Last active
October 5, 2021 02:29
-
-
Save syedadeel2/169b3d6c7c3a12c2054d8a465ce8c7b2 to your computer and use it in GitHub Desktop.
Export dotnet list package --vulnerable --include-transitive to CSV
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author : Adeel Rizvi | |
# Description : My Org asked me to do audit for Nuget packages and export the CSV for each project, I found out that dotnet list doesn't export the csv. | |
# so i wrote the below function to export the output as csv. it only works with command "dotnet list package --vulnerable --include-transitive". | |
# To export the csv download this powershell script and place it on solution folder and run the script. | |
# This script will pull the repos and do the audit and if -ForceUpdate 1 mention it will do major package updates as well and push the branch back to repo. | |
# You want to just run the nuget report run like this >> .\Nuget-Auditor.ps1 | |
# You want to just run the nuget report run & major packages update run like this >> .\Nuget-Auditor.ps1 -ForceUpdate 1 | |
# You want to just run the nuget report & minor packages update run like this >> .\Nuget-Auditor.ps1 -ForceUpdate 1 -UpdateMinorVersion 1 | |
param([bool]$ForceUpdate = 1,[bool]$UpdateMinorVersion = 1) | |
function Export-Nuget-Csv { | |
[CmdletBinding()] | |
Param([Parameter(ValueFromPipeline = $true)] $item) | |
Begin { | |
$ProjectName = "" | |
$ParentPackageName = "" | |
$dataValues = @() | |
$headerValues = @() | |
$FileName = "Nuget-Audit-Results.csv" | |
} | |
Process { | |
# Lets Trim the spaces | |
$item = $item.Trim() | |
# Fetch Project Name | |
# ========================================= | |
$Found = $item -match '`[a-zA-Z]*.+`' | |
if ($Found) { | |
$ProjectName = $matches[0] -replace '`', '' | |
} | |
# ========================================= | |
# Fetch Parent Package Name | |
# ========================================= | |
$Found = $item -match '\[[a-zA-Z]+.*\]:' | |
if ($Found) { | |
$ParentPackageName = $matches[0] -replace '\[|\]|:', '' | |
} | |
# ========================================= | |
# Fetch Header Names | |
# ========================================= | |
$Found = $item -match '^Transitive Package\s+' | |
if ($Found -and ($headerValues.Count -eq 0)) { | |
# Split By Spaces e.g Transitive Package Resolved Severity Advisory URL | |
$names = $item -split '\s{2,}' | |
# Append names array into existing array | |
$headerValues += ($names) | |
} | |
# ========================================= | |
# Fetch Package Details | |
# ========================================= | |
$Found = $item -match '^>\s' | |
if ($Found) { | |
# Split By Spaces | |
$values = $item -split '\s{2,}' | |
$props = @{ | |
"Project Name" = $ProjectName | |
"Parent Package" = $ParentPackageName | |
} | |
# Lets loop and add property with value | |
for ($i = 0; $i -lt $values.Count; $i++) { | |
$value = $values[$i] | |
$value = $value.Trim(); | |
$value = $value -replace '> ', '' | |
$props.Add($headerValues[$i], $value) | |
} | |
# Create new object | |
$newObject = New-Object -TypeName psobject -Property $props | |
# Append new object into existing array | |
$dataValues += ($newObject) | |
} | |
# ========================================= | |
} | |
End { | |
$dataValues | Export-Csv $FileName | |
Write-Host "$FileName Exported Successfully." | |
} | |
} | |
# now we want automatic git clone and process all git repos | |
$repos = "mygitrepoURL1", "mygitrepoURL2" | |
$branchName = "feature/package-updates" | |
$tmpFoldername = "NugetAudit" | |
$path = (Get-Item "$env:TEMP\$tmpFoldername").FullName | |
if (-not (Test-Path -Path $path)) { | |
# Create folder | |
New-Item -Path $env:TEMP -Name $tmpFoldername -ItemType "directory" | |
} | |
# Set Location to tmp folder | |
Set-Location $path | |
# lets install nuKeeper to update the packages | |
if ($ForceUpdate) { | |
try{ | |
dotnet tool install nukeeper --global | |
}catch{} | |
} | |
foreach ($gitRepo in $repos) { | |
git clone $gitRepo $path | |
# Create branch | |
git checkout -b $branchName | |
if ($ForceUpdate) { | |
# Update Packages | |
Write-Host "Force Updating Packages" | |
if ($UpdateMinorVersion) { | |
nukeeper update --change minor | |
} | |
else { | |
nukeeper update | |
} | |
} | |
# restore first | |
dotnet restore | |
