Skip to content

Commit

Permalink
Correcting Exit Codes
Browse files Browse the repository at this point in the history 
First Pass at correcting Exit code for CI Usage
  • Loading branch information
@digitalcoyote
digitalcoyote committed Feb 27, 2021
1 parent 1f37a81 commit 4f01373
Show file tree
Hide file tree
Showing 8 changed files with 23 additions and 15 deletions.
2 changes: 2 additions & 0 deletions Src/NuGetDefense.sln.DotSettings
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
<wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
<s:Boolean x:Key="/Default/UserDictionary/Words/=pkgs/@EntryIndexedValue">True</s:Boolean></wpf:ResourceDictionary>
4 changes: 2 additions & 2 deletions Src/NuGetDefense/NuGetDefense.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
<PackageId>NuGetDefense.Tool</PackageId>
<PackAsTool>true</PackAsTool>
<ToolCommandName>nugetdefense</ToolCommandName>
<Version>2.1.0-pre0011</Version>
<Version>2.1.0</Version>
</PropertyGroup>
<ItemGroup>
<None Include="icon.png" Pack="true" PackagePath="\" />
Expand All @@ -39,7 +39,7 @@
<PackageReference Include="ByteDev.DotNet" Version="7.1.0" />
<PackageReference Include="NuGet.Versioning" Version="5.8.1" />
<PackageReference Include="NuGetDefense.Core" Version="2.0.1.1" />
<PackageReference Include="NuGetDefense.NVD" Version="2.0.1" />
<PackageReference Include="NuGetDefense.NVD" Version="2.0.3" />
<PackageReference Include="NuGetDefense.OSSIndex" Version="2.0.1" />
<PackageReference Include="Serilog.Sinks.Console" Version="[3.1.1]" />
<PackageReference Include="Serilog.Sinks.File" Version="[4.1.0]" />
Expand Down
2 changes: 1 addition & 1 deletion Src/NuGetDefense/NuGetDefense.nuspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<metadata>
<id>NuGetDefense</id>
<title>NuGetDefense</title>
<version>2.1.0-pre0011</version>
<version>2.1.0</version>
<authors>Curtis Carter</authors>
<owners>Curtis Carter</owners>
<projectUrl>https://digitalcoyote.github.io/NuGetDefense/</projectUrl>
Expand Down
10 changes: 6 additions & 4 deletions Src/NuGetDefense/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,22 +13,24 @@
using NuGet.Versioning;
using NuGetDefense.Configuration;
using NuGetDefense.Core;
using NuGetDefense.OSSIndex;
using NuGetDefense.NVD;
using Serilog;
using static NuGetDefense.UtilityMethods;
using Scanner = NuGetDefense.OSSIndex.Scanner;

namespace NuGetDefense
{
internal static class Program
{
private static readonly string UserAgentString = @$"NuGetDefense/{Version}";

private const string Version = "2.1.0-pre0001";
private const string Version = "2.1.0-pre0012";

private static string _nuGetFile;
private static string _projectFileName;
private static Dictionary<string, NuGetPackage[]> _projects;
private static Settings _settings;
public static int NumberOfVulnerabilities;

/// <summary>
/// args[0] is expected to be the path to the project file.
Expand Down Expand Up @@ -152,7 +154,7 @@ private static int Main(string[] args)
VulnerabilityData.IgnoreCVEs(vulnDict, _settings.ErrorSettings.IgnoredCvEs);

ReportVulnerabilities(vulnDict);
return vulnDict?.Count ?? 0;
return _settings.WarnOnly ? 0 : NumberOfVulnerabilities;
}
catch (Exception e)
{
Expand Down Expand Up @@ -283,7 +285,7 @@ private static void ReportVulnerabilities(Dictionary<string, Dictionary<string,
{
//TODO: Losing the right file somewhere here
vulnReporter.BuildVulnerabilityTextReport(vulnDict, packages, project, _settings.WarnOnly,
_settings.ErrorSettings.Cvss3Threshold);
_settings.ErrorSettings.Cvss3Threshold, out NumberOfVulnerabilities);
if (_settings.VulnerabilityReports.OutputTextReport) Log.Logger.Information(vulnReporter.VulnerabilityTextReport);
foreach (var msBuildMessage in vulnReporter.MsBuildMessages)
{
Expand Down
2 changes: 1 addition & 1 deletion Src/NuGetDefense/UtilityMethods.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

