/// <summary>
/// 新增标签日志
/// </summary>
/// <param name="dto"></param>
/// <returns></returns>
public async Task <ActionOutput <string> > InsertSignatureLog(SignatureLogDto dto)
{
using (var uow = UnitOfWorkManager.Begin())
{
var output = new ActionOutput <string>();
var log = new SignatureLog
{
Name = dto.Name,
Type = dto.Type,
Url = dto.Url,
Ip = dto.Ip,
Time = DateTime.Now
};
var result = await _signatureLogRepository.InsertAsync(log);
await uow.CompleteAsync();
if (result.IsNull())
{
output.AddError("新增标签出错了~~~");
}
else
{
output.Result = "success";
}
return(output);
}
}
private static object[] GenerateSignatureLogWithMetadata()
{
var log = SignatureLog.Issue(true, NuGetLogCode.NU3000, string.Empty);
log.ProjectPath = Guid.NewGuid().ToString();
log.LibraryId = Guid.NewGuid().ToString();
return(new object[] { log });
}
/// <summary>
/// Converts an SignatureLog into a RestoreLogMessage.
/// This is needed when an SignatureLog needs to be logged and loggers do not have visibility to SignatureLog.
/// </summary>
/// <param name="logMessage">SignatureLog to be converted.</param>
/// <returns>RestoreLogMessage equivalent to the SignatureLog.</returns>
public static RestoreLogMessage AsRestoreLogMessage(this SignatureLog logMessage)
{
return(new RestoreLogMessage(logMessage.Level, logMessage.Code, logMessage.Message)
{
ProjectPath = logMessage.ProjectPath,
WarningLevel = logMessage.WarningLevel,
LibraryId = logMessage.LibraryId
});
}
public async Task RejectsPackagesWithFullVerificationErrors()
{
// Arrange
_packageStream = TestResources.GetResourceStream(TestResources.SignedPackageLeaf1);
TestUtility.RequireSignedPackage(
_corePackageService,
TestResources.SignedPackageLeafId,
TestResources.SignedPackageLeaf1Version,
TestResources.Leaf1Thumbprint);
_fullVerifyResult = new VerifySignaturesResult(
valid: false,
signed: true,
results: new[]
{
new InvalidSignaturePackageVerificationResult(
SignatureVerificationStatus.Suspect,
new[]
{
SignatureLog.Issue(
fatal: true,
code: NuGetLogCode.NU3008,
message: "The package integrity check failed."),
SignatureLog.Issue(
fatal: false,
code: NuGetLogCode.NU3016,
message: "The package hash uses an unsupported hash algorithm."),
SignatureLog.Issue(
fatal: true,
code: NuGetLogCode.NU3000,
message: "Some other thing happened."),
})
});
_message = new SignatureValidationMessage(
TestResources.SignedPackageLeafId,
TestResources.SignedPackageLeaf1Version,
new Uri($"https://unit.test/{TestResources.SignedPackageLeaf1.ToLowerInvariant()}"),
Guid.NewGuid());
// Act
var result = await _target.ValidateAsync(
_packageKey,
_packageStream,
_message,
_cancellationToken);
// Assert
Validate(result, ValidationStatus.Failed, PackageSigningStatus.Invalid);
Assert.Equal(2, result.Issues.Count);
var issue1 = Assert.IsType <ClientSigningVerificationFailure>(result.Issues[0]);
Assert.Equal("NU3008", issue1.ClientCode);
Assert.Equal("The package integrity check failed.", issue1.ClientMessage);
var issue2 = Assert.IsType <ClientSigningVerificationFailure>(result.Issues[1]);
Assert.Equal("NU3000", issue2.ClientCode);
Assert.Equal("Some other thing happened.", issue2.ClientMessage);
}
private void Serialize(ref MessagePackWriter writer, SignatureLog logMessage, MessagePackSerializerOptions options)
{
writer.WriteMapHeader(count: 8);
SerializeCommonProperties(ref writer, logMessage, options);
writer.Write(LibraryIdPropertyName);
writer.Write(logMessage.LibraryId);
}
public void Equals_OtherIsSame_ReturnsTrue()
{
// Arrange
var log = SignatureLog.Error(NuGetLogCode.NU3000, "unit_test_message");
// Act
var equals = log.Equals(log);
// Assert
equals.Should().BeTrue();
}
public void Issue_InitializesProperties(bool fatal, NuGetLogCode code, string message)
{
// Arrange
var expectedLevel = fatal ? LogLevel.Error : LogLevel.Warning;
// Act