# Run Audit | |
dotnet list package --vulnerable --include-transitive | Export-Nuget-Csv | |
# Push to git | |
git add --all | |
git commit -m "- Audit Result Generated & Package(s) Updated" | |
git push -u origin $branchName | |
Write-Host "Cleaning Up" | |
Remove-Item -Path "$path\*" -Force -Recurse | |
Write-Host "Done" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author : Adeel Rizvi | |
# Description : My Org asked me to do audit for Nuget packages and export the CSV for each project, I found out that dotnet list doesn't export the csv. | |
# so i wrote the below function to export the output as csv. it only works with command "dotnet list package --vulnerable --include-transitive". | |
# To export the csv download this powershell script and place it on solution folder and run the script. | |
function Export-Nuget-Csv { | |
[CmdletBinding()] | |
Param([Parameter(ValueFromPipeline = $true)] $item) | |
Begin { | |
$ProjectName = "" | |
$ParentPackageName = "" | |
$dataValues = @() | |
$headerValues = @() | |
$FileName = "Nuget-Audit-Results.csv" | |
} | |
Process { | |
# Lets Trim the spaces | |
$item = $item.Trim() | |
# Fetch Project Name | |
# ========================================= | |
$Found = $item -match '`[a-zA-Z]*.+`' | |
if ($Found) { | |
$ProjectName = $matches[0] -replace '`', '' | |
} | |
# ========================================= | |
# Fetch Parent Package Name | |
# ========================================= | |
$Found = $item -match '\[[a-zA-Z]+.*\]:' | |
if ($Found) { | |
$ParentPackageName = $matches[0] -replace '\[|\]|:', '' | |
} | |
# ========================================= | |
# Fetch Header Names | |
# ========================================= | |
$Found = $item -match '^Transitive Package\s+' | |
if ($Found -and ($headerValues.Count -eq 0)) { | |
# Split By Spaces e.g Transitive Package Resolved Severity Advisory URL | |
$names = $item -split '\s{2,}' | |
# Append names array into existing array | |
$headerValues += ($names) | |
} | |
# ========================================= | |
# Fetch Package Details | |
# ========================================= | |
$Found = $item -match '^>\s' | |
if ($Found) { | |
# Split By Spaces | |
$values = $item -split '\s{2,}' | |
$props = @{ | |
"Project Name" = $ProjectName | |
"Parent Package" = $ParentPackageName | |
} | |
# Lets loop and add property with value | |
for ($i = 0; $i -lt $values.Count; $i++) { | |
$value = $values[$i] | |
$value = $value.Trim(); | |
$value = $value -replace '> ', '' | |
$props.Add($headerValues[$i], $value) | |
} | |
# Create new object | |
$newObject = New-Object -TypeName psobject -Property $props | |
# Append new object into existing array | |
$dataValues += ($newObject) | |
} | |
# ========================================= | |
} | |
End { | |
$dataValues | Export-Csv $FileName | |
Write-Host "$FileName Exported Successfully." | |
} | |
} | |
# Use this if you do not want to place this script into your project folder. | |
# Set-Location "mysolution path where .sln exists" | |
# Use this for a single project. | |
dotnet list package --vulnerable --include-transitive | Export-Nuget-Csv | |
# Comment out the above line 103 and Uncomment the below if you want to run audit on multiple projects | |
#$projectPaths = "myproject-folder2", "myproject-folder2" | |
#foreach ($projectPath in $projectPaths) { | |
# Set-Location $projectPath | |
# dotnet list package --vulnerable --include-transitive | Export-Nuget-Csv | |
# Write-Host " - $projectPath Done" | |
#} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Resolved | Parent Package | Project Name | Severity | Transitive Package | Advisory URL | |
---|---|---|---|---|---|---|
4.3.0 | net5.0 | Test.Audit.API | High | System.Net.Http | https://github.com/advisories/GHSA-7jgj-8wvc-jh57 | |
4.3.0 | net5.0 | Test.Audit.API | Moderate | System.Text.RegularExpressions | https://github.com/advisories/GHSA-cmhx-cq75-c4mj | |
4.3.0 | net5.0 | Test.Audit.Data | Moderate | System.Text.RegularExpressions | https://github.com/advisories/GHSA-cmhx-cq75-c4mj | |
4.3.0 | net5.0 | Test.Audit.Services | Moderate | System.Text.RegularExpressions | https://github.com/advisories/GHSA-cmhx-cq75-c4mj |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment