public void NotAtVersion()
{
var nuget = new NuGetPackages() { new NuGetPackage() { Id = "Test", Version = "1.0.0" } };
var unsafePacks = new UnsafePackages() { new UnsafePackage() { Id = "Test", Version = "1.0.1" } };
var result = new DecisionMaker().Evaluate(nuget, unsafePacks);
Assert.AreEqual(0, result.Count());
}
public void BeforeAndAfterVersion()
{
var nuget = new NuGetPackages() { new NuGetPackage() { Id = "Test", Version = "1.0.0" } };
var unsafePacks = new UnsafePackages() { new UnsafePackage() { Id = "Test", Before = "1.0.1", After = "0.0.9" } };
var result = new DecisionMaker().Evaluate(nuget, unsafePacks);
Assert.AreEqual(1, result.Count());
}
public override bool Execute()
{
var nugetFile = Path.Combine(ProjectPath, "packages.config");
int cacheTime = 0;
if (!String.IsNullOrEmpty(CacheTimeInMinutes) && !int.TryParse(CacheTimeInMinutes, out cacheTime))
{
BuildEngine.LogErrorEvent(new BuildErrorEventArgs("Configuration error", "CacheTimeInMinutes", BuildEngine.ProjectFileOfTaskNode, 0, 0, 0, 0, "Invalid value for CacheTimeInMinutes: " + CacheTimeInMinutes, "", "SafeNuGet"));
return false;
}
BuildEngine.LogMessageEvent(new BuildMessageEventArgs("Checking " + nugetFile + " ...", "", _id, MessageImportance.High));
if (File.Exists(nugetFile))
{
var packages = new NuGetPackageLoader().LoadPackages(nugetFile);
UnsafePackages unsafePackages;
if (cacheTime > 0)
{
bool cacheHit = false;
var cacheFolder = Path.Combine(new FileInfo(BuildEngine.ProjectFileOfTaskNode).Directory.FullName, "cache");
unsafePackages = new PackageListLoader().GetCachedUnsafePackages(cacheFolder, cacheTime, out cacheHit);
if (cacheHit)
{
BuildEngine.LogMessageEvent(new BuildMessageEventArgs("Using cached list of unsafe packages", "", _id, MessageImportance.High));
}
}
else
{
unsafePackages = new PackageListLoader().GetUnsafePackages();
}
var failures = new DecisionMaker().Evaluate(packages, unsafePackages);
if (failures.Count() == 0) {
BuildEngine.LogMessageEvent(new BuildMessageEventArgs("No vulnerable packages found", "", _id, MessageImportance.High));
} else {
foreach(var k in failures) {
var s = k.Key.Id + " " + k.Key.Version;
BuildEngine.LogWarningEvent(new BuildWarningEventArgs("SECURITY WARNING", s, nugetFile, 0, 0, 0, 0, "Library is vulnerable: " + s + " " + k.Value.InfoUri, "", _id));
}
return "true".Equals(DontBreakBuild, StringComparison.InvariantCultureIgnoreCase);
}
} else {
BuildEngine.LogMessageEvent(new BuildMessageEventArgs("No packages.config found", "", "SafeNuGet", MessageImportance.High));
}
return true;
}