private PackageValidationResult CheckLicenseMetadata(PackageArchiveReader nuGetPackage)
{
if (!_config.RejectPackagesWithLicense)
{
return(null);
}
LicenseCheckingNuspecReader nuspecReader = null;
using (var nuspec = nuGetPackage.GetNuspec())
{
nuspecReader = new LicenseCheckingNuspecReader(nuspec);
}
if (nuspecReader.HasLicenseMetadata())
{
return(PackageValidationResult.Invalid(Strings.UploadPackage_NotAcceptingPackagesWithLicense));
}
return(null);
}
private async Task <PackageValidationResult> CheckLicenseMetadataAsync(PackageArchiveReader nuGetPackage, List <IValidationMessage> warnings)
{
LicenseCheckingNuspecReader nuspecReader = null;
using (var nuspec = nuGetPackage.GetNuspec())
{
nuspecReader = new LicenseCheckingNuspecReader(nuspec);
}
var licenseElement = nuspecReader.LicenseElement;
if (licenseElement != null)
{
if (_config.RejectPackagesWithLicense)
{
return(PackageValidationResult.Invalid(Strings.UploadPackage_NotAcceptingPackagesWithLicense));
}
if (licenseElement.Value.Length > MaxAllowedLicenseNodeValueLength)
{
return(PackageValidationResult.Invalid(Strings.UploadPackage_LicenseNodeValueTooLong));
}
if (HasChildElements(licenseElement))
{
return(PackageValidationResult.Invalid(Strings.UploadPackage_LicenseNodeContainsChildren));
}
var typeText = GetLicenseType(licenseElement);
if (!AllowedLicenseTypes.Contains(typeText, StringComparer.OrdinalIgnoreCase))
{
return(PackageValidationResult.Invalid(string.Format(Strings.UploadPackage_UnsupportedLicenseType, typeText)));
}
var versionText = GetLicenseVersion(licenseElement);
if (versionText != null && AllowedLicenseVersion != versionText)
{
return(PackageValidationResult.Invalid(
string.Format(
Strings.UploadPackage_UnsupportedLicenseVersion,
versionText)));
}
// TODO: remove when all pipeline changes are done
if (LicenseType.File.ToString().Equals(typeText, StringComparison.OrdinalIgnoreCase))
{
_telemetryService.TrackLicenseFileRejected();
return(PackageValidationResult.Invalid(Strings.UploadPackage_LicenseFilesAreNotAllowed));
}
}
var licenseUrl = nuspecReader.GetLicenseUrl();
var licenseMetadata = nuspecReader.GetLicenseMetadata();
var licenseDeprecationUrl = GetExpectedLicenseUrl(licenseMetadata);
if (licenseMetadata == null)
{
if (string.IsNullOrWhiteSpace(licenseUrl))
{
if (!_config.AllowLicenselessPackages)
{
return(PackageValidationResult.Invalid(new LicenseUrlDeprecationValidationMessage(Strings.UploadPackage_MissingLicenseInformation)));
}
else
{
// TODO: uncomment when we have full support for licenses.
// warnings.Add(new LicenseUrlDeprecationValidationMessage(Strings.UploadPackage_LicenseShouldBeSpecified));
}
}
if (licenseDeprecationUrl == licenseUrl)
{
return(PackageValidationResult.Invalid(Strings.UploadPackage_DeprecationUrlUsage));
}
if (!string.IsNullOrWhiteSpace(licenseUrl))
{
if (_config.BlockLegacyLicenseUrl)
{
return(PackageValidationResult.Invalid(new LicenseUrlDeprecationValidationMessage(Strings.UploadPackage_LegacyLicenseUrlNotAllowed)));
}
else
{
// TODO: uncomment when we have full support for licenses.
