private PackageValidationResult CheckLicenseMetadata(PackageArchiveReader nuGetPackage) { if (!_config.RejectPackagesWithLicense) { return(null); } LicenseCheckingNuspecReader nuspecReader = null; using (var nuspec = nuGetPackage.GetNuspec()) { nuspecReader = new LicenseCheckingNuspecReader(nuspec); } if (nuspecReader.HasLicenseMetadata()) { return(PackageValidationResult.Invalid(Strings.UploadPackage_NotAcceptingPackagesWithLicense)); } return(null); }
private async Task <PackageValidationResult> CheckLicenseMetadataAsync(PackageArchiveReader nuGetPackage, List <IValidationMessage> warnings) { LicenseCheckingNuspecReader nuspecReader = null; using (var nuspec = nuGetPackage.GetNuspec()) { nuspecReader = new LicenseCheckingNuspecReader(nuspec); } var licenseElement = nuspecReader.LicenseElement; if (licenseElement != null) { if (_config.RejectPackagesWithLicense) { return(PackageValidationResult.Invalid(Strings.UploadPackage_NotAcceptingPackagesWithLicense)); } if (licenseElement.Value.Length > MaxAllowedLicenseNodeValueLength) { return(PackageValidationResult.Invalid(Strings.UploadPackage_LicenseNodeValueTooLong)); } if (HasChildElements(licenseElement)) { return(PackageValidationResult.Invalid(Strings.UploadPackage_LicenseNodeContainsChildren)); } var typeText = GetLicenseType(licenseElement); if (!AllowedLicenseTypes.Contains(typeText, StringComparer.OrdinalIgnoreCase)) { return(PackageValidationResult.Invalid(string.Format(Strings.UploadPackage_UnsupportedLicenseType, typeText))); } var versionText = GetLicenseVersion(licenseElement); if (versionText != null && AllowedLicenseVersion != versionText) { return(PackageValidationResult.Invalid( string.Format( Strings.UploadPackage_UnsupportedLicenseVersion, versionText))); } // TODO: remove when all pipeline changes are done if (LicenseType.File.ToString().Equals(typeText, StringComparison.OrdinalIgnoreCase)) { _telemetryService.TrackLicenseFileRejected(); return(PackageValidationResult.Invalid(Strings.UploadPackage_LicenseFilesAreNotAllowed)); } } var licenseUrl = nuspecReader.GetLicenseUrl(); var licenseMetadata = nuspecReader.GetLicenseMetadata(); var licenseDeprecationUrl = GetExpectedLicenseUrl(licenseMetadata); if (licenseMetadata == null) { if (string.IsNullOrWhiteSpace(licenseUrl)) { if (!_config.AllowLicenselessPackages) { return(PackageValidationResult.Invalid(new LicenseUrlDeprecationValidationMessage(Strings.UploadPackage_MissingLicenseInformation))); } else { // TODO: uncomment when we have full support for licenses. // warnings.Add(new LicenseUrlDeprecationValidationMessage(Strings.UploadPackage_LicenseShouldBeSpecified)); } } if (licenseDeprecationUrl == licenseUrl) { return(PackageValidationResult.Invalid(Strings.UploadPackage_DeprecationUrlUsage)); } if (!string.IsNullOrWhiteSpace(licenseUrl)) { if (_config.BlockLegacyLicenseUrl) { return(PackageValidationResult.Invalid(new LicenseUrlDeprecationValidationMessage(Strings.UploadPackage_LegacyLicenseUrlNotAllowed))); } else { // TODO: uncomment when we have full support for licenses. //warnings.Add(new LicenseUrlDeprecationValidationMessage(Strings.UploadPackage_DeprecatingLicenseUrl)); } } // we will return here, so the code below would not need to check for licenseMetadata to be non-null over and over. return(null); } if (licenseMetadata.WarningsAndErrors != null && licenseMetadata.WarningsAndErrors.Any()) { _telemetryService.TrackInvalidLicenseMetadata(licenseMetadata.License); return(PackageValidationResult.Invalid( string.Format( Strings.UploadPackage_InvalidLicenseMetadata, string.Join(" ", licenseMetadata.WarningsAndErrors)))); } if (licenseDeprecationUrl != licenseUrl) { if (IsMalformedDeprecationUrl(licenseUrl)) { return(PackageValidationResult.Invalid(new InvalidUrlEncodingForLicenseUrlValidationMessage())); } if (licenseMetadata.Type == LicenseType.File) { return(PackageValidationResult.Invalid( new InvalidLicenseUrlValidationMessage( string.Format(Strings.UploadPackage_DeprecationUrlRequiredForLicenseFiles, licenseDeprecationUrl)))); } else if (licenseMetadata.Type == LicenseType.Expression) { return(PackageValidationResult.Invalid( new InvalidLicenseUrlValidationMessage( string.Format(Strings.UploadPackage_DeprecationUrlRequiredForLicenseExpressions, licenseDeprecationUrl)))); } } if (licenseMetadata.Type == LicenseType.File) { // check if specified file is present in the package var fileList = new HashSet <string>(nuGetPackage.GetFiles()); if (!fileList.Contains(licenseMetadata.License)) { return(PackageValidationResult.Invalid( string.Format( Strings.UploadPackage_LicenseFileDoesNotExist, licenseMetadata.License))); } // check if specified file has allowed extension var licenseFileExtension = Path.GetExtension(licenseMetadata.License); if (!AllowedLicenseFileExtensions.Contains(licenseFileExtension, StringComparer.OrdinalIgnoreCase)) { return(PackageValidationResult.Invalid( string.Format( Strings.UploadPackage_InvalidLicenseFileExtension, licenseFileExtension, string.Join(", ", AllowedLicenseFileExtensions.Where(x => x != string.Empty).Select(extension => $"'{extension}'"))))); } var licenseFileEntry = nuGetPackage.GetEntry(licenseMetadata.License); if (licenseFileEntry.Length > MaxAllowedLicenseLength) { return(PackageValidationResult.Invalid( string.Format( Strings.UploadPackage_LicenseFileTooLong, MaxAllowedLicenseLength.ToUserFriendlyBytesLabel()))); } using (var licenseFileStream = nuGetPackage.GetStream(licenseMetadata.License)) { if (!await IsStreamLengthMatchesReportedAsync(licenseFileStream, licenseFileEntry.Length)) { return(PackageValidationResult.Invalid(Strings.UploadPackage_CorruptNupkg)); } } // zip streams do not support seeking, so we'll have to reopen them using (var licenseFileStream = nuGetPackage.GetStream(licenseMetadata.License)) { // check if specified file is a text file if (!await TextHelper.LooksLikeUtf8TextStreamAsync(licenseFileStream)) { return(PackageValidationResult.Invalid(Strings.UploadPackage_LicenseMustBePlainText)); } } } if (licenseMetadata.Type == LicenseType.Expression) { if (licenseMetadata.LicenseExpression == null) { throw new InvalidOperationException($"Unexpected value of {nameof(licenseMetadata.LicenseExpression)} property"); } var licenseList = GetLicenseList(licenseMetadata.LicenseExpression); var unapprovedLicenses = licenseList.Where(license => !license.IsOsiApproved && !license.IsFsfLibre).ToList(); if (unapprovedLicenses.Any()) { _telemetryService.TrackNonFsfOsiLicenseUse(licenseMetadata.License); return(PackageValidationResult.Invalid( string.Format( Strings.UploadPackage_NonFsfOrOsiLicense, string.Join(", ", unapprovedLicenses.Select(l => l.LicenseID))))); } } return(null); }