Fix #180 switch to parsing project.assets.json

Src/NuGetDefense.Lib/NuGetDefense.Lib.csproj

@@ -23,7 +23,7 @@
         <Description>NuGetDefense ~ Check for Known Vulnerabilities at Build</Description>
         <PackageDescription>NuGetDefense was inspired by [OWASP SafeNuGet](https://nuget.org/packages/SafeNuGet/) but aims to check with multiple sources for known vulnerabilities.</PackageDescription>
         <Copyright>Curtis Carter 2023</Copyright>
-        <Version>4.0.4.0</Version>
+        <Version>4.1.0-pre0001</Version>
         <RepositoryType>git</RepositoryType>
         <PackageReadmeFile>README.md</PackageReadmeFile>
     </PropertyGroup>
@@ -37,7 +37,7 @@
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="NuGet.Versioning" Version="6.9.1" />
-        <PackageReference Include="NuGetDefense.Core" Version="2.0.8" />
+        <PackageReference Include="NuGetDefense.Core" Version="2.0.9" />
         <PackageReference Include="NuGetDefense.GitHubAdvisoryDatabase" Version="2.0.6" />
         <PackageReference Include="NuGetDefense.NVD" Version="2.1.1" />
         <PackageReference Include="NuGetDefense.OSSIndex" Version="2.1.3" />

Src/NuGetDefense.Lib/Scanner.cs

@@ -22,7 +22,7 @@ namespace NuGetDefense;
 
 public class Scanner
 {
-    public const string Version = "4.0.4.0";
+    public const string Version = "4.1.0-pre0001";
     public const string UserAgentString = @$"NuGetDefense/{Version}";
     public const string DefaultSettingsFileName = "NuGetDefense.json";
     public const string DefaultVulnerabilityDataFileName = "VulnerabilityData.bin";
@@ -131,8 +131,8 @@ private void ScanVulnerabilities(ScanOptions options)
     {
         try
         {
-            var projectFullName = options.ProjectFile.FullName;
-            if (options.ProjectFile.Extension.Equals(".sln", StringComparison.OrdinalIgnoreCase))
+            var projectFullName = options.ProjectFile?.FullName;
+            if (options.ProjectFile != null && options.ProjectFile.Extension.Equals(".sln", StringComparison.OrdinalIgnoreCase))
             {
                 var projects = DotNetSolution.Load(projectFullName).Projects.Where(p => !p.Type.IsSolutionFolder).Select(p => p.Path).ToArray();
                 var specificFramework = !string.IsNullOrWhiteSpace(options.Tfm);
@@ -176,7 +176,7 @@ private void ScanVulnerabilities(ScanOptions options)
             }
 
             GetNonSensitivePackages(out var nonSensitivePackages);
-            if (_settings.ErrorSettings.IgnoredPackages.Length > 0)
+            if (_settings.ErrorSettings.IgnoredPackages is { Length: > 0 })
                 foreach (var (proj, packages) in _projects.ToArray())
                 {
                     UtilityMethods.IgnorePackages(in packages, _settings.ErrorSettings.IgnoredPackages, out var projPackages);
@@ -185,8 +185,8 @@ private void ScanVulnerabilities(ScanOptions options)
 
             Log.Logger.Information("Loaded {packageCount} packages", _projects.Sum(p => p.Value.Length));
 
-            if (_settings.ErrorSettings.BlockedPackages.Length > 0) CheckBlockedPackages();
-            if (_settings.ErrorSettings.AllowedPackages.Length > 0) CheckAllowedPackages();
+            if (_settings.ErrorSettings.BlockedPackages is { Length: > 0 }) CheckBlockedPackages();
+            if (_settings.ErrorSettings.AllowedPackages is { Length: > 0 }) CheckAllowedPackages();
             Dictionary<string, Dictionary<string, Vulnerability>> vulnDict = null;
             var nonSensitivePackageIDs = nonSensitivePackages.SelectMany(p => p.Value).ToArray();
             if (_settings.OssIndex.Enabled)

Src/NuGetDefense.Lib/VulnerabilityReporter.cs

@@ -79,7 +79,7 @@ public void BuildVulnerabilityTextReport(Dictionary<string, Dictionary<string, V
 
             if (vulnerabilities.Any())
             {
-                if (_separateMsBuildMessages) MsBuildMessages.Add(vulnTotalMSbuildMessage);
+                if (_separateMsBuildMessages) MsBuildMessages?.Add(vulnTotalMSbuildMessage);
                 else logBuilder.AppendLine(vulnTotalMSbuildMessage);
             }
 
