private static bool HasInvalidParameters(SearchRequest request, string packageType)
{
// Requests with bad parameters yield no results. For the package type case, by specification a package type
// valid characters are the same as a package ID.
return(request.Skip > MaximumSkip ||
(packageType != null && !PackageIdValidator.IsValidPackageId(packageType)));
}
public Task <bool> CanInstallAsync(InstallRequest installationRequest, CancellationToken cancellationToken)
{
try
{
ReadPackageInformation(installationRequest.PackageIdentifier);
}
catch (Exception)
{
_logger.LogDebug($"{installationRequest.PackageIdentifier} is not a local NuGet package.");
//check if identifier is a valid package ID
bool validPackageId = PackageIdValidator.IsValidPackageId(installationRequest.PackageIdentifier);
//check if version is specified it is correct version
bool hasValidVersion = NuGetVersionHelper.IsSupportedVersionString(installationRequest.Version);
if (!validPackageId)
{
_logger.LogDebug($"{installationRequest.PackageIdentifier} is not a valid NuGet package ID.");
}
if (!hasValidVersion)
{
_logger.LogDebug($"{installationRequest.Version} is not a valid NuGet package version.");
}
if (validPackageId && hasValidVersion)
{
_logger.LogDebug($"{installationRequest.DisplayName} is identified as the downloadable NuGet package.");
}
//not a local package file
return(Task.FromResult(validPackageId && hasValidVersion));
}
_logger.LogDebug($"{installationRequest.PackageIdentifier} is identified as the local NuGet package.");
return(Task.FromResult(true));
}
private string IsValid(string columnName)
{
if (columnName == "Id")
{
if (string.IsNullOrEmpty(Id))
{
return(VersionSpec != null ? "Package id must not be empty." : null);
}
if (!PackageIdValidator.IsValidPackageId(Id))
{
return("'" + Id + "' is an invalid package id.");
}
var activeDependencySet = _getActiveDependencySet();
if (activeDependencySet != null)
{
if (activeDependencySet.Dependencies.Any(p => p.Id.Equals(Id, StringComparison.OrdinalIgnoreCase)))
{
return("This id already exists in the same dependency group.");
}
}
}
return(null);
}
public Task <bool> CanInstallAsync(InstallRequest installationRequest, CancellationToken cancellationToken)
{
try
{
ReadPackageInformation(installationRequest.PackageIdentifier);
}
catch (Exception)
{
_environmentSettings.Host.LogDiagnosticMessage($"{installationRequest.PackageIdentifier} is not a local NuGet package.", DebugLogCategory);
//check if identifier is a valid package ID
bool validPackageId = PackageIdValidator.IsValidPackageId(installationRequest.PackageIdentifier);
//check if version is specified it is correct version
bool hasValidVersion = string.IsNullOrWhiteSpace(installationRequest.Version) || NuGetVersion.TryParse(installationRequest.Version, out _);
if (!validPackageId)
{
_environmentSettings.Host.LogDiagnosticMessage($"{installationRequest.PackageIdentifier} is not a valid NuGet package ID.", DebugLogCategory);
}
if (!hasValidVersion)
{
_environmentSettings.Host.LogDiagnosticMessage($"{installationRequest.Version} is not a valid NuGet package version.", DebugLogCategory);
}
if (validPackageId && hasValidVersion)
{
_environmentSettings.Host.LogDiagnosticMessage($"{installationRequest.DisplayName} is identified as the downloadable NuGet package.", DebugLogCategory);
}
//not a local package file
return(Task.FromResult(validPackageId && hasValidVersion));
}
_environmentSettings.Host.LogDiagnosticMessage($"{installationRequest.PackageIdentifier} is identified as the local NuGet package.", DebugLogCategory);
return(Task.FromResult(true));
}
private void ValidateBundleId(string id)
{
if (string.IsNullOrWhiteSpace(id) || !PackageIdValidator.IsValidPackageId(id))
{
string message = string.Format(Resources.ExtensionBundleConfigMissingId, ScriptConstants.HostMetadataFileName);
