[Repository Signing] Allow unsigned packages if owner has malformed username (#503)

loic-sharma · web-flow · commit 0c7b7c8b93c7 · 2018-08-01T17:46:45.000-07:00
Packages that are owned by users with malformed usernames are not repository signed (see https://github.com/NuGet/Engineering/issues/1582). The validator that verifies that a package is repository signed should take this into account. When all malformed usernames have been removed from the Gallery, this change will be reverted. This is tracked by: https://github.com/NuGet/Engineering/issues/1592 Addresses https://github.com/NuGet/Engineering/issues/1591
diff --git a/src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj b/src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj
@@ -59,6 +59,7 @@
     <Compile Include="Symbols\SymbolsMessageEnqueuer.cs" />
     <Compile Include="Symbols\SymbolsValidator.cs" />
     <Compile Include="Symbols\SymbolsValidationConfiguration.cs" />
+    <Compile Include="UsernameHelper.cs" />
     <Compile Include="ValidatingEntitites\IValidatingEntity.cs" />
     <Compile Include="IValidationOutcomeProcessor.cs" />
     <Compile Include="IValidationPackageFileService.cs" />
diff --git a/src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/BaseSignatureProcessor.cs b/src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/BaseSignatureProcessor.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
-using NuGet.Jobs.Validation;
 using NuGet.Jobs.Validation.Storage;
 using NuGet.Services.Validation.Orchestrator.Telemetry;
 
diff --git a/src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSignatureValidator.cs b/src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSignatureValidator.cs
@@ -8,8 +8,10 @@
 using Microsoft.Extensions.Options;
 using NuGet.Jobs.Validation;
 using NuGet.Jobs.Validation.Storage;
+using NuGet.Services.Validation.Orchestrator;
 using NuGet.Services.Validation.Orchestrator.PackageSigning.ScanAndSign;
 using NuGet.Services.Validation.Orchestrator.Telemetry;
+using NuGetGallery;
 
 namespace NuGet.Services.Validation.PackageSigning.ProcessSignature
 {
@@ -23,6 +25,7 @@ public class PackageSignatureValidator : BaseSignatureProcessor, IValidator
         private readonly IValidatorStateService _validatorStateService;
         private readonly IProcessSignatureEnqueuer _signatureVerificationEnqueuer;
         private readonly ISimpleCloudBlobProvider _blobProvider;
+        private readonly ICorePackageService _packages;
         private readonly ScanAndSignConfiguration _config;
         private readonly ITelemetryService _telemetryService;
         private readonly ILogger<PackageSignatureValidator> _logger;
@@ -31,6 +34,7 @@ public PackageSignatureValidator(
             IValidatorStateService validatorStateService,
             IProcessSignatureEnqueuer signatureVerificationEnqueuer,
             ISimpleCloudBlobProvider blobProvider,
+            ICorePackageService packages,
             IOptionsSnapshot<ScanAndSignConfiguration> configAccessor,
             ITelemetryService telemetryService,
             ILogger<PackageSignatureValidator> logger)
@@ -39,6 +43,7 @@ public PackageSignatureValidator(
             _validatorStateService = validatorStateService ?? throw new ArgumentNullException(nameof(validatorStateService));
             _signatureVerificationEnqueuer = signatureVerificationEnqueuer ?? throw new ArgumentNullException(nameof(signatureVerificationEnqueuer));
             _blobProvider = blobProvider ?? throw new ArgumentNullException(nameof(blobProvider));
+            _packages = packages ?? throw new ArgumentNullException(nameof(packages));
             _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
 
@@ -60,45 +65,57 @@ public override async Task<IValidationResult> GetResultAsync(IValidationRequest
         {
             var result = await base.GetResultAsync(request);
 
-            return Validate(result);
+            return Validate(request, result);
         }
 
         public override async Task<IValidationResult> StartAsync(IValidationRequest request)
         {
             var result = await base.StartAsync(request);
 
-            return Validate(result);
+            return Validate(request, result);
         }
 
-        private IValidationResult Validate(IValidationResult result)
+        private IValidationResult Validate(IValidationRequest request, IValidationResult result)
         {
             /// The package signature validator runs after the <see cref="PackageSignatureProcessor" />.
             /// All signature validation issues should be caught and handled by the processor.
             if (result.Status == ValidationStatus.Failed || result.NupkgUrl != null)
             {
-                if (_config.RepositorySigningEnabled)
+                if (!_config.RepositorySigningEnabled)
                 {
-                    _logger.LogCritical(
-                        "Unexpected validation result in package signature validator. This may be caused by an invalid repository " +
-                        "signature. Throwing an exception to force this validation to dead-letter. " +
+                    _logger.LogInformation(
+                        "Ignoring invalid validation result in package signature validator as repository signing is disabled. " +
                         "Status = {ValidationStatus}, Nupkg URL = {NupkgUrl}, validation issues = {Issues}",
                         result.Status,
                         result.NupkgUrl,
                         result.Issues.Select(i => i.IssueCode));
 
