private IEnumerable <VulnerabilityTask> GetVulnerabilityTasks(IEnumerable <Project> supportedProjects)
{
foreach (var project in supportedProjects)
{
var projectHierarchy = project.GetHierarchy();
var packageReferencesFile = new PackageReferencesFile(project.GetPackageReferenceFilePath());
foreach (var packageReference in packageReferencesFile.GetPackageReferences())
{
if (packageReference.Ignore)
{
continue;
}
AuditResult auditResult;
if (!_auditResults.TryGetValue(packageReference.PackageId, out auditResult))
{
continue;
}
if (auditResult == null ||
auditResult.Status == AuditStatus.NoActiveVulnerabilities ||
auditResult.Status == AuditStatus.UnknownPackage ||
auditResult.Status == AuditStatus.UnknownSource)
{
continue;
}
foreach (var vulnerability in auditResult.Vulnerabilities)
{
var affecting = true; // vulnerability.AffectsVersion(packageReference.PackageId.VersionString);
if (affecting)
{
var task = new VulnerabilityTask(packageReference, vulnerability)
{
Priority = affecting ? TaskPriority.Normal : TaskPriority.Low,
ErrorCategory = affecting ? TaskErrorCategory.Error : TaskErrorCategory.Message,
Text = string.Format("{0}: {1}\nReference: https://ossindex.sonatype.org/resource/vulnerability/{2}\n{3}", packageReference.PackageId, vulnerability.Title, vulnerability.Id, vulnerability.Description),
HierarchyItem = projectHierarchy,
Category = TaskCategory.Misc,
Document = packageReference.File,
Line = packageReference.StartLine,
Column = packageReference.StartPos,
//HelpKeyword = vulnerability.CveId
};
task.Navigate += Task_Navigate;
task.Removed += Task_Removed;
task.Help += Task_Help;
yield return(task);
}
}
}
}
}
private IEnumerable<VulnerabilityTask> GetVulnerabilityTasks(IEnumerable<Project> supportedProjects)
{
foreach (var project in supportedProjects)
{
var projectHierarchy = project.GetHierarchy();
var packageReferencesFile = new PackageReferencesFile(project.GetPackageReferenceFilePath());
foreach (var packageReference in packageReferencesFile.GetPackageReferences())
{
if (packageReference.Ignore)
{
continue;
}
AuditResult auditResult;
if (!_auditResults.TryGetValue(packageReference.PackageId, out auditResult))
{
continue;
}
if (auditResult == null
|| auditResult.Status == AuditStatus.NoKnownVulnerabilities
|| auditResult.Status == AuditStatus.UnknownPackage
|| auditResult.Status == AuditStatus.UnknownSource)
{
continue;
}
foreach (var vulnerability in auditResult.Vulnerabilities)
{
var affecting = vulnerability.AffectsVersion(packageReference.PackageId.VersionString);
if (affecting)
{
var task = new VulnerabilityTask(packageReference, vulnerability)
{
Priority = affecting ? TaskPriority.Normal : TaskPriority.Low,
ErrorCategory = affecting ? TaskErrorCategory.Error : TaskErrorCategory.Message,
Text = string.Format("{0}: {1}\n{2}", packageReference.PackageId, vulnerability.Title, vulnerability.Summary),
HierarchyItem = projectHierarchy,
Category = TaskCategory.Misc,
Document = packageReference.File,
Line = packageReference.StartLine,
Column = packageReference.StartPos,
//HelpKeyword = vulnerability.CveId
};
task.Navigate += Task_Navigate;
task.Removed += Task_Removed;
task.Help += Task_Help;
yield return task;
}
}
}
}
}
