Created
August 21, 2023 23:27
-
-
Save DiracSpace/6ef86a9e044f4a34648f3fadad850d9a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Uses the dotnet tool for determining NuGet package | |
vulnerabilities inside a project solution by checking all | |
available csproj files. | |
#> | |
function Find-Vulnerabilities { | |
param ( | |
[Parameter(Mandatory = $false)] | |
[string] $FilePath, | |
[Parameter(Mandatory = $false)] | |
[int] $ThrottleLimit | |
) | |
if (!$FilePath) { | |
$FilePath = (Get-Location).Path | |
} | |
if (!$ThrottleLimit) { | |
$ThrottleLimit = 2 | |
} | |
$csproj = @( | |
Get-ChildItem -Path $FilePath -Filter *.csproj -Recurse -File -Name | |
) | |
if ($csproj.Length -eq 0) { | |
Show-Status "No project files found in $projectPath." -isWarning $true | |
} | |
Show-Status -Message "Available project files found $($csproj.Length)" | |
$csproj | ForEach-Object -Parallel { | |
<# | |
Show-Status isn't available in separate | |
script block. | |
#> | |
$result = $(dotnet list $_ package --vulnerable --include-transitive --format json | ConvertFrom-Json) | |
foreach ($project in $result.projects) { | |
foreach ($framework in $project.frameworks) { | |
foreach ($package in $framework.transitivePackages) { | |
Write-Output "Found vulnerable package in $(Split-Path -Path $project.path -Leaf)!" | |
Write-Output "Package: $($package.id)" | |
Write-Output "Version to Install: $($package.resolvedVersion)" | |
foreach ($vuln in $package.vulnerabilities) { | |
Write-Output "Opening advisory url in browser $($vuln.advisoryurl )" | |
Start-Process $vuln.advisoryurl | |
} | |
} | |
} | |
} | |
} -ThrottleLimit $ThrottleLimit -AsJob | Receive-Job -AutoRemoveJob -Wait | |
} | |
Set-Alias -Name checkvuln -Value Find-Vulnerabilities |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment