public virtual async Task <ActionResult> GetPackage(string id, string version) { // some security paranoia about URL hacking somehow creating e.g. open redirects // validate user input: explicit calls to the same validators used during Package Registrations // Ideally shouldn't be necessary? if (!PackageIdValidator.IsValidPackageId(id ?? "")) { return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid")); } // if version is non-null, check if it's semantically correct and normalize it. if (!String.IsNullOrEmpty(version)) { NuGetVersion dummy; if (!NuGetVersion.TryParse(version, out dummy)) { return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version")); } // Normalize the version version = NuGetVersionNormalizer.Normalize(version); } else { // if version is null, get the latest version from the database. // This ensures that on package restore scenario where version will be non null, we don't hit the database. try { var package = PackageService.FindPackageByIdAndVersion(id, version, allowPrerelease: false); if (package == null) { return(new HttpStatusCodeWithBodyResult(HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version))); } version = package.NormalizedVersion; } catch (SqlException e) { QuietLog.LogHandledException(e); // Database was unavailable and we don't have a version, return a 503 return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion)); } catch (DataException e) { QuietLog.LogHandledException(e); // Database was unavailable and we don't have a version, return a 503 return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion)); } } if (ConfigurationService.Features.TrackPackageDownloadCountInLocalDatabase) { await PackageService.IncrementDownloadCountAsync(id, version); } return(await PackageFileService.CreateDownloadPackageActionResultAsync( HttpContext.Request.Url, id, version)); }
public void ValidatePackageIdInvalidIdReturnsFalse(string packageId) { // Act bool isValid = PackageIdValidator.IsValidPackageId(packageId); // Assert Assert.False(isValid); }
public void ValidatePackageIdWithValidIdReturnsTrue(string packageId) { // Act bool isValid = PackageIdValidator.IsValidPackageId(packageId); // Assert Assert.True(isValid); }
public void NullThrowsException() { // Arrange string packageId = null; // Act & Assert Assert.Throws <ArgumentNullException>("packageId", () => PackageIdValidator.IsValidPackageId(packageId)); }
public void ValidatePackageIdInvalidIdThrows(string packageId) { // Act & Assert Exception thrownException = null; try { PackageIdValidator.ValidatePackageId(packageId); } catch (Exception ex) { thrownException = ex; } Assert.NotNull(thrownException); Assert.Equal("The package ID '" + packageId + "' contains invalid characters. Examples of valid package IDs include 'MyPackage' and 'MyPackage.Sample'.", thrownException.Message); }
public void IdExceedingMaxLengthThrows(int idTestLength) { // Arrange string packageId = new string('d', idTestLength); // Act && Assert Exception thrownException = null; try { PackageIdValidator.ValidatePackageId(packageId); } catch (Exception ex) { thrownException = ex; } Assert.NotNull(thrownException); Assert.Equal("Id must not exceed " + Constants.MaxPackageIdLength + " characters.", thrownException.Message); }
private static IEnumerable <ValidationResult> ValidateCore(PackageMetadata packageMetadata) { // Validate the ID if (string.IsNullOrEmpty(packageMetadata.Id)) { yield return(new ValidationResult(CoreStrings.Manifest_MissingId)); } else { if (packageMetadata.Id.Length > NuGet.Packaging.PackageIdValidator.MaxPackageIdLength) { yield return(new ValidationResult(CoreStrings.Manifest_IdTooLong)); } else if (!PackageIdValidator.IsValidPackageId(packageMetadata.Id)) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, CoreStrings.Manifest_InvalidId, packageMetadata.Id))); } } // Check and validate URL properties foreach (var result in CheckUrls( packageMetadata.GetValueFromMetadata("IconUrl"), packageMetadata.GetValueFromMetadata("ProjectUrl"), packageMetadata.GetValueFromMetadata("LicenseUrl"))) { yield return(result); } // Check version if (packageMetadata.Version == null) { var version = packageMetadata.GetValueFromMetadata("version"); yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, CoreStrings.Manifest_InvalidVersion, version))); } var versionValidationResult = ValidateVersion(packageMetadata.Version); if (versionValidationResult != null) { yield return(versionValidationResult); } // Check framework reference groups var frameworkReferenceGroups = packageMetadata.GetFrameworkReferenceGroups(); if (frameworkReferenceGroups != null) { foreach (var frameworkReferenceGroup in frameworkReferenceGroups) { var isUnsupportedFramework = frameworkReferenceGroup?.TargetFramework?.IsUnsupported; if (isUnsupportedFramework.HasValue && isUnsupportedFramework.Value) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, CoreStrings.Manifest_TargetFrameworkNotSupported, frameworkReferenceGroup?.TargetFramework?.ToString()))); } } } // Check dependency groups var dependencyGroups = packageMetadata.GetDependencyGroups(); if (dependencyGroups != null) { foreach (var dependencyGroup in dependencyGroups) { // Keep track of duplicates var dependencyIds = new HashSet <string>(StringComparer.OrdinalIgnoreCase); // Verify