Moxposer.Runner 0.0.1

.NET 7.0

dotnet tool install --global Moxposer.Runner --version 0.0.1

This package contains a .NET tool you can call from the shell/command line.

dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local Moxposer.Runner --version 0.0.1

This package contains a .NET tool you can call from the shell/command line.

#tool dotnet:?package=Moxposer.Runner&version=0.0.1

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

nuke :add-package Moxposer.Runner --version 0.0.1

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Moxposer - HttpClient Usage Analyzer for .NET 🛡️

Moxposer is a diagnostic tool tailored to safeguard .NET applications against unintended or potentially harmful HttpClient usage patterns. If you're building applications with sensitive data and want to ensure data doesn't unknowingly leak to external sources via the HttpClient class, Moxposer is here to help!

🌟 Features

Deep Analysis: Dive into the depths of your C# code to identify potential pitfalls in HttpClient usage.
Focused Detection: Targets HTTP methods like PostAsync, PutAsync, and PatchAsync that transmit data.
Variable URL Warnings: For variable URLs, receive alerts on potential data sent to unknown destinations.
CI/CD Ready: Perfectly suited for CI/CD pipelines, enabling automated checks in continuous integration environments.
Whitelisting: Option to exempt certain packages from the analyzer's scrutiny via custom whitelisting.
Comprehensive Tests: Reliability is key! And that's why Moxposer comes with an extensive set of unit tests.

🚀 Getting Started

Clone the Repository

git clone git@github.com:aixasz/Moxposer.git
cd Moxposer

Build the Project
```
dotnet build
```
Run the Tests
```
dotnet test
```

Analyze Your Project

To analyze the current directory

moxposer.runner

or specify path to analyze

moxposer.runner -p [Path of C# project or path contains DLL files to analyze]

💡 Use Cases

Development Phase: Incorporate Moxposer early in the development process to ensure code quality and data safety.
Code Audits: A handy supplement during code reviews to highlight potential data leakage points.
Pipeline Integration: Integrate into your CI/CD pipeline for automatic adherence to code standards and data protection norms.

🛠️ Customization

Whitelisting Packages: Moxposer provides flexibility in exempting certain packages or libraries from analysis.

📄 Documentation

Global Whitelist Configuration

Open appsettings.json then added whitelist dll name to GlobalWhitelists property.

{
   "GlobalWhitelists": [
      "Microsoft.*",
      "System.*"
   ]
}

specifying which whitelist packages to in `csproj`.

Extract package names from PackageReference tags under ItemGroup tags that have the attribute DllAnalyzerWhitelist="true"

example:

  <ItemGroup DllAnalyzerWhitelist="true">
    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.7.0" />
  </ItemGroup>

🤝 Contributing

📜 License

Moxposer is MIT licensed.

Product	Compatible and additional computed target framework versions.
.NET	net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version	Downloads	Last updated
0.0.1	415	10/30/2023