throw new ArgumentException(message);
}
}
public void NullThrowsException()
{
// Arrange
string packageId = null;
// Act & Assert
ExceptionAssert.ThrowsArgNull(() => PackageIdValidator.IsValidPackageId(packageId), "packageId");
}
public void NullThrowsException()
{
// Arrange
string packageId = null;
// Act & Assert
Assert.Throws <ArgumentNullException>(paramName: "packageId",
testCode: () => PackageIdValidator.IsValidPackageId(packageId));
}
public void AlphaNumericIsValid()
{
// Arrange
string packageId = "42This1Is4You";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.True(isValid);
}
public void EndingWithSeparatorsNotAllowed()
{
// Arrange
string packageId = "StartWithSeparator.";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.False(isValid);
}
public void UnderscoreDotAndDashSeparatorsAreValid()
{
// Arrange
string packageId = "Nu_Get.Core-IsCool";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.True(isValid);
}
public void EmptyIsNotValid()
{
// Arrange
string packageId = "";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.False(isValid);
}
public void IsValidPackageId_LongPackageIdWithUnMatchedCharAtTheEnd_Fails()
{
// Arrange
string packageId = string.Concat(new string('_', 100), "!");
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.False(isValid);
}
public void IsValidPackageId_PackageIdWithTwoUnderscores_Success()
{
// Arrange
string packageId = "Hello__World";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.True(isValid);
}
public void NonAlphaNumericUnderscoreDotDashIsInvalid()
{
// Arrange
string packageId = "ILike*Asterisks";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.False(isValid);
}
public void ConsecutiveSeparatorsNotAllowed()
{
// Arrange
string packageId = "I_.Like.-Separators";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.False(isValid);
}
public void DotToolsIsNotAllowed()
{
// Arrange
string packageId = ".tools";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.False(isValid);
}
public virtual async Task <ActionResult> GetPackage(string id, string version)
{
// some security paranoia about URL hacking somehow creating e.g. open redirects
// validate user input: explicit calls to the same validators used during Package Registrations
// Ideally shouldn't be necessary?
if (!PackageIdValidator.IsValidPackageId(id ?? ""))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid"));
}
// if version is non-null, check if it's semantically correct and normalize it.
if (!String.IsNullOrEmpty(version))
{
NuGetVersion dummy;
if (!NuGetVersion.TryParse(version, out dummy))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version"));
}
// Normalize the version
version = NuGetVersionNormalizer.Normalize(version);
}
else
{
// if version is null, get the latest version from the database.
// This ensures that on package restore scenario where version will be non null, we don't hit the database.
try
{
var package = PackageService.FindPackageByIdAndVersion(id, version, allowPrerelease: false);
if (package == null)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version)));
}
version = package.NormalizedVersion;
}
catch (SqlException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
catch (DataException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
}
return(await PackageFileService.CreateDownloadPackageActionResultAsync(
HttpContext.Request.Url,
id, version));
}
public void NumbersAndWordsDotSeparatedAllowd()
{
// Arrange
string packageId = "1.2.3.4.Uno.Dos.Tres.Cuatro";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.True(isValid);
}
public void MultipleDotSeparatorsAllowed()
{
// Arrange
string packageId = "I.Like.Writing.Unit.Tests";
// Act
bool isValid = PackageIdValidator.IsValidPackageId(packageId);
// Assert
Assert.True(isValid);
}
private string IsValid(string columnName)
{
if (columnName == "Id")
