Lookup package references in .csproj file for .NET Core/Standard Sdk-…

…style projects. sonatype-nexus-community#35

.gitignore

@@ -5,3 +5,7 @@
 /tests/NugetAuditor.Tests/bin/Debug
 /tests/NugetAuditor.Tests/obj/Debug
 /tests/NugetAuditor.Tests/.vs/NugetAuditor.Tests/v16/Server/sqlite3
+/tests/NugetAuditor.Tests/TestFiles/.vs/project.1
+/tests/NugetAuditor.Tests/TestFiles/obj/Debug/netcoreapp2.1
+/tests/NugetAuditor.Tests/TestFiles/Properties/launchSettings.json
+/tests/NugetAuditor.Tests/TestFiles/project.1.csproj.user

src/NugetAuditor.2019/NugetAuditor.Lib/PackageReferencesFile.cs

@@ -25,9 +25,11 @@
 
 using System;
 using System.Collections.Generic;
+using System.IO;
 using System.Linq;
 using System.Xml;
 using System.Xml.Linq;
+using System.Xml.XPath;
 
 namespace NugetAuditor.Lib
 {
@@ -37,26 +39,19 @@ public class PackageReferencesFile
 
         public PackageReferencesFile(string path)
         {
-            if (string.IsNullOrEmpty(path))
+            if (path.ToUpper().EndsWith(".CSPROJ"))
             {
-                throw new ArgumentNullException("path");
+                IsSdkProject = true;
             }
-
-            this.Path = path;
-        }
-
-        private IEnumerable<XElement> GetElements()
-        {
-            if (!System.IO.File.Exists(this.Path))
+            else if (path.ToUpper().EndsWith("PACKAGES.CONFIG"))
             {
-                return Enumerable.Empty<XElement>();
+                IsSdkProject = false;
             }
-
-            var loadOptions = LoadOptions.PreserveWhitespace | LoadOptions.SetLineInfo;
-
-            return XDocument.Load(this.Path, loadOptions).Root.Elements("package");
+            Path = path;
         }
 
+        public bool IsSdkProject { get; protected set; }
+
         private bool IsOSSIndexIgnored(XNode node)
         {
             if (node == null || node.PreviousNode == null)
@@ -92,23 +87,53 @@ private bool IsOSSIndexIgnored(XNode node)
 
         public IEnumerable<PackageReference> GetPackageReferences()
         {
-            return GetElements().Select(x =>
+            if (this.Path == string.Empty || !File.Exists(this.Path))
             {
-                var start = x as IXmlLineInfo;
-                var end = x.NextNode as IXmlLineInfo;
+                return Enumerable.Empty<PackageReference>();
+            }
 
-                var id = x.GetAttributeValue("id", string.Empty);
-                var version = x.GetAttributeValue("version", string.Empty);
+            var loadOptions = LoadOptions.PreserveWhitespace | LoadOptions.SetLineInfo;
 
-                return new PackageReference(this.Path, id, version)
+            if (!IsSdkProject)
+            {
+                var elements = XDocument.Load(this.Path, loadOptions).Root.Elements("package");
+                return elements.Select(x =>
                 {
-                    StartLine = start.LineNumber,
-                    StartPos = start.LinePosition - 1,
-                    EndLine = end.LineNumber,
-                    EndPos = end.LinePosition - 2,
-                    Ignore = IsOSSIndexIgnored(x),
-                };
-            });
+                    var start = x as IXmlLineInfo;
+                    var end = x.NextNode as IXmlLineInfo;
+
+                    var id = x.GetAttributeValue("id", string.Empty);
+                    var version = x.GetAttributeValue("version", string.Empty);
+
+                    return new PackageReference(this.Path, id, version)
+                    {
+                        StartLine = start.LineNumber,
+                        StartPos = start.LinePosition - 1,
+                        EndLine = end.LineNumber,
+                        EndPos = end.LinePosition - 2,
+                        Ignore = IsOSSIndexIgnored(x),
+                    };
+                });
+            }
+            else
+            {
+                var elements = XDocument.Load(this.Path, loadOptions).Root.Descendants().Where(e => e.Name.LocalName == "PackageReference");
+                return elements.Select(x =>
+                {
+                    var start = x as IXmlLineInfo;
+                    var end = x.NextNode as IXmlLineInfo;
+                    var name = x.GetAttributeValue("Include", string.Empty);
+                    var version = x.GetAttributeValue("Version", string.Empty);
+                    return new PackageReference(this.Path, name, version)
+                    {
+                        StartLine = start.LineNumber,
+                        StartPos = start.LinePosition - 1,
+                        EndLine = end.LineNumber,
+                        EndPos = end.LinePosition - 2,
+                        Ignore = IsOSSIndexIgnored(x),
+                    };
+                });
+            }
         }
     }
 }

src/NugetAuditor.2019/NugetAuditor.VSIX.2019/NugetAuditManager.cs

@@ -229,7 +229,10 @@ private void RemoveMarkers(string documentPath)
 
         private void CreateMarkers(string documentPath)
         {
-            _markerProvider.CreateMarkers(documentPath);
+            if (documentPath != string.Empty)
+            {
+                _markerProvider.CreateMarkers(documentPath);
+            }
         }
 
         private void RemoveTasks(IEnumerable<VulnerabilityTask> tasks)

src/NugetAuditor.2019/NugetAuditor.VSIX.2019/VSAsyncPackage.cs

@@ -125,7 +125,6 @@ protected override async Task InitializeAsync(CancellationToken cancellationToke
             // Listen for subsequent solution events
             SolutionEvents.OnAfterOpenSolution += HandleOpenSolution;
         }
-
         #endregion
 
         #region Properties
@@ -223,6 +222,7 @@ private void HandleOpenSolution(object sender = null, EventArgs e = null)
             // Handle the open solution and try to do as much work
             // on a background thread as possible
             AuditManager.QueueAuditSolutionPackages();
+
         }
 
         private void AddMenuCommandHandlers()

src/NugetAuditor.2019/NugetAuditor.VSIX.2019/VsUtility.cs

@@ -35,6 +35,8 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Xml;
+using System.Xml.Linq;
 using System.Runtime.InteropServices;
 using Microsoft.VisualStudio.Shell;
 using System.Threading;
@@ -76,7 +78,22 @@ internal static IVsHierarchy GetHierarchy(this Project project)
 
         internal static string GetPackageReferenceFilePath(this Project project)
         {
-            return Path.Combine(Path.GetDirectoryName(project.FullName), "packages.config");
+            ThreadHelper.ThrowIfNotOnUIThread();
+            var projFileLines = File.ReadAllLines(project.FullName);
+            foreach(var line in projFileLines)
+            {
+                if (line.Contains("Project") && line.Contains("\"Microsoft.NET.Sdk") || line.Contains("\'Microsoft.NET.Sdk\'"))
+                {
+                    return project.FullName;
+                }
+            }
+
+            var packagesFile = Path.Combine(Path.GetDirectoryName(project.FullName), "packages.config");
+            if (File.Exists(packagesFile))
+            {
+                return packagesFile;
+            }
+            return string.Empty;
         }
 
         internal static IVsTextLines GetDocumentTextLines(string path)