/// <summary>
/// Validates project dependencies according to their vulnerabilities and licenses.
/// </summary>
/// <param name="packages">List of packages of the project.</param>
/// <param name="policy">Project policy.</param>
/// <returns></returns>
private static async Task <List <Dependency> > ValidateProjectDependencies(List <NuGetPackage> packages, ProjectPolicy policy)
{
List <Dependency> dependencies = new List <Dependency>();
VulnerabilityEvaluationResult[] vulnerabilityEvaluationResult = null;
try
{
vulnerabilityEvaluationResult = await VulnerabilityEvaluation.EvaluatePackage(packages, policy.ApiCacheTime);
}
catch (Exception e)
{
CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch dependencies vulnerabilities: {e.Message}");
vulnerabilitiesFetchError = true;
}
List <License>[] dependenciesLicenses = new List <License> [packages.Count];
int i = 0;
foreach (NuGetPackage package in packages)
{
PackageInfo packageInfo = PackageManager.GetPackageInfo(packagesRootPath, package.Id, package.Version);
string packageDescription = (packageInfo == null) ? "" : packageInfo.Description;
dependencies.Add(new Dependency(package.Id, package.Version, packageDescription, package.Direct, package.Children));
dependenciesLicenses[i] = new List <License>();
// It is not necessary to analyze System libraries license, only vulnerabilities
if (packageInfo != null && (packageInfo.ProjectUrl != "https://dot.net/" || !package.Id.StartsWith("System.")))
{
try
{
dependenciesLicenses[i] = await LicenseManager.TryGetLicenseName(packageInfo, policy.ApiCacheTime);
}
catch (Exception e)
{
CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch {package.Id}.{package.Version} license: {e.Message}");
dependenciesLicenses[i] = new List <License>();
licensesFetchErrors.Add($"{package.Id}.{package.Version}");
}
}
++i;
}
i = 0;
foreach (List <License> licenses in dependenciesLicenses)
{
dependencies[i].Licenses = licenses.Select(license =>
{
license.Valid = !policy.InvalidLicenses.Contains(license.Title);
return(license);
})
.ToList();
if (!vulnerabilitiesFetchError)
{
dependencies[i].VulnerabilitiesCount = vulnerabilityEvaluationResult[i].VulnerabilitiesNumber;
dependencies[i].Vulnerabilities = vulnerabilityEvaluationResult[i].VulnerabilitiesFound;
}
++i;
}
return(dependencies);
}
/// <summary>
/// Validates project dependencies according to their vulnerabilities and licenses.
/// </summary>
/// <param name="packages">List of packages of the project.</param>
/// <param name="policy">Project policy.</param>
/// <returns></returns>
private static async Task <List <Dependency> > ValidateProjectDependencies(List <NuGetPackage> packages, ProjectPolicy policy)
{
List <Dependency> dependencies = new List <Dependency>();
VulnerabilityEvaluationResult[] vulnerabilityEvaluationResult = null;
try
{
vulnerabilityEvaluationResult = await VulnerabilityEvaluation.EvaluatePackage(packages, policy.ApiCacheTime);
}
catch (Exception e)
{
CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch dependencies vulnerabilities: {e.Message}");
vulnerabilitiesFetchError = true;
}
List <License>[] dependenciesLicenses = new List <License> [packages.Count];
int i = 0;
foreach (NuGetPackage package in packages)
{
String packageDir = $"{package.Id}.{package.Version}";
PackageInfo packageInfo = PackageManager.GetPackageInfo(Path.Combine(projectPath, packagesPath, packageDir));
dependencies.Add(new Dependency(packageInfo.Id, packageInfo.Version, packageInfo.Description));
try
{
dependenciesLicenses[i] = await LicenseManager.TryGetLicenseName(packageInfo, policy.ApiCacheTime);
}
catch (Exception e) {
CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch {package.Id}.{package.Version} license: {e.Message}");
dependenciesLicenses[i] = new List <License>();
licensesFetchErrors.Add($"{package.Id}.{package.Version}");
}
++i;
}
i = 0;
foreach (List <License> licenses in dependenciesLicenses)
{
dependencies[i].Licenses = licenses.Select(license =>
{
license.Valid = !policy.InvalidLicenses.Contains(license.Title);
return(license);
})
.ToList();
if (!vulnerabilitiesFetchError)
{
dependencies[i].VulnerabilitiesCount = vulnerabilityEvaluationResult[i].VulnerabilitiesNumber;
dependencies[i].Vulnerabilities = vulnerabilityEvaluationResult[i].VulnerabilitiesFound;
}
++i;
}
return(dependencies);
}