-                    throw new InvalidOperationException("Package signature validator has an unexpected validation result");
+                    return ValidationResult.Succeeded;
                 }
-                else
+
+                // TODO: Remove this.
+                // See: https://github.com/NuGet/Engineering/issues/1592
+                if (HasOwnerWithInvalidUsername(request))
                 {
-                    _logger.LogInformation(
-                        "Ignoring invalid validation result in package signature validator as repository signing is disabled. " +
+                    _logger.LogWarning(
+                        "Ignoring invalid validation result in package signature validator as the package has an owner with an invalid username. " +
                         "Status = {ValidationStatus}, Nupkg URL = {NupkgUrl}, validation issues = {Issues}",
                         result.Status,
                         result.NupkgUrl,
                         result.Issues.Select(i => i.IssueCode));
 
                     return ValidationResult.Succeeded;
                 }
+
+                _logger.LogCritical(
+                    "Unexpected validation result in package signature validator. This may be caused by an invalid repository " +
+                    "signature. Throwing an exception to force this validation to dead-letter. " +
+                    "Status = {ValidationStatus}, Nupkg URL = {NupkgUrl}, validation issues = {Issues}",
+                    result.Status,
+                    result.NupkgUrl,
+                    result.Issues.Select(i => i.IssueCode));
+
+                throw new InvalidOperationException("Package signature validator has an unexpected validation result");
             }
 
             /// Suppress all validation issues. The <see cref="PackageSignatureProcessor"/> should
@@ -116,5 +133,32 @@ private IValidationResult Validate(IValidationResult result)
 
             return result;
         }
+
+        private bool HasOwnerWithInvalidUsername(IValidationRequest request)
+        {
+            var registration = _packages.FindPackageRegistrationById(request.PackageId);
+
+            if (registration == null)
+            {
+                _logger.LogError("Attempted to validate package that has no package registration");
+
+                throw new InvalidOperationException($"Registration for package id {request.PackageId} does not exist");
+            }
+
+            var owners = registration.Owners.Select(o => o.Username).ToList();
+
+            if (owners.Any(UsernameHelper.IsInvalid))
+            {
+                _logger.LogWarning(
+                    "Package {PackageId} {PackageVersion} has an owner with an invalid username. {Owners}",
+                    request.PackageId,
+                    request.PackageVersion,
+                    owners);
+
+                return true;
+            }
+
+            return false;
+        }
     }
 }
diff --git a/src/NuGet.Services.Validation.Orchestrator/PackageSigning/ScanAndSign/ScanAndSignProcessor.cs b/src/NuGet.Services.Validation.Orchestrator/PackageSigning/ScanAndSign/ScanAndSignProcessor.cs
@@ -20,8 +20,6 @@ namespace NuGet.Services.Validation.Orchestrator.PackageSigning.ScanAndSign
     [ValidatorName(ValidatorName.ScanAndSign)]
     public class ScanAndSignProcessor : IProcessor
     {
-        private const string UsernameRegex = @"^[A-Za-z0-9][A-Za-z0-9_\.-]+[A-Za-z0-9]$";
-
         private readonly IValidationEntitiesContext _validationContext;
         private readonly IValidatorStateService _validatorStateService;
         private readonly ICorePackageService _packageService;
@@ -218,7 +216,9 @@ private async Task<bool> ShouldRepositorySignAsync(IValidationRequest request, L
                 return false;
             }
 
