public virtual Package EnrichPackageFromNuGetPackage(
Package package,
PackageArchiveReader packageArchive,
PackageMetadata packageMetadata,
PackageStreamMetadata packageStreamMetadata,
User user)
{
// Version must always be the exact string from the nuspec, which OriginalVersion will return to us.
// However, we do also store a normalized copy for looking up later.
package.Version = packageMetadata.Version.OriginalVersion;
package.NormalizedVersion = packageMetadata.Version.ToNormalizedString();
package.Description = packageMetadata.Description;
package.ReleaseNotes = packageMetadata.ReleaseNotes;
package.HashAlgorithm = packageStreamMetadata.HashAlgorithm;
package.Hash = packageStreamMetadata.Hash;
package.PackageFileSize = packageStreamMetadata.Size;
package.Language = packageMetadata.Language;
package.Copyright = packageMetadata.Copyright;
package.FlattenedAuthors = packageMetadata.Authors.Flatten();
package.IsPrerelease = packageMetadata.Version.IsPrerelease;
package.Listed = true;
package.RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance;
package.Summary = packageMetadata.Summary;
package.Tags = PackageHelper.ParseTags(packageMetadata.Tags);
package.Title = packageMetadata.Title;
package.User = user;
package.IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull();
package.LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull();
package.ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull();
package.MinClientVersion = packageMetadata.MinClientVersion.ToStringOrNull();
#pragma warning disable 618 // TODO: remove Package.Authors completely once production services definitely no longer need it
foreach (var author in packageMetadata.Authors)
{
package.Authors.Add(new PackageAuthor {
Name = author
});
}
#pragma warning restore 618
var supportedFrameworks = GetSupportedFrameworks(packageArchive)
.ToArray();
if (!supportedFrameworks.Any(fx => fx != null && fx.IsAny))
{
var supportedFrameworkNames = supportedFrameworks
.Select(fn => fn.ToShortNameOrNull())
.Where(fn => fn != null)
.ToArray();
ValidateSupportedFrameworks(supportedFrameworkNames);
foreach (var supportedFramework in supportedFrameworkNames)
{
package.SupportedFrameworks.Add(new PackageFramework {
TargetFramework = supportedFramework
});
}
}
package.Dependencies = packageMetadata
.GetDependencyGroups()
.AsPackageDependencyEnumerable()
.ToList();
package.PackageTypes = packageMetadata
.GetPackageTypes()
.AsPackageTypeEnumerable()
.ToList();
package.FlattenedDependencies = package.Dependencies.Flatten();
package.FlattenedPackageTypes = package.PackageTypes.Flatten();
// Identify the SemVerLevelKey using the original package version string and package dependencies
package.SemVerLevelKey = SemVerLevelKey.ForPackage(packageMetadata.Version, package.Dependencies);
return(package);
}
private Package CreatePackageFromNuGetPackage(PackageRegistration packageRegistration, INupkg nugetPackage, User user)
{
var package = packageRegistration.Packages.SingleOrDefault(pv => pv.Version == nugetPackage.Metadata.Version.ToString());
if (package != null)
{
throw new EntityException(
"A package with identifier '{0}' and version '{1}' already exists.", packageRegistration.Id, package.Version);
}
var now = DateTime.UtcNow;
var packageFileStream = nugetPackage.GetStream();
package = new Package
{
// Version must always be the exact string from the nuspec, which ToString will return to us.
// However, we do also store a normalized copy for looking up later.
