabilities);

                if (vulnerableCount > 0)
                {
                    WriteLine(Resources.VulnerabilitiesFound, vulnerableCount);
                    foreach (AuditResult r in e.Results.Where(x => x.Status == AuditStatus.HasVulnerabilities))
                    {
                        if (r.MatchedVulnerabilities == 1)
                        {
                            WriteLine("Package: {0} is vulnerable. 1 vulnerability found.", r.PackageId);
                        }
                        else
                        {
                            WriteLine("Package: {0} is vulnerable. {1} vulnerabilities found.", r.PackageId, r.MatchedVulnerabilities);
                        }
                        foreach (var v in r.Vulnerabilities)
                        {
                            WriteLine("    {0} {1} {2} CWE: {3} CvssS: {4} CvssV: {5}", v.Id, v.Title, v.Description, v.Cwe, v.CvssScore, v.CvssVector);
                        }
                    }
                }
                else
                {
                    foreach (AuditResult r in e.Results)
                    {
                        WriteLine("No vulnerabilities found for package {0}.", r.PackageId);
                    }
                }

                //update audit results dictionary
                foreach (var auditResult in e.Results)
                {
                    _auditResults[auditResult.PackageId] = auditResult;
                }

                //refresh tasks
                RefreshTasks();

                if (vulnerableCount > 0)
                {
                    _taskProvider.BringToFront();
                }
            }
        }
Exemplo n.º 4
0
        private void OnAuditCompleted(object sender, AuditCompletedEventArgs e)
        {
            VSPackage.AssertOnMainThread();

            if (e.Exception != null)
            {
                WriteLine(Resources.AuditingPackageError, e.Exception.Message);
                ExceptionHelper.WriteToActivityLog(e.Exception);
            }
            else if (e.Results.Count() == 0)
            {
                WriteLine(Resources.NoPackagesToAudit);
            }
            else
            {
                var vulnerableCount = e.Results.Count(x => x.Status == AuditStatus.HasVulnerabilities);

                if (vulnerableCount > 0)
                {
                    WriteLine(Resources.VulnerabilitiesFound, vulnerableCount);
                }
                else
                {
                    WriteLine(Resources.NoVulnarebilitiesFound);
                }

                //update audit results dictionary
                foreach (var auditResult in e.Results)
                {
                    _auditResults[auditResult.PackageId] = auditResult;
                }

                //refresh tasks
                RefreshTasks();

                if (vulnerableCount > 0)
                {
                    _taskProvider.BringToFront();
                }
            }
        }