Skip to content

Commit

Permalink
Gfs/dependencies (#266)
Browse files Browse the repository at this point in the history
  • Loading branch information
gfs authored Oct 29, 2021
1 parent 848e598 commit 86fc9e3
Show file tree
Hide file tree
Showing 16 changed files with 54 additions and 79 deletions.
49 changes: 20 additions & 29 deletions src/Shared/PackageManagers/BaseProjectManager.cs
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
using System.IO;
using System.Linq;
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
Expand Down Expand Up @@ -252,13 +253,21 @@ public async Task<string> ExtractArchive(string directoryName, byte[] bytes, boo

Directory.CreateDirectory(TopLevelExtractionDirectory);

var dirBuilder = new StringBuilder(directoryName);

foreach (var c in Path.GetInvalidPathChars())
{
dirBuilder.Replace(c, '-'); // ignore: lgtm [cs/string-concatenation-in-loop]
}

string fullTargetPath = Path.Combine(TopLevelExtractionDirectory, dirBuilder.ToString());

if (!cached)
{
string fullTargetPath = Path.Combine(TopLevelExtractionDirectory, directoryName);
while (Directory.Exists(fullTargetPath) || File.Exists(fullTargetPath))
{
directoryName += "-" + DateTime.Now.Ticks;
fullTargetPath = Path.Combine(TopLevelExtractionDirectory, directoryName);
dirBuilder.Append("-" + DateTime.Now.Ticks);
fullTargetPath = Path.Combine(TopLevelExtractionDirectory, dirBuilder.ToString());
}
}
var extractor = new Extractor();
Expand All @@ -268,35 +277,17 @@ public async Task<string> ExtractArchive(string directoryName, byte[] bytes, boo
Parallel = true
//MaxExtractedBytes = 1000 * 1000 * 10; // 10 MB maximum package size
};
foreach (var fileEntry in extractor.Extract(directoryName, bytes, extractorOptions))
var result = await extractor.ExtractToDirectoryAsync(TopLevelExtractionDirectory, dirBuilder.ToString(), new MemoryStream(bytes), extractorOptions);
if (result == ExtractionStatusCode.Ok)
{
var fullPath = fileEntry.FullPath.Replace(':', Path.DirectorySeparatorChar);

// TODO: Does this prevent zip-slip?
foreach (var c in Path.GetInvalidPathChars())
{
fullPath = fullPath.Replace(c, '-'); // ignore: lgtm [cs/string-concatenation-in-loop]
}

var filePathToWrite = Path.Combine(TopLevelExtractionDirectory, fullPath);
filePathToWrite = filePathToWrite.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar);

if (Path.GetDirectoryName(filePathToWrite) is string dir && !string.IsNullOrWhiteSpace(dir))
{
Directory.CreateDirectory(dir);
}
if (!Directory.Exists(fullPath))
{
using var fs = File.Open(filePathToWrite, FileMode.Append);
await fileEntry.Content.CopyToAsync(fs);
}
Logger.Debug("Archive extracted to {0}", fullTargetPath);
}
else
{
Logger.Warn("Error extracting archive {0} ({1})", fullTargetPath, result);
}

var fullExtractionPath = Path.Combine(TopLevelExtractionDirectory, directoryName);
fullExtractionPath = Path.GetFullPath(fullExtractionPath);
Logger.Debug("Archive extracted to {0}", fullExtractionPath);

return fullExtractionPath;
return fullTargetPath;
}

/// <summary>
Expand Down
16 changes: 7 additions & 9 deletions src/Shared/Shared.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -31,19 +31,17 @@
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="Crayon" Version="2.0.62" />
<PackageReference Include="F23.StringSimilarity" Version="4.1.0" />
<PackageReference Include="HtmlAgilityPack" Version="1.11.34" />
<PackageReference Include="Microsoft.CST.RecursiveExtractor" Version="1.1.1" />
<PackageReference Include="HtmlAgilityPack" Version="1.11.37" />
<PackageReference Include="Microsoft.CST.RecursiveExtractor" Version="1.1.5" />
<PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="6.0.0-preview.5.21301.5" />
<PackageReference Include="NLog" Version="4.7.10" />
<PackageReference Include="NLog.Schema" Version="4.7.10" />
<PackageReference Include="NuGet.Versioning" Version="5.10.0" />
<PackageReference Include="NLog" Version="4.7.12" />
<PackageReference Include="NLog.Schema" Version="4.7.12" />
<PackageReference Include="NuGet.Versioning" Version="5.11.0" />
<PackageReference Include="Octokit" Version="0.50.0" />
<PackageReference Include="Sarif.Sdk" Version="2.4.10" />
<PackageReference Include="Sarif.Sdk" Version="2.4.12" />
<PackageReference Include="SemanticVersioning" Version="2.0.0" />
<PackageReference Include="sharpcompress" Version="0.29.0" />
<PackageReference Include="SharpZipLib" Version="1.3.2" />
<PackageReference Include="System.Console" Version="4.3.1" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
5 changes: 2 additions & 3 deletions src/oss-characteristics/oss-characteristic.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,8 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="Microsoft.CST.ApplicationInspector.Commands" Version="1.4.4" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Microsoft.CST.ApplicationInspector.Commands" Version="1.4.9" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
4 changes: 1 addition & 3 deletions src/oss-defog/oss-defog.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,9 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="MediaTypeMap.Core" Version="2.3.3" />
<PackageReference Include="System.Console" Version="4.3.1" />
<PackageReference Include="Microsoft.CST.RecursiveExtractor" Version="1.1.1" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
3 changes: 1 addition & 2 deletions src/oss-detect-backdoor/oss-detect-backdoor.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,7 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
11 changes: 5 additions & 6 deletions src/oss-detect-cryptography/oss-detect-cryptography.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -59,15 +59,14 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="ELFSharp" Version="2.12.1" />
<PackageReference Include="ELFSharp" Version="2.13.0" />
<PackageReference Include="ICSharpCode.Decompiler" Version="7.1.0.6543" />
<PackageReference Include="Microsoft.CST.ApplicationInspector.Commands" Version="1.4.4" />
<PackageReference Include="Microsoft.CST.DevSkim" Version="0.4.238" />
<PackageReference Include="PeNet" Version="2.6.3" />
<PackageReference Include="Microsoft.CST.ApplicationInspector.Commands" Version="1.4.9" />
<PackageReference Include="Microsoft.CST.DevSkim" Version="0.6.1" />
<PackageReference Include="PeNet" Version="2.9.1" />
<PackageReference Include="SharpDisasm" Version="1.1.11" />
<PackageReference Include="WebAssembly" Version="1.2.0" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
2 changes: 1 addition & 1 deletion src/oss-diff/oss-diff.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
</ItemGroup>

