public async Task VulnerabilityReports(string version, bool isVulnerable) { var client = new ReportGenerator(); var report = await client.GetReport(AppRunTimeDetails.Build(version)); Assert.Equal(isVulnerable, report.IsVulnerable); }
public async Task <Report> GetReport(AppRunTimeDetails appRunTimeDetails) { var channel = await _client.GetChannel(appRunTimeDetails.AppRuntimeVersion); if (channel == null) { return(new Report { AppRuntimeDetails = appRunTimeDetails, Details = $"Running on unknown runtime {appRunTimeDetails.AppRuntimeVersion}. Not able to check for security patches." }); } var securityRelease = channel?.Releases.FirstOrDefault(r => r.Security); if (securityRelease == null || securityRelease.RuntimeVersion == appRunTimeDetails.AppRuntimeVersion) { return(new Report { AppRuntimeDetails = appRunTimeDetails, IsVulnerable = false }); } return(new Report { IsVulnerable = true, AppRuntimeDetails = appRunTimeDetails, SecurityRelease = securityRelease }); }
protected override async Task ExecuteAsync(CancellationToken stoppingToken) { var optionsCheckInterval = _options.CheckInterval; var timespan = new TimeSpan(0, 0, 0, 0, optionsCheckInterval); _logger.LogDebug($"Runtime vulnerability check is starting. Check interval: {timespan.ToString()}"); stoppingToken.Register(() => _logger.LogDebug("Vulnerability check is stopping.")); while (!stoppingToken.IsCancellationRequested) { _logger.LogDebug("Running runtime vulnerability check"); var report = await _reportGenerator.GetReport(AppRunTimeDetails.Build()); if (report.IsVulnerable.HasValue && report.IsVulnerable.Value) { _logger.LogWarning("Running on vulnerable runtime {appruntime}. Security release {securityrelease}", report.AppRuntimeDetails.AppRuntimeVersion, report.SecurityRelease.RuntimeVersion); } await Task.Delay(optionsCheckInterval, stoppingToken); } _logger.LogDebug($"GracePeriod background task is stopping."); }
public async Task UnknownRuntimes() { var client = new ReportGenerator(); var report = await client.GetReport(AppRunTimeDetails.Build("abc")); Assert.Null(report.IsVulnerable); Assert.Equal("Running on unknown runtime abc. Not able to check for security patches.", report.Details); }
public async Task InvokeAsync(HttpContext context) { var report = await _client.GetReport(AppRunTimeDetails.Build()); var json = JsonConvert.SerializeObject(report, new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver(), NullValueHandling = NullValueHandling.Ignore }); context.Response.OnStarting(state => { context.Response.ContentType = "application/json"; return(Task.CompletedTask); }, null); await context.Response.WriteAsync(json); }
public async Task InvokeAsync(HttpContext context) { var report = await _client.GetReport(AppRunTimeDetails.Build()); var json = JsonSerializer.Serialize(report, new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, IgnoreNullValues = true, }); context.Response.OnStarting(state => { context.Response.ContentType = "application/json"; return(Task.CompletedTask); }, null); await context.Response.WriteAsync(json); }
public async Task CanGetReportForAllRuntimes() { var httpClient = new ReleaseMetadataHttpClient(); var allChannels = await httpClient.GetAllChannelsAsync(); foreach (var channel in allChannels) { foreach (var release in channel.Releases) { var releaseMetadataClient = new ReleaseMetadataClient(); var client = new ReportGenerator(releaseMetadataClient); if (release.Runtime != null) { var report = await client.GetReport(AppRunTimeDetails.Build(release.Runtime.Version)); Assert.NotNull(report); } } } }