Add domain & ignore www (#8874)

* add domain & expand www depends on subdomain

Author: lyndaidaii

src/NuGetGallery.Services/Configuration/TrustedImageDomains.cs

@@ -28,7 +28,8 @@ public TrustedImageDomains(IEnumerable<string> trustedImageDomainList)
                 throw new ArgumentNullException(nameof(trustedImageDomainList));
             }
 
-            TrustedImageDomainList = new HashSet<string>(trustedImageDomainList, StringComparer.OrdinalIgnoreCase);
+            var trustedImageDomainListFromFile = new HashSet<string>(trustedImageDomainList, StringComparer.OrdinalIgnoreCase);
+            TrustedImageDomainList = expandDomainList(trustedImageDomainListFromFile);
         }
 
         public bool IsImageDomainTrusted(string imageDomain)
@@ -40,5 +41,40 @@ public bool IsImageDomainTrusted(string imageDomain)
 
             return TrustedImageDomainList.Contains(imageDomain);
         }
+
+        private HashSet<string> expandDomainList(HashSet<string> trustedImageDomainListFromFile)
+        {
+            var expandedImageDomainList = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+
+            foreach (var imageDomain in trustedImageDomainListFromFile)
+            {
+                expandedImageDomainList.Add(imageDomain);
+
+                var subdomain = ParseSubDomain(imageDomain);
+
+                if (string.IsNullOrEmpty(subdomain))
+                {
+                    expandedImageDomainList.Add("www." + imageDomain);
+                } 
+                else if (subdomain == "www")
+                {
+                    expandedImageDomainList.Add(imageDomain.Substring(subdomain.Length));
+                }
+            }
+            return expandedImageDomainList;
+        }
+
+        private string ParseSubDomain(string domain)
+        {
+            if (domain.Split('.').Length > 2)
+            {
+                var lastIndex = domain.LastIndexOf(".");
+                var index = domain.LastIndexOf('.', lastIndex - 1);
+
+                return domain.Substring(0, index);
+            }
+
+            return null; 
+        }
     }
 }

src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json

@@ -29,6 +29,8 @@
         "opencollective.com",
         "snyk.io",
         "sonarcloud.io",
+        "travis-ci.com",
+        "travis-ci.org",
         "raw.github.com",
         "raw.githubusercontent.com",
         "user-images.githubusercontent.com",

tests/NuGetGallery.Facts/Services/ImageDomainValidatorFacts.cs

@@ -29,6 +29,9 @@ public void ThrowsArgumentNullExceptionForNullUrl()
             [Theory]
             [InlineData("https://api.bintray.com/example/image.svg", true, "https://api.bintray.com/example/image.svg", true)]
             [InlineData("http://api.bintray.com/example/image.svg", true, "https://api.bintray.com/example/image.svg", true)]
+            [InlineData("http://www.api.bintray.com/example/image.svg", false, null, false)]
+            [InlineData("https://www.codefactor.io/repository/github/andy840119/Synthesia.MetaDataParser/badge", true, "https://www.codefactor.io/repository/github/andy840119/Synthesia.MetaDataParser/badge", true)]
+            [InlineData("https://www.api.codefactor.io/repository/github/andy840119/Synthesia.MetaDataParser/badge", false, null, false)]
             [InlineData("https://travis-ci.org/Azure/azure-relay-aspnetserver.svg?branch=dev", false, null, false)]
             [InlineData("https://github.com/cedx/where.dart/actions/workflows/build.yaml/badge.svg?branch=develop", false, "https://github.com/cedx/where.dart/actions/workflows/build.yaml/badge.svg?branch=develop", true)]
             [InlineData("https://[email protected]/peaceiris/actions-gh-pages/actions/workflows/dev-image.yml/something/badge.svg", false, null, false)]