{
if (String.IsNullOrEmpty(Id))
{
return(null);
}
if (!PackageIdValidator.IsValidPackageId(Id))
{
return("Value '" + Id + "' cannot be converted.");
}
}
return(null);
}
public async Task <bool> DoesPackageIdExistAsync(
string packageIdPattern,
SearchScorerSettings settings)
{
Task <bool> controlExistsTask;
Task <bool> treatmentExistsTask;
if (PackageIdValidator.IsValidPackageId(packageIdPattern))
{
var query = $"packageid:{packageIdPattern}";
controlExistsTask = DoesPackageIdExistInQueryAsync(packageIdPattern, settings.ControlBaseUrl, query, take: 1);
treatmentExistsTask = DoesPackageIdExistInQueryAsync(packageIdPattern, settings.TreatmentBaseUrl, query, take: 1);
}
else if (packageIdPattern.EndsWith("*"))
{
var prefix = packageIdPattern.Substring(0, packageIdPattern.Length - 1).TrimEnd(Separators);
if (!PackageIdValidator.IsValidPackageId(prefix))
{
throw new ArgumentException($"The package ID '{packageIdPattern}' looks like a pattern but the part before the wildcard is not a valid package ID.");
}
var pieces = prefix
.Split(Separators)
.Where(x => !string.IsNullOrWhiteSpace(x));
var query = string.Join(" ", pieces);
controlExistsTask = DoesPackageIdExistInQueryAsync(packageIdPattern, settings.ControlBaseUrl, query, take: 1000);
treatmentExistsTask = DoesPackageIdExistInQueryAsync(packageIdPattern, settings.TreatmentBaseUrl, query, take: 1000);
}
else
{
throw new NotSupportedException();
}
await Task.WhenAll(controlExistsTask, treatmentExistsTask);
if (controlExistsTask.Result != treatmentExistsTask.Result)
{
throw new ArgumentNullException(
$"The package ID '{packageIdPattern}' has inconsistent availability. " +
$"Exists in control: {controlExistsTask.Result}. " +
$"Exists in treatment: {treatmentExistsTask.Result}.");
}
return(controlExistsTask.Result);
}
private bool TryGetSinglePackageId(
ParsedQuery parsed,
out string packageId)
{
if (parsed.Grouping.TryGetValue(QueryField.PackageId, out var terms) &&
terms.Count == 1)
{
packageId = terms.First();
if (packageId.Length <= PackageIdValidator.MaxPackageIdLength &&
PackageIdValidator.IsValidPackageId(packageId))
{
return(true);
}
}
packageId = null;
return(false);
}
bool IsValidId()
{
IdError = null;
if (string.IsNullOrEmpty(id))
{
return(false);
}
else if (id.Length > NuGetPackageMetadata.MaxPackageIdLength)
{
IdError = GettextCatalog.GetString("The package id must not exceed 100 characters.");
return(false);
}
else if (!PackageIdValidator.IsValidPackageId(id))
{
IdError = GettextCatalog.GetString("The package id contains invalid characters. Examples of valid package ids include 'MyPackage' and 'MyPackage.Sample'.");
return(false);
}
return(true);
}
bool IsValidLibraryName()
{
LibraryNameError = null;
if (string.IsNullOrEmpty(libraryName))
{
return(false);
}
else if (libraryName.Length > NuGetPackageMetadata.MaxPackageIdLength)
{
LibraryNameError = GettextCatalog.GetString("Library name must not exceed 100 characters.");
return(false);
}
else if (!PackageIdValidator.IsValidPackageId(libraryName))
{
LibraryNameError = GettextCatalog.GetString("The library name contains invalid characters. Examples of valid library names include 'MyPackage' and 'MyPackage.Sample'.");
return(false);
}
return(true);
}
private void ApplySearchIndexFilter(
SearchParameters searchParameters,
SearchRequest request,
bool excludePackagesHiddenByDefault,
string packageType)
{
var searchFilters = GetSearchFilters(request);
var filterString = $"{IndexFields.Search.SearchFilters} eq '{DocumentUtilities.GetSearchFilterString(searchFilters)}'";
if (excludePackagesHiddenByDefault)
{
filterString += $" and ({IndexFields.Search.IsExcludedByDefault} eq false or {IndexFields.Search.IsExcludedByDefault} eq null)";
}
// Verify that the package type only has valid package ID characters so we don't need to worry about
// escaping quotes and such.