Version = nugetPackage.Metadata.Version.ToString(),
NormalizedVersion = nugetPackage.Metadata.Version.ToNormalizedString(),
Description = nugetPackage.Metadata.Description,
ReleaseNotes = nugetPackage.Metadata.ReleaseNotes,
HashAlgorithm = Constants.Sha512HashAlgorithmId,
Hash = Crypto.GenerateHash(packageFileStream.ReadAllBytes()),
PackageFileSize = packageFileStream.Length,
Created = now,
Language = nugetPackage.Metadata.Language,
LastUpdated = now,
Published = now,
Copyright = nugetPackage.Metadata.Copyright,
FlattenedAuthors = nugetPackage.Metadata.Authors.Flatten(),
IsPrerelease = !nugetPackage.Metadata.IsReleaseVersion(),
Listed = true,
PackageRegistration = packageRegistration,
RequiresLicenseAcceptance = nugetPackage.Metadata.RequireLicenseAcceptance,
Summary = nugetPackage.Metadata.Summary,
Tags = PackageHelper.ParseTags(nugetPackage.Metadata.Tags),
Title = nugetPackage.Metadata.Title,
User = user,
};
package.IconUrl = nugetPackage.Metadata.IconUrl.ToEncodedUrlStringOrNull();
package.LicenseUrl = nugetPackage.Metadata.LicenseUrl.ToEncodedUrlStringOrNull();
package.ProjectUrl = nugetPackage.Metadata.ProjectUrl.ToEncodedUrlStringOrNull();
package.MinClientVersion = nugetPackage.Metadata.MinClientVersion.ToStringOrNull();
#pragma warning disable 618 // TODO: remove Package.Authors completely once prodution services definitely no longer need it
foreach (var author in nugetPackage.Metadata.Authors)
{
package.Authors.Add(new PackageAuthor {
Name = author
});
}
#pragma warning restore 618
var supportedFrameworks = GetSupportedFrameworks(nugetPackage).Select(fn => fn.ToShortNameOrNull()).ToArray();
if (!supportedFrameworks.AnySafe(sf => sf == null))
{
foreach (var supportedFramework in supportedFrameworks)
{
package.SupportedFrameworks.Add(new PackageFramework {
TargetFramework = supportedFramework
});
}
}
foreach (var dependencySet in nugetPackage.Metadata.DependencySets)
{
if (dependencySet.Dependencies.Count == 0)
{
package.Dependencies.Add(
new PackageDependency
{
Id = null,
VersionSpec = null,
TargetFramework = dependencySet.TargetFramework.ToShortNameOrNull()
});
}
else
{
foreach (var dependency in dependencySet.Dependencies.Select(d => new { d.Id, d.VersionSpec, dependencySet.TargetFramework }))
{
package.Dependencies.Add(
new PackageDependency
{
Id = dependency.Id,
VersionSpec = dependency.VersionSpec == null ? null : dependency.VersionSpec.ToString(),
TargetFramework = dependency.TargetFramework.ToShortNameOrNull()
});
}
}
}
package.FlattenedDependencies = package.Dependencies.Flatten();
return(package);
}
private DisplayPackageViewModel SetupCommon(
DisplayPackageViewModel viewModel,
Package package,
string pushedBy,
IReadOnlyDictionary <int, PackageDeprecation> packageKeyToDeprecation,
IReadOnlyDictionary <int, IReadOnlyList <PackageVulnerability> > packageKeyToVulnerabilities)
{
viewModel.NuGetVersion = NuGetVersion.Parse(NuGetVersionFormatter.ToFullString(package.Version));
viewModel.Copyright = package.Copyright;
viewModel.DownloadCount = package.DownloadCount;
viewModel.LastEdited = package.LastEdited;
viewModel.TotalDaysSinceCreated = 0;
viewModel.DownloadsPerDay = 0;
viewModel.PushedBy = pushedBy;
viewModel.InitializeRepositoryMetadata(package.RepositoryUrl, package.RepositoryType);
if (PackageHelper.TryPrepareUrlForRendering(package.ProjectUrl, out string projectUrl))
{
viewModel.ProjectUrl = projectUrl;
}
var fugetUrl = $"https://www.fuget.org/packages/{package.Id}/{package.NormalizedVersion}";
if (PackageHelper.TryPrepareUrlForRendering(fugetUrl, out string fugetReadyUrl))
{
viewModel.FuGetUrl = fugetReadyUrl;
}
viewModel.EmbeddedLicenseType = package.EmbeddedLicenseType;
viewModel.LicenseExpression = package.LicenseExpression;
if (PackageHelper.TryPrepareUrlForRendering(package.LicenseUrl, out string licenseUrl))
{
viewModel.LicenseUrl = licenseUrl;
var licenseNames = package.LicenseNames;
if (!string.IsNullOrEmpty(licenseNames))
{
viewModel.LicenseNames = licenseNames.Split(',').Select(l => l.Trim()).ToList();
}
}
PackageDeprecation deprecation = null;
if (packageKeyToDeprecation != null && packageKeyToDeprecation.TryGetValue(package.Key, out deprecation))
{
viewModel.DeprecationStatus = deprecation.Status;
}
else
{
viewModel.DeprecationStatus = PackageDeprecationStatus.NotDeprecated;
}
PackageVulnerabilitySeverity?maxVulnerabilitySeverity = null;
if (packageKeyToVulnerabilities != null &&
packageKeyToVulnerabilities.TryGetValue(package.Key, out var vulnerabilities) &&
vulnerabilities != null && vulnerabilities.Any())
{
viewModel.Vulnerabilities = vulnerabilities;
maxVulnerabilitySeverity = viewModel.Vulnerabilities.Max(v => v.Severity); // cache for messaging
viewModel.MaxVulnerabilitySeverity = maxVulnerabilitySeverity.Value;
}
else
{
viewModel.Vulnerabilities = null;
viewModel.MaxVulnerabilitySeverity = default;
}
viewModel.PackageWarningIconTitle =
GetWarningIconTitle(viewModel.Version, deprecation, maxVulnerabilitySeverity);
return(viewModel);
}
private RenderedMarkdownResult GetHtmlFromMarkdownCommonMark(string markdownString, int incrementHeadersBy)
{
var output = new RenderedMarkdownResult()
{
ImagesRewritten = false,
Content = "",
ImageSourceDisallowed = false
};
var readmeWithoutBom = markdownString.StartsWith("\ufeff") ? markdownString.Replace("\ufeff", "") : markdownString;
// HTML encode markdown, except for block quotes, to block inline html.