var log = SignatureLog.Issue(fatal, code, message);
// Assert
log.Message.Should().Be(message);
log.Code.Should().Be(code);
log.Level.Should().Be(expectedLevel);
}
public void DebugLog_InitializesProperties()
{
// Arrange
var message = "unit_test_message";
// Act
var log = SignatureLog.DebugLog(message);
// Assert
log.Message.Should().Be(message);
log.Code.Should().Be(NuGetLogCode.Undefined);
log.Level.Should().Be(LogLevel.Debug);
}
public void Equals_OtherIsNull_ReturnsFalse()
{
// Arrange
var message = "unit_test_message";
var code = NuGetLogCode.NU3000;
var log = SignatureLog.Error(code, message);
// Act
var equals = log.Equals(null);
// Assert
equals.Should().BeFalse();
}
private static SignatureLog CreateSignatureLog()
{
SignatureLog signatureLog = SignatureLog.Error(NuGetLogCode.NU3031, Message);
signatureLog.Code = NuGetLogCode.NU3017;
signatureLog.Level = LogLevel.Verbose;
signatureLog.LibraryId = "b";
signatureLog.ProjectPath = "c";
signatureLog.Time = DateTimeOffset.UtcNow;
signatureLog.WarningLevel = WarningLevel.Important;
return(signatureLog);
}
public void Error_InitializesProperties()
{
// Arrange
var message = "unit_test_message";
var code = NuGetLogCode.NU3000;
// Act
var log = SignatureLog.Error(code, message);
// Assert
log.Message.Should().Be(message);
log.Code.Should().Be(code);
log.Level.Should().Be(LogLevel.Error);
}
public void Equals_OtherIsDifferent_ReturnsFalse(SignatureLog other)
{
// Arrange
var log = SignatureLog.Error(NuGetLogCode.NU3000, "unit_test_message");
log.ProjectPath = Guid.NewGuid().ToString();
log.LibraryId = Guid.NewGuid().ToString();
// Act
var equals = log.Equals(other);
// Assert
equals.Should().BeFalse();
}
public void Equals_OtherIsEquivalent_ReturnsFalse()
{
// Arrange
var log = SignatureLog.Error(NuGetLogCode.NU3000, "unit_test_message");
log.ProjectPath = "unit_test_project_path";
log.LibraryId = "unit_test_library_id";
var other = SignatureLog.Error(NuGetLogCode.NU3000, "unit_test_message");
other.ProjectPath = "unit_test_project_path";
other.LibraryId = "unit_test_library_id";
// Act
var equals = log.Equals(log);
// Assert
equals.Should().BeTrue();
}
public async Task RejectsPackagesWithMimimalVerificationErrors()
{
// Arrange
_packageStream = TestResources.GetResourceStream(TestResources.SignedPackageLeaf1);
_minimalVerifyResult = new VerifySignaturesResult(
valid: false,
signed: true,
results: new[]
{
new InvalidSignaturePackageVerificationResult(
SignatureVerificationStatus.Suspect,
new[]
{
SignatureLog.Issue(
fatal: true,
code: NuGetLogCode.NU3000,
message: "The package signature is invalid."),
})
});
_message = new SignatureValidationMessage(
TestResources.SignedPackageLeafId,
TestResources.SignedPackageLeaf1Version,
new Uri($"https://unit.test/{TestResources.SignedPackageLeaf1.ToLowerInvariant()}"),
Guid.NewGuid());
// Act
var result = await _target.ValidateAsync(
_packageKey,
_packageStream,
_message,
_cancellationToken);
// Assert
Validate(result, ValidationStatus.Failed, PackageSigningStatus.Invalid);
Assert.Single(result.Issues);
var issue = Assert.IsType <ClientSigningVerificationFailure>(result.Issues[0]);
Assert.Equal("NU3000", issue.ClientCode);
Assert.Equal("The package signature is invalid.", issue.ClientMessage);
}
public static IEnumerable <object[]> SignatureLogCombinations()
{
yield return(new object[]
{ SignatureLog.DebugLog(string.Empty) });
yield return(new object[]
{ SignatureLog.InformationLog(string.Empty) });
yield return(new object[]
{ SignatureLog.DetailedLog(string.Empty) });
yield return(new object[]
{ SignatureLog.Issue(false, NuGetLogCode.NU1000, string.Empty) });
yield return(new object[]
{ SignatureLog.Issue(true, NuGetLogCode.NU1000, string.Empty) });
yield return(new object[]
{ SignatureLog.Issue(true, NuGetLogCode.NU3000, string.Empty) });
