public async Task GetComponent_FromCachedNugetHashFile_ReturnsComponentWithHash()
{
var nuspecFileContents = @"<?xml version=""1.0"" encoding=""utf-8""?>
<package xmlns=""http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd"">
<metadata>
<id>testpackage</id>
</metadata>
</package>";
byte[] sampleHash = new byte[] { 1, 2, 3, 4, 5, 6, 78, 125, 200 };
var nugetHashFileContents = Convert.ToBase64String(sampleHash);
var mockFileSystem = new MockFileSystem(new Dictionary <string, MockFileData>
{
{ XFS.Path(@"c:\nugetcache\testpackage\1.0.0\testpackage.nuspec"), new MockFileData(nuspecFileContents) },
{ XFS.Path(@"c:\nugetcache\testpackage\1.0.0\testpackage.1.0.0.nupkg.sha512"), new MockFileData(nugetHashFileContents) },
});
var nugetService = new NugetV3Service(null,
mockFileSystem,
new List <string> {
XFS.Path(@"c:\nugetcache")
},
new Mock <IGithubService>().Object,
new NullLogger(), false);
var component = await nugetService.GetComponentAsync("testpackage", "1.0.0", Component.ComponentScope.Required).ConfigureAwait(false);
Assert.Equal(Hash.HashAlgorithm.SHA_512, component.Hashes[0].Alg);
Assert.Equal(BitConverter.ToString(sampleHash).Replace("-", string.Empty), component.Hashes[0].Content);
}
public async Task GetComponent_FromCachedNuspecFile_ReturnsComponent()
{
var nuspecFileContents = @"<?xml version=""1.0"" encoding=""utf-8""?>
<package xmlns=""http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd"">
<metadata>
<id>testpackage</id>
</metadata>
</package>";
var mockFileSystem = new MockFileSystem(new Dictionary <string, MockFileData>
{
{ XFS.Path(@"c:\nugetcache\testpackage\1.0.0\testpackage.nuspec"), new MockFileData(nuspecFileContents) },
});
var nugetService = new NugetV3Service(null,
mockFileSystem,
new List <string> {
XFS.Path(@"c:\nugetcache")
},
new Mock <IGithubService>().Object,
new NullLogger(), false);
var component = await nugetService.GetComponentAsync("testpackage", "1.0.0", Component.ComponentScope.Required).ConfigureAwait(false);
Assert.Equal("testpackage", component.Name);
}
public async Task GetComponent_FromCachedNugetFile_ReturnsComponentWithHash()
{
var nuspecFileContents = @"<?xml version=""1.0"" encoding=""utf-8""?>
<package xmlns=""http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd"">
<metadata>
<id>testpackage</id>
</metadata>
</package>";
var nugetFileContent = "FooBarBaz";
var mockFileSystem = new MockFileSystem(new Dictionary <string, MockFileData>
{
{ XFS.Path(@"c:\nugetcache\testpackage\1.0.0\testpackage.nuspec"), new MockFileData(nuspecFileContents) },
{ XFS.Path(@"c:\nugetcache\testpackage\1.0.0\testpackage.1.0.0.nupkg"), new MockFileData(nugetFileContent) },
});
var nugetService = new NugetV3Service(null,
mockFileSystem,
new List <string> {
XFS.Path(@"c:\nugetcache")
},
new Mock <IGithubService>().Object,
new NullLogger(), false);
var component = await nugetService.GetComponentAsync("testpackage", "1.0.0", Component.ComponentScope.Required).ConfigureAwait(false);
byte[] hashBytes;
using (SHA512 sha = SHA512.Create())
{
hashBytes = sha.ComputeHash(Encoding.UTF8.GetBytes(nugetFileContent));
}
Assert.Equal(Hash.HashAlgorithm.SHA_512, component.Hashes[0].Alg);
Assert.Equal(BitConverter.ToString(hashBytes).Replace("-", string.Empty), component.Hashes[0].Content);
}
public async Task GetComponentFromNugetOrgReturnsComponent_disableHashComputation_true()
{
var nugetService = new NugetV3Service(null,
new MockFileSystem(),
new List <string> {
XFS.Path(@"c:\nugetcache")
},
new Mock <IGithubService>().Object,