-            if (owners.Any(IsInvalidUsername))
+            // TODO: Remove this check.
+            // See: https://github.com/NuGet/Engineering/issues/1582
+            if (owners.Any(UsernameHelper.IsInvalid))
             {
                 _logger.LogWarning(
                     "Package {PackageId} {PackageVersion} has an owner with an invalid username. Scanning instead of signing. {Owners}",
@@ -248,10 +248,5 @@ private List<string> FindPackageOwners(IValidationRequest request)
                 .Select(o => o.Username)
                 .ToList();
         }
-
-        private bool IsInvalidUsername(string username)
-        {
-            return !Regex.IsMatch(username, UsernameRegex, RegexOptions.None, TimeSpan.FromSeconds(5));
-        }
     }
 }
diff --git a/src/NuGet.Services.Validation.Orchestrator/UsernameHelper.cs b/src/NuGet.Services.Validation.Orchestrator/UsernameHelper.cs
@@ -0,0 +1,21 @@
+﻿// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Text.RegularExpressions;
+
+namespace NuGet.Services.Validation.Orchestrator
+{
+    // TODO: Remove this type.
+    // See: https://github.com/NuGet/Engineering/issues/1582
+    // See: https://github.com/NuGet/Engineering/issues/1592
+    public static class UsernameHelper
+    {
+        private const string UsernameRegex = @"^[A-Za-z0-9][A-Za-z0-9_\.-]+[A-Za-z0-9]$";
+
+        public static bool IsInvalid(string username)
+        {
+            return !Regex.IsMatch(username, UsernameRegex, RegexOptions.None, TimeSpan.FromSeconds(5));
+        }
+    }
+}
diff --git a/tests/NuGet.Services.Validation.Orchestrator.Tests/PackageSigning/ProcessSignature/PackageSignatureValidatorFacts.cs b/tests/NuGet.Services.Validation.Orchestrator.Tests/PackageSigning/ProcessSignature/PackageSignatureValidatorFacts.cs
@@ -103,6 +103,10 @@ public async Task WhenRepositorySigningEnabled_ThrowsExceptionIfValidationFails(
                 // Arrange
                 _config.RepositorySigningEnabled = true;
 
+                _packages
+                    .Setup(p => p.FindPackageRegistrationById(_validationRequest.Object.PackageId))
+                    .Returns(_packageRegistration);
+
                 _validatorStateService
                     .Setup(x => x.GetStatusAsync(It.IsAny<IValidationRequest>()))
                     .ReturnsAsync(new ValidatorStatus
@@ -114,8 +118,10 @@ public async Task WhenRepositorySigningEnabled_ThrowsExceptionIfValidationFails(
                         ValidatorIssues = new List<ValidatorIssue>(),
                     });
 
-                // Act
-                await Assert.ThrowsAsync<InvalidOperationException>(() => _target.GetResultAsync(_validationRequest.Object));
+                // Act & Assert
+                var e = await Assert.ThrowsAsync<InvalidOperationException>(() => _target.GetResultAsync(_validationRequest.Object));
+
+                Assert.Equal("Package signature validator has an unexpected validation result", e.Message);
             }
 
             [Fact]
@@ -124,6 +130,10 @@ public async Task WhenRepositorySigningEnabled_ThrowsExceptionIfPackageIsModifie
                 // Arrange
                 _config.RepositorySigningEnabled = true;
 
+                _packages
+                    .Setup(p => p.FindPackageRegistrationById(_validationRequest.Object.PackageId))
+                    .Returns(_packageRegistration);
+
                 _validatorStateService
                     .Setup(x => x.GetStatusAsync(It.IsAny<IValidationRequest>()))
                     .ReturnsAsync(new ValidatorStatus
@@ -136,8 +146,41 @@ public async Task WhenRepositorySigningEnabled_ThrowsExceptionIfPackageIsModifie
                         NupkgUrl = "https://nuget.org/a.nupkg"
                     });
 
+                // Act & Assert
+                var e = await Assert.ThrowsAsync<InvalidOperationException>(() => _target.GetResultAsync(_validationRequest.Object));
+
+                Assert.Equal("Package signature validator has an unexpected validation result", e.Message);
+            }
+
+            [Fact]
+            public async Task WhenRepositorySigningEnabled_IgnoresFailedValidationIfOwnerHasMalformedUsername()
+            {
+                // Arrange
+                _config.RepositorySigningEnabled = true;
+
+                _packages
+                    .Setup(p => p.FindPackageRegistrationById(_validationRequest.Object.PackageId))
+                    .Returns(_packageRegistrationWithBadUsername);
+
+                _validatorStateService
+                    .Setup(x => x.GetStatusAsync(It.IsAny<IValidationRequest>()))
+                    .ReturnsAsync(new ValidatorStatus
+                    {
+                        ValidationId = ValidationId,
+                        PackageKey = PackageKey,
+                        ValidatorName = ValidatorName.PackageSignatureProcessor,
+                        State = ValidationStatus.Failed,
+                        ValidatorIssues = new List<ValidatorIssue>(),
+                    });
+
                 // Act
-                await Assert.ThrowsAsync<InvalidOperationException>(() => _target.GetResultAsync(_validationRequest.Object));
+                var result = await _target.GetResultAsync(_validationRequest.Object);
+
+                // Assert
+                Assert.Null(result.NupkgUrl);
+                Assert.Empty(result.Issues);
+                Assert.Equal(ValidationStatus.Succeeded, result.Status);
+
             }
 