var encodedMarkdown = EncodedBlockQuotePattern.Replace(HttpUtility.HtmlEncode(readmeWithoutBom), "> ");
var settings = CommonMarkSettings.Default.Clone();
settings.RenderSoftLineBreaksAsLineBreaks = true;
// Parse executes CommonMarkConverter's ProcessStage1 and ProcessStage2.
var document = CommonMarkConverter.Parse(encodedMarkdown, settings);
foreach (var node in document.AsEnumerable())
{
if (node.IsOpening)
{
var block = node.Block;
if (block != null)
{
switch (block.Tag)
{
// Demote heading tags so they don't overpower expander headings.
case BlockTag.AtxHeading:
case BlockTag.SetextHeading:
var level = (byte)Math.Min(block.Heading.Level + incrementHeadersBy, 6);
block.Heading = new HeadingData(level);
break;
// Decode preformatted blocks to prevent double encoding.
// Skip BlockTag.BlockQuote, which are partially decoded upfront.
case BlockTag.FencedCode:
case BlockTag.IndentedCode:
if (block.StringContent != null)
{
var content = block.StringContent.TakeFromStart(block.StringContent.Length);
var unencodedContent = HttpUtility.HtmlDecode(content);
block.StringContent.Replace(unencodedContent, 0, unencodedContent.Length);
}
break;
}
}
var inline = node.Inline;
if (inline != null)
{
if (inline.Tag == InlineTag.Link)
{
// Allow only http or https links in markdown. Transform link to https for known domains.
if (!PackageHelper.TryPrepareUrlForRendering(inline.TargetUrl, out string readyUriString))
{
inline.TargetUrl = string.Empty;
}
else
{
inline.TargetUrl = readyUriString;
}
}
else if (inline.Tag == InlineTag.Image)
{
if (_features.IsImageAllowlistEnabled())
{
if (!_imageDomainValidator.TryPrepareImageUrlForRendering(inline.TargetUrl, out string readyUriString))
{
inline.TargetUrl = string.Empty;
output.ImageSourceDisallowed = true;
}
else
{
output.ImagesRewritten = output.ImagesRewritten || (inline.TargetUrl != readyUriString);
inline.TargetUrl = readyUriString;
}
}
else
{
if (!PackageHelper.TryPrepareUrlForRendering(inline.TargetUrl, out string readyUriString, rewriteAllHttp: true))
{
inline.TargetUrl = string.Empty;
}
else
{
output.ImagesRewritten = output.ImagesRewritten || (inline.TargetUrl != readyUriString);
inline.TargetUrl = readyUriString;
}
}
}
}
}
public virtual async Task <ActionResult> VerifyPackage()
{
var currentUser = GetCurrentUser();
PackageMetadata packageMetadata;
using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
{
if (uploadFile == null)
{
return(RedirectToRoute(RouteName.UploadPackage));
}
var package = await SafeCreatePackage(currentUser, uploadFile);
if (package == null)
{
return(Redirect(Url.UploadPackage()));
}
try
{
packageMetadata = PackageMetadata.FromNuspecReader(
package.GetNuspecReader());
}
catch (Exception ex)
{
TempData["Message"] = ex.GetUserSafeMessage();
return(Redirect(Url.UploadPackage()));
}
}
var model = new VerifyPackageRequest
{
Id = packageMetadata.Id,
Version = packageMetadata.Version.ToNormalizedStringSafe(),
LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
Listed = true,
Language = packageMetadata.Language,
MinClientVersion = packageMetadata.MinClientVersion,
FrameworkReferenceGroups = packageMetadata.GetFrameworkReferenceGroups(),
Dependencies = new DependencySetsViewModel(
packageMetadata.GetDependencyGroups().AsPackageDependencyEnumerable()),
DevelopmentDependency = packageMetadata.GetValueFromMetadata("developmentDependency"),
Edit = new EditPackageVersionRequest
{
Authors = packageMetadata.Authors.Flatten(),
Copyright = packageMetadata.Copyright,
Description = packageMetadata.Description,
IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(),
LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(),
ReleaseNotes = packageMetadata.ReleaseNotes,
RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance,
Summary = packageMetadata.Summary,
Tags = PackageHelper.ParseTags(packageMetadata.Tags),
VersionTitle = packageMetadata.Title,
}
};
return(View(model));
}
