Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/simoncropp/ossindexclient

A .net client for OSSIndex (https://ossindex.sonatype.org/)
https://github.com/simoncropp/ossindexclient

Last synced: about 1 month ago
JSON representation

A .net client for OSSIndex (https://ossindex.sonatype.org/)

Host: GitHub
URL: https://github.com/simoncropp/ossindexclient
Owner: SimonCropp
License: mit
Created: 2020-02-07T03:00:18.000Z (almost 5 years ago)
Default Branch: main
Last Pushed: 2024-04-29T13:58:39.000Z (7 months ago)
Last Synced: 2024-05-01T12:34:25.755Z (7 months ago)
Language: C#
Homepage:
Size: 527 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: readme.md
- Funding: .github/FUNDING.yml
- License: license.txt
- Code of conduct: code_of_conduct.md

Awesome Lists containing this project

README

        #  OssIndexClient

[![Build status](https://ci.appveyor.com/api/projects/status/41kf6ll7dbad35px?svg=true)](https://ci.appveyor.com/project/SimonCropp/ossindexclient)

[![NuGet Status](https://img.shields.io/nuget/v/OssIndexClient.svg)](https://www.nuget.org/packages/OssIndexClient/)

A .net client for OSSIndex (https://ossindex.sonatype.org/).

**See [Milestones](../../milestones?state=closed) for release notes.**

## NuGet package

https://nuget.org/packages/OssIndexClient/

## Usage

### Getting a report



```cs

using var ossIndexClient = new OssIndex();

var report = await ossIndexClient.GetReport(

    new(

        ecoSystem: EcoSystem.nuget,

        name: "System.Net.Http",

        version: "4.3.1"));

foreach (var vulnerability in report.Vulnerabilities)

{

    Debug.WriteLine(vulnerability.Title);

}

```

^{snippet source | anchor}

### Getting multiple reports



```cs

using var ossIndexClient = new OssIndex();

var reports = await ossIndexClient.GetReports(

    new(

        ecoSystem: EcoSystem.nuget,

        name: "System.Net.Http",

        version: "4.3.1"),

    new(

        ecoSystem: EcoSystem.npm,

        name: "jquery",

        version: "1.11.3"));

foreach (var report in reports)

{

    foreach (var vulnerability in report.Vulnerabilities)

    {

        Debug.WriteLine(vulnerability.Title);

    }

}

```

^{snippet source | anchor}

### Example report contents



```txt

{

  EcoSystem: nuget,

  Name: System.Net.Http,

  Version: 4.3.1,

  Description: This package provides a programming interface for modern HTTP applications. This package includes HttpClient for sending requests over HTTP, as well as HttpRequestMessage and HttpResponseMessage for processing HTTP messages.,

  Reference: https://ossindex.sonatype.org/component/pkg:nuget/[email protected]?utm_source=ossindexclient&utm_medium=integration,

  Vulnerabilities: [

    {

      Id: CVE-2017-0248,

      Title: [CVE-2017-0248] CWE-295: Improper Certificate Validation,

      Description: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability.",

      CvssScore: 7.5,

      CvssVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,

      Cve: CVE-2017-0248,

      Cwe: CWE-295,

      Reference: https://ossindex.sonatype.org/vulnerability/CVE-2017-0248?component-type=nuget&component-name=System.Net.Http&utm_source=ossindexclient&utm_medium=integration,

      ExternalReferences: [

        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0248,

        https://github.com/dotnet/corefx/issues/19535,

        https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248

      ]

    },

    {

      Id: CVE-2017-0249,

      Title: [CVE-2017-0249] CWE-20: Improper Input Validation,

      Description: An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.,

      CvssScore: 7.3,

      CvssVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,

      Cve: CVE-2017-0249,

      Cwe: CWE-20,

      Reference: https://ossindex.sonatype.org/vulnerability/CVE-2017-0249?component-type=nuget&component-name=System.Net.Http&utm_source=ossindexclient&utm_medium=integration,

      ExternalReferences: [

        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0249,

        https://github.com/aspnet/Announcements/issues/239

      ]

    },

    {

      Id: CVE-2017-0256,

      Title: [CVE-2017-0256] CWE-20: Improper Input Validation,

      Description: A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.,

      CvssScore: 5.3,

      CvssVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N,

      Cve: CVE-2017-0256,

      Cwe: CWE-20,

      Reference: https://ossindex.sonatype.org/vulnerability/CVE-2017-0256?component-type=nuget&component-name=System.Net.Http&utm_source=ossindexclient&utm_medium=integration,

      ExternalReferences: [

        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0256,

        https://github.com/aspnet/Announcements/issues/239

      ]

    },

    {

      Id: CVE-2018-8292,

      Title: [CVE-2018-8292] CWE-200: Information Exposure,

      Description: An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.,

      CvssScore: 7.5,

      CvssVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,

      Cve: CVE-2018-8292,

      Cwe: CWE-200,

      Reference: https://ossindex.sonatype.org/vulnerability/CVE-2018-8292?component-type=nuget&component-name=System.Net.Http&utm_source=ossindexclient&utm_medium=integration,

      ExternalReferences: [

        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8292,

        https://github.com/dotnet/announcements/issues/88,

        https://github.com/dotnet/corefx/issues/32730

      ]

    }

  ]

}

```

^{snippet source | anchor}

## Package Ecosystems

The supported [OSSIndex Package Ecosystems](https://ossindex.sonatype.org/doc/coordinates) are represented by an enum.



```cs

public enum EcoSystem

{

    /// https://alpinelinux.org

    alpine,

    /// https://bower.io

    bower,

    /// https://crates.io

    cargo,

    /// https://chocolatey.org

    chocolatey,

    /// https://clojars.org

    clojars,

    /// https://getcomposer.org

    composer,

    /// https://conan.io

    conan,

    /// https://conda.io

    conda,

    /// https://cran.r-project.org

    cran,

    /// https://www.debian.org

    deb,

    /// https://www.drupal.org

    drupal,

    /// https://golang.org/pkg

    golang,

    /// https://maven.apache.org

    maven,

    /// https://www.npmjs.com

    npm,

    /// https://www.nuget.org

    nuget,

    /// https://pypi.org

    pypi,

    /// https://rpm.org

    rpm,

    /// https://rubygems.org

    gem,

}

```

^{snippet source | anchor}

## Notes

 * https://ossindex.sonatype.org/api/v3/component-report/pkg:nuget/[email protected]

## Icon

[Security](https://thenounproject.com/term/security/1264523/) designed by [Made](https://thenounproject.com/elki/) from [The Noun Project](https://thenounproject.com/creativepriyanka).