-
Notifications
You must be signed in to change notification settings - Fork 54
/
Check-CsprojVulnerabilities.ps1
62 lines (53 loc) · 1.61 KB
/
Check-CsprojVulnerabilities.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
param
(
[String[]]
$CsprojFilePath,
[switch]
$PrintReport
)
if (-not $CsprojFilePath)
{
$CsprojFilePath = @(
"$PSScriptRoot/src/Microsoft.Azure.Functions.PowerShellWorker.csproj"
"$PSScriptRoot/test/Unit/Microsoft.Azure.Functions.PowerShellWorker.Test.csproj"
"$PSScriptRoot/test/E2E/Azure.Functions.PowerShellWorker.E2E/Azure.Functions.PowerShellWorker.E2E/Azure.Functions.PowerShellWorker.E2E.csproj"
)
}
$logFilePath = "$PSScriptRoot/build.log"
try
{
foreach ($projectFilePath in $CsprojFilePath)
{
Write-Host "Analyzing '$projectFilePath' for vulnerabilities..."
$projectFolder = Split-Path $projectFilePath
Push-Location $projectFolder
& { dotnet restore $projectFilePath }
& { dotnet list $projectFilePath package --include-transitive --vulnerable } 3>&1 2>&1 > $logFilePath
Pop-Location
# Check and report if vulnerabilities are found
$report = Get-Content $logFilePath -Raw
$result = $report | Select-String "has no vulnerable packages given the current sources"
if ($result)
{
Write-Host "No vulnerabilities found"
}
else
{
$output = [System.Environment]::NewLine + "Vulnerabilities found!"
if ($PrintReport.IsPresent)
{
$output += $report
}
Write-Host $output -ForegroundColor Red
Exit 1
}
Write-Host ""
}
}
finally
{
if (Test-Path $logFilePath)
{
Remove-Item $logFilePath -Force
}
}