//warnings.Add(new LicenseUrlDeprecationValidationMessage(Strings.UploadPackage_DeprecatingLicenseUrl));
}
}
// we will return here, so the code below would not need to check for licenseMetadata to be non-null over and over.
return(null);
}
if (licenseMetadata.WarningsAndErrors != null && licenseMetadata.WarningsAndErrors.Any())
{
_telemetryService.TrackInvalidLicenseMetadata(licenseMetadata.License);
return(PackageValidationResult.Invalid(
string.Format(
Strings.UploadPackage_InvalidLicenseMetadata,
string.Join(" ", licenseMetadata.WarningsAndErrors))));
}
if (licenseDeprecationUrl != licenseUrl)
{
if (IsMalformedDeprecationUrl(licenseUrl))
{
return(PackageValidationResult.Invalid(new InvalidUrlEncodingForLicenseUrlValidationMessage()));
}
if (licenseMetadata.Type == LicenseType.File)
{
return(PackageValidationResult.Invalid(
new InvalidLicenseUrlValidationMessage(
string.Format(Strings.UploadPackage_DeprecationUrlRequiredForLicenseFiles, licenseDeprecationUrl))));
}
else if (licenseMetadata.Type == LicenseType.Expression)
{
return(PackageValidationResult.Invalid(
new InvalidLicenseUrlValidationMessage(
string.Format(Strings.UploadPackage_DeprecationUrlRequiredForLicenseExpressions, licenseDeprecationUrl))));
}
}
if (licenseMetadata.Type == LicenseType.File)
{
// check if specified file is present in the package
var fileList = new HashSet <string>(nuGetPackage.GetFiles());
if (!fileList.Contains(licenseMetadata.License))
{
return(PackageValidationResult.Invalid(
string.Format(
Strings.UploadPackage_LicenseFileDoesNotExist,
licenseMetadata.License)));
}
// check if specified file has allowed extension
var licenseFileExtension = Path.GetExtension(licenseMetadata.License);
if (!AllowedLicenseFileExtensions.Contains(licenseFileExtension, StringComparer.OrdinalIgnoreCase))
{
return(PackageValidationResult.Invalid(
string.Format(
Strings.UploadPackage_InvalidLicenseFileExtension,
licenseFileExtension,
string.Join(", ", AllowedLicenseFileExtensions.Where(x => x != string.Empty).Select(extension => $"'{extension}'")))));
}
var licenseFileEntry = nuGetPackage.GetEntry(licenseMetadata.License);
if (licenseFileEntry.Length > MaxAllowedLicenseLength)
{
return(PackageValidationResult.Invalid(
string.Format(
Strings.UploadPackage_LicenseFileTooLong,
MaxAllowedLicenseLength.ToUserFriendlyBytesLabel())));
}
using (var licenseFileStream = nuGetPackage.GetStream(licenseMetadata.License))
{
if (!await IsStreamLengthMatchesReportedAsync(licenseFileStream, licenseFileEntry.Length))
{
return(PackageValidationResult.Invalid(Strings.UploadPackage_CorruptNupkg));
}
}
// zip streams do not support seeking, so we'll have to reopen them
using (var licenseFileStream = nuGetPackage.GetStream(licenseMetadata.License))
{
// check if specified file is a text file
if (!await TextHelper.LooksLikeUtf8TextStreamAsync(licenseFileStream))
{
return(PackageValidationResult.Invalid(Strings.UploadPackage_LicenseMustBePlainText));
}
}
}
if (licenseMetadata.Type == LicenseType.Expression)
{
if (licenseMetadata.LicenseExpression == null)
{
throw new InvalidOperationException($"Unexpected value of {nameof(licenseMetadata.LicenseExpression)} property");
}
var licenseList = GetLicenseList(licenseMetadata.LicenseExpression);
var unapprovedLicenses = licenseList.Where(license => !license.IsOsiApproved && !license.IsFsfLibre).ToList();
if (unapprovedLicenses.Any())
{
_telemetryService.TrackNonFsfOsiLicenseUse(licenseMetadata.License);
return(PackageValidationResult.Invalid(
string.Format(
Strings.UploadPackage_NonFsfOrOsiLicense, string.Join(", ", unapprovedLicenses.Select(l => l.LicenseID)))));
}
}
return(null);
}
