//Get bower packages from reading bower.json public override IEnumerable <Package> GetPackages(params string[] o) { var packages = new List <Package>(); AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); if (json.Properties().Any(j => j.Name == "name") && json.Properties().Any(j => j.Name == "version")) { packages.AddRange(GetDeveloperPackages( json.Properties().First(j => j.Name == "name").Value.ToString(), json.Properties().First(j => j.Name == "version").Value.ToString())); } JObject dependencies = (JObject)json["dependencies"]; JObject dev_dependencies = (JObject)json["devDependencies"]; if (dev_dependencies != null) { packages.AddRange(dev_dependencies.Properties().SelectMany(d => GetDeveloperPackages(d.Name, d.Value.ToString()))); } if (dependencies != null) { packages.AddRange(dependencies.Properties().SelectMany(d => GetDeveloperPackages(d.Name, d.Value.ToString()))); } return(packages); }
//Get packages from reading composer.json public override IEnumerable <OSSIndexQueryObject> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject require = (JObject)json["require"]; JObject require_dev = (JObject)json["require-dev"]; if (require != null) { if (require_dev != null) { return(require.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First())) .Concat(require_dev.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First())))); } else { return(require.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First()))); } } else if (require_dev != null) { return(require_dev.Properties().Select(d => new OSSIndexQueryObject("composer", d.Name.Split('/').Last(), d.Value.ToString(), "", d.Name.Split('/').First()))); } else { this.AuditEnvironment.Warning("{0} file does not contain a require or require_dev element.", config_file.FullName); return(new List <OSSIndexQueryObject>()); } }
public override IEnumerable <Package> GetPackages(params string[] o) ////Get NuGet packages from reading packages.config { AuditFileInfo configfile = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = configfile.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); IEnumerable <Package> packages; if (root.Name.LocalName == "Project") { // dotnet core csproj file packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference") .SelectMany(r => GetDeveloperPackages(r.Attribute("Include").Value, r.Attribute("Version").Value)).ToList(); } else { packages = root .Elements("package") .SelectMany(el => GetDeveloperPackages(el.Attribute("id").Value, el.Attribute("version").Value)); } return(packages); }
protected override string GetVersion() { string core_version = "8.x"; Stopwatch sw = new Stopwatch(); sw.Start(); AuditFileInfo changelog = this.ApplicationFileSystemMap["ChangeLog"] as AuditFileInfo; string[] c = changelog.ReadAsText()?.Split(this.AuditEnvironment.LineTerminator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries); if (c != null && c.Count() > 0) { foreach (string l in c) { if (l.StartsWith("Drupal ")) { core_version = l.Split(',')[0].Substring(7); break; } } } this.Version = core_version; sw.Stop(); this.VersionInitialised = true; this.AuditEnvironment.Success("Got Drupal 8 version {0} in {1} ms.", this.Version, sw.ElapsedMilliseconds); Package core = this.ModulePackages["core"].Where(p => p.Name == "drupal_core").First(); core.Version = this.Version; return(this.Version); }
public override IEnumerable <Package> GetPackages(params string[] o) ////Get NuGet packages from reading packages.config { try { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); IEnumerable <Package> packages = from el in root.Elements("package") select new Package("nuget", el.Attribute("id").Value, el.Attribute("version").Value, ""); return(packages); } catch (XmlException e) { throw new Exception("XML exception thrown parsing file: " + this.PackageManagerConfigurationFile, e); } catch (Exception e) { throw new Exception("Unknown exception thrown attempting to get packages from file: " + this.PackageManagerConfigurationFile, e); } }
public override IEnumerable <Package> GetPackages(params string[] o) { List <Package> packages = new List <Package>(); AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject dependencies = (JObject)json["dependencies"]; JObject dev_dependencies = (JObject)json["devDependencies"]; JObject peer_dependencies = (JObject)json["peerDependencies"]; JObject optional_dependencies = (JObject)json["optionalDependencies"]; JObject bundled_dependencies = (JObject)json["bundledDependencies"]; if (dependencies != null) { packages.AddRange(dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } if (dev_dependencies != null) { packages.AddRange(dev_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } if (peer_dependencies != null) { packages.AddRange(peer_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } if (optional_dependencies != null) { packages.AddRange(optional_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } if (bundled_dependencies != null) { packages.AddRange(bundled_dependencies.Properties().Select(d => new Package("npm", d.Name, d.Value.ToString(), ""))); } return(packages); }
protected int GetDefaultConfigurationRules() { this.AuditEnvironment.Info("Loading default configuration rules for {0} application.", this.ApplicationLabel); Stopwatch sw = new Stopwatch(); sw.Start(); AuditFileInfo rules_file = this.HostEnvironment.ConstructFile(Path.Combine(this.DevAuditDirectory, "Rules", this.ApplicationId + "." + "yml")); if (!rules_file.Exists) { throw new Exception(string.Format("The default rules file {0} does not exist.", rules_file.FullName)); } Deserializer yaml_deserializer = new Deserializer(namingConvention: new CamelCaseNamingConvention(), ignoreUnmatched: true); Dictionary <string, List <ConfigurationRule> > rules; rules = yaml_deserializer.Deserialize <Dictionary <string, List <ConfigurationRule> > >(new StringReader(rules_file.ReadAsText())); if (rules == null) { sw.Stop(); throw new Exception(string.Format("Parsing the default rules file {0} returned null.", rules_file.FullName)); } if (rules.ContainsKey(this.ApplicationId + "_default")) { rules.Remove(this.ApplicationId + "_default"); } foreach (KeyValuePair <string, List <ConfigurationRule> > kv in rules) { this.AddConfigurationRules(kv.Key, kv.Value); } sw.Stop(); this.AuditEnvironment.Info("Got {0} default configuration rule(s) for {1} module(s) from {2}.yml in {3} ms.", rules.Sum(kv => kv.Value.Count()), rules.Keys.Count, this.ApplicationId, sw.ElapsedMilliseconds); return(rules.Count); }
public Drupal8ModuleCodeProject(Dictionary <string, object> project_options, EventHandler <EnvironmentEventArgs> message_handler) : base(project_options, message_handler, "Drupal8Module") { AuditFileInfo wf = this.AuditEnvironment.ConstructFile(this.CombinePath("@", this.ProjectName + ".info" + ".yml")); if (!wf.Exists) { throw new ArgumentException(string.Format("The Drupal 8 module file {0} does not exist.", wf.FullName), "project_options"); } else { this.WorkspaceFilePath = this.ProjectName + ".info" + ".yml"; } }
public List <VulnerableCredentialStorage> GetVulnerableCredentialStorage() { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JSONConfig json_config = new JSONConfig(config_file); if (!json_config.ParseSucceded) { this.AuditEnvironment.Error("Could not parse JSON from {0}.", json_config.FullFilePath); if (json_config.LastParseException != null) { this.AuditEnvironment.Error(json_config.LastParseException); } if (json_config.LastIOException != null) { this.AuditEnvironment.Error(json_config.LastIOException); } return(null); } this.AuditEnvironment.Status("Scanning for git credential storage candidates in {0}", config_file.FullName); IEnumerable <XElement> candidate_elements = from e in json_config.XmlConfiguration.Root.Descendants() //where e.Value.Trim().StartsWith("git+https") || e.Value.Trim().StartsWith("git") || e.Value.Trim().StartsWith("https") where e.Elements().Count() == 0 && Utility.CalculateEntropy(e.Value) > 4.5 select e; if (candidate_elements != null && candidate_elements.Count() > 0) { this.CredentialStorageCandidates = new List <VulnerableCredentialStorage>(); foreach (XElement e in candidate_elements) { this.CredentialStorageCandidates.Add(new VulnerableCredentialStorage { File = config_file.FullName, Contents = json_config, Location = e.AncestorsAndSelf().Reverse().Select(a => a.Name.LocalName).Aggregate((a1, a2) => a1 + "/" + a2) .Replace("Container/", string.Empty), Entropy = Utility.CalculateEntropy(e.Value), Value = e.Value }); } this.AuditEnvironment.Success("Found {0} credential storage candidates.", this.CredentialStorageCandidates.Count); return(this.CredentialStorageCandidates); } else { this.AuditEnvironment.Info("No credential storage candidates found."); return(null); } #endregion }