if (packageType != null && PackageIdValidator.IsValidPackageId(packageType))
{
filterString += $" and {IndexFields.Search.FilterablePackageTypes}/any(p: p eq '{packageType.ToLowerInvariant()}')";
}
searchParameters.Filter = filterString;
}
public virtual async Task <ActionResult> GetPackage(string id, string version)
{
// some security paranoia about URL hacking somehow creating e.g. open redirects
// validate user input: explicit calls to the same validators used during Package Registrations
// Ideally shouldn't be necessary?
if (!PackageIdValidator.IsValidPackageId(id ?? ""))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid"));
}
if (!String.IsNullOrEmpty(version))
{
SemanticVersion dummy;
if (!SemanticVersion.TryParse(version, out dummy))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version"));
}
}
// if the version is null, the user is asking for the latest version. Presumably they don't want includePrerelease release versions.
// The allow prerelease flag is ignored if both partialId and version are specified.
// In general we want to try to add download statistics for any package regardless of whether a version was specified.
try
{
Package package = _packageService.FindPackageByIdAndVersion(id, version, allowPrerelease: false);
if (package == null)
{
return(new HttpStatusCodeWithBodyResult(
HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version)));
}
try
{
_packageService.AddDownloadStatistics(
package,
Request.UserHostAddress,
Request.UserAgent,
Request.Headers["NuGet-Operation"]);
}
catch (ReadOnlyModeException)
{
// *gulp* Swallowed. It's OK not to add statistics and ok to not log errors in read only mode.
}
catch (SqlException e)
{
// Log the error and continue
QuietlyLogException(e);
}
catch (DataException e)
{
// Log the error and continue
QuietlyLogException(e);
}
return(await _packageFileService.CreateDownloadPackageActionResultAsync(HttpContext.Request.Url, package));
}
catch (SqlException e)
{
QuietlyLogException(e);
}
catch (DataException e)
{
QuietlyLogException(e);
}
// Fall back to constructing the URL based on the package version and ID.
return(await _packageFileService.CreateDownloadPackageActionResultAsync(HttpContext.Request.Url, id, version));
}
public virtual async Task <ActionResult> GetPackage(string id, string version)
{
// some security paranoia about URL hacking somehow creating e.g. open redirects
// validate user input: explicit calls to the same validators used during Package Registrations
// Ideally shouldn't be necessary?
if (!PackageIdValidator.IsValidPackageId(id ?? ""))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid"));
}
// if version is non-null, check if it's semantically correct and normalize it.
if (!String.IsNullOrEmpty(version))
{
NuGetVersion dummy;
if (!NuGetVersion.TryParse(version, out dummy))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version"));
}
// Normalize the version
version = NuGetVersionNormalizer.Normalize(version);
}
else
{
// if version is null, get the latest version from the database.
// This ensures that on package restore scenario where version will be non null, we don't hit the database.
try
{
var package = PackageService.FindPackageByIdAndVersion(id, version, allowPrerelease: false);
if (package == null)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version)));
}
version = package.NormalizedVersion;
}
catch (SqlException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
catch (DataException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
}
// If metrics service is specified we post the data to it asynchronously. Else we skip stats.
