Skip to content

Commit

Permalink
feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
@zivkan
zivkan committed Sep 27, 2024
1 parent 1ed0647 commit e28d6a4
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 14 deletions.
4 changes: 2 additions & 2 deletions src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreCommand.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -533,7 +533,7 @@ private async Task<bool> PerformAuditAsync(IEnumerable<RestoreTargetGraph> graph
graphs,
_request.DependencyProviders.VulnerabilityInfoProviders,
_logger);
await audit.CheckPackageVulnerabilitiesAsync(token);
bool auditRan = await audit.CheckPackageVulnerabilitiesAsync(token);

telemetry.TelemetryEvent[AuditLevel] = (int)audit.MinSeverity;
telemetry.TelemetryEvent[AuditMode] = AuditUtility.GetString(audit.AuditMode);
Expand Down Expand Up @@ -563,7 +563,7 @@ private async Task<bool> PerformAuditAsync(IEnumerable<RestoreTargetGraph> graph
if (audit.GenerateOutputDurationSeconds.HasValue) { telemetry.TelemetryEvent[AuditDurationOutput] = audit.GenerateOutputDurationSeconds.Value; }
telemetry.EndIntervalMeasure(AuditDurationTotal);

return audit.AuditRan;
return auditRan;

void AddPackagesList(TelemetryActivity telemetry, string eventName, List<string> packages)
{
Expand Down
9 changes: 7 additions & 2 deletions src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreSummary.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,13 @@ public class RestoreSummary
/// <summary>
/// A boolean that specifies if NuGetAudit verified packages for known vulnerabilities
/// </summary>
/// <remarks>This could be false either is NuGetAudit is disabled, but also if
/// no sources provided NuGetAudit with a vulnerability database.</remarks>
/// <remarks>This could be false if NuGetAudit is disabled, if
/// <list type="bullet">
/// <item>NuGetAudit is disabled</item>
/// <item>Project is already up to date (no-op restore)</item>
/// <item>No sources provided a vulnerability database</item>
/// </list>
/// </remarks>
public bool AuditRan { get; }

/// <summary>
Expand Down
14 changes: 4 additions & 10 deletions src/NuGet.Core/NuGet.Commands/RestoreCommand/Utility/AuditUtility.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,6 @@ internal class AuditUtility
internal int DistinctAdvisoriesSuppressedCount { get; private set; }
internal int TotalWarningsSuppressedCount { get; private set; }

/// <inheritdoc cref="RestoreSummary.AuditRan"/>
internal bool AuditRan { get; private set; }

public AuditUtility(
ProjectModel.RestoreAuditProperties? restoreAuditProperties,
string projectFullPath,
Expand Down Expand Up @@ -81,14 +78,13 @@ public AuditUtility(
}
}

public async Task CheckPackageVulnerabilitiesAsync(CancellationToken cancellationToken)
public async Task<bool> CheckPackageVulnerabilitiesAsync(CancellationToken cancellationToken)
{
// Performance: Early exit if restore graph does not contain any packages.
if (!HasPackages())
{
// No packages means we've validated there are none with known vulnerabilities.
AuditRan = true;
return;
return true;
}

Stopwatch stopwatch = Stopwatch.StartNew();
Expand All @@ -99,13 +95,11 @@ public async Task CheckPackageVulnerabilitiesAsync(CancellationToken cancellatio
// Performance: Early exit if there's no vulnerability data to check packages against.
if (allVulnerabilityData is null || !AnyVulnerabilityDataFound(allVulnerabilityData))
{
AuditRan = false;
return;
return false;
}

CheckPackageVulnerabilities(allVulnerabilityData);
AuditRan = true;
return;
return true;

bool HasPackages()
{
Expand Down

0 comments on commit e28d6a4

Please sign in to comment.