From d5fecb9a7c88a2ef2256e1307a31cdded3720956 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A9rald=20Barr=C3=A9?= Date: Mon, 15 Jul 2024 13:27:34 -0400 Subject: [PATCH] Enable NuGet auditing (#30) * Enable NuGet auditing * Add link to documentation * Update readme * Update readme * Add conditions --- README.md | 6 +++ .../Workleap.DotNet.CodingStandards.props | 19 +++++++ .../CodingStandardTests.cs | 53 +++++++++++++++++++ .../Helpers/ProjectBuilder.cs | 2 +- 4 files changed, 79 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 93fa69c..7bd2e42 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,12 @@ All rules included in this package **can be disabled or modified** in an `.edito dotnet_diagnostic.CA2200.severity = none ```` +- Disable [NuGet auditing](https://learn.microsoft.com/en-us/nuget/concepts/auditing-packages?WT.mc_id=DT-MVP-5003978) for a specific package + + ````xml + + ```` + > [!WARNING] > Remember that this should be a temporary solution to help adopting the package diff --git a/src/build/Workleap.DotNet.CodingStandards.props b/src/build/Workleap.DotNet.CodingStandards.props index 39d0701..d5cbe4a 100644 --- a/src/build/Workleap.DotNet.CodingStandards.props +++ b/src/build/Workleap.DotNet.CodingStandards.props @@ -29,4 +29,23 @@ true + + + + + true + + + all + + + low + + true + + + + (WarningsAsErrors);NU1900;NU1901;NU1902;NU1903;NU1904 + + diff --git a/tests/Workleap.DotNet.CodingStandards.Tests/CodingStandardTests.cs b/tests/Workleap.DotNet.CodingStandards.Tests/CodingStandardTests.cs index 9813269..d97cdd9 100644 --- a/tests/Workleap.DotNet.CodingStandards.Tests/CodingStandardTests.cs +++ b/tests/Workleap.DotNet.CodingStandards.Tests/CodingStandardTests.cs @@ -99,4 +99,57 @@ class Sample Assert.False(data.HasError("IDE1006")); Assert.False(data.HasWarning("IDE1006")); } + + [Fact] + public async Task ReportVulnerablePackage_Release_ShouldReportError() + { + using var project = new ProjectBuilder(fixture, testOutputHelper); + project.AddCsprojFile(packageReferences: new Dictionary { { "System.Text.Json", "8.0.1" } }); + project.AddFile("sample.cs", """ + Console.WriteLine(); + """); + var data = await project.BuildAndGetOutput(["--configuration", "Release"]); + Assert.True(data.HasError("NU1903")); + } + + [Fact] + public async Task ReportVulnerablePackage_Debug_ShouldReportWarning() + { + using var project = new ProjectBuilder(fixture, testOutputHelper); + project.AddCsprojFile(packageReferences: new Dictionary { { "System.Text.Json", "8.0.1" } }); + project.AddFile("sample.cs", """ + Console.WriteLine(); + """); + var data = await project.BuildAndGetOutput(["--configuration", "Debug"]); + Assert.False(data.HasError("NU1903")); + Assert.True(data.HasWarning("NU1903")); + } + [Fact] + public async Task ReportVulnerablePackage_DisabledWarningOnPackage() + { + using var project = new ProjectBuilder(fixture, testOutputHelper); + project.AddFile("test.csproj", $""" + + + exe + net$(NETCoreAppMaximumVersion) + enable + enable + {ProjectBuilder.SarifFileName},version=2.1 + + + + + + + + """); + + project.AddFile("sample.cs", """ + Console.WriteLine(); + """); + var data = await project.BuildAndGetOutput(["--configuration", "Release"]); + Assert.False(data.HasError("NU1903")); + Assert.False(data.HasWarning("NU1903")); + } } diff --git a/tests/Workleap.DotNet.CodingStandards.Tests/Helpers/ProjectBuilder.cs b/tests/Workleap.DotNet.CodingStandards.Tests/Helpers/ProjectBuilder.cs index d4c6b84..0b2bc34 100644 --- a/tests/Workleap.DotNet.CodingStandards.Tests/Helpers/ProjectBuilder.cs +++ b/tests/Workleap.DotNet.CodingStandards.Tests/Helpers/ProjectBuilder.cs @@ -8,7 +8,7 @@ namespace Workleap.DotNet.CodingStandards.Tests.Helpers; internal sealed class ProjectBuilder : IDisposable { - private const string SarifFileName = "BuildOutput.sarif"; + public const string SarifFileName = "BuildOutput.sarif"; private readonly TemporaryDirectory _directory; private readonly ITestOutputHelper _testOutputHelper;