new NullLogger(), true);
var packageName = "Newtonsoft.Json";
var packageVersion = "13.0.1";
var component = await nugetService
.GetComponentAsync("Newtonsoft.Json", packageVersion, Component.ComponentScope.Required)
.ConfigureAwait(false);
Assert.Equal(packageName, component.Name);
Assert.Equal(packageVersion, component.Version);
}
public void GetCachedNuspecFilename_ReturnsFullPath()
{
var mockFileSystem = new MockFileSystem(new Dictionary <string, MockFileData>
{
{ XFS.Path(@"c:\nugetcache1\dummypackage\1.2.3\dummypackage.nuspec"), "" },
{ XFS.Path(@"c:\nugetcache2\testpackage\1.2.3\testpackage.nuspec"), "" },
});
var cachePaths = new List <string>
{
XFS.Path(@"c:\nugetcache1"),
XFS.Path(@"c:\nugetcache2"),
};
var mockGithubService = new Mock <IGithubService>();
var nugetService = new NugetV3Service(null, mockFileSystem, cachePaths, mockGithubService.Object,
new NullLogger(), false);
var nuspecFilename = nugetService.GetCachedNuspecFilename("TestPackage", "1.2.3");
Assert.Equal(XFS.Path(@"c:\nugetcache2\testpackage\1.2.3\testpackage.nuspec"), nuspecFilename);
}
async Task <int> OnExecuteAsync()
{
if (version)
{
Console.WriteLine(Assembly.GetExecutingAssembly().GetName().Version?.ToString());
return(0);
}
Console.WriteLine();
// check parameter values
if (string.IsNullOrEmpty(SolutionOrProjectFile))
{
Console.Error.WriteLine($"A path is required");
return((int)ExitCode.SolutionOrProjectFileParameterMissing);
}
if (string.IsNullOrEmpty(outputDirectory))
{
Console.Error.WriteLine($"The output directory is required");
return((int)ExitCode.OutputDirectoryParameterMissing);
}
if ((string.IsNullOrEmpty(githubUsername) ^ string.IsNullOrEmpty(githubToken)) ||
(string.IsNullOrEmpty(githubUsernameDeprecated) ^ string.IsNullOrEmpty(githubTokenDeprecated)))
{
Console.Error.WriteLine($"Both GitHub username and token are required");
return((int)ExitCode.GitHubParameterMissing);
}
dotnetCommandService.TimeoutMilliseconds = dotnetCommandTimeout;
projectFileService.DisablePackageRestore = disablePackageRestore;
// retrieve nuget package cache paths
var packageCachePathsResult = dotnetUtilsService.GetPackageCachePaths();
if (!packageCachePathsResult.Success)
{
Console.Error.WriteLine("Unable to find local package cache locations...");
Console.Error.WriteLine(packageCachePathsResult.ErrorMessage);
return((int)ExitCode.LocalPackageCacheError);
}
Console.WriteLine("Found the following local nuget package cache locations:");
foreach (var path in packageCachePathsResult.Result)
{
Console.WriteLine($" {path}");
}
// instantiate services
var fileDiscoveryService = new FileDiscoveryService(Program.fileSystem);
GithubService githubService = null;
if (!(disableGithubLicenses || disableGithubLicensesDeprecated))
{
// GitHubService requires its own HttpClient as it adds a default authorization header
if (!string.IsNullOrEmpty(githubBearerToken))
{
githubService = new GithubService(new HttpClient(), githubBearerToken);
}
else if (!string.IsNullOrEmpty(githubBearerTokenDeprecated))
{
githubService = new GithubService(new HttpClient(), githubBearerTokenDeprecated);
}
else if (!string.IsNullOrEmpty(githubUsername))
{
githubService = new GithubService(new HttpClient(), githubUsername, githubToken);
}
else if (!string.IsNullOrEmpty(githubUsernameDeprecated))
{
githubService = new GithubService(new HttpClient(), githubUsernameDeprecated, githubTokenDeprecated);
}
else
{
githubService = new GithubService(new HttpClient());
}
}
var nugetLogger = new NuGet.Common.NullLogger();
var nugetInput =
