Skip to content

Commit 58f2934

Browse files
ryuyuryuyu
authored
[HotFix]Fix rejection of all safety reasons. (#9849)
1 parent afbfd29 commit 58f2934

2 files changed

Lines changed: 32 additions & 16 deletions

File tree

src/NuGetGallery/Controllers/PackagesController.cs

Lines changed: 3 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -80,13 +80,12 @@ public partial class PackagesController
8080
ReportPackageReason.OtherNudityOrPornography,
8181
};
8282

83-
private static readonly IReadOnlyList<ReportPackageReason> ReportAbuseWithSafetyReasons = new[]
83+
private static readonly IReadOnlyList<ReportPackageReason> DisallowedReportAbuseReasons = new[]
8484
{
8585
ReportPackageReason.ViolatesALicenseIOwn,
86-
ReportPackageReason.ContainsMaliciousCode,
8786
ReportPackageReason.ContainsSecurityVulnerability,
8887
ReportPackageReason.HasABugOrFailedToInstall,
89-
ReportPackageReason.Other
88+
ReportPackageReason.RevengePorn,
9089
};
9190

9291
private static readonly IReadOnlyList<ReportPackageReason> ReportMyPackageReasons = new[]
@@ -1507,14 +1506,6 @@ public virtual async Task<ActionResult> ReportAbuse(string id, string version, R
15071506
{
15081507
reportForm.Message = HttpUtility.HtmlEncode(reportForm.Message);
15091508

1510-
if (reportForm.Reason == ReportPackageReason.ViolatesALicenseIOwn
1511-
&& string.IsNullOrWhiteSpace(reportForm.Signature))
1512-
{
1513-
ModelState.AddModelError(
1514-
nameof(ReportAbuseViewModel.Signature),
1515-
"The signature is required.");
1516-
}
1517-
15181509
var package = _packageService.FindPackageByIdAndVersionStrict(id, version);
15191510

15201511
if (package == null)
@@ -1528,7 +1519,7 @@ public virtual async Task<ActionResult> ReportAbuse(string id, string version, R
15281519
: ReportAbuseReasons;
15291520

15301521
var reportReason = (ReportPackageReason)reportForm.Reason;
1531-
if (!ReasonChoices.Contains(reportReason) || SafetyReportAbuseReasons.Contains(reportReason))
1522+
if (!ReasonChoices.Contains(reportReason) || DisallowedReportAbuseReasons.Contains(reportReason))
15321523
{
15331524
return HttpNotFound();
15341525
}

tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5876,13 +5876,38 @@ public async Task FormSendsMessageToGalleryOwnerWithEmailOnlyWhenUnauthenticated
58765876
It.Is<ReportAbuseMessage>(
58775877
r => r.Request.FromAddress.Address == ReporterEmailAddress
58785878
&& r.Request.Package == package
5879-
&& r.Request.Reason == EnumHelper.GetDescription(ReportPackageReason.ViolatesALicenseIOwn)
5879+
&& r.Request.Reason == EnumHelper.GetDescription(ReportPackageReason.ContainsMaliciousCode)
58805880
&& r.Request.Message == EncodedMessage
58815881
&& r.AlreadyContactedOwners),
58825882
false,
58835883
false));
58845884
}
58855885

5886+
[Theory]
5887+
[InlineData(ReportPackageReason.ViolatesALicenseIOwn, true)]
5888+
[InlineData(ReportPackageReason.ContainsSecurityVulnerability, true)]
5889+
[InlineData(ReportPackageReason.RevengePorn, true)]
5890+
[InlineData(ReportPackageReason.HasABugOrFailedToInstall, true)]
5891+
[InlineData(ReportPackageReason.ContainsMaliciousCode, false)]
5892+
[InlineData(ReportPackageReason.Other, false)]
5893+
[InlineData(ReportPackageReason.ChildSexualExploitationOrAbuse, false)]
5894+
[InlineData(ReportPackageReason.TerrorismOrViolentExtremism, false)]
5895+
[InlineData(ReportPackageReason.HateSpeech, false)]
5896+
[InlineData(ReportPackageReason.ImminentHarm, false)]
5897+
[InlineData(ReportPackageReason.OtherNudityOrPornography, false)]
5898+
public async Task FormRejectsDisallowedReportReasons(ReportPackageReason reason, bool shouldReject)
5899+
{
5900+
var result = await GetReportAbuseFormResult(null, Owner, out var package, out var messageService, reason);
5901+
if (shouldReject)
5902+
{
5903+
Assert.IsType<HttpNotFoundResult>(result);
5904+
}
5905+
else
5906+
{
5907+
Assert.IsNotType<HttpNotFoundResult>(result);
5908+
}
5909+
}
5910+
58865911
public static IEnumerable<object[]> FormSendsMessageToGalleryOwnerWithUserInfoWhenAuthenticated_Data
58875912
{
58885913
get
@@ -5914,13 +5939,13 @@ public async Task FormSendsMessageToGalleryOwnerWithUserInfoWhenAuthenticated(Us
59145939
&& r.Request.FromAddress.Address == currentUser.EmailAddress
59155940
&& r.Request.FromAddress.DisplayName == currentUser.Username
59165941
&& r.Request.Package == package
5917-
&& r.Request.Reason == EnumHelper.GetDescription(ReportPackageReason.ViolatesALicenseIOwn)
5942+
&& r.Request.Reason == EnumHelper.GetDescription(ReportPackageReason.ContainsMaliciousCode)
59185943
&& r.AlreadyContactedOwners),
59195944
false,
59205945
false));
59215946
}
59225947

5923-
public Task<ActionResult> GetReportAbuseFormResult(User currentUser, User owner, out Package package, out Mock<IMessageService> messageService)
5948+
public Task<ActionResult> GetReportAbuseFormResult(User currentUser, User owner, out Package package, out Mock<IMessageService> messageService, ReportPackageReason reason = ReportPackageReason.ContainsMaliciousCode)
59245949
{
59255950
messageService = new Mock<IMessageService>();
59265951
messageService.Setup(
@@ -5943,7 +5968,7 @@ public Task<ActionResult> GetReportAbuseFormResult(User currentUser, User owner,
59435968
{
59445969
Email = ReporterEmailAddress,
59455970
Message = UnencodedMessage,
5946-
Reason = ReportPackageReason.ViolatesALicenseIOwn,
5971+
Reason = reason,
59475972
AlreadyContactedOwner = true,
59485973
Signature = Signature
59495974
};

0 commit comments

Comments
 (0)