Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NuGetAudit in VisualStudio with packages.config projects does not support configuring audit properties for projects sharing the same name #13466

Open
nkolev92 opened this issue May 29, 2024 · 0 comments
Open

NuGetAudit in VisualStudio with packages.config projects does not support configuring audit properties for projects sharing the same name #13466

nkolev92 opened this issue May 29, 2024 · 0 comments
Labels
Functionality:Restore Priority:1 High priority issues that must be resolved in the current sprint. Product:VS.Client Style:Packages.Config TechDebt Technical debt Type:Bug

Comments

@nkolev92
Copy link
Member

nkolev92 commented May 29, 2024
edited

PackageRestoreData should use the project path instead of the project name when restoring

  • PackageRestoreData is the type that's used to represent a package from any packages.config in a single restore operation.
    It contains the deduplicated id and the list of projects names that are relevant to it.

https://github.com/NuGet/NuGet.Client/blob/dev/src/NuGet.Core/NuGet.PackageManagement/IDE/PackageRestoreData.cs#L11-L13

  • On the CLI, these PackageRestoreData name is the project file.
  • In VS, this tends to be the project name.

In AuditChecker, the PackageRestoreData key is compared to the AuditInfo key:

https://github.com/NuGet/NuGet.Client/blob/2d9dbdb4140df7bccbb1df768c64617b661239ff/src/NuGet.Core/NuGet.PackageManagement/Audit/AuditChecker.cs#L224.

The problem, project path is unique, while project name isn't required to be.

What this means is that long term, we need to switch from using the name, to using the project path.
The challenge is that the PackageRestoreData has a lot of usages.

In order to fix #13465, we had to make an assumption in there with a known limitation, basically meaning that projects with the same name will have the same audit configuration.

The chances of anyone configuring msbuild audit properties differently within the same solution are low, but still a possibility nonetheless.
@nkolev92 nkolev92 mentioned this issue May 29, 2024
Merged
8 tasks
@nkolev92 nkolev92 changed the title PackageRestoreData should use the project path instead of the project name when restoring NuGetAudit in VisualStudio with packages.config projects does not support configuring audit properties for projects sharing the same name May 29, 2024
@nkolev92 nkolev92 mentioned this issue May 29, 2024
Closed
@nkolev92 nkolev92 added the Priority:1 High priority issues that must be resolved in the current sprint. label May 30, 2024
@nkolev92 nkolev92 mentioned this issue May 30, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Functionality:Restore Priority:1 High priority issues that must be resolved in the current sprint. Product:VS.Client Style:Packages.Config TechDebt Technical debt Type:Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nkolev92