yield return(GenerateSignatureLogWithMetadata());
}
public async Task <Response <string> > GenerateSignatureAsync(string name, int id)
{
var response = new Response <string>();
if (name.Length > 4)
{
response.Msg = "名字只支持1-4个字符";
return(response);
}
var type = Extension.EnumToList <SignatureEnum>().FirstOrDefault(x => x.Value.Equals(id))?.Description;
if (string.IsNullOrEmpty(type))
{
response.Msg = "不存在的签名类型";
return(response);
}
var signatureLog = await _context.SignatureLogs.FirstOrDefaultAsync(x => x.Name.Equals(name) && x.Type.Equals(type));
if (null != signatureLog)
{
response.Result = signatureLog.Url;
return(response);
}
var ip = HttpContext.Request.Headers["X-Forwarded-For"].FirstOrDefault();
if (string.IsNullOrEmpty(ip))
{
ip = Request.HttpContext.Connection.RemoteIpAddress.ToString();
}
var url = $"{(name + id).ToMd5()}.png";
#region 生成签名
var signatureUrl = AppSettings.Signature.Urls.OrderBy(x => Guid.NewGuid()).Select(x => new
{
Url = x.Key,
Parameter = string.Format(x.Value, name, id)
}).FirstOrDefault();
var content = new StringContent(signatureUrl.Parameter);
content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
using var client = _httpClient.CreateClient();
client.DefaultRequestHeaders.Add("user-agent", "Mozilla/5.0");
var httpResponse = await client.PostAsync(signatureUrl.Url, content);
var result = await httpResponse.Content.ReadAsStringAsync();
var regex = new Regex(@"<img\b[^<>]*?\bsrc[\s\t\r\n]*=[\s\t\r\n]*[""']?[\s\t\r\n]*(?<imgUrl>[^\s\t\r\n""'<>]*)[^<>]*?/?[\s\t\r\n]*>", RegexOptions.IgnoreCase);
var imgUrl = regex.Match(result).Groups["imgUrl"].Value;
// 生成签名路径
var signaturePath = Path.Combine(AppSettings.Signature.Path, url);
// 下载签名图片至本地
await DownloadImg(client, signaturePath, imgUrl);
// 添加水印并且保存图片
await AddWatermarkSaveItAsync(signaturePath);
#endregion
var entity = new SignatureLog
{
Name = name,
Type = type,
Url = url,
Ip = ip,
Date = DateTime.Now
};
await _context.SignatureLogs.AddAsync(entity);
await _context.SaveChangesAsync();
response.Result = url;
return(response);
}
public ILogMessage?Deserialize(ref MessagePackReader reader, MessagePackSerializerOptions options)
{
if (reader.TryReadNil())
{
return(null);
}
// stack overflow mitigation - see https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf
options.Security.DepthStep(ref reader);
try
{
NuGetLogCode? code = null;
int? endColumnNumber = null;
int? endLineNumber = null;
string? filePath = null;
string? libraryId = null;
LogLevel? logLevel = null;
string? message = null;
string? projectPath = null;
bool? shouldDisplay = null;
int? startColumnNumber = null;
int? startLineNumber = null;
List <string>? targetGraphs = null;
DateTimeOffset?time = null;
string? typeName = null;
WarningLevel? warningLevel = null;
int propertyCount = reader.ReadMapHeader();
for (var propertyIndex = 0; propertyIndex < propertyCount; ++propertyIndex)
{
switch (reader.ReadString())
{
case CodePropertyName:
code = options.Resolver.GetFormatter <NuGetLogCode>().Deserialize(ref reader, options);
break;
case EndColumnNumberPropertyName:
endColumnNumber = reader.ReadInt32();
break;
case EndLineNumberPropertyName:
endLineNumber = reader.ReadInt32();
break;
case FilePathPropertyName:
filePath = reader.ReadString();
break;
case LevelPropertyName:
logLevel = options.Resolver.GetFormatter <LogLevel>().Deserialize(ref reader, options);
break;
case LibraryIdPropertyName:
libraryId = reader.ReadString();
break;
case MessagePropertyName:
message = reader.ReadString();
break;
case ProjectPathPropertyName:
projectPath = reader.ReadString();
break;
case ShouldDisplayPropertyName:
shouldDisplay = reader.ReadBoolean();
break;
case StartColumnNumberPropertyName:
startColumnNumber = reader.ReadInt32();
break;
case StartLineNumberPropertyName:
startLineNumber = reader.ReadInt32();
break;