NugetInputFactory.Create(baseUrl, baseUrlUserName, baseUrlUserPassword, isPasswordClearText);
var nugetService = new NugetV3Service(nugetInput, fileSystem, packageCachePathsResult.Result, githubService, nugetLogger, disableHashComputation);
var packages = new HashSet <NugetPackage>();
// determine what we are analyzing and do the analysis
var fullSolutionOrProjectFilePath = Program.fileSystem.Path.GetFullPath(SolutionOrProjectFile);
var topLevelComponent = new Component
{
// name is set below
Version = string.IsNullOrEmpty(setVersion) ? "0.0.0" : setVersion,
Type = setType == Component.Classification.Null ? Component.Classification.Application : setType,
};
try
{
if (SolutionOrProjectFile.ToLowerInvariant().EndsWith(".sln", StringComparison.OrdinalIgnoreCase))
{
packages = await solutionFileService.GetSolutionNugetPackages(fullSolutionOrProjectFilePath, baseIntermediateOutputPath, excludetestprojects).ConfigureAwait(false);
topLevelComponent.Name = fileSystem.Path.GetFileNameWithoutExtension(SolutionOrProjectFile);
}
else if (Utils.IsSupportedProjectType(SolutionOrProjectFile) && scanProjectReferences)
{
packages = await projectFileService.RecursivelyGetProjectNugetPackagesAsync(fullSolutionOrProjectFilePath, baseIntermediateOutputPath, excludetestprojects).ConfigureAwait(false);
topLevelComponent.Name = fileSystem.Path.GetFileNameWithoutExtension(SolutionOrProjectFile);
}
else if (Utils.IsSupportedProjectType(SolutionOrProjectFile))
{
packages = await projectFileService.GetProjectNugetPackagesAsync(fullSolutionOrProjectFilePath, baseIntermediateOutputPath, excludetestprojects).ConfigureAwait(false);
topLevelComponent.Name = fileSystem.Path.GetFileNameWithoutExtension(SolutionOrProjectFile);
}
else if (Program.fileSystem.Path.GetFileName(SolutionOrProjectFile).ToLowerInvariant().Equals("packages.config", StringComparison.OrdinalIgnoreCase))
{
packages = await packagesFileService.GetNugetPackagesAsync(fullSolutionOrProjectFilePath).ConfigureAwait(false);
topLevelComponent.Name = fileSystem.Path.GetDirectoryName(fullSolutionOrProjectFilePath);
}
else if (fileSystem.Directory.Exists(fullSolutionOrProjectFilePath))
{
packages = await packagesFileService.RecursivelyGetNugetPackagesAsync(fullSolutionOrProjectFilePath).ConfigureAwait(false);
topLevelComponent.Name = fileSystem.Path.GetDirectoryName(fullSolutionOrProjectFilePath);
}
else
{
Console.Error.WriteLine($"Only .sln, .csproj, .vbproj, and packages.config files are supported");
return((int)ExitCode.InvalidOptions);
}
}
catch (DotnetRestoreException)
{
return((int)ExitCode.DotnetRestoreFailed);
}
if (!string.IsNullOrEmpty(setName))
{
topLevelComponent.Name = setName;
}
// get all the components and depdency graph from the NuGet packages
var components = new HashSet <Component>();
var dependencies = new List <Dependency>();
var directDependencies = new Dependency {
Dependencies = new List <Dependency>()
};
var transitiveDependencies = new HashSet <string>();
var packageToComponent = new Dictionary <NugetPackage, Component>();
try
{
var bomRefLookup = new Dictionary <(string, string), string>();
foreach (var package in packages)
{
var component = await nugetService.GetComponentAsync(package).ConfigureAwait(false);
if (component != null &&
(component.Scope != Component.ComponentScope.Excluded || !excludeDev)
)
{
packageToComponent[package] = component;
components.Add(component);
}
bomRefLookup[(component.Name.ToLower(CultureInfo.InvariantCulture), (component.Version.ToLower(CultureInfo.InvariantCulture)))] = component.BomRef;