protected override void DetectConfigurationFile(Dictionary <PlatformID, string[]> default_configuration_file_path) { bool set_config_from_process_cmdline = false; bool set_config_from_env = false; if (this.AuditEnvironment.IsUnix) { List <ProcessInfo> processes = this.AuditEnvironment.GetAllRunningProcesses(); if (processes != null && processes.Any(p => p.CommandLine.Contains("postgres") && p.CommandLine.Contains("config_file"))) { ProcessInfo process = processes.Where(p => p.CommandLine.Contains("postgres") && p.CommandLine.Contains("config_file")).First(); Match m = Regex.Match(process.CommandLine, @"config_file=(\S+)"); if (m.Success) { string f = m.Groups[1].Value; AuditFileInfo cf = this.AuditEnvironment.ConstructFile(f); if (cf.Exists) { this.AuditEnvironment.Success("Auto-detected {0} server configuration file at {1}.", this.ApplicationLabel, cf.FullName); this.ApplicationFileSystemMap.Add("ConfigurationFile", cf); set_config_from_process_cmdline = true; } else { this.AuditEnvironment.Warning("The configuration file specified on the mysqld command line {0} does not exist.", cf.FullName); } } } if (!set_config_from_process_cmdline) { Dictionary <string, string> env = this.AuditEnvironment.GetEnvironmentVars(); if (env != null) { if (env.ContainsKey("PGDATA")) { AuditFileInfo cf = this.AuditEnvironment.ConstructFile(this.CombinePath(env["PGDATA"], "postgresql.conf")); if (cf.Exists) { this.AuditEnvironment.Success("Auto-detected {0} server configuration file at {1}.", this.ApplicationLabel, cf.FullName); this.ApplicationFileSystemMap.Add("ConfigurationFile", cf); set_config_from_env = true; } } if (!(set_config_from_process_cmdline || set_config_from_env)) { base.DetectConfigurationFile(default_configuration_file_path); } } } } }
public CodeProject(Dictionary <string, object> project_options, EventHandler <EnvironmentEventArgs> message_handler, Dictionary <string, string[]> default_file_location_paths, string analyzer_type) : base(project_options, message_handler) { CallerInformation here = this.AuditEnvironment.Here(); this.CodeProjectOptions = project_options; this.DefaultFileLocationPaths = default_file_location_paths; if (this.CodeProjectOptions.ContainsKey("RootDirectory")) { if (!this.AuditEnvironment.DirectoryExists((string)this.CodeProjectOptions["RootDirectory"])) { throw new ArgumentException(string.Format("The root directory {0} was not found.", CodeProjectOptions["RootDirectory"]), "package_source_options"); } else { this.CodeProjectFileSystemMap.Add("RootDirectory", this.AuditEnvironment.ConstructDirectory((string)CodeProjectOptions["RootDirectory"])); } } else { throw new ArgumentException(string.Format("The root application directory was not specified."), "application_options"); } if (this.CodeProjectOptions.ContainsKey("ProjectName")) { this.ProjectName = (string)CodeProjectOptions["ProjectName"]; } if (this.CodeProjectOptions.ContainsKey("File")) { string fn = (string)this.CodeProjectOptions["File"]; if (!fn.StartsWith("@")) { throw new ArgumentException("The workspace file parameter must be relative to the root directory for this audit target.", "project_options"); } AuditFileInfo wf = this.AuditEnvironment.ConstructFile(this.CombinePath("@", fn.Substring(1))); if (wf.Exists) { this.WorkspaceFilePath = wf.FullName; } else { throw new ArgumentException(string.Format("The workspace file {0} was not found.", wf.FullName), "project_options"); } } this.AnalyzerType = analyzer_type; if (this.CodeProjectOptions.ContainsKey("ListCodeProjectAnalyzers")) { this.ListCodeProjectAnalyzers = true; } }
public AuditProfile(AuditEnvironment env, AuditFileInfo pf) { this.AuditEnvironment = env; this.ProfileFile = pf; this.AuditEnvironment.Info("Using profile file {0}.", pf.FullName); Deserializer yaml_deserializer = new Deserializer(namingConvention: new CamelCaseNamingConvention(), ignoreUnmatched: true); try { this.Rules = yaml_deserializer.Deserialize <List <AuditProfileRule> >(new StringReader(this.ProfileFile.ReadAsText())); AuditEnvironment.Info("Loaded {0} rule(s) from audit profile.", this.Rules.Count); } catch (Exception e) { this.AuditEnvironment.Error(e, "Error occurred reading audit profile from {0}.", this.ProfileFile.FullName); } }
//Get bower packages from reading bower.json public override IEnumerable <OSSIndexQueryObject> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject dependencies = (JObject)json["dependencies"]; JObject dev_dependencies = (JObject)json["devDependencies"]; if (dev_dependencies != null) { return(dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), "")) .Concat(dev_dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), "")))); } else { return(dependencies.Properties().Select(d => new OSSIndexQueryObject("bower", d.Name, d.Value.ToString(), ""))); } }
public override IEnumerable <Package> GetPackages(params string[] o) { try { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); IEnumerable <Package> packages; if (root.Name == "Project") { // dotnet core csproj file packages = root.Descendants().Where(x => x.Name == "PackageReference").Select(r => new Package("nuget", r.Attribute("Include").Value, r.Attribute("Version").Value)).ToList(); } else { packages = from el in root.Elements("package") select new Package("nuget", el.Attribute("id").Value, el.Attribute("version").Value, ""); } return(packages); } catch (XmlException e) { throw new Exception("XML exception thrown parsing file: " + this.PackageManagerConfigurationFile, e); } catch (Exception e) { throw new Exception("Unknown exception thrown attempting to get packages from file: " + this.PackageManagerConfigurationFile, e); } }
public override IEnumerable <Package> GetPackages(params string[] o) { List <Package> packages = new List <Package>(); AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject dependencies = (JObject)json["dependencies"]; JObject dev_dependencies = (JObject)json["devDependencies"]; JObject peer_dependencies = (JObject)json["peerDependencies"]; JObject optional_dependencies = (JObject)json["optionalDependencies"]; JObject bundled_dependencies = (JObject)json["bundledDependencies"]; if (dependencies != null) { packages.AddRange(dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (dev_dependencies != null) { packages.AddRange(dev_dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (peer_dependencies != null) { packages.AddRange(peer_dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (optional_dependencies != null) { packages.AddRange(optional_dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (bundled_dependencies != null) { packages.AddRange(bundled_dependencies.Properties() .SelectMany(d => GetDeveloperPackages(d.Name.Replace("@", ""), d.Value.ToString()))); } if (!string.IsNullOrEmpty(this.PackageSourceLockFile)) { this.GetPackageManagerLockFilePackages(packages); } return(packages); }
protected override IConfiguration GetConfiguration() { PostgreSQL pgsql = new PostgreSQL(this.ConfigurationFile, this.AlpheusEnvironment); if (pgsql.ParseSucceded) { this.Configuration = pgsql; this.ConfigurationInitialised = true; this.AuditEnvironment.Success(this.ConfigurationStatistics); if (this.AuditEnvironment.OS.Platform == PlatformID.Unix) { string auto_file_path = this.FindServerFile(this.CombinePath("@", "var", "lib", "*sql", "*", "postgresql.auto.conf")).FirstOrDefault(); if (!string.IsNullOrEmpty(auto_file_path)) { AuditFileInfo auto_config_file = this.AuditEnvironment.ConstructFile(auto_file_path); this.AuditEnvironment.Info("Found PostgreSQL server auto configuration file {0}.", auto_config_file.FullName); PostgreSQL auto_pgsql = new PostgreSQL(auto_config_file); if (auto_pgsql.ParseSucceded) { pgsql.XmlConfiguration.Root.Element("Values").Add(auto_pgsql.XmlConfiguration.Root.Element("Values").Descendants()); this.AuditEnvironment.Success("Merged configuration from {0}.", auto_pgsql.FullFilePath); } } } this.Configuration.XmlConfiguration.Root.Add(new XAttribute("Version", this.Version)); } else { this.AuditEnvironment.Error("Could not parse configuration from {0}.", pgsql.FullFilePath); if (pgsql.LastParseException != null) { this.AuditEnvironment.Error(pgsql.LastParseException); } if (pgsql.LastIOException != null) { this.AuditEnvironment.Error(pgsql.LastIOException); } this.Configuration = null; this.ConfigurationInitialised = false; } return(this.Configuration); }
protected override void DetectServerBinaryFile(Dictionary <PlatformID, string[]> autodetect_binary_file_path) { bool set_binary_from_process_cmdline = false; List <ProcessInfo> processes = this.AuditEnvironment.GetAllRunningProcesses(); if (processes != null && processes.Any(p => p.CommandLine == "postgres")) { string f = WhichServerFile("postgres"); if (!string.IsNullOrEmpty(f)) { AuditFileInfo ab = this.AuditEnvironment.ConstructFile(f); if (ab.Exists) { this.ApplicationBinary = ab; this.AuditEnvironment.Success("Auto-detected PostgreSQL binary at {0}.", this.ApplicationBinary.FullName); set_binary_from_process_cmdline = true; } } } if (!set_binary_from_process_cmdline) { base.DetectServerBinaryFile(autodetect_binary_file_path); } }
public override IEnumerable <Package> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); List <Package> packages = new List <Package>(); var isSnlSolution = config_file.Name.EndsWith(".sln"); var isCsProj = config_file.Name.EndsWith(".csproj"); var isBuildTargets = config_file.Name.EndsWith(".Build.targets"); var isDepsJson = config_file.Name.EndsWith(".deps.json"); if (isSnlSolution) { var Content = File.ReadAllText(this.PackageManagerConfigurationFile); Regex projReg = new Regex("Project\\(\"\\{[\\w-]*\\}\"\\) = \"([\\w _]*.*)\", \"(.*\\.(cs|vcx|vb)proj)\"", RegexOptions.Compiled); var matches = projReg.Matches(Content).Cast <Match>(); var Projects = matches.Select(x => x.Groups[2].Value).ToList(); for (int i = 0; i < Projects.Count; ++i) { if (!Path.IsPathRooted(Projects[i])) { Projects[i] = Path.Combine(Path.GetDirectoryName(this.PackageManagerConfigurationFile), Projects[i]); } Projects[i] = Path.GetFullPath(Projects[i]); } foreach (var project in Projects) { var tmpProject = GetPackagesFromProjectFile(project, true); if (tmpProject.Count != 0) { this.AuditEnvironment.Info($"Found {tmpProject.Count} packages in {project}"); foreach (var tmpPacket in tmpProject) { if (!packages.Contains(tmpPacket)) { packages.Add(tmpPacket); } } } } return(packages); } if (isCsProj || isBuildTargets) { return(GetPackagesFromProjectFile(this.PackageManagerConfigurationFile, isCsProj)); } if (isDepsJson) { try { this.AuditEnvironment.Info("Reading packages from .NET Core dependencies manifest.."); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject libraries = (JObject)json["libraries"]; if (libraries != null) { foreach (JProperty p in libraries.Properties()) { string[] name = p.Name.Split('/'); // Packages with version 0.0.0.0 can show up if the are part of .net framework. // Checking this version number is quite useless and might give a false positive. if (name[1] != "0.0.0.0") { packages.Add(new Package("nuget", name[0], name[1])); } } } return(packages); } catch (Exception e) { this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName); return(packages); } } this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName); return(packages); }
private List <Package> GetPackagesFromProjectFile(string filename, bool isCsProj) { List <Package> packages = new List <Package>(); AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(filename); var fileType = isCsProj ? ".csproj" : "build targets"; this.AuditEnvironment.Info($"Reading packages from .NET Core C# {fileType} file."); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); var package = isCsProj ? "Include" : "Update"; if (root.Name.LocalName == "Project") { packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") != null) .SelectMany(r => GetDeveloperPackages(r.Attribute(package).Value, r.Attribute("Version").Value)) .ToList(); IEnumerable <string> skipped_packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") == null) .Select(r => r.Attribute(package).Value); if (skipped_packages.Count() > 0) { this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(), skipped_packages.Aggregate((s1, s2) => s1 + "," + s2)); } var helper = new NuGetApiHelper(this.AuditEnvironment, config_file.DirectoryName); var nuGetFrameworks = helper.GetFrameworks(root); if (!nuGetFrameworks.Any()) { AuditEnvironment.Warning("Scanning from project file found 0 packages, checking for packages.config file. "); nuGetFrameworks = helper.GetFrameworks(); } if (!nuGetFrameworks.Any()) { AuditEnvironment.Warning("Scanning NuGet transitive dependencies failed because no target framework is found in {0}...", config_file.Name); } foreach (var framework in nuGetFrameworks) { AuditEnvironment.Info("Scanning NuGet transitive dependencies for {0}...", framework.GetFrameworkString()); var deps = helper.GetPackageDependencies(packages, framework); Task.WaitAll(deps); packages = helper.AddPackageDependencies(deps.Result, packages); } return(packages); } else { this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName); return(packages); } }
public override IEnumerable <Package> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); List <Package> packages = new List <Package>(); var isCsProj = config_file.Name.EndsWith(".csproj"); var isBuildTargets = config_file.Name.EndsWith(".Build.targets"); var isDepsJson = config_file.Name.EndsWith(".deps.json"); if (isCsProj || isBuildTargets) { var fileType = isCsProj ? ".csproj" : "build targets"; this.AuditEnvironment.Info($"Reading packages from .NET Core C# {fileType} file."); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); var package = isCsProj ? "Include" : "Update"; if (root.Name.LocalName == "Project") { packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") != null) .SelectMany(r => GetDeveloperPackages(r.Attribute(package).Value, r.Attribute("Version").Value)) .ToList(); IEnumerable <string> skipped_packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute(package) != null && x.Attribute("Version") == null) .Select(r => r.Attribute(package).Value); if (skipped_packages.Count() > 0) { this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(), skipped_packages.Aggregate((s1, s2) => s1 + "," + s2)); } var helper = new NuGetApiHelper(this.AuditEnvironment, config_file.DirectoryName); var nuGetFrameworks = helper.GetFrameworks(root); if (!nuGetFrameworks.Any()) { AuditEnvironment.Warning("Scanning NuGet transitive dependencies failed because no target framework is found in {0}...", config_file.Name); } foreach (var framework in nuGetFrameworks) { AuditEnvironment.Info("Scanning NuGet transitive dependencies for {0}...", framework.GetFrameworkString()); var deps = helper.GetPackageDependencies(packages, framework); Task.WaitAll(deps); packages = helper.AddPackageDependencies(deps.Result, packages); } return(packages); } else { this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName); return(packages); } } if (isDepsJson) { try { this.AuditEnvironment.Info("Reading packages from .NET Core dependencies manifest.."); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject libraries = (JObject)json["libraries"]; if (libraries != null) { foreach (JProperty p in libraries.Properties()) { string[] name = p.Name.Split('/'); // Packages with version 0.0.0.0 can show up if the are part of .net framework. // Checking this version number is quite useless and might give a false positive. if (name[1] != "0.0.0.0") { packages.Add(new Package("nuget", name[0], name[1])); } } } return(packages); } catch (Exception e) { this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName); return(packages); } } this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName); return(packages); }
public AuditTarget(Dictionary <string, object> audit_options, EventHandler <EnvironmentEventArgs> controller_message_handler = null) { if (ReferenceEquals(audit_options, null)) { throw new ArgumentNullException("audit_options"); } this.AuditOptions = audit_options; #region Setup host environment if (this.AuditOptions.ContainsKey("HostEnvironment")) { this.HostEnvironment = (LocalEnvironment)this.AuditOptions["HostEnvironment"]; this.HostEnvironmentInitialised = true; } else { this.ControllerMessage = controller_message_handler; this.HostEnvironmentMessage = AuditTarget_HostEnvironmentMessageHandler; this.HostEnvironment = new LocalEnvironment(this.HostEnvironmentMessage); this.HostEnvironment.ScriptEnvironment.MessageHandler += this.AuditTarget_ScriptEnvironmentMessageHandler; if (this.AuditOptions.ContainsKey("Dockerized")) { this.HostEnvironment.IsDockerContainer = true; } this.HostEnvironmentInitialised = true; } #endregion #region Setup audit environment if (this.AuditOptions.ContainsKey("AuditEnvironment")) { this.AuditEnvironment = (AuditEnvironment)this.AuditOptions["AuditEnvironment"]; this.AuditEnvironmentIntialised = true; } else { if (this.AuditOptions.Keys.Contains("DockerContainer") && !this.AuditOptions.Keys.Contains("RemoteHost")) { DockerAuditEnvironment docker_environment = new DockerAuditEnvironment(this.HostEnvironmentMessage, (string)this.AuditOptions["DockerContainer"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); if (string.IsNullOrEmpty(docker_environment.Container)) { this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise audit environment."); } else if (!docker_environment.ContainerRunning) { this.AuditEnvironmentIntialised = false; throw new Exception("The Docker container is not currently running and DevAudit does not know how to run your container. Ensure your container is running before attempting to" + "audit it."); } else { this.AuditEnvironment = docker_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } } else if (this.AuditOptions.Keys.Contains("DockerContainer") && this.AuditOptions.Keys.Contains("RemoteHost")) { SshDockerAuditEnvironment ssh_environment = null; if (this.AuditOptions.Keys.Contains("RemoteUser") && this.AuditOptions.Keys.Contains("RemoteKeyFile")) { if (this.AuditOptions.Keys.Contains("RemoteKeyPassPhrase")) { ssh_environment = new SshDockerAuditEnvironment(this.HostEnvironmentMessage, "ssh", (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], this.AuditOptions["RemoteKeyPassPhrase"], (string)this.AuditOptions["RemoteKeyFile"], (string)this.AuditOptions["DockerContainer"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } else { ssh_environment = new SshDockerAuditEnvironment(this.HostEnvironmentMessage, "ssh", (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], null, (string)this.AuditOptions["RemoteKeyFile"], (string)this.AuditOptions["DockerContainer"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } } else if (this.AuditOptions.Keys.Contains("RemoteUser") && this.AuditOptions.Keys.Contains("RemotePass")) { ssh_environment = new SshDockerAuditEnvironment(this.HostEnvironmentMessage, "ssh", (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], this.AuditOptions["RemotePass"], null, (string)this.AuditOptions["DockerContainer"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } else { throw new Exception("Unknown remote host authentication options."); } if (ssh_environment.IsConnected) { if (string.IsNullOrEmpty(ssh_environment.Container)) { this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise audit environment."); } else if (!ssh_environment.ContainerRunning) { this.AuditEnvironmentIntialised = false; throw new Exception("The Docker container is not currently running and DevAudit does not know how to run your container. Ensure your container is running before attempting to" + "audit it."); } else { this.AuditEnvironment = ssh_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } } else { ssh_environment = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise SSH Docker audit environment."); } } else if (this.AuditOptions.Keys.Contains("RemoteHost")) { string client; SshAuditEnvironment ssh_environment = null; if (this.HostEnvironment.OS.Platform == PlatformID.Win32NT) { client = this.AuditOptions.Keys.Contains("WindowsUsePlink") ? "plink" : this.AuditOptions.Keys.Contains("WindowsUsePlink") ? "openssh" : "ssh"; } else { client = "ssh"; } if (this.AuditOptions.Keys.Contains("RemoteUser") && this.AuditOptions.Keys.Contains("RemoteKeyFile")) { if (this.AuditOptions.Keys.Contains("RemoteKeyPassPhrase")) { ssh_environment = new SshAuditEnvironment(this.HostEnvironmentMessage, client, (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], this.AuditOptions["RemoteKeyPassPhrase"], (string)this.AuditOptions["RemoteKeyFile"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } else { ssh_environment = new SshAuditEnvironment(this.HostEnvironmentMessage, client, (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], null, (string)this.AuditOptions["RemoteKeyFile"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } } else if (this.AuditOptions.Keys.Contains("RemoteUser") && this.AuditOptions.Keys.Contains("RemotePass")) { ssh_environment = new SshAuditEnvironment(this.HostEnvironmentMessage, client, (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], this.AuditOptions["RemotePass"], null, new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } else { throw new Exception("Unknown remote host authentication options."); } if (ssh_environment.IsConnected) { this.AuditEnvironment = ssh_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } else { ssh_environment = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise SSH audit environment."); } } else if (this.AuditOptions.Keys.Contains("WinRmRemoteIp") || this.AuditOptions.Keys.Contains("WinRmRemoteHost")) { if (!this.AuditOptions.Keys.Contains("RemoteUser") || !this.AuditOptions.Keys.Contains("RemotePass")) { throw new Exception("A remote user and password must be specified."); } WinRmAuditEnvironment winrm; if (this.AuditOptions.Keys.Contains("WinRmRemoteIp")) { winrm = new WinRmAuditEnvironment(this.HostEnvironmentMessage, this.AuditOptions["WinRmRemoteIp"] as IPAddress, (string)this.AuditOptions["RemoteUser"], (SecureString)this.AuditOptions["RemotePass"], this.HostEnvironment); if (winrm.IsConnected) { this.AuditEnvironment = winrm; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } else { winrm = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise WinRM audit environment."); } } else { winrm = new WinRmAuditEnvironment(this.HostEnvironmentMessage, (string)this.AuditOptions["WinRmRemoteHost"], (string)this.AuditOptions["RemoteUser"], (SecureString)this.AuditOptions["RemotePass"], this.HostEnvironment); } } else if (this.AuditOptions.Keys.Contains("RemoteUser") || this.AuditOptions.Keys.Contains("RemotePass")) { throw new Exception("A remote host name must be specified."); } else if (this.AuditOptions.ContainsKey("Dockerized")) { this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment = new DockerizedLocalEnvironment(this.AuditEnvironmentMessage); this.AuditEnvironmentIntialised = true; } else if (this.AuditOptions.ContainsKey("GitHubRepoName")) { if (!this.AuditOptions.ContainsKey("GitHubRepoOwner") || !this.AuditOptions.ContainsKey("GitHubRepoBranch")) { throw new ArgumentException("A required audit option for the GitHub environment is missing."); } string user_api_token = string.Empty; if (this.AuditOptions.ContainsKey("GitHubToken")) { user_api_token = (string)this.AuditOptions["GitHubToken"]; } GitHubAuditEnvironment github_environment = new GitHubAuditEnvironment(this.HostEnvironmentMessage, user_api_token, (string)this.AuditOptions["GitHubRepoOwner"], (string)this.AuditOptions["GitHubRepoName"], (string)this.AuditOptions["GitHubRepoBranch"], this.HostEnvironment); if (github_environment.RepositoryInitialised) { this.AuditEnvironment = github_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } else { github_environment = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise GitHub audit environment."); } } else if (this.AuditOptions.ContainsKey("GitLabRepoName")) { string api_token = string.Empty; if (!this.AuditOptions.ContainsKey("GitLabRepoUrl") || !this.AuditOptions.ContainsKey("GitLabRepoName") || !this.AuditOptions.ContainsKey("GitLabRepoBranch")) { throw new ArgumentException("A required audit option for the GitLab environment is missing."); } GitLabAuditEnvironment GitLab_environment = new GitLabAuditEnvironment(this.HostEnvironmentMessage, api_token, (string)this.AuditOptions["GitLabRepoUrl"], (string)this.AuditOptions["GitLabRepoName"], (string)this.AuditOptions["GitLabRepoBranch"], this.HostEnvironment); if (GitLab_environment.RepositoryInitialised) { this.AuditEnvironment = GitLab_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } else { GitLab_environment = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise audit environment."); } } else { this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment = new LocalEnvironment(this.AuditEnvironmentMessage); this.AuditEnvironmentIntialised = true; } if (this.AuditOptions.ContainsKey("Profile")) { AuditFileInfo pf = this.AuditEnvironment.ConstructFile((string)this.AuditOptions["Profile"]); if (pf.Exists) { this.AuditProfile = new AuditProfile(this.AuditEnvironment, pf); } else { this.AuditEnvironment.Warning("The profile file {0} does not exist. No audit profile will be used.", pf.FullName); } } if (this.AuditEnvironment is IOperatingSystemEnvironment) { this.AuditEnvironment.GetOSName(); this.AuditEnvironment.GetOSVersion(); if (this.AuditOptions.ContainsKey("OSName")) { this.AuditEnvironment.OSName = (string)this.AuditOptions["OSName"]; this.AuditEnvironment.Info("Overriding audit environment OS name to {0}.", this.AuditEnvironment.OSName); } if (this.AuditOptions.ContainsKey("OSVersion")) { this.AuditEnvironment.OSVersion = (string)this.AuditOptions["OSVersion"]; this.AuditEnvironment.Info("Overriding audit environment OS version to {0}.", this.AuditEnvironment.OSVersion); } } } #endregion #region Setup data source options if (this.AuditOptions.ContainsKey("NoCache")) { this.DataSourceOptions.Add("NoCache", true); } if (this.AuditOptions.ContainsKey("DeleteCache")) { this.DataSourceOptions.Add("DeleteCache", true); } if (this.AuditOptions.ContainsKey("HttpsProxy")) { DataSourceOptions.Add("HttpsProxy", (Uri)this.AuditOptions["HttpsProxy"]); } if (this.AuditOptions.ContainsKey("IgnoreHttpsCertErrors")) { this.DataSourceOptions.Add("IgnoreHttpsCertErrors", true); } if (this.AuditOptions.ContainsKey("ApiUser")) { this.DataSourceOptions.Add("ApiUser", this.AuditOptions["ApiUser"]); } else if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("API_USER"))) { this.DataSourceOptions.Add("ApiUser", Environment.GetEnvironmentVariable("API_USER")); } if (this.AuditOptions.ContainsKey("ApiToken")) { this.DataSourceOptions.Add("ApiToken", this.AuditOptions["ApiToken"]); } else if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("API_TOKEN"))) { this.DataSourceOptions.Add("ApiToken", Environment.GetEnvironmentVariable("API_TOKEN")); } if (this.AuditOptions.ContainsKey("WithOSSI")) { this.DataSources.Add(new OSSIndexApiv3DataSource(this, DataSourceOptions)); } if (this.AuditOptions.ContainsKey("WithVulners")) { this.DataSources.Add(new VulnersDataSource(this, DataSourceOptions)); } #endregion #region Setup audit profile if (this.AuditEnvironment.FileExists("devaudit.yml")) { this.AuditProfile = new AuditProfile(this.AuditEnvironment, this.AuditEnvironment.ConstructFile("devaudit.yml")); } #endregion }
