Skip to content

Instantly share code, notes, and snippets.

@syedadeel2

syedadeel2/auto-git-nuget-auditor.ps1

Last active October 5, 2021 02:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save syedadeel2/169b3d6c7c3a12c2054d8a465ce8c7b2 to your computer and use it in GitHub Desktop.
Save syedadeel2/169b3d6c7c3a12c2054d8a465ce8c7b2 to your computer and use it in GitHub Desktop.
Download ZIP
Export dotnet list package --vulnerable --include-transitive to CSV
Raw
auto-git-nuget-auditor.ps1
# Author : Adeel Rizvi
# Description : My Org asked me to do audit for Nuget packages and export the CSV for each project, I found out that dotnet list doesn't export the csv.
# so i wrote the below function to export the output as csv. it only works with command "dotnet list package --vulnerable --include-transitive".
# To export the csv download this powershell script and place it on solution folder and run the script.
# This script will pull the repos and do the audit and if -ForceUpdate 1 mention it will do major package updates as well and push the branch back to repo.
# You want to just run the nuget report run like this >> .\Nuget-Auditor.ps1
# You want to just run the nuget report run & major packages update run like this >> .\Nuget-Auditor.ps1 -ForceUpdate 1
# You want to just run the nuget report & minor packages update run like this >> .\Nuget-Auditor.ps1 -ForceUpdate 1 -UpdateMinorVersion 1
param([bool]$ForceUpdate = 1,[bool]$UpdateMinorVersion = 1)
function Export-Nuget-Csv {
[CmdletBinding()]
Param([Parameter(ValueFromPipeline = $true)] $item)
Begin {
$ProjectName = ""
$ParentPackageName = ""
$dataValues = @()
$headerValues = @()
$FileName = "Nuget-Audit-Results.csv"
}
Process {
# Lets Trim the spaces
$item = $item.Trim()
# Fetch Project Name
# =========================================
$Found = $item -match '`[a-zA-Z]*.+`'
if ($Found) {
$ProjectName = $matches[0] -replace '`', ''
}
# =========================================
# Fetch Parent Package Name
# =========================================
$Found = $item -match '\[[a-zA-Z]+.*\]:'
if ($Found) {
$ParentPackageName = $matches[0] -replace '\[|\]|:', ''
}
# =========================================
# Fetch Header Names
# =========================================
$Found = $item -match '^Transitive Package\s+'
if ($Found -and ($headerValues.Count -eq 0)) {
# Split By Spaces e.g Transitive Package Resolved Severity Advisory URL
$names = $item -split '\s{2,}'
# Append names array into existing array
$headerValues += ($names)
}
# =========================================
# Fetch Package Details
# =========================================
$Found = $item -match '^>\s'
if ($Found) {
# Split By Spaces
$values = $item -split '\s{2,}'
$props = @{
"Project Name" = $ProjectName
"Parent Package" = $ParentPackageName
}
# Lets loop and add property with value
for ($i = 0; $i -lt $values.Count; $i++) {
$value = $values[$i]
$value = $value.Trim();
$value = $value -replace '> ', ''
$props.Add($headerValues[$i], $value)
}
# Create new object
$newObject = New-Object -TypeName psobject -Property $props
# Append new object into existing array
$dataValues += ($newObject)
}
# =========================================
}
End {
$dataValues | Export-Csv $FileName
Write-Host "$FileName Exported Successfully."
}
}
# now we want automatic git clone and process all git repos
$repos = "mygitrepoURL1", "mygitrepoURL2"
$branchName = "feature/package-updates"
$tmpFoldername = "NugetAudit"
$path = (Get-Item "$env:TEMP\$tmpFoldername").FullName
if (-not (Test-Path -Path $path)) {
# Create folder
New-Item -Path $env:TEMP -Name $tmpFoldername -ItemType "directory"
}
# Set Location to tmp folder
Set-Location $path
# lets install nuKeeper to update the packages
if ($ForceUpdate) {
try{
dotnet tool install nukeeper --global
}catch{}
}
foreach ($gitRepo in $repos) {
git clone $gitRepo $path
# Create branch
git checkout -b $branchName
if ($ForceUpdate) {