if (_config != null && _config.MetricsServiceUri != null)
{
try
{
var userHostAddress = Request.UserHostAddress;
var userAgent = Request.UserAgent;
var operation = Request.Headers["NuGet-Operation"];
var dependentPackage = Request.Headers["NuGet-DependentPackage"];
var projectGuids = Request.Headers["NuGet-ProjectGuids"];
HostingEnvironment.QueueBackgroundWorkItem(cancellationToken => PostDownloadStatistics(id, version, userHostAddress, userAgent, operation, dependentPackage, projectGuids, cancellationToken));
}
catch (Exception ex)
{
QuietLog.LogHandledException(ex);
}
}
return(await PackageFileService.CreateDownloadPackageActionResultAsync(
HttpContext.Request.Url,
id, version));
}
private static bool IsId(string query)
{
return(query.Length <= PackageIdValidator.MaxPackageIdLength &&
PackageIdValidator.IsValidPackageId(query));
}
private void CleanDownloadData(DownloadData data)
{
var invalidIdCount = 0;
var invalidVersionCount = 0;
var nonNormalizedVersionCount = 0;
foreach (var id in data.Keys.ToList())
{
var isValidId = id.Length <= PackageIdValidator.MaxPackageIdLength && PackageIdValidator.IsValidPackageId(id);
if (!isValidId)
{
invalidIdCount++;
}
foreach (var version in data[id].Keys.ToList())
{
var isValidVersion = NuGetVersion.TryParse(version, out var parsedVersion);
if (!isValidVersion)
{
invalidVersionCount++;
}
if (!isValidId || !isValidVersion)
{
// Clear the download count if the ID or version is invalid.
data.SetDownloadCount(id, version, 0);
continue;
}
var normalizedVersion = parsedVersion.ToNormalizedString();
var isNormalizedVersion = StringComparer.OrdinalIgnoreCase.Equals(version, normalizedVersion);
if (!isNormalizedVersion)
{
nonNormalizedVersionCount++;
// Use the normalized version string if the original was not normalized.
var downloads = data.GetDownloadCount(id, version);
data.SetDownloadCount(id, version, 0);
data.SetDownloadCount(id, normalizedVersion, downloads);
}
}
}
_logger.LogInformation(
"There were {InvalidIdCount} invalid IDs, {InvalidVersionCount} invalid versions, and " +
"{NonNormalizedVersionCount} non-normalized IDs.",
invalidIdCount,
invalidVersionCount,
nonNormalizedVersionCount);
}
public virtual async Task <ActionResult> GetPackage(string id, string version)
{
// some security paranoia about URL hacking somehow creating e.g. open redirects
// validate user input: explicit calls to the same validators used during Package Registrations
// Ideally shouldn't be necessary?
if (!PackageIdValidator.IsValidPackageId(id ?? ""))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid"));
}
if (!String.IsNullOrEmpty(version))
{
SemanticVersion dummy;
if (!SemanticVersion.TryParse(version, out dummy))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version"));
}
}
// Normalize the version
version = SemanticVersionExtensions.Normalize(version);
// if the version is null, the user is asking for the latest version. Presumably they don't want includePrerelease release versions.
// The allow prerelease flag is ignored if both partialId and version are specified.
// In general we want to try to add download statistics for any package regardless of whether a version was specified.
Package package = null;
try
{
package = PackageService.FindPackageByIdAndVersion(id, version, allowPrerelease: false);
if (package == null)
{
return(new HttpStatusCodeWithBodyResult(
HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version)));
}
try
{
var stats = new PackageStatistics
{
// IMPORTANT: Timestamp is managed by the database.
IPAddress = Request.UserHostAddress,
UserAgent = Request.UserAgent,
Package = package,
Operation = Request.Headers["NuGet-Operation"],
DependentPackage = Request.Headers["NuGet-DependentPackage"],
ProjectGuids = Request.Headers["NuGet-ProjectGuids"],
};
PackageService.AddDownloadStatistics(stats);
}
catch (ReadOnlyModeException)
{
// *gulp* Swallowed. It's OK not to add statistics and ok to not log errors in read only mode.
}
catch (SqlException e)
{
// Log the error and continue
QuietLog.LogHandledException(e);
}
catch (DataException e)
{
// Log the error and continue
QuietLog.LogHandledException(e);
}
}
catch (SqlException e)
{
QuietLog.LogHandledException(e);
}
catch (DataException e)
{
QuietLog.LogHandledException(e);
}
// Fall back to constructing the URL based on the package version and ID.
if (String.IsNullOrEmpty(version) && package == null)
{
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
return(await PackageFileService.CreateDownloadPackageActionResultAsync(
HttpContext.Request.Url,
id,
String.IsNullOrEmpty(version)?package.NormalizedVersion : version));
}