public void GetPackageManagerLockFilePackages(List <Package> packages) { int origCount = packages.Count; AuditFileInfo f = this.AuditEnvironment.ConstructFile(this.PackageSourceLockFile); string text = f.ReadAsText(); string[] lines = text.Split(new[] { "\n" }, StringSplitOptions.None); bool insideDeps = false; List <string> deps = new List <string>(); for (int i = 0; i < lines.Length; i++) { string line = lines[i]; if (!insideDeps && line.Trim().StartsWith("dependencies:")) { insideDeps = true; continue; } else if (insideDeps && string.IsNullOrEmpty(line.Trim()) || line.Trim() == "optionalDependencies:") { insideDeps = false; continue; } else if (insideDeps) { deps.Add(line); } else { continue; } } foreach (var d in deps) { var m = dRegEx.Match(d); if (m.Success) { string n = m.Groups[1].Value.Replace("@", "").Trim(); string v = m.Groups[2].Value.Trim(); var depPackages = GetDeveloperPackages(n, v); foreach (var package in depPackages) { if (!packages.Any(p => p.Name == package.Name && p.Version == package.Version)) { packages.Add(package); } } } else { this.AuditEnvironment.Error("Could not parse lock file dependency line {0}. Skipping.", d.Trim()); } } //var m = l.Matches(text); if (packages.Count > origCount) { this.AuditEnvironment.Info("Added {0} package dependencies from Yarn lock file {1}.", packages.Count - origCount, this.PackageSourceLockFile); } }
public NetFxCodeProject(Dictionary <string, object> project_options, Dictionary <string, string[]> default_file_location_paths, string analyzer_type, EventHandler <EnvironmentEventArgs> message_handler) : base(project_options, message_handler, default_file_location_paths, analyzer_type) { this.message_handler = message_handler; if (this.CodeProjectOptions.ContainsKey("ProjectFile")) { string pf = (string)CodeProjectOptions["ProjectFile"]; if (!pf.StartsWith("@")) { throw new ArgumentException("ProjectFile option must be relative to root directory and start with the @ char.", "project_options"); } AuditFileInfo wf = this.AuditEnvironment.ConstructFile(this.CombinePath(pf)); if (wf.Exists) { this.WorkspaceFilePath = pf; this.CodeProjectFileSystemMap["RootDirectory"] = this.AuditEnvironment.ConstructDirectory(wf.Directory.FullName); } else { throw new ArgumentException(string.Format("Could not find the MSBuild project file at {0}.", wf.FullName), "project_options"); } } else if (this.CodeProjectOptions.ContainsKey("ProjectName")) { string fn_1 = this.CombinePath("@", (string)this.CodeProjectOptions["ProjectName"]); //CodeProjectName/CodeProjectName.xxx //string fn_2 = this.CombinePath("src", (string)this.CodeProjectOptions["CodeProjectName"], (string)this.CodeProjectOptions["CodeProjectName"]); //CodeProjectName/src/CodeProjectName.xxx AuditFileInfo wf_11 = this.AuditEnvironment.ConstructFile(fn_1 + ".csproj"); AuditFileInfo wf_12 = this.AuditEnvironment.ConstructFile(fn_1 + ".xproj"); //AuditFileInfo wf_21 = this.AuditEnvironment.ConstructFile(fn_2 + ".csproj"); //AuditFileInfo wf_22 = this.AuditEnvironment.ConstructFile(fn_2 + ".xproj"); if (wf_11.Exists) { this.WorkspaceFilePath = "@" + (string)this.CodeProjectOptions["ProjectName"] + ".csproj"; this.CodeProjectFileSystemMap["RootDirectory"] = this.AuditEnvironment.ConstructDirectory(wf_11.Directory.FullName); } else if (wf_12.Exists) { this.WorkspaceFilePath = "@" + (string)this.CodeProjectOptions["ProjectName"] + ".xproj"; this.CodeProjectFileSystemMap["RootDirectory"] = this.AuditEnvironment.ConstructDirectory(wf_12.Directory.FullName); } /* * else if (wf_22.Exists) * { * this.WorkspaceFilePath = this.CombinePath("src", (string)this.CodeProjectOptions["CodeProjectName"], (string)this.CodeProjectOptions["CodeProjectName"]) + ".xproj"; * this.ProjectDirectory = wf_22.Directory as AuditDirectoryInfo; * this.CodeProjectFileSystemMap["RootDirectory"] = wf_22.Directory as AuditDirectoryInfo; * } */ else { throw new ArgumentException(string.Format("No ProjectFile option was specified and could not find the default project file at {0} or {1}.", wf_11.FullName, wf_12.FullName), "project_options"); } } else { throw new ArgumentException("Either the ProjectFile or ProjectName option must be specified.", "project_options"); } this.ProjectDirectory = this.RootDirectory; this.AuditEnvironment.Info("Using MSBuild project file {0}.", this.WorkspaceFilePath); //Ensure CSharp assembly gets pulled into build. var _ = typeof(Microsoft.CodeAnalysis.CSharp.Formatting.CSharpFormattingOptions); if (this.CodeProjectOptions.ContainsKey("PackageSource")) { AuditFileInfo packages_config = this.AuditEnvironment.ConstructFile(this.CombinePath((string)CodeProjectOptions["PackageSource"])); if (packages_config.Exists) { this.AuditEnvironment.Debug("Using NuGet v2 package manager configuration file {0}", packages_config.FullName); this.PackageSource = new NuGetPackageSource(new Dictionary <string, object>(1) { { "File", packages_config.FullName } }, message_handler); this.PackageSourceFile = packages_config; PackageSourceInitialized = true; } else { throw new ArgumentException(string.Format("Could not find the NuGet v2 package source file at {0}.", packages_config.FullName), "project_options"); } } else { AuditFileInfo packages_config = this.AuditEnvironment.ConstructFile(this.CombinePath("@packages.config")); if (packages_config.Exists) { this.AuditEnvironment.Debug("Using NuGet v2 package manager configuration file {0}", packages_config.FullName); this.PackageSource = new NuGetPackageSource(new Dictionary <string, object>(1) { { "File", packages_config.FullName } }, message_handler); this.PackageSourceFile = packages_config; PackageSourceInitialized = true; } else { this.AuditEnvironment.Warning("No PackageSource option was specified and the default NuGet v2 package manager configuration file {0} does not exist.", packages_config.FullName); PackageSourceInitialized = false; } } this.ConfigurationFiles = this.RootDirectory.GetFiles("*.config", SearchOption.TopDirectoryOnly).Select(f => f as AuditFileInfo).ToList(); if (this.CodeProjectOptions.ContainsKey("AppConfig")) { AuditFileInfo cf = this.AuditEnvironment.ConstructFile(this.CombinePath((string)this.CodeProjectOptions["AppConfig"])); if (!cf.Exists) { throw new ArgumentException(string.Format("The .NET application configuration file {0} does not exist.", cf.FullName)); } else { this.AppConfigurationFile = cf; this.AuditEnvironment.Info("Using .NET application configuration file {0}.", cf.FullName); } } else { AuditFileInfo cf = this.AuditEnvironment.ConstructFile(this.CombinePath(this.DefaultFileLocationPaths["AppConfig"])); if (!cf.Exists) { this.AuditEnvironment.Warning("The .NET application configuration file was not specified and the default file was not found."); } else { this.AppConfigurationFile = cf; this.AuditEnvironment.Info("Using default .NET application configuration file {0}.", cf.FullName); } } if (this.AppConfigurationFile != null) { this.GetApplication(); } }
public PackageSource(Dictionary <string, object> package_source_options, EventHandler <EnvironmentEventArgs> message_handler) : base(package_source_options, message_handler) { this.PackageSourceOptions = this.AuditOptions; if (this.PackageSourceOptions.ContainsKey("File")) { this.PackageManagerConfigurationFile = (string)this.PackageSourceOptions["File"]; if (!this.AuditEnvironment.FileExists(this.PackageManagerConfigurationFile)) { throw new ArgumentException("Could not find the file " + this.PackageManagerConfigurationFile + ".", "package_source_options"); } } else if (!this.PackageSourceOptions.ContainsKey("File") && this.DefaultPackageManagerConfigurationFile != string.Empty) { if (this.AuditEnvironment.FileExists(this.DefaultPackageManagerConfigurationFile)) { this.AuditEnvironment.Info("Using default {0} package manager configuration file {1}", this.PackageManagerLabel, this.DefaultPackageManagerConfigurationFile); this.PackageManagerConfigurationFile = this.DefaultPackageManagerConfigurationFile; } else { throw new ArgumentException(string.Format("No file option was specified and the default {0} package manager configuration file {1} was not found.", this.PackageManagerLabel, this.DefaultPackageManagerConfigurationFile)); } } if (!string.IsNullOrEmpty(this.PackageManagerConfigurationFile)) { AuditFileInfo cf = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); AuditDirectoryInfo d = this.AuditEnvironment.ConstructDirectory(cf.DirectoryName); IFileInfo[] pf; if ((pf = d.GetFiles("devaudit.yml")) != null) { this.AuditProfile = new AuditProfile(this.AuditEnvironment, this.AuditEnvironment.ConstructFile(pf.First().FullName)); } } if (this.PackageSourceOptions.ContainsKey("ListPackages")) { this.ListPackages = true; } if (this.PackageSourceOptions.ContainsKey("ListArtifacts")) { this.ListArtifacts = true; } if (this.PackageSourceOptions.ContainsKey("SkipPackagesAudit")) { this.SkipPackagesAudit = true; } if (this.PackageSourceOptions.ContainsKey("WithPackageInfo")) { this.WithPackageInfo = true; } if (this.PackageSourceOptions.ContainsKey("HttpsProxy")) { if (this.AuditOptions.ContainsKey("HttpsProxy")) { DataSourceOptions.Add("HttpsProxy", (Uri)this.PackageSourceOptions["HttpsProxy"]); } } string[] ossi_pms = { "bower", "composer", "choco", "msi", "nuget", "oneget", "yarn" }; if (this.DataSources.Count == 0 && ossi_pms.Contains(this.PackageManagerId)) { this.HostEnvironment.Info("Using OSS Index as default package vulnerabilities data source for {0} package source.", this.PackageManagerLabel); this.DataSources.Add(new OSSIndexDataSource(this, this.DataSourceOptions)); } }