# Update Packages
Write-Host "Force Updating Packages"
if ($UpdateMinorVersion) {
nukeeper update --change minor
}
else {
nukeeper update
}
}
# restore first
dotnet restore
# Run Audit
dotnet list package --vulnerable --include-transitive | Export-Nuget-Csv
# Push to git
git add --all
git commit -m "- Audit Result Generated & Package(s) Updated"
git push -u origin $branchName
Write-Host "Cleaning Up"
Remove-Item -Path "$path\*" -Force -Recurse
Write-Host "Done"
}
Raw
dotnet-list-package.ps1
# Author : Adeel Rizvi
# Description : My Org asked me to do audit for Nuget packages and export the CSV for each project, I found out that dotnet list doesn't export the csv.
# so i wrote the below function to export the output as csv. it only works with command "dotnet list package --vulnerable --include-transitive".
# To export the csv download this powershell script and place it on solution folder and run the script.
function Export-Nuget-Csv {
[CmdletBinding()]
Param([Parameter(ValueFromPipeline = $true)] $item)
Begin {
$ProjectName = ""
$ParentPackageName = ""
$dataValues = @()
$headerValues = @()
$FileName = "Nuget-Audit-Results.csv"
}
Process {
# Lets Trim the spaces
$item = $item.Trim()
# Fetch Project Name
# =========================================
$Found = $item -match '`[a-zA-Z]*.+`'
if ($Found) {
$ProjectName = $matches[0] -replace '`', ''
}
# =========================================
# Fetch Parent Package Name
# =========================================
$Found = $item -match '\[[a-zA-Z]+.*\]:'
if ($Found) {
$ParentPackageName = $matches[0] -replace '\[|\]|:', ''
}
# =========================================
# Fetch Header Names
# =========================================
$Found = $item -match '^Transitive Package\s+'
if ($Found -and ($headerValues.Count -eq 0)) {
# Split By Spaces e.g Transitive Package Resolved Severity Advisory URL
$names = $item -split '\s{2,}'
# Append names array into existing array
$headerValues += ($names)
}
# =========================================
# Fetch Package Details
# =========================================
$Found = $item -match '^>\s'
if ($Found) {
# Split By Spaces
$values = $item -split '\s{2,}'
$props = @{
"Project Name" = $ProjectName
"Parent Package" = $ParentPackageName
}
# Lets loop and add property with value
for ($i = 0; $i -lt $values.Count; $i++) {
$value = $values[$i]
$value = $value.Trim();
$value = $value -replace '> ', ''
$props.Add($headerValues[$i], $value)
}
# Create new object
$newObject = New-Object -TypeName psobject -Property $props
# Append new object into existing array
$dataValues += ($newObject)
}
# =========================================
}
End {
$dataValues | Export-Csv $FileName
Write-Host "$FileName Exported Successfully."
}
}
# Use this if you do not want to place this script into your project folder.
# Set-Location "mysolution path where .sln exists"
# Use this for a single project.
dotnet list package --vulnerable --include-transitive | Export-Nuget-Csv
# Comment out the above line 103 and Uncomment the below if you want to run audit on multiple projects
#$projectPaths = "myproject-folder2", "myproject-folder2"
#foreach ($projectPath in $projectPaths) {
# Set-Location $projectPath
# dotnet list package --vulnerable --include-transitive | Export-Nuget-Csv
# Write-Host " - $projectPath Done"
#}
Raw
result.csv
Resolved Parent Package Project Name Severity Transitive Package Advisory URL
4.3.0 net5.0 Test.Audit.API High System.Net.Http https://github.com/advisories/GHSA-7jgj-8wvc-jh57
4.3.0 net5.0 Test.Audit.API Moderate System.Text.RegularExpressions https://github.com/advisories/GHSA-cmhx-cq75-c4mj
4.3.0 net5.0 Test.Audit.Data Moderate System.Text.RegularExpressions https://github.com/advisories/GHSA-cmhx-cq75-c4mj
4.3.0 net5.0 Test.Audit.Services Moderate System.Text.RegularExpressions https://github.com/advisories/GHSA-cmhx-cq75-c4mj
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment