public virtual Package EnrichPackageFromNuGetPackage( Package package, PackageArchiveReader packageArchive, PackageMetadata packageMetadata, PackageStreamMetadata packageStreamMetadata, User user) { // Version must always be the exact string from the nuspec, which OriginalVersion will return to us. // However, we do also store a normalized copy for looking up later. package.Version = packageMetadata.Version.OriginalVersion; package.NormalizedVersion = packageMetadata.Version.ToNormalizedString(); package.Description = packageMetadata.Description; package.ReleaseNotes = packageMetadata.ReleaseNotes; package.HashAlgorithm = packageStreamMetadata.HashAlgorithm; package.Hash = packageStreamMetadata.Hash; package.PackageFileSize = packageStreamMetadata.Size; package.Language = packageMetadata.Language; package.Copyright = packageMetadata.Copyright; package.FlattenedAuthors = packageMetadata.Authors.Flatten(); package.IsPrerelease = packageMetadata.Version.IsPrerelease; package.Listed = true; package.RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance; package.Summary = packageMetadata.Summary; package.Tags = PackageHelper.ParseTags(packageMetadata.Tags); package.Title = packageMetadata.Title; package.User = user; package.IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(); package.LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(); package.ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(); package.MinClientVersion = packageMetadata.MinClientVersion.ToStringOrNull(); #pragma warning disable 618 // TODO: remove Package.Authors completely once production services definitely no longer need it foreach (var author in packageMetadata.Authors) { package.Authors.Add(new PackageAuthor { Name = author }); } #pragma warning restore 618 var supportedFrameworks = GetSupportedFrameworks(packageArchive) .ToArray(); if (!supportedFrameworks.Any(fx => fx != null && fx.IsAny)) { var supportedFrameworkNames = supportedFrameworks .Select(fn => fn.ToShortNameOrNull()) .Where(fn => fn != null) .ToArray(); ValidateSupportedFrameworks(supportedFrameworkNames); foreach (var supportedFramework in supportedFrameworkNames) { package.SupportedFrameworks.Add(new PackageFramework { TargetFramework = supportedFramework }); } } package.Dependencies = packageMetadata .GetDependencyGroups() .AsPackageDependencyEnumerable() .ToList(); package.PackageTypes = packageMetadata .GetPackageTypes() .AsPackageTypeEnumerable() .ToList(); package.FlattenedDependencies = package.Dependencies.Flatten(); package.FlattenedPackageTypes = package.PackageTypes.Flatten(); // Identify the SemVerLevelKey using the original package version string and package dependencies package.SemVerLevelKey = SemVerLevelKey.ForPackage(packageMetadata.Version, package.Dependencies); return(package); }
private Package CreatePackageFromNuGetPackage(PackageRegistration packageRegistration, INupkg nugetPackage, User user) { var package = packageRegistration.Packages.SingleOrDefault(pv => pv.Version == nugetPackage.Metadata.Version.ToString()); if (package != null) { throw new EntityException( "A package with identifier '{0}' and version '{1}' already exists.", packageRegistration.Id, package.Version); } var now = DateTime.UtcNow; var packageFileStream = nugetPackage.GetStream(); package = new Package { // Version must always be the exact string from the nuspec, which ToString will return to us. // However, we do also store a normalized copy for looking up later. Version = nugetPackage.Metadata.Version.ToString(), NormalizedVersion = nugetPackage.Metadata.Version.ToNormalizedString(), Description = nugetPackage.Metadata.Description, ReleaseNotes = nugetPackage.Metadata.ReleaseNotes, HashAlgorithm = Constants.Sha512HashAlgorithmId, Hash = Crypto.GenerateHash(packageFileStream.ReadAllBytes()), PackageFileSize = packageFileStream.Length, Created = now, Language = nugetPackage.Metadata.Language, LastUpdated = now, Published = now, Copyright = nugetPackage.Metadata.Copyright, FlattenedAuthors = nugetPackage.Metadata.Authors.Flatten(), IsPrerelease = !nugetPackage.Metadata.IsReleaseVersion(), Listed = true, PackageRegistration = packageRegistration, RequiresLicenseAcceptance = nugetPackage.Metadata.RequireLicenseAcceptance, Summary = nugetPackage.Metadata.Summary, Tags = PackageHelper.ParseTags(nugetPackage.Metadata.Tags), Title = nugetPackage.Metadata.Title, User = user, }; package.IconUrl = nugetPackage.Metadata.IconUrl.ToEncodedUrlStringOrNull(); package.LicenseUrl = nugetPackage.Metadata.LicenseUrl.ToEncodedUrlStringOrNull(); package.ProjectUrl = nugetPackage.Metadata.ProjectUrl.ToEncodedUrlStringOrNull(); package.MinClientVersion = nugetPackage.Metadata.MinClientVersion.ToStringOrNull(); #pragma warning disable 618 // TODO: remove Package.Authors completely once prodution services definitely no longer need it foreach (var author in nugetPackage.Metadata.Authors) { package.Authors.Add(new PackageAuthor { Name = author }); } #pragma warning restore 618 var supportedFrameworks = GetSupportedFrameworks(nugetPackage).Select(fn => fn.ToShortNameOrNull()).ToArray(); if (!supportedFrameworks.AnySafe(sf => sf == null)) { foreach (var supportedFramework in supportedFrameworks) { package.SupportedFrameworks.Add(new PackageFramework { TargetFramework = supportedFramework }); } } foreach (var dependencySet in nugetPackage.Metadata.DependencySets) { if (dependencySet.Dependencies.Count == 0) { package.Dependencies.Add( new PackageDependency { Id = null, VersionSpec = null, TargetFramework = dependencySet.TargetFramework.ToShortNameOrNull() }); } else { foreach (var dependency in dependencySet.Dependencies.Select(d => new { d.Id, d.VersionSpec, dependencySet.TargetFramework })) { package.Dependencies.Add( new PackageDependency { Id = dependency.Id, VersionSpec = dependency.VersionSpec == null ? null : dependency.VersionSpec.ToString(), TargetFramework = dependency.TargetFramework.ToShortNameOrNull() }); } } } package.FlattenedDependencies = package.Dependencies.Flatten(); return(package); }
private DisplayPackageViewModel SetupCommon( DisplayPackageViewModel viewModel, Package package, string pushedBy, IReadOnlyDictionary <int, PackageDeprecation> packageKeyToDeprecation, IReadOnlyDictionary <int, IReadOnlyList <PackageVulnerability> > packageKeyToVulnerabilities) { viewModel.NuGetVersion = NuGetVersion.Parse(NuGetVersionFormatter.ToFullString(package.Version)); viewModel.Copyright = package.Copyright; viewModel.DownloadCount = package.DownloadCount; viewModel.LastEdited = package.LastEdited; viewModel.TotalDaysSinceCreated = 0; viewModel.DownloadsPerDay = 0; viewModel.PushedBy = pushedBy; viewModel.InitializeRepositoryMetadata(package.RepositoryUrl, package.RepositoryType); if (PackageHelper.TryPrepareUrlForRendering(package.ProjectUrl, out string projectUrl)) { viewModel.ProjectUrl = projectUrl; } var fugetUrl = $"https://www.fuget.org/packages/{package.Id}/{package.NormalizedVersion}"; if (PackageHelper.TryPrepareUrlForRendering(fugetUrl, out string fugetReadyUrl)) { viewModel.FuGetUrl = fugetReadyUrl; } viewModel.EmbeddedLicenseType = package.EmbeddedLicenseType; viewModel.LicenseExpression = package.LicenseExpression; if (PackageHelper.TryPrepareUrlForRendering(package.LicenseUrl, out string licenseUrl)) { viewModel.LicenseUrl = licenseUrl; var licenseNames = package.LicenseNames; if (!string.IsNullOrEmpty(licenseNames)) { viewModel.LicenseNames = licenseNames.Split(',').Select(l => l.Trim()).ToList(); } } PackageDeprecation deprecation = null; if (packageKeyToDeprecation != null && packageKeyToDeprecation.TryGetValue(package.Key, out deprecation)) { viewModel.DeprecationStatus = deprecation.Status; } else { viewModel.DeprecationStatus = PackageDeprecationStatus.NotDeprecated; } PackageVulnerabilitySeverity?maxVulnerabilitySeverity = null; if (packageKeyToVulnerabilities != null && packageKeyToVulnerabilities.TryGetValue(package.Key, out var vulnerabilities) && vulnerabilities != null && vulnerabilities.Any()) { viewModel.Vulnerabilities = vulnerabilities; maxVulnerabilitySeverity = viewModel.Vulnerabilities.Max(v => v.Severity); // cache for messaging viewModel.MaxVulnerabilitySeverity = maxVulnerabilitySeverity.Value; } else { viewModel.Vulnerabilities = null; viewModel.MaxVulnerabilitySeverity = default; } viewModel.PackageWarningIconTitle = GetWarningIconTitle(viewModel.Version, deprecation, maxVulnerabilitySeverity); return(viewModel); }
private RenderedMarkdownResult GetHtmlFromMarkdownCommonMark(string markdownString, int incrementHeadersBy) { var output = new RenderedMarkdownResult() { ImagesRewritten = false, Content = "", ImageSourceDisallowed = false }; var readmeWithoutBom = markdownString.StartsWith("\ufeff") ? markdownString.Replace("\ufeff", "") : markdownString; // HTML encode markdown, except for block quotes, to block inline html. var encodedMarkdown = EncodedBlockQuotePattern.Replace(HttpUtility.HtmlEncode(readmeWithoutBom), "> "); var settings = CommonMarkSettings.Default.Clone(); settings.RenderSoftLineBreaksAsLineBreaks = true; // Parse executes CommonMarkConverter's ProcessStage1 and ProcessStage2. var document = CommonMarkConverter.Parse(encodedMarkdown, settings); foreach (var node in document.AsEnumerable()) { if (node.IsOpening) { var block = node.Block; if (block != null) { switch (block.Tag) { // Demote heading tags so they don't overpower expander headings. case BlockTag.AtxHeading: case BlockTag.SetextHeading: var level = (byte)Math.Min(block.Heading.Level + incrementHeadersBy, 6); block.Heading = new HeadingData(level); break; // Decode preformatted blocks to prevent double encoding. // Skip BlockTag.BlockQuote, which are partially decoded upfront. case BlockTag.FencedCode: case BlockTag.IndentedCode: if (block.StringContent != null) { var content = block.StringContent.TakeFromStart(block.StringContent.Length); var unencodedContent = HttpUtility.HtmlDecode(content); block.StringContent.Replace(unencodedContent, 0, unencodedContent.Length); } break; } } var inline = node.Inline; if (inline != null) { if (inline.Tag == InlineTag.Link) { // Allow only http or https links in markdown. Transform link to https for known domains. if (!PackageHelper.TryPrepareUrlForRendering(inline.TargetUrl, out string readyUriString)) { inline.TargetUrl = string.Empty; } else { inline.TargetUrl = readyUriString; } } else if (inline.Tag == InlineTag.Image) { if (_features.IsImageAllowlistEnabled()) { if (!_imageDomainValidator.TryPrepareImageUrlForRendering(inline.TargetUrl, out string readyUriString)) { inline.TargetUrl = string.Empty; output.ImageSourceDisallowed = true; } else { output.ImagesRewritten = output.ImagesRewritten || (inline.TargetUrl != readyUriString); inline.TargetUrl = readyUriString; } } else { if (!PackageHelper.TryPrepareUrlForRendering(inline.TargetUrl, out string readyUriString, rewriteAllHttp: true)) { inline.TargetUrl = string.Empty; } else { output.ImagesRewritten = output.ImagesRewritten || (inline.TargetUrl != readyUriString); inline.TargetUrl = readyUriString; } } } } }
public virtual async Task <ActionResult> VerifyPackage() { var currentUser = GetCurrentUser(); PackageMetadata packageMetadata; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { return(RedirectToRoute(RouteName.UploadPackage)); } var package = await SafeCreatePackage(currentUser, uploadFile); if (package == null) { return(Redirect(Url.UploadPackage())); } try { packageMetadata = PackageMetadata.FromNuspecReader( package.GetNuspecReader()); } catch (Exception ex) { TempData["Message"] = ex.GetUserSafeMessage(); return(Redirect(Url.UploadPackage())); } } var model = new VerifyPackageRequest { Id = packageMetadata.Id, Version = packageMetadata.Version.ToNormalizedStringSafe(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), Listed = true, Language = packageMetadata.Language, MinClientVersion = packageMetadata.MinClientVersion, FrameworkReferenceGroups = packageMetadata.GetFrameworkReferenceGroups(), Dependencies = new DependencySetsViewModel( packageMetadata.GetDependencyGroups().AsPackageDependencyEnumerable()), DevelopmentDependency = packageMetadata.GetValueFromMetadata("developmentDependency"), Edit = new EditPackageVersionRequest { Authors = packageMetadata.Authors.Flatten(), Copyright = packageMetadata.Copyright, Description = packageMetadata.Description, IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(), ReleaseNotes = packageMetadata.ReleaseNotes, RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance, Summary = packageMetadata.Summary, Tags = PackageHelper.ParseTags(packageMetadata.Tags), VersionTitle = packageMetadata.Title, } }; return(View(model)); }