public NetFx4Application(Dictionary <string, object> application_options, Dictionary <string, string[]> required_files, Dictionary <string, string[]> required_directories, string analyzer_type, EventHandler <EnvironmentEventArgs> message_handler) : base(application_options, required_files, required_directories, analyzer_type, message_handler) { if (!this.SkipPackagesAudit) { if (application_options.ContainsKey("PackageSource")) { application_options.Add("File", this.CombinePath((string)application_options["PackageSource"])); this.NugetPackageSource = new NuGetPackageSource(application_options, message_handler); this.PackageSourceInitialized = true; this.AuditEnvironment.Info("Using NuGet v2 package manager configuration file {0}", (string)application_options["PackageSource"]); } else if (application_options.ContainsKey("File")) { application_options.Add("File", this.CombinePath((string)application_options["File"])); this.NugetPackageSource = new NuGetPackageSource(application_options, message_handler); this.PackageSourceInitialized = true; this.AuditEnvironment.Info("Using NuGet v2 package manager configuration file {0}", (string)application_options["File"]); } else { AuditFileInfo packages_config = this.AuditEnvironment.ConstructFile(this.CombinePath("@packages.config")); if (packages_config.Exists) { application_options.Add("File", packages_config.FullName); this.NugetPackageSource = new NuGetPackageSource(application_options, message_handler); this.PackageSourceInitialized = true; this.AuditEnvironment.Info("Using NuGet v2 package manager configuration file {0}", packages_config.FullName); } else { this.AuditEnvironment.Warning("The default NuGet v2 package manager configuration file {0} does not exist and no PackageSource parameter was specified.", packages_config.FullName); PackageSourceInitialized = false; } } } AuditFileInfo cf; if (this.ApplicationFileSystemMap.ContainsKey("AppConfig")) { this.AppConfig = this.ApplicationFileSystemMap["AppConfig"] as AuditFileInfo; this.AuditEnvironment.Info("Using {0} configuration file {1}.", this.ApplicationLabel, this.AppConfig.FullName); } else if (application_options.ContainsKey("AppConfig")) { cf = this.AuditEnvironment.ConstructFile(this.CombinePath((string)application_options["AppConfig"])); if (cf.Exists) { this.AppConfig = cf; this.AuditEnvironment.Info("Using {0} configuration file {1}.", this.ApplicationLabel, this.AppConfig.FullName); } else { throw new ArgumentException(string.Format("The configuration file {0} does not exist.", cf.FullName), "application_options"); } } else if (application_options.ContainsKey("ConfigurationFile")) { cf = this.AuditEnvironment.ConstructFile(this.CombinePath((string)application_options["ConfigurationFile"])); if (cf.Exists) { this.AppConfig = cf; this.AuditEnvironment.Info("Using {0} configuration file {1}.", this.ApplicationLabel, this.AppConfig.FullName); } else { throw new ArgumentException(string.Format("The configuration file {0} does not exist.", cf.FullName), "application_options"); } } else if (this.AuditEnvironment.FileExists(this.CombinePath("@App.config"))) { cf = this.AuditEnvironment.ConstructFile(this.CombinePath(("@App.config"))); this.AppConfig = cf; this.AuditEnvironment.Info("Using {0} configuration file {1}.", this.ApplicationLabel, this.AppConfig.FullName); } else if (this.ApplicationBinary != null) { cf = this.AuditEnvironment.ConstructFile(this.ApplicationBinary.FullName + ".config"); if (!cf.Exists) { this.AuditEnvironment.Warning("The default .NET application configuration file {0} does not exist and no AppConfig parameter was specified.", cf.FullName); } else { this.AppConfig = cf; this.AuditEnvironment.Info("Using {0} configuration file {1}.", this.ApplicationLabel, this.AppConfig.FullName); } } else { this.AuditEnvironment.Warning("The default .NET application configuration file could not be determined and no AppConfig parameter was specified."); } if (this.PackageSourceInitialized && this.DataSources.Count == 0) { // this.DataSources.Add(new OSSIndexDataSource(this, this.DataSourceOptions)); this.DataSources.Add(new OSSIndexApiv3DataSource(this, DataSourceOptions)); } }
public AuditTarget(Dictionary <string, object> audit_options, EventHandler <EnvironmentEventArgs> controller_message_handler = null) { if (ReferenceEquals(audit_options, null)) { throw new ArgumentNullException("audit_options"); } this.AuditOptions = audit_options; this.ControllerMessage = controller_message_handler; this.HostEnvironmentMessage = AuditTarget_HostEnvironmentMessageHandler; this.HostEnvironment = new LocalEnvironment(this.HostEnvironmentMessage); this.HostEnvironment.ScriptEnvironment.MessageHandler += this.AuditTarget_ScriptEnvironmentMessageHandler; if (this.AuditOptions.ContainsKey("Dockerized")) { this.HostEnvironment.IsDockerContainer = true; } this.HostEnvironmentInitialised = true; if (this.AuditOptions.Keys.Contains("DockerContainer")) { DockerAuditEnvironment docker_environment = new DockerAuditEnvironment(this.HostEnvironmentMessage, (string)this.AuditOptions["DockerContainer"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); if (string.IsNullOrEmpty(docker_environment.Container)) { this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise audit environment."); } else if (!docker_environment.ContainerRunning) { this.AuditEnvironmentIntialised = false; throw new Exception("The Docker container is not currently running and DevAudit does not know how to run your container. Ensure your container is running before attempting to" + "audit it."); } else { this.AuditEnvironment = docker_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } } else if (this.AuditOptions.Keys.Contains("RemoteHost")) { string client; SshAuditEnvironment ssh_environment = null; if (this.HostEnvironment.OS.Platform == PlatformID.Win32NT) { client = this.AuditOptions.Keys.Contains("WindowsUsePlink") ? "plink" : this.AuditOptions.Keys.Contains("WindowsUsePlink") ? "openssh" : "ssh"; } else { client = "ssh"; } if (this.AuditOptions.Keys.Contains("RemoteUser") && this.AuditOptions.Keys.Contains("RemoteKeyFile")) { if (this.AuditOptions.Keys.Contains("RemoteKeyPassPhrase")) { ssh_environment = new SshAuditEnvironment(this.HostEnvironmentMessage, client, (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], this.AuditOptions["RemoteKeyPassPhrase"], (string)this.AuditOptions["RemoteKeyFile"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } else { ssh_environment = new SshAuditEnvironment(this.HostEnvironmentMessage, client, (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], null, (string)this.AuditOptions["RemoteKeyFile"], new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } } else if (this.AuditOptions.Keys.Contains("RemoteUser") && this.AuditOptions.Keys.Contains("RemotePass")) { ssh_environment = new SshAuditEnvironment(this.HostEnvironmentMessage, client, (string)this.AuditOptions["RemoteHost"], (int)this.AuditOptions["RemoteSshPort"], (string)this.AuditOptions["RemoteUser"], this.AuditOptions["RemotePass"], null, new OperatingSystem(PlatformID.Unix, new Version(0, 0)), this.HostEnvironment); } else { throw new Exception("Unknown remote host authentication options."); } if (ssh_environment.IsConnected) { this.AuditEnvironment = ssh_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } else { ssh_environment = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise SSH audit environment."); } } else if (this.AuditOptions.Keys.Contains("WinRmRemoteIp") || this.AuditOptions.Keys.Contains("WinRmRemoteHost")) { if (!this.AuditOptions.Keys.Contains("RemoteUser") || !this.AuditOptions.Keys.Contains("RemotePass")) { throw new Exception("A remote user and password must be specified."); } WinRmAuditEnvironment winrm; if (this.AuditOptions.Keys.Contains("WinRmRemoteIp")) { winrm = new WinRmAuditEnvironment(this.HostEnvironmentMessage, this.AuditOptions["WinRmRemoteIp"] as IPAddress, (string)this.AuditOptions["RemoteUser"], (SecureString)this.AuditOptions["RemotePass"], this.HostEnvironment); if (winrm.IsConnected) { this.AuditEnvironment = winrm; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } else { winrm = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise WinRM audit environment."); } } else { winrm = new WinRmAuditEnvironment(this.HostEnvironmentMessage, (string)this.AuditOptions["WinRmRemoteHost"], (string)this.AuditOptions["RemoteUser"], (SecureString)this.AuditOptions["RemotePass"], this.HostEnvironment); } } else if (this.AuditOptions.Keys.Contains("RemoteUser") || this.AuditOptions.Keys.Contains("RemotePass")) { throw new Exception("A remote host name must be specified."); } else if (this.AuditOptions.ContainsKey("Dockerized")) { this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment = new DockerizedLocalEnvironment(this.AuditEnvironmentMessage); this.AuditEnvironmentIntialised = true; } else if (this.AuditOptions.ContainsKey("GitHubRepoName")) { if (!this.AuditOptions.ContainsKey("GitHubRepoOwner") || !this.AuditOptions.ContainsKey("GitHubRepoBranch")) { throw new ArgumentException("A required audit option for the GitHub environment is missing."); } string user_api_token = string.Empty; if (this.AuditOptions.ContainsKey("GitHubToken")) { user_api_token = (string)this.AuditOptions["GitHubToken"]; } GitHubAuditEnvironment github_environment = new GitHubAuditEnvironment(this.HostEnvironmentMessage, user_api_token, (string)this.AuditOptions["GitHubRepoOwner"], (string)this.AuditOptions["GitHubRepoName"], (string)this.AuditOptions["GitHubRepoBranch"], this.HostEnvironment); if (github_environment.RepositoryInitialised) { this.AuditEnvironment = github_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } else { github_environment = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise GitHub audit environment."); } } else if (this.AuditOptions.ContainsKey("GitLabRepoName")) { string api_token = string.Empty; if (!this.AuditOptions.ContainsKey("GitLabRepoUrl") || !this.AuditOptions.ContainsKey("GitLabRepoName") || !this.AuditOptions.ContainsKey("GitLabRepoBranch")) { throw new ArgumentException("A required audit option for the GitLab environment is missing."); } GitLabAuditEnvironment GitLab_environment = new GitLabAuditEnvironment(this.HostEnvironmentMessage, api_token, (string)this.AuditOptions["GitLabRepoUrl"], (string)this.AuditOptions["GitLabRepoName"], (string)this.AuditOptions["GitLabRepoBranch"], this.HostEnvironment); if (GitLab_environment.RepositoryInitialised) { this.AuditEnvironment = GitLab_environment; this.AuditEnvironmentIntialised = true; this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment.MessageHandler -= HostEnvironmentMessage; this.AuditEnvironment.MessageHandler += this.AuditEnvironmentMessage; } else { GitLab_environment = null; this.AuditEnvironmentIntialised = false; throw new Exception("Failed to initialise audit environment."); } } else { this.AuditEnvironmentMessage = AuditTarget_AuditEnvironmentMessageHandler; this.AuditEnvironment = new LocalEnvironment(this.AuditEnvironmentMessage); this.AuditEnvironmentIntialised = true; } if (this.AuditOptions.ContainsKey("Profile")) { AuditFileInfo pf = this.AuditEnvironment.ConstructFile((string)this.AuditOptions["Profile"]); if (pf.Exists) { this.AuditProfile = new AuditProfile(this.AuditEnvironment, pf); } else { this.AuditEnvironment.Warning("The profile file {0} does not exist. No audit profile will be used.", pf.FullName); } } }
public Application(Dictionary <string, object> application_options, Dictionary <string, string[]> RequiredFileLocationPaths, Dictionary <string, string[]> RequiredDirectoryLocationPaths, EventHandler <EnvironmentEventArgs> message_handler) : base(application_options, message_handler) { this.ApplicationOptions = application_options; if (this.ApplicationOptions.ContainsKey("RootDirectory")) { if (!this.AuditEnvironment.DirectoryExists((string)this.ApplicationOptions["RootDirectory"])) { throw new ArgumentException(string.Format("The root directory {0} was not found.", this.ApplicationOptions["RootDirectory"]), "package_source_options"); } else { this.ApplicationFileSystemMap.Add("RootDirectory", this.AuditEnvironment.ConstructDirectory((string)this.ApplicationOptions["RootDirectory"])); } } else { this.ApplicationFileSystemMap.Add("RootDirectory", this.AuditEnvironment.ConstructDirectory(this.AuditEnvironment.PathSeparator)); } this.RequiredFileLocations = RequiredFileLocationPaths.Select(kv => new KeyValuePair <string, string>(kv.Key, this.CombinePath(kv.Value))).ToDictionary(x => x.Key, x => x.Value); this.RequiredDirectoryLocations = RequiredDirectoryLocationPaths.Select(kv => new KeyValuePair <string, string>(kv.Key, this.CombinePath(kv.Value))).ToDictionary(x => x.Key, x => x.Value); foreach (KeyValuePair <string, string> f in RequiredFileLocations) { if (!this.ApplicationOptions.ContainsKey(f.Key)) { if (string.IsNullOrEmpty(f.Value)) { throw new ArgumentException(string.Format("The required application file {0} was not specified and no default path exists.", f), "application_options"); } else { string fn = CombinePath(f.Value); if (!this.AuditEnvironment.FileExists(fn)) { throw new ArgumentException(string.Format("The default path {0} for required application file {1} does not exist.", fn, f.Key), "application_options"); } else { this.ApplicationFileSystemMap.Add(f.Key, this.AuditEnvironment.ConstructFile(fn)); } } } else { string fn = CombinePath((string)ApplicationOptions[f.Key]); if (!this.AuditEnvironment.FileExists(fn)) { throw new ArgumentException(string.Format("The required application file {0} was not found.", f), "application_options"); } else { this.ApplicationFileSystemMap.Add(f.Key, this.AuditEnvironment.ConstructFile(fn)); } } } foreach (KeyValuePair <string, string> d in RequiredDirectoryLocations) { string dn = CombinePath(d.Value); if (!this.ApplicationOptions.ContainsKey(d.Key)) { if (string.IsNullOrEmpty(d.Value)) { throw new ArgumentException(string.Format("The required application directory {0} was not specified and no default path exists.", d.Key), "application_options"); } else { if (!this.AuditEnvironment.DirectoryExists(dn)) { throw new ArgumentException(string.Format("The default path {0} for required application directory {1} does not exist.", dn, d.Key), "application_options"); } else { this.ApplicationFileSystemMap.Add(d.Key, this.AuditEnvironment.ConstructDirectory(dn)); } } } else { dn = CombinePath((string)ApplicationOptions[d.Key]); if (!this.AuditEnvironment.DirectoryExists(dn)) { throw new ArgumentException(string.Format("The required application directory {0} was not found.", dn), "application_options"); } else { this.ApplicationFileSystemMap.Add(d.Key, this.AuditEnvironment.ConstructDirectory(dn)); } } } if (this.ApplicationOptions.ContainsKey("ApplicationBinary")) { string fn = CombinePath((string)this.ApplicationOptions["ApplicationBinary"]); if (!this.AuditEnvironment.FileExists(fn)) { throw new ArgumentException(string.Format("The specified application binary {0} does not exist.", fn), "application_options"); } else { this.ApplicationBinary = this.AuditEnvironment.ConstructFile(fn); } } if (this.AuditProfile == null) { AuditFileInfo pf = this.AuditEnvironment.ConstructFile(this.CombinePath("@devaudit.yml")); if (pf.Exists) { this.AuditProfile = new AuditProfile(this.AuditEnvironment, pf); } } if (this.ApplicationOptions.ContainsKey("PrintConfiguration")) { this.PrintConfiguration = true; } if (this.ApplicationOptions.ContainsKey("ListConfigurationRules")) { this.ListConfigurationRules = true; } if (this.ApplicationOptions.ContainsKey("OnlyLocalRules")) { this.OnlyLocalRules = true; } if ((this.ApplicationOptions.ContainsKey("AppDevMode"))) { this.AppDevMode = true; } if ((this.ApplicationOptions.ContainsKey("OSUser"))) { this.OSUser = (string)this.ApplicationOptions["OSUser"]; } if ((this.ApplicationOptions.ContainsKey("OSPass"))) { this.OSPass = this.AuditEnvironment.ToSecureString((string)this.ApplicationOptions["OSPass"]); } if ((this.ApplicationOptions.ContainsKey("AppUser"))) { this.AppUser = (string)this.ApplicationOptions["AppUser"]; } if ((this.ApplicationOptions.ContainsKey("AppPass"))) { this.AppPass = this.AuditEnvironment.ToSecureString((string)this.ApplicationOptions["AppPass"]); } string[] ossi_apps = { "drupal", "ossi" }; if (this.DataSources.Count == 0 && ossi_apps.Contains(this.PackageManagerId)) { this.HostEnvironment.Info("Using OSS Index as default package vulnerabilities data source for {0} application.", this.PackageManagerLabel); this.DataSources.Add(new OSSIndexDataSource(this, this.DataSourceOptions)); } }