             public static IEnumerable<object[]> PossibleValidationStatuses => possibleValidationStatuses.Select(s => new object[] { s });
@@ -436,19 +479,23 @@ public abstract class FactsBase
             protected readonly Mock<IValidatorStateService> _validatorStateService;
             protected readonly Mock<IProcessSignatureEnqueuer> _packageSignatureVerifier;
             protected readonly Mock<ISimpleCloudBlobProvider> _blobProvider;
+            protected readonly Mock<ICorePackageService> _packages;
             protected readonly Mock<IOptionsSnapshot<ScanAndSignConfiguration>> _configAccessor;
             protected readonly Mock<ITelemetryService> _telemetryService;
             protected readonly ILogger<PackageSignatureValidator> _logger;
             protected readonly Mock<IValidationRequest> _validationRequest;
             protected readonly PackageSignatureValidator _target;
 
             protected readonly ScanAndSignConfiguration _config;
+            protected readonly PackageRegistration _packageRegistration;
+            protected readonly PackageRegistration _packageRegistrationWithBadUsername;
 
             public FactsBase(ITestOutputHelper output)
             {
                 _validatorStateService = new Mock<IValidatorStateService>();
                 _packageSignatureVerifier = new Mock<IProcessSignatureEnqueuer>();
                 _blobProvider = new Mock<ISimpleCloudBlobProvider>();
+                _packages = new Mock<ICorePackageService>();
                 _config = new ScanAndSignConfiguration();
                 _configAccessor = new Mock<IOptionsSnapshot<ScanAndSignConfiguration>>();
                 _telemetryService = new Mock<ITelemetryService>();
@@ -464,10 +511,27 @@ public FactsBase(ITestOutputHelper output)
 
                 _configAccessor.Setup(a => a.Value).Returns(_config);
 
+                _packageRegistration = new PackageRegistration
+                {
+                    Owners = new[]
+                    {
+                        new User { Username = "GoodUsername" }
+                    }
+                };
+
+                _packageRegistrationWithBadUsername = new PackageRegistration
+                {
+                    Owners = new[]
+                    {
+                        new User { Username = "Bad Username" }
+                    }
+                };
+
                 _target = new PackageSignatureValidator(
                     _validatorStateService.Object,
                     _packageSignatureVerifier.Object,
                     _blobProvider.Object,
+                    _packages.Object,
                     _configAccessor.Object,
                     _telemetryService.Object,
                     _logger);

Original file line number	Diff line number	Diff line change
`@@ -20,8 +20,6 @@ namespace NuGet.Services.Validation.Orchestrator.PackageSigning.ScanAndSign`
`20`	`20`	`[ValidatorName(ValidatorName.ScanAndSign)]`
`21`	`21`	`public class ScanAndSignProcessor : IProcessor`
`22`	`22`	`{`
`23`		`- private const string UsernameRegex = @"^[A-Za-z0-9][A-Za-z0-9_\.-]+[A-Za-z0-9]$";`
`24`		`-`
`25`	`23`	`private readonly IValidationEntitiesContext _validationContext;`
`26`	`24`	`private readonly IValidatorStateService _validatorStateService;`
`27`	`25`	`private readonly ICorePackageService _packageService;`
`@@ -218,7 +216,9 @@ private async Task<bool> ShouldRepositorySignAsync(IValidationRequest request, L`
`218`	`216`	`return false;`
`219`	`217`	`}`
`220`	`218`
`221`		`- if (owners.Any(IsInvalidUsername))`
	`219`	`+ // TODO: Remove this check.`
	`220`	`+ // See: https://github.com/NuGet/Engineering/issues/1582`
	`221`	`+ if (owners.Any(UsernameHelper.IsInvalid))`
`222`	`222`	`{`
`223`	`223`	`_logger.LogWarning(`
`224`	`224`	`"Package {PackageId} {PackageVersion} has an owner with an invalid username. Scanning instead of signing. {Owners}",`
`@@ -248,10 +248,5 @@ private List<string> FindPackageOwners(IValidationRequest request)`
`248`	`248`	`.Select(o => o.Username)`
`249`	`249`	`.ToList();`
`250`	`250`	`}`
`251`		`-`
`252`		`- private bool IsInvalidUsername(string username)`
`253`		`- {`
`254`		`- return !Regex.IsMatch(username, UsernameRegex, RegexOptions.None, TimeSpan.FromSeconds(5));`
`255`		`- }`
`256`	`251`	`}`
`257`	`252`	`}`