case TargetGraphsPropertyName:
if (!reader.TryReadNil())
{
targetGraphs = new List <string>();
int targetGraphsCount = reader.ReadArrayHeader();
for (var i = 0; i < targetGraphsCount; ++i)
{
string targetGraph = reader.ReadString();
targetGraphs.Add(targetGraph);
}
}
break;
case TimePropertyName:
time = options.Resolver.GetFormatter <DateTimeOffset>().Deserialize(ref reader, options);
break;
case TypeNamePropertyName:
typeName = reader.ReadString();
break;
case WarningLevelPropertyName:
warningLevel = options.Resolver.GetFormatter <WarningLevel>().Deserialize(ref reader, options);
break;
default:
reader.Skip();
break;
}
}
Assumes.NotNullOrEmpty(typeName);
Assumes.True(code.HasValue);
Assumes.True(logLevel.HasValue);
Assumes.NotNull(message);
Assumes.True(time.HasValue);
Assumes.True(warningLevel.HasValue);
ILogMessage?logMessage = null;
if (typeName == LogMessageTypeName)
{
logMessage = new LogMessage(logLevel.Value, message)
{
Code = code.Value,
ProjectPath = projectPath,
Time = time.Value,
WarningLevel = warningLevel.Value
};
}
else if (typeName == PackagingLogMessageTypeName)
{
Assumes.True(endColumnNumber.HasValue);
Assumes.True(endLineNumber.HasValue);
Assumes.True(startColumnNumber.HasValue);
Assumes.True(startLineNumber.HasValue);
PackagingLogMessage packagingLogMessage = PackagingLogMessage.CreateError(message, code.Value);
packagingLogMessage.Code = code.Value;
packagingLogMessage.EndColumnNumber = endColumnNumber.Value;
packagingLogMessage.EndLineNumber = endLineNumber.Value;
packagingLogMessage.FilePath = filePath;
packagingLogMessage.Level = logLevel.Value;
packagingLogMessage.ProjectPath = projectPath;
packagingLogMessage.StartColumnNumber = startColumnNumber.Value;
packagingLogMessage.StartLineNumber = startLineNumber.Value;
packagingLogMessage.Time = time.Value;
packagingLogMessage.WarningLevel = warningLevel.Value;
logMessage = packagingLogMessage;
}
else if (typeName == RestoreLogMessageTypeName)
{
Assumes.True(endColumnNumber.HasValue);
Assumes.True(endLineNumber.HasValue);
Assumes.True(shouldDisplay.HasValue);
Assumes.True(startColumnNumber.HasValue);
Assumes.True(startLineNumber.HasValue);
logMessage = new RestoreLogMessage(logLevel.Value, message)
{
Code = code.Value,
EndColumnNumber = endColumnNumber.Value,
EndLineNumber = endLineNumber.Value,
FilePath = filePath,
Level = logLevel.Value,
LibraryId = libraryId,
Message = message,
ProjectPath = projectPath,
ShouldDisplay = shouldDisplay.Value,
StartColumnNumber = startColumnNumber.Value,
StartLineNumber = startLineNumber.Value,
TargetGraphs = targetGraphs,
Time = time.Value,
WarningLevel = warningLevel.Value
};
}
else if (typeName == SignatureLogTypeName)
{
SignatureLog signatureLog = SignatureLog.Error(code.Value, message);
signatureLog.Code = code.Value;
signatureLog.Level = logLevel.Value;
signatureLog.LibraryId = libraryId;
signatureLog.ProjectPath = projectPath;
signatureLog.Time = time.Value;
signatureLog.WarningLevel = warningLevel.Value;
logMessage = signatureLog;
}
else
{
throw new InvalidOperationException();
}
return(logMessage);
}
finally
{
// stack overflow mitigation - see https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf
reader.Depth--;
}
}
/// <summary>
/// Adds a package ID and package source as a prefix to log messages and adds package ID to the message.LibraryId.
/// </summary>
/// <param name="source">package source.</param>
/// <param name="package">package identity.</param>
/// <param name="message">ILogMessage to be modified.</param>
private static void AddPackageIdentityToSignatureLog(string source, PackageIdentity package, SignatureLog message)
{
message.LibraryId = package.Id;
message.Message = string.Format(CultureInfo.CurrentCulture, Strings.ExtractionLog_InformationPrefix, package.Id, package.Version, source, message.Message);
}