public Application(Dictionary <string, object> application_options, Dictionary <string, string[]> RequiredFileLocationPaths, Dictionary <string, string[]> RequiredDirectoryLocationPaths, EventHandler <EnvironmentEventArgs> message_handler) : base(application_options, message_handler) { this.ApplicationOptions = application_options; if (this.ApplicationOptions.ContainsKey("RootDirectory")) { if (!this.AuditEnvironment.DirectoryExists((string)this.ApplicationOptions["RootDirectory"])) { throw new ArgumentException(string.Format("The root directory {0} was not found.", this.ApplicationOptions["RootDirectory"]), "package_source_options"); } else { this.ApplicationFileSystemMap.Add("RootDirectory", this.AuditEnvironment.ConstructDirectory((string)this.ApplicationOptions["RootDirectory"])); } } else { //throw new ArgumentException(string.Format("The root application directory was not specified."), "application_options"); this.ApplicationFileSystemMap.Add("RootDirectory", this.AuditEnvironment.ConstructDirectory(this.AuditEnvironment.PathSeparator)); } this.RequiredFileLocations = RequiredFileLocationPaths.Select(kv => new KeyValuePair <string, string>(kv.Key, this.CombinePath(kv.Value))).ToDictionary(x => x.Key, x => x.Value); this.RequiredDirectoryLocations = RequiredDirectoryLocationPaths.Select(kv => new KeyValuePair <string, string>(kv.Key, this.CombinePath(kv.Value))).ToDictionary(x => x.Key, x => x.Value); foreach (KeyValuePair <string, string> f in RequiredFileLocations) { if (!this.ApplicationOptions.ContainsKey(f.Key)) { if (string.IsNullOrEmpty(f.Value)) { throw new ArgumentException(string.Format("The required application file {0} was not specified and no default path exists.", f), "application_options"); } else { string fn = CombinePath(f.Value); if (!this.AuditEnvironment.FileExists(fn)) { throw new ArgumentException(string.Format("The default path {0} for required application file {1} does not exist.", fn, f.Key), "application_options"); } else { this.ApplicationFileSystemMap.Add(f.Key, this.AuditEnvironment.ConstructFile(fn)); } } } else { string fn = CombinePath((string)ApplicationOptions[f.Key]); if (!this.AuditEnvironment.FileExists(fn)) { throw new ArgumentException(string.Format("The required application file {0} was not found.", f), "application_options"); } else { this.ApplicationFileSystemMap.Add(f.Key, this.AuditEnvironment.ConstructFile(fn)); } } } foreach (KeyValuePair <string, string> d in RequiredDirectoryLocations) { string dn = CombinePath(d.Value); if (!this.ApplicationOptions.ContainsKey(d.Key)) { if (string.IsNullOrEmpty(d.Value)) { throw new ArgumentException(string.Format("The required application directory {0} was not specified and no default path exists.", d.Key), "application_options"); } else { if (!this.AuditEnvironment.DirectoryExists(dn)) { throw new ArgumentException(string.Format("The default path {0} for required application directory {1} does not exist.", dn, d.Key), "application_options"); } else { this.ApplicationFileSystemMap.Add(d.Key, this.AuditEnvironment.ConstructDirectory(dn)); } } } else { dn = CombinePath((string)ApplicationOptions[d.Key]); if (!this.AuditEnvironment.DirectoryExists(dn)) { throw new ArgumentException(string.Format("The required application directory {0} was not found.", dn), "application_options"); } else { this.ApplicationFileSystemMap.Add(d.Key, this.AuditEnvironment.ConstructDirectory(dn)); } } } if (this.ApplicationOptions.ContainsKey("ApplicationBinary")) { string fn = CombinePath((string)this.ApplicationOptions["ApplicationBinary"]); if (!this.AuditEnvironment.FileExists(fn)) { throw new ArgumentException(string.Format("The specified application binary {0} does not exist.", fn), "application_options"); } else { this.ApplicationBinary = this.AuditEnvironment.ConstructFile(fn); } } if (this.AuditProfile == null) { AuditFileInfo pf = this.AuditEnvironment.ConstructFile(".devaudit"); if (pf.Exists) { this.AuditProfile = new AuditProfile(this.AuditEnvironment, pf); } } if (this.ApplicationOptions.ContainsKey("PrintConfiguration")) { this.PrintConfiguration = true; } if (this.ApplicationOptions.ContainsKey("ListConfigurationRules")) { this.ListConfigurationRules = true; } if (this.ApplicationOptions.ContainsKey("OnlyLocalRules")) { this.OnlyLocalRules = true; } if ((this.ApplicationOptions.ContainsKey("AppDevMode"))) { this.AppDevMode = true; } }
public override IEnumerable <Package> GetPackages(params string[] o) { AuditFileInfo config_file = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile); List <Package> packages = new List <Package>(); if (config_file.Name.EndsWith(".csproj")) { this.AuditEnvironment.Info("Reading packages from .NET Core C# .csproj file."); string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble()); string xml = config_file.ReadAsText(); if (xml.StartsWith(_byteOrderMarkUtf8, StringComparison.Ordinal)) { var lastIndexOfUtf8 = _byteOrderMarkUtf8.Length; xml = xml.Remove(0, lastIndexOfUtf8); } XElement root = XElement.Parse(xml); if (root.Name.LocalName == "Project") { packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute("Include") != null && x.Attribute("Version") != null) .SelectMany(r => GetDeveloperPackages(r.Attribute("Include").Value, r.Attribute("Version").Value)) .ToList(); IEnumerable <string> skipped_packages = root .Descendants() .Where(x => x.Name.LocalName == "PackageReference" && x.Attribute("Include") != null && x.Attribute("Version") == null) .Select(r => r.Attribute("Include").Value); if (skipped_packages.Count() > 0) { this.AuditEnvironment.Warning("{0} package(s) do not have a version specified and will not be audited: {1}.", skipped_packages.Count(), skipped_packages.Aggregate((s1, s2) => s1 + "," + s2)); } return(packages); } else { this.AuditEnvironment.Error("{0} is not a .NET Core format .csproj file.", config_file.FullName); return(packages); } } else if (config_file.Name.EndsWith(".deps.json")) { try { this.AuditEnvironment.Info("Reading packages from .NET Core depedencies manifest.."); JObject json = (JObject)JToken.Parse(config_file.ReadAsText()); JObject libraries = (JObject)json["libraries"]; if (libraries != null) { foreach (JProperty p in libraries.Properties()) { string[] name = p.Name.Split('/'); packages.Add(new Package("nuget", name[0], name[1])); } } return(packages); } catch (Exception e) { this.AuditEnvironment.Error(e, "Error reading .NET Core dependencies manifest {0}.", config_file.FullName); return(packages); } } else { this.AuditEnvironment.Error("Unknown .NET Core project file type: {0}.", config_file.FullName); return(packages); } }
protected override void DetectConfigurationFile(Dictionary <PlatformID, string[]> default_configuration_file_path) { bool set_config_from_process_cmdline = false; bool set_config_from_env = false; bool set_config_from_my_cnf = false; if (this.AuditEnvironment.IsUnix) { List <ProcessInfo> processes = this.AuditEnvironment.GetAllRunningProcesses(); if (processes != null && processes.Any(p => p.CommandLine.Contains("mysqld") && (p.CommandLine.Contains("--user") || p.CommandLine.Contains("--datadir") || p.CommandLine.Contains("--basedir")))) { ProcessInfo process = processes.Where(p => p.CommandLine.Contains("mysqld") && (p.CommandLine.Contains("--user") || p.CommandLine.Contains("--datadir") || p.CommandLine.Contains("--basedir"))).First(); Match m = Regex.Match(process.CommandLine, @"--defaults-file=(\S+)"); if (m.Success) { string f = m.Groups[1].Value; AuditFileInfo cf = this.AuditEnvironment.ConstructFile(f); if (cf.Exists) { this.AuditEnvironment.Success("Auto-detected {0} server configuration file at {1}.", this.ApplicationLabel, cf.FullName); this.ApplicationFileSystemMap.Add("ConfigurationFile", cf); set_config_from_process_cmdline = true; } } } if (!set_config_from_process_cmdline) { Dictionary <string, string> env = this.AuditEnvironment.GetEnvironmentVars(); if (env != null) { if (env.ContainsKey("MY_CNF")) { if (!set_config_from_process_cmdline) { AuditFileInfo cf = this.AuditEnvironment.ConstructFile(env["MY_CNF"]); if (cf.Exists) { this.AuditEnvironment.Success("Auto-detected {0} server configuration file at {1}.", this.ApplicationLabel, cf.FullName); this.ApplicationFileSystemMap.Add("ConfigurationFile", cf); set_config_from_env = true; } } } } } if (!set_config_from_env) { if (this.AuditEnvironment.FileExists(this.CombinePath("@", "etc", "my.cnf"))) { AuditFileInfo cf = this.AuditEnvironment.ConstructFile(this.CombinePath("@", "etc", "my.cnf")); this.AuditEnvironment.Success("Auto-detected {0} server configuration file at {1}.", this.ApplicationLabel, cf.FullName); this.ApplicationFileSystemMap.Add("ConfigurationFile", cf); set_config_from_my_cnf = true; } else if (this.AuditEnvironment.FileExists(this.CombinePath("@", "etc", "my", "my.cnf"))) { AuditFileInfo cf = this.AuditEnvironment.ConstructFile(this.CombinePath("@", "etc", "my", "my.cnf")); this.AuditEnvironment.Success("Auto-detected {0} server configuration file at {1}.", this.ApplicationLabel, cf.FullName); this.ApplicationFileSystemMap.Add("ConfigurationFile", cf); set_config_from_my_cnf = true; } } if (!(set_config_from_process_cmdline || set_config_from_env || set_config_from_my_cnf)) { base.DetectConfigurationFile(default_configuration_file_path); } } }