Merge changes from the private Gallery repo (#10689)

advay26 · joelverhagen · web-flow · commit 2024816b37ad · 2026-01-22T15:25:11.000-08:00
* Add clean MSRC copy This is GitHub main commit 4f542d8, with ApiKeyV5 secrets purged, automated SDK updates, and ES metadata file. * Merged PR 2802: Fixed bug in nuspec path parsing Fixed nuspec path handling to correctly handle paths with a backslash. Co-authored-by: Joel Verhagen <jver@microsoft.com>
diff --git a/global.json b/global.json
@@ -1,6 +1,6 @@
 {
   "sdk": {
-    "version": "8.0.303",
+    "version": "8.0.318",
     "rollForward": "latestFeature",
     "allowPrerelease": false
   }
diff --git a/src/Catalog/Helpers/Utils.cs b/src/Catalog/Helpers/Utils.cs
@@ -36,6 +36,8 @@ public static class Utils
 
         private static readonly char[] TagTrimChars = { ',', ' ', '\t', '|', ';' };
 
+        private static readonly char[] Slashes = { '/', '\\' };
+
         public static string[] SplitTags(string original)
         {
             var fields = original
@@ -118,12 +120,13 @@ public static XDocument GetNuspec(ZipArchive package)
 
             foreach (ZipArchiveEntry part in package.Entries)
             {
-                if (part.FullName.EndsWith(".nuspec") && part.FullName.IndexOf('/') == -1)
+                if (part.FullName.EndsWith(".nuspec") && part.FullName.IndexOfAny(Slashes) == -1)
                 {
                     XDocument nuspec = XDocument.Load(part.Open());
                     return nuspec;
                 }
             }
+
             return null;
         }
 
diff --git a/tests/CatalogTests/Helpers/UtilsTests.cs b/tests/CatalogTests/Helpers/UtilsTests.cs
@@ -1,4 +1,4 @@
-﻿// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -69,6 +69,108 @@ public void GetNupkgMetadata_WhenNuspecNotFound_Throws()
             }
         }
 
