From cd277801a23aa2e8576c71e9979893948c00b7dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A9rald=20Barr=C3=A9?= Date: Mon, 15 Jul 2024 11:28:16 -0400 Subject: [PATCH] Enable NuGet auditing --- .../Workleap.DotNet.CodingStandards.props | 16 ++++++ .../CodingStandardTests.cs | 53 +++++++++++++++++++ .../Helpers/ProjectBuilder.cs | 2 +- 3 files changed, 70 insertions(+), 1 deletion(-) diff --git a/src/build/Workleap.DotNet.CodingStandards.props b/src/build/Workleap.DotNet.CodingStandards.props index 39d0701..6b3c7c7 100644 --- a/src/build/Workleap.DotNet.CodingStandards.props +++ b/src/build/Workleap.DotNet.CodingStandards.props @@ -29,4 +29,20 @@ true + + + + true + + + all + + + low + + + + (WarningsAsErrors);NU1900;NU1901;NU1902;NU1903;NU1904 + + diff --git a/tests/Workleap.DotNet.CodingStandards.Tests/CodingStandardTests.cs b/tests/Workleap.DotNet.CodingStandards.Tests/CodingStandardTests.cs index 9813269..d97cdd9 100644 --- a/tests/Workleap.DotNet.CodingStandards.Tests/CodingStandardTests.cs +++ b/tests/Workleap.DotNet.CodingStandards.Tests/CodingStandardTests.cs @@ -99,4 +99,57 @@ class Sample Assert.False(data.HasError("IDE1006")); Assert.False(data.HasWarning("IDE1006")); } + + [Fact] + public async Task ReportVulnerablePackage_Release_ShouldReportError() + { + using var project = new ProjectBuilder(fixture, testOutputHelper); + project.AddCsprojFile(packageReferences: new Dictionary { { "System.Text.Json", "8.0.1" } }); + project.AddFile("sample.cs", """ + Console.WriteLine(); + """); + var data = await project.BuildAndGetOutput(["--configuration", "Release"]); + Assert.True(data.HasError("NU1903")); + } + + [Fact] + public async Task ReportVulnerablePackage_Debug_ShouldReportWarning() + { + using var project = new ProjectBuilder(fixture, testOutputHelper); + project.AddCsprojFile(packageReferences: new Dictionary { { "System.Text.Json", "8.0.1" } }); + project.AddFile("sample.cs", """ + Console.WriteLine(); + """); + var data = await project.BuildAndGetOutput(["--configuration", "Debug"]); + Assert.False(data.HasError("NU1903")); + Assert.True(data.HasWarning("NU1903")); + } + [Fact] + public async Task ReportVulnerablePackage_DisabledWarningOnPackage() + { + using var project = new ProjectBuilder(fixture, testOutputHelper); + project.AddFile("test.csproj", $""" + + + exe + net$(NETCoreAppMaximumVersion) + enable + enable + {ProjectBuilder.SarifFileName},version=2.1 + + + + + + + + """); + + project.AddFile("sample.cs", """ + Console.WriteLine(); + """); + var data = await project.BuildAndGetOutput(["--configuration", "Release"]); + Assert.False(data.HasError("NU1903")); + Assert.False(data.HasWarning("NU1903")); + } } diff --git a/tests/Workleap.DotNet.CodingStandards.Tests/Helpers/ProjectBuilder.cs b/tests/Workleap.DotNet.CodingStandards.Tests/Helpers/ProjectBuilder.cs index d4c6b84..0b2bc34 100644 --- a/tests/Workleap.DotNet.CodingStandards.Tests/Helpers/ProjectBuilder.cs +++ b/tests/Workleap.DotNet.CodingStandards.Tests/Helpers/ProjectBuilder.cs @@ -8,7 +8,7 @@ namespace Workleap.DotNet.CodingStandards.Tests.Helpers; internal sealed class ProjectBuilder : IDisposable { - private const string SarifFileName = "BuildOutput.sarif"; + public const string SarifFileName = "BuildOutput.sarif"; private readonly TemporaryDirectory _directory; private readonly ITestOutputHelper _testOutputHelper;