namespace NuGetDefense
{
public class UtilityMethods
public static class UtilityMethods
{
public static void IgnorePackages(in NuGetPackage[] pkgs, NuGetPackage[] ignorePackages, out NuGetPackage[] unIgnoredPackages)
{
Expand Down
11 changes: 7 additions & 4 deletions Src/NuGetDefense/VulnerabilityReporter.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,10 @@ public void BuildVulnerabilityReport(
}
}

public void BuildVulnerabilityTextReport(
Dictionary<string, Dictionary<string, Vulnerability>> vulnerabilityDictionary,
IEnumerable<NuGetPackage> pkgs, string nuGetFile, bool warnOnly, double cvss3Threshold)
public void BuildVulnerabilityTextReport(Dictionary<string, Dictionary<string, Vulnerability>> vulnerabilityDictionary,
IEnumerable<NuGetPackage> pkgs, string nuGetFile, bool warnOnly, double cvss3Threshold, out int numberOfVulns)
{
numberOfVulns = 0;
if (_separateMsBuildMessages) MsBuildMessages = new List<string>();

var logBuilder = new StringBuilder(VulnerabilityTextReport);
Expand All @@ -72,7 +72,8 @@ public void BuildVulnerabilityTextReport(
logBuilder.AppendLine("*************************************");
warnOnly = warnOnly ||
!vulnerabilities.Any(v => v.Value.CvssScore >= cvss3Threshold);


if (!warnOnly) numberOfVulns++;
// TODO: Dependencies will need to be listed by package url when this is used.
var dependantVulnerabilities = pkg.Dependencies.Where(dep => vulnerabilityDictionary.ContainsKey(dep));

Expand All @@ -98,6 +99,7 @@ public void BuildVulnerabilityTextReport(
foreach (var cve in vulnerabilities.Keys)
{
warnOnly = warnOnly || vulnerabilities[cve].CvssScore <= cvss3Threshold && vulnerabilities[cve].CvssScore > -1;
if (!warnOnly) numberOfVulns++;

var vulnMsBuildMessage = MsBuild.Log(nuGetFile, warnOnly ? MsBuild.Category.Warning : MsBuild.Category.Error, cve, pkg.LineNumber, pkg.LinePosition,
$"{vulnerabilities[cve].Description}");
Expand Down Expand Up @@ -126,6 +128,7 @@ public void BuildVulnerabilityTextReport(
{
warnOnly = warnOnly ||
vulnerabilities[cve].CvssScore <= cvss3Threshold;
if (!warnOnly) numberOfVulns++;

var vulnMsBuildMessage = MsBuild.Log(nuGetFile, warnOnly ? MsBuild.Category.Warning : MsBuild.Category.Error, cve, pkg.LineNumber, pkg.LinePosition,
$"{dependancy}: {vulnerabilities[cve].Description}");
Expand Down
4 changes: 2 additions & 2 deletions Src/NuGetDefenseTests/NuGetDefenseTests.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,13 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.8.3" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.9.1" />
<PackageReference Include="xunit" Version="2.4.1" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="coverlet.collector" Version="3.0.2">
<PackageReference Include="coverlet.collector" Version="3.0.3">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
3 changes: 2 additions & 1 deletion Src/NuGetDefenseTests/VulnerabilityReportsTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ public void ReportVulnerabilityWithNullReferences()
var pkgs = new[] {new NuGetPackage {LineNumber = 1, Id = "TestPkg", Version = "1.0.1"}};

var reporter = new VulnerabilityReporter();
reporter.BuildVulnerabilityTextReport(vulnDict, pkgs, "NuGetDefense.dll", false, 0D);
reporter.BuildVulnerabilityTextReport(vulnDict, pkgs, "NuGetDefense.dll", false, 0D, out var vulnNumber);
Assert.Equal(0, vulnNumber);
//TODO: Assert MSBuildMessages and VulnerabilityReport
}

Expand Down

0 comments on commit 4f01373

Please sign in to comment.