+        [Fact]
+        public void GetNupkgMetadata_WhenNuspecAtRootLevel_Succeeds()
+        {
+            using (var stream = new MemoryStream())
+            {
+                using (var zipArchive = new ZipArchive(stream, ZipArchiveMode.Create, leaveOpen: true))
+                {
+                    var entry = zipArchive.CreateEntry("package.nuspec");
+                    using (var writer = new StreamWriter(entry.Open()))
+                    {
+                        writer.Write("<?xml version=\"1.0\"?><package xmlns=\"http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd\"><metadata><id>TestPackage</id><version>1.0.0</version><authors>Test</authors><description>Test</description></metadata></package>");
+                    }
+                }
+
+                stream.Position = 0;
+
+                var metadata = Utils.GetNupkgMetadata(stream, packageHash: null);
+
+                Assert.NotNull(metadata);
+                Assert.NotNull(metadata.Nuspec);
+            }
+        }
+
+        [Fact]
+        public void GetNupkgMetadata_WhenNuspecInSubdirectoryWithForwardSlash_Throws()
+        {
+            using (var stream = new MemoryStream())
+            {
+                using (var zipArchive = new ZipArchive(stream, ZipArchiveMode.Create, leaveOpen: true))
+                {
+                    var entry = zipArchive.CreateEntry("subdir/package.nuspec");
+                    using (var writer = new StreamWriter(entry.Open()))
+                    {
+                        writer.Write("<?xml version=\"1.0\"?><package></package>");
+                    }
+                }
+
+                stream.Position = 0;
+
+                var exception = Assert.Throws<InvalidDataException>(
+                      () => Utils.GetNupkgMetadata(stream, packageHash: null));
+
+                Assert.StartsWith("Unable to find nuspec", exception.Message);
+            }
+        }
+
+        [Fact]
+        public void GetNupkgMetadata_WhenNuspecInSubdirectoryWithBackslash_Throws()
+        {
+            using (var stream = new MemoryStream())
+            {
+                using (var zipArchive = new ZipArchive(stream, ZipArchiveMode.Create, leaveOpen: true))
+                {
+                    var entry = zipArchive.CreateEntry("subdir\\package.nuspec");
+                    using (var writer = new StreamWriter(entry.Open()))
+                    {
+                        writer.Write("<?xml version=\"1.0\"?><package></package>");
+                    }
+                }
+
+                stream.Position = 0;
+
+                var exception = Assert.Throws<InvalidDataException>(
+                      () => Utils.GetNupkgMetadata(stream, packageHash: null));
+
+                Assert.StartsWith("Unable to find nuspec", exception.Message);
+            }
+        }
+
+
+        [Fact]
+        public void GetNupkgMetadata_WhenNuspecAtRootAndInSubdirectory_UsesRootNuspec()
+        {
+            using (var stream = new MemoryStream())
+            {
+                using (var zipArchive = new ZipArchive(stream, ZipArchiveMode.Create, leaveOpen: true))
+                {
+                    var subdirEntry = zipArchive.CreateEntry("subdir\\malicious.nuspec");
+                    using (var writer = new StreamWriter(subdirEntry.Open()))
+                    {
+                        writer.Write("<?xml version=\"1.0\"?><package xmlns=\"http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd\"><metadata><id>MaliciousPackage</id><version>2.0.0</version><authors>MaliciousAuthor</authors><description>Malicious Description</description></metadata></package>");
+                    }
+
+                    var rootEntry = zipArchive.CreateEntry("package.nuspec");
+                    using (var writer = new StreamWriter(rootEntry.Open()))
+                    {
+                        writer.Write("<?xml version=\"1.0\"?><package xmlns=\"http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd\"><metadata><id>RootPackage</id><version>1.0.0</version><authors>RootAuthor</authors><description>Root Description</description></metadata></package>");
+                    }
+                }
+
+                stream.Position = 0;
+
+                var metadata = Utils.GetNupkgMetadata(stream, packageHash: null);
+
+                Assert.NotNull(metadata);
+                Assert.NotNull(metadata.Nuspec);
+                var packageId = metadata.Nuspec.Descendants().FirstOrDefault(x => x.Name.LocalName == "id");
+                Assert.NotNull(packageId);
+                Assert.Equal("RootPackage", packageId.Value);
+            }
+        }
+
         [Theory]
         [InlineData(null)]
         [InlineData("")]

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"sdk": {`
`3`		`- "version": "8.0.303",`
	`3`	`+ "version": "8.0.318",`
`4`	`4`	`"rollForward": "latestFeature",`
`5`	`5`	`"allowPrerelease": false`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,8 @@ public static class Utils`
`36`	`36`
`37`	`37`	`private static readonly char[] TagTrimChars = { ',', ' ', '\t', '\|', ';' };`
`38`	`38`
	`39`	`+ private static readonly char[] Slashes = { '/', '\\' };`
	`40`	`+`
`39`	`41`	`public static string[] SplitTags(string original)`
`40`	`42`	`{`
`41`	`43`	`var fields = original`
`@@ -118,12 +120,13 @@ public static XDocument GetNuspec(ZipArchive package)`
`118`	`120`
`119`	`121`	`foreach (ZipArchiveEntry part in package.Entries)`
`120`	`122`	`{`
`121`		`- if (part.FullName.EndsWith(".nuspec") && part.FullName.IndexOf('/') == -1)`
	`123`	`+ if (part.FullName.EndsWith(".nuspec") && part.FullName.IndexOfAny(Slashes) == -1)`
`122`	`124`	`{`
`123`	`125`	`XDocument nuspec = XDocument.Load(part.Open());`
`124`	`126`	`return nuspec;`
`125`	`127`	`}`
`126`	`128`	`}`
	`129`	`+`
`127`	`130`	`return null;`
`128`	`131`	`}`
`129`	`132`