@@ -90,7 +90,7 @@ public void BuildVulnerabilityTextReport(Dictionary<string, Dictionary<string, V
                     pkg.LinePosition,
                     $"{dependancies.Count()} vulnerabilities found for dependencies of {pkg.Id} @ {pkg.Version}");
 
-                if (_separateMsBuildMessages) MsBuildMessages.Add(dependantVulnTotalMsBuildMessage);
+                if (_separateMsBuildMessages) MsBuildMessages?.Add(dependantVulnTotalMsBuildMessage);
                 else logBuilder.AppendLine(dependantVulnTotalMsBuildMessage);
             }
 
@@ -103,7 +103,7 @@ public void BuildVulnerabilityTextReport(Dictionary<string, Dictionary<string, V
                 var vulnMsBuildMessage = MsBuild.Log(nuGetFile, warnForThisVuln ? MsBuild.Category.Warning : MsBuild.Category.Error, cve, pkg.LineNumber, pkg.LinePosition,
                     $"{vulnerabilities[cve].Description}");
 
-                if (_separateMsBuildMessages) MsBuildMessages.Add(vulnMsBuildMessage);
+                if (_separateMsBuildMessages) MsBuildMessages?.Add(vulnMsBuildMessage);
                 else logBuilder.AppendLine(vulnMsBuildMessage);
 
                 logBuilder.AppendLine($"Description: {vulnerabilities[cve].Description}");
@@ -132,7 +132,7 @@ public void BuildVulnerabilityTextReport(Dictionary<string, Dictionary<string, V
                     var vulnMsBuildMessage = MsBuild.Log(nuGetFile, warnForThisDepVuln ? MsBuild.Category.Warning : MsBuild.Category.Error, cve, pkg.LineNumber, pkg.LinePosition,
                         $"{dependancy}: {vulnerabilities[cve].Description}");
 
-                    if (_separateMsBuildMessages) MsBuildMessages.Add(vulnMsBuildMessage);
+                    if (_separateMsBuildMessages) MsBuildMessages?.Add(vulnMsBuildMessage);
                     else logBuilder.AppendLine(vulnMsBuildMessage);
                     logBuilder.AppendLine($"Description: {vulnerabilities[cve].Description}");
                     logBuilder.AppendLine($"CVE: {cve}");

Src/NuGetDefense/NuGetDefense.csproj

@@ -21,8 +21,8 @@
         <IncludeSymbols>true</IncludeSymbols>
         <SymbolPackageFormat>snupkg</SymbolPackageFormat>
         <Nullable>enable</Nullable>
-        <AssemblyVersion>4.0.4.0</AssemblyVersion>
-        <FileVersion>4.0.4.0</FileVersion>
+        <AssemblyVersion>4.1.0</AssemblyVersion>
+        <FileVersion>4.1.0-pre0001</FileVersion>
         <PackageIcon>icon.png</PackageIcon>
     </PropertyGroup>
     <PropertyGroup Condition="'$(Configuration)'=='Release'">
@@ -37,7 +37,7 @@
         <PackageId>NuGetDefense.Tool</PackageId>
         <PackAsTool>true</PackAsTool>
         <ToolCommandName>nugetdefense</ToolCommandName>
-        <Version>4.0.4.0</Version>
+        <Version>4.1.0-pre0001</Version>
         <PackageReadmeFile>README.md</PackageReadmeFile>
     </PropertyGroup>
     <ItemGroup>

Src/NuGetDefense/NuGetDefense.nuspec

@@ -3,7 +3,7 @@
     <metadata>
         <id>NuGetDefense</id>
         <title>NuGetDefense</title>
-        <version>4.0.4.0</version>
+        <version>4.1.0-pre0001</version>
         <authors>Curtis Carter</authors>
         <owners>Curtis Carter</owners>
         <projectUrl>https://digitalcoyote.github.io/NuGetDefense/</projectUrl>
@@ -12,7 +12,7 @@
         <description>
             vulnerabilities.
         </description>
-        <releaseNotes>https://github.com/digitalcoyote/NuGetDefense/releases/tag/v4.0.4.0</releaseNotes>
+        <releaseNotes>https://github.com/digitalcoyote/NuGetDefense/releases/tag/v4.1.0-pre0001</releaseNotes>
         <repository type="git" url="https://github.com/digitalcoyote/NuGetDefense.git"/>
         <license type="expression">MIT</license>
         <icon>images\icon.png</icon>