<ItemGroup>
<PackageReference Update="Nerdbank.GitVersioning" Version="3.4.220" />
<PackageReference Update="Nerdbank.GitVersioning" Version="3.4.240" />
</ItemGroup>

</Project>
3 changes: 1 addition & 2 deletions src/oss-download/oss-download.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,8 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="System.Console" Version="4.3.1" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
2 changes: 1 addition & 1 deletion src/oss-find-domain-squats/oss-find-domain-squats.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
</ItemGroup>

<ItemGroup>
<PackageReference Update="Nerdbank.GitVersioning" Version="3.4.220" />
<PackageReference Update="Nerdbank.GitVersioning" Version="3.4.240" />
</ItemGroup>

</Project>
5 changes: 2 additions & 3 deletions src/oss-find-source/oss-find-source.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="Sarif.Sdk" Version="2.4.10" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Sarif.Sdk" Version="2.4.12" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
6 changes: 3 additions & 3 deletions src/oss-find-squats/oss-find-squats.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,16 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Sarif.Sdk" Version="2.4.10" />
<PackageReference Include="Scriban" Version="4.0.1" />
<PackageReference Include="Sarif.Sdk" Version="2.4.12" />
<PackageReference Include="Scriban" Version="4.1.0" />
</ItemGroup>

<ItemGroup>
<ProjectReference Include="..\Shared\Shared.csproj" />
</ItemGroup>

<ItemGroup>
<PackageReference Update="Nerdbank.GitVersioning" Version="3.4.220" />
<PackageReference Update="Nerdbank.GitVersioning" Version="3.4.240" />
</ItemGroup>

</Project>
3 changes: 1 addition & 2 deletions src/oss-health/oss-health.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,9 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="Octokit" Version="0.50.0" />
<PackageReference Include="System.Console" Version="4.3.1" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
3 changes: 1 addition & 2 deletions src/oss-metadata/oss-metadata.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
4 changes: 2 additions & 2 deletions src/oss-reproducible/oss-reproducible.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
<ItemGroup>
<PackageReference Include="DiffPlex" Version="1.7.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="SharpCompress" Version="0.28.3" />
<PackageReference Include="SharpCompress" Version="0.30.0" />
</ItemGroup>

<ItemGroup>
Expand All @@ -72,7 +72,7 @@
</ItemGroup>

<ItemGroup>
<PackageReference Update="Nerdbank.GitVersioning" Version="3.4.220" />
<PackageReference Update="Nerdbank.GitVersioning" Version="3.4.240" />
</ItemGroup>

</Project>
3 changes: 1 addition & 2 deletions src/oss-risk-calculator/oss-risk-calculator.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.0-preview1" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
14 changes: 5 additions & 9 deletions src/oss-tests/oss-tests.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,14 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="DiscUtils.Btrfs" Version="0.16.4" />
<PackageReference Include="DiscUtils.HfsPlus" Version="0.16.4" />
<PackageReference Include="DiscUtils.SquashFs" Version="0.16.4" />
<PackageReference Include="DiscUtils.Xfs" Version="0.16.4" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.11.0-release-20210626-04" />
<PackageReference Include="coverlet.collector" Version="3.0.3">
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.11.0" />
<PackageReference Include="coverlet.collector" Version="3.1.0">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="MSTest.TestAdapter" Version="2.2.5" />
<PackageReference Include="MSTest.TestFramework" Version="2.2.5" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.220">
<PackageReference Include="MSTest.TestAdapter" Version="2.2.7" />
<PackageReference Include="MSTest.TestFramework" Version="2.2.7" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down

0 comments on commit 86fc9e3

Please sign in to comment.