-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
* Added new packages class * Added initial calculation for outdated packages * Created result object * Updated test to use test repo * Added base cases for 2 other nuget scanners * updated tests * Added sample to test project * fixed tests * added deprecated code * Added vulnerable * Updated paths * Fix to path * updated test name * updated log * update packages * Update backslashes * updated tests * Added new item to post to * Added new get for the controller
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
next-version: 0.18.0 | ||
next-version: 0.19.0 |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
using Newtonsoft.Json; | ||
using RepoGovernance.Core.Models.NuGetPackages; | ||
using System.Diagnostics; | ||
using Process = System.Diagnostics.Process; | ||
|
||
namespace RepoGovernance.Core.Helpers | ||
{ | ||
public class DotNetPackages | ||
{ | ||
public List<NugetPackage> GetNugetPackagesDeprecated(string json) | ||
{ | ||
List<NugetPackage> results = new(); | ||
|
||
//Process the output | ||
Root? root = JsonConvert.DeserializeObject<Root>(json); | ||
if (root != null && root.Projects != null && root.Projects.Count > 0) | ||
{ | ||
foreach (Project project in root.Projects) | ||
{ | ||
if (project.frameworks != null) | ||
{ | ||
foreach (Framework framework in project.frameworks) | ||
{ | ||
foreach (Package package in framework.topLevelPackages) | ||
{ | ||
results.Add(new NugetPackage() | ||
{ | ||
Path = project.path, | ||
Framework = framework.framework, | ||
PackageId = package.id, | ||
PackageVersion = package.requestedVersion, | ||
Type = "Deprecated" | ||
}); | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
return results; | ||
} | ||
|
||
public List<NugetPackage> GetNugetPackagesOutdated(string json) | ||
{ | ||
List<NugetPackage> results = new(); | ||
|
||
//Process the output | ||
Root? root = JsonConvert.DeserializeObject<Root>(json); | ||
if (root != null && root.Projects != null && root.Projects.Count > 0) | ||
{ | ||
foreach (Project project in root.Projects) | ||
{ | ||
if (project.frameworks != null) | ||
{ | ||
foreach (Framework framework in project.frameworks) | ||
{ | ||
foreach (Package package in framework.topLevelPackages) | ||
{ | ||
results.Add(new NugetPackage() | ||
{ | ||
Path = project.path, | ||
Framework = framework.framework, | ||
PackageId = package.id, | ||
PackageVersion = package.latestVersion, | ||
Type = "Outdated" | ||
}); | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
return results; | ||
} | ||
|
||
public List<NugetPackage> GetNugetPackagesVulnerable(string json) | ||
{ | ||
List<NugetPackage> results = new(); | ||
|
||
//Process the output | ||
Root? root = JsonConvert.DeserializeObject<Root>(json); | ||
if (root != null && root.Projects != null && root.Projects.Count > 0) | ||
{ | ||
foreach (Project project in root.Projects) | ||
{ | ||
if (project.frameworks != null) | ||
{ | ||
foreach (Framework framework in project.frameworks) | ||
{ | ||
foreach (Package package in framework.topLevelPackages) | ||
{ | ||
results.Add(new NugetPackage() | ||
{ | ||
Path = project.path, | ||
Framework = framework.framework, | ||
PackageId = package.id, | ||
PackageVersion = package.requestedVersion, | ||
Severity = package.GetFirstVulnerability(), | ||
Type = "Vulnerable" | ||
}); | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
return results; | ||
} | ||
|
||
public string GetProcessOutput(string path, string arguments) | ||
{ | ||
Process process = new(); | ||
ProcessStartInfo startInfo = new() | ||
{ | ||
FileName = "dotnet.exe", | ||
Arguments = arguments, | ||
WorkingDirectory = path, | ||
UseShellExecute = false, | ||
RedirectStandardOutput = true, | ||
}; | ||
process.StartInfo = startInfo; | ||
process.Start(); | ||
return process.StandardOutput.ReadToEnd(); | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
namespace RepoGovernance.Core.Models.NuGetPackages | ||
{ | ||
public class Framework | ||
{ | ||
public string framework { get; set; } | ||
public List<Package> topLevelPackages { get; set; } | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
namespace RepoGovernance.Core.Models.NuGetPackages | ||
{ | ||
public class NugetPackage | ||
{ | ||
public string Path { get; set; } | ||
public string Framework { get; set; } | ||
public string PackageId { get; set; } | ||
public string PackageVersion { get; set; } | ||
public string Severity { get; set; } | ||
public string Type { get; set; } | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
namespace RepoGovernance.Core.Models.NuGetPackages | ||
{ | ||
public class Package | ||
{ | ||
public string id { get; set; } | ||
Check warning on line 5 in src/RepoGovernance.Core/Models/NuGetPackages/Package.cs
|
||
public string requestedVersion { get; set; } | ||
Check warning on line 6 in src/RepoGovernance.Core/Models/NuGetPackages/Package.cs
|
||
public string resolvedVersion { get; set; } | ||
Check warning on line 7 in src/RepoGovernance.Core/Models/NuGetPackages/Package.cs
|
||
public string latestVersion { get; set; } | ||
public string[] deprecationReasons { get; set; } | ||
public List<Vulnerability> vulnerabilities { get; set; } | ||
public string GetFirstVulnerability() | ||
{ | ||
if (vulnerabilities != null && vulnerabilities.Count > 0) | ||
{ | ||
return vulnerabilities[0].severity; | ||
} | ||
return string.Empty; | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
namespace RepoGovernance.Core.Models.NuGetPackages | ||
{ | ||
public class Project | ||
{ | ||
public string path { get; set; } | ||
Check warning on line 5 in src/RepoGovernance.Core/Models/NuGetPackages/Project.cs
|
||
public List<Framework> frameworks { get; set; } | ||
Check warning on line 6 in src/RepoGovernance.Core/Models/NuGetPackages/Project.cs
|
||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
namespace RepoGovernance.Core.Models.NuGetPackages | ||
{ | ||
public class Root | ||
{ | ||
public List<Project> Projects { get; set; } | ||
Check warning on line 5 in src/RepoGovernance.Core/Models/NuGetPackages/Root.cs
|
||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
namespace RepoGovernance.Core.Models.NuGetPackages | ||
{ | ||
public class Vulnerability | ||
{ | ||
public string severity { get; set; } | ||
Check warning on line 5 in src/RepoGovernance.Core/Models/NuGetPackages/Vulnerability.cs
|
||
public string advisoryurl { get; set; } | ||
Check warning on line 6 in src/RepoGovernance.Core/Models/NuGetPackages/Vulnerability.cs
|
||
} | ||
} |