frameworks var isUnsupportedFramework = dependencyGroup.TargetFramework?.IsUnsupported; if (isUnsupportedFramework.HasValue && isUnsupportedFramework.Value) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, CoreStrings.Manifest_TargetFrameworkNotSupported, dependencyGroup.TargetFramework?.ToString()))); } // Verify package id's and versions foreach (var dependency in dependencyGroup.Packages) { bool duplicate = !dependencyIds.Add(dependency.Id); if (duplicate) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, CoreStrings.Manifest_DuplicateDependency, dependencyGroup.TargetFramework.GetShortFolderName(), dependency.Id))); } if (!PackageIdValidator.IsValidPackageId(dependency.Id)) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, CoreStrings.Manifest_InvalidDependency, dependency.Id, dependency.VersionRange.OriginalString))); } // Versions if (dependency.VersionRange.MinVersion != null) { var versionRangeValidationResult = ValidateVersion(dependency.VersionRange.MinVersion); if (versionRangeValidationResult != null) { yield return(versionRangeValidationResult); } } if (dependency.VersionRange.MaxVersion != null && dependency.VersionRange.MaxVersion != dependency.VersionRange.MinVersion) { var versionRangeValidationResult = ValidateVersion(dependency.VersionRange.MaxVersion); if (versionRangeValidationResult != null) { yield return(versionRangeValidationResult); } } } } } }
public static IEnumerable <ValidationResult> Validate(ManifestMetadata metadata) { // Validate the ID if (String.IsNullOrEmpty(metadata.Id)) { yield return(new ValidationResult(Strings.Manifest_MissingId)); } else { if (metadata.Id.Length > MaxPackageIdLength) { yield return(new ValidationResult(Strings.Manifest_IdTooLong)); } else if (!PackageIdValidator.IsValidPackageId(metadata.Id)) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, Strings.Manifest_InvalidId, metadata.Id))); } } foreach (var result in CheckUrls(metadata.IconUrl, metadata.ProjectUrl, metadata.LicenseUrl)) { yield return(result); } SemanticVersion __; if (!SemanticVersion.TryParse(metadata.Version, out __)) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, Strings.Manifest_InvalidVersion, metadata.Version))); } if (metadata.DependencySets != null) { foreach (var dependency in metadata.DependencySets.SelectMany(set => set.Dependencies)) { IVersionSpec ___; if (!PackageIdValidator.IsValidPackageId(dependency.Id) || (!string.IsNullOrEmpty(dependency.Version) && !VersionUtility.TryParseVersionSpec(dependency.Version, out ___))) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, Strings.Manifest_InvalidDependency, dependency.Id, dependency.Version))); } } } var fxes = Enumerable.Concat( metadata.FrameworkAssemblies == null ? Enumerable.Empty <string>() : (metadata.FrameworkAssemblies.Select(a => a.TargetFramework)), metadata.DependencySets == null ? Enumerable.Empty <string>() : (metadata.DependencySets.Select(s => s.TargetFramework))); foreach (var fx in fxes) { //if target framework is not specified, then continue. Validate only for wrong specification. if (string.IsNullOrEmpty(fx)) { continue; } ValidationResult result = null; try { VersionUtility.ParseFrameworkName(fx); } catch (ArgumentException) { // Can't yield in the body of a catch... result = new ValidationResult(String.Format( CultureInfo.CurrentCulture, Strings.Manifest_InvalidTargetFramework, fx)); } if (result != null) { yield return(result); } } }
private static IEnumerable <ValidationResult> ValidateCore(PackageMetadata packageMetadata) { // Validate the ID if (string.IsNullOrEmpty(packageMetadata.Id)) { yield return(new ValidationResult(Strings.Manifest_MissingId)); } else { if (packageMetadata.Id.Length > MaxPackageIdLength) { yield return(new ValidationResult(Strings.Manifest_IdTooLong)); } else if (!PackageIdValidator.IsValidPackageId(packageMetadata.Id)) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, Strings.Manifest_InvalidId, packageMetadata.Id))); } } // Check URL properties foreach (var result in CheckUrls( packageMetadata.GetValueFromMetadata("IconUrl"), packageMetadata.GetValueFromMetadata("ProjectUrl"), packageMetadata.GetValueFromMetadata("LicenseUrl"))) { yield return(result); } // Check version if (packageMetadata.Version == null) { var version = packageMetadata.GetValueFromMetadata("version"); yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, Strings.Manifest_InvalidVersion, version))); } // Check dependency groups var dependencyGroups = packageMetadata.GetDependencyGroups(); if (dependencyGroups != null) { foreach (var dependencyGroup in dependencyGroups) { // Keep track of duplicates var dependencyIds = new HashSet <string>(StringComparer.OrdinalIgnoreCase); // Verify package id's foreach (var dependency in dependencyGroup.Packages) { bool duplicate = !dependencyIds.Add(dependency.Id); if (duplicate) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, Strings.Manifest_DuplicateDependency, dependencyGroup.TargetFramework.GetShortFolderName(), dependency.Id))); } if (!PackageIdValidator.IsValidPackageId(dependency.Id)) { yield return(new ValidationResult(String.Format( CultureInfo.CurrentCulture, Strings.Manifest_InvalidDependency, dependency.Id, dependency.VersionRange.OriginalString))); } } } } }