Skip to content

Instantly share code, notes, and snippets.

@DiracSpace
Created August 21, 2023 23:27
Show Gist options
  • Save DiracSpace/6ef86a9e044f4a34648f3fadad850d9a to your computer and use it in GitHub Desktop.
Save DiracSpace/6ef86a9e044f4a34648f3fadad850d9a to your computer and use it in GitHub Desktop.
<#
Uses the dotnet tool for determining NuGet package
vulnerabilities inside a project solution by checking all
available csproj files.
#>
function Find-Vulnerabilities {
param (
[Parameter(Mandatory = $false)]
[string] $FilePath,
[Parameter(Mandatory = $false)]
[int] $ThrottleLimit
)
if (!$FilePath) {
$FilePath = (Get-Location).Path
}
if (!$ThrottleLimit) {
$ThrottleLimit = 2
}
$csproj = @(
Get-ChildItem -Path $FilePath -Filter *.csproj -Recurse -File -Name
)
if ($csproj.Length -eq 0) {
Show-Status "No project files found in $projectPath." -isWarning $true
}
Show-Status -Message "Available project files found $($csproj.Length)"
$csproj | ForEach-Object -Parallel {
<#
Show-Status isn't available in separate
script block.
#>
$result = $(dotnet list $_ package --vulnerable --include-transitive --format json | ConvertFrom-Json)
foreach ($project in $result.projects) {
foreach ($framework in $project.frameworks) {
foreach ($package in $framework.transitivePackages) {
Write-Output "Found vulnerable package in $(Split-Path -Path $project.path -Leaf)!"
Write-Output "Package: $($package.id)"
Write-Output "Version to Install: $($package.resolvedVersion)"
foreach ($vuln in $package.vulnerabilities) {
Write-Output "Opening advisory url in browser $($vuln.advisoryurl )"
Start-Process $vuln.advisoryurl
}
}
}
}
} -ThrottleLimit $ThrottleLimit -AsJob | Receive-Job -AutoRemoveJob -Wait
}
Set-Alias -Name checkvuln -Value Find-Vulnerabilities
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment