Fixes #42

digitalcoyote · Nov 7, 2020 · 2f12d67 · 2f12d67
1 parent 0512498
commit 2f12d67
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 0 deletions.
diff --git a/Src/NuGetDefense/Program.cs b/Src/NuGetDefense/Program.cs
@@ -13,6 +13,7 @@
 using NuGetDefense.Core;
 using NuGetDefense.OSSIndex;
 using Serilog;
+using static NuGetDefense.UtilityMethods;
 
 namespace NuGetDefense
 {
@@ -64,6 +65,8 @@ private static int Main(string[] args)
                 Log.Logger.Verbose("Transitive Dependencies Included: {CheckTransitiveDependencies}", _settings.CheckTransitiveDependencies);
                 _pkgs = nugetFile.LoadPackages(targetFramework, _settings.CheckTransitiveDependencies).Values.ToArray();
                 var nonSensitivePackages = GetNonSensitivePackages(_pkgs);
+                if (_settings.ErrorSettings.IgnoredPackages.Length > 0)
+                    IgnorePackages(_pkgs, _settings.ErrorSettings.IgnoredPackages, out _pkgs);
                 Log.Logger.Information("Loaded {packageCount} packages", _pkgs.Length);
 
                 if (_settings.ErrorSettings.BlockedPackages.Length > 0) CheckBlockedPackages();

diff --git a/Src/NuGetDefense/UtilityMethods.cs b/Src/NuGetDefense/UtilityMethods.cs
@@ -0,0 +1,13 @@
+using System.Linq;
+using NuGet.Versioning;
+
+namespace NuGetDefense
+{
+    public class UtilityMethods
+    {
+        public static void IgnorePackages(NuGetPackage[] pkgs, NuGetPackage[] ignorePackages, out NuGetPackage[] unIgnoredPackages)
+        {
+            unIgnoredPackages = pkgs.Where(p => ignorePackages.All(ip => ip.Id != p.Id || !string.IsNullOrWhiteSpace(ip.Version) && !VersionRange.Parse(ip.Version).Satisfies(new NuGetVersion(p.Version)))).ToArray();
+        }
+    }
+}
diff --git a/Src/NuGetDefenseTests/VulnerabilityReportsTest.cs b/Src/NuGetDefenseTests/VulnerabilityReportsTest.cs
@@ -2,6 +2,7 @@
 using NuGetDefense;
 using NuGetDefense.Core;
 using Xunit;
+using static NuGetDefense.UtilityMethods;
 
 namespace NuGetDefenseTests
 {
@@ -37,5 +38,31 @@ public void ReportVulnerabilityWithNullReferences()
             reporter.BuildVulnerabilityTextReport(vulnDict, pkgs, "NuGetDefense.dll", false, 0D);
             //TODO: Assert MSBuildMessages and VulnerabilityReport
         }
+
+        [Fact]
+        public void IgnoreVulnerabilitiesForPackage()
+        {
+            var pkgs = new[]
+            {
+                new NuGetPackage {LineNumber = 1, Id = "TestPkg", Version = "1.0.1"},
+                new NuGetPackage {LineNumber = 2, Id = "TestPkg2", Version = "22.32.255"},
+                new NuGetPackage {LineNumber = 3, Id = "TestPkg3", Version = "22.32.250"},
+                new NuGetPackage {LineNumber = 4, Id = "TestPkg4", Version = "22.32.250"}
+            };
+
+            var ignorePkgs = new[]
+            {
+                new NuGetPackage {LineNumber = 1, Id = "TestPkg", Version = "1.0.2"},
+                new NuGetPackage {LineNumber = 2, Id = "TestPkg2", Version = "22.32.255"},
+                new NuGetPackage {LineNumber = 3, Id = "TestPkg3", Version = ""},
+                new NuGetPackage {LineNumber = 4, Id = "TestPkg4", Version = null}
+            };
+
+                IgnorePackages(pkgs, ignorePkgs, out pkgs);
+                Assert.True(pkgs.Length == 1);
+                Assert.True(pkgs[0].Id == "TestPkg");
+                Assert.True(pkgs[0].Version == "1.0.1");
+                Assert.True(pkgs[0].LineNumber == 1);
+        }
     }
 }