Typo-squatting Integration (#6414)

* Finish typosquatting integration

* push Strings.Designer.cs

* Update

* Refactor codes, delete user service for typosquatting, optimize linq-queries, and fix some issues.

* Add namespace check logic

* Add comment for user double check

* Update

Author: zhhyu

src/NuGetGallery/App_Start/DefaultDependenciesModule.cs

@@ -323,6 +323,11 @@ protected override void Load(ContainerBuilder builder)
                 .As<ICertificateService>()
                 .InstancePerLifetimeScope();
 
+            builder.RegisterType<TyposquattingService>()
+                .AsSelf()
+                .As<ITyposquattingService>()
+                .InstancePerLifetimeScope();
+
             Func<MailSender> mailSenderFactory = () =>
                 {
                     var settings = configuration;

src/NuGetGallery/Controllers/ApiController.cs

@@ -723,7 +723,9 @@ await PackageDeleteService.HardDeletePackagesAsync(
                                 package,
                                 packageToPush,
                                 owner,
-                                currentUser);
+                                currentUser,
+                                isNewPackageRegistration: packageRegistration == null);
+
                             var afterValidationActionResult = GetActionResultOrNull(afterValidationResult);
                             if (afterValidationActionResult != null)
                             {

src/NuGetGallery/Controllers/PackagesController.cs

@@ -1601,7 +1601,6 @@ public virtual async Task<JsonResult> VerifyPackage(VerifyPackageRequest formDat
                         return beforeValidationJsonResult;
                     }
 
-                    // update relevant database tables
                     try
                     {
                         package = await _packageUploadService.GeneratePackageAsync(
@@ -1637,7 +1636,9 @@ public virtual async Task<JsonResult> VerifyPackage(VerifyPackageRequest formDat
                         package,
                         nugetPackage,
                         owner,
-                        currentUser);
+                        currentUser,
+                        isNewPackageRegistration: existingPackageRegistration == null);
+
                     var afterValidationJsonResult = GetJsonResultOrNull(afterValidationResult);
                     if (afterValidationJsonResult != null)
                     {

src/NuGetGallery/NuGetGallery.csproj

@@ -398,8 +398,7 @@
     <Compile Include="Services\ISymbolPackageFileService.cs" />
     <Compile Include="Services\ITyposquattingConfiguration.cs" />
     <Compile Include="Services\ISymbolsConfiguration.cs" />
-    <Compile Include="Services\ITyposquattingCheckService.cs" />
-    <Compile Include="Services\ITyposquattingUserService.cs" />
+    <Compile Include="Services\ITyposquattingService.cs" />
     <Compile Include="Services\SymbolPackageUploadService.cs" />
     <Compile Include="Services\SymbolPackageFileService.cs" />
     <Compile Include="Services\SymbolPackageService.cs" />
@@ -509,10 +508,9 @@
     <Compile Include="Services\ReservedNamespaceService.cs" />
     <Compile Include="Services\ReadMeService.cs" />
     <Compile Include="Services\TelemetryClientWrapper.cs" />
-    <Compile Include="Services\TyposquattingCheckService.cs" />
+    <Compile Include="Services\TyposquattingService.cs" />
     <Compile Include="Services\TyposquattingDistanceCalculation.cs" />
     <Compile Include="Services\TyposquattingStringNormalization.cs" />
-    <Compile Include="Services\TyposquattingUserService.cs" />
     <Compile Include="Services\ValidationService.cs" />
     <Compile Include="Telemetry\ClientInformationTelemetryEnricher.cs" />
     <Compile Include="Telemetry\ClientTelemetryPIIProcessor.cs" />

src/NuGetGallery/Services/IPackageService.cs

@@ -35,6 +35,8 @@ public interface IPackageService : ICorePackageService
 
         IQueryable<PackageRegistration> FindPackageRegistrationsByOwner(User user);
 
+        IQueryable<PackageRegistration> GetAllPackageRegistrations();
+
         IEnumerable<Package> FindDependentPackages(Package package);
 
         /// <summary>

src/NuGetGallery/Services/IPackageUploadService.cs

@@ -37,12 +37,14 @@ Task<Package> GeneratePackageAsync(
         /// <param name="nuGetPackage">The package archive reader.</param>
         /// <param name="owner">The owner of the package.</param>
         /// <param name="currentUser">The current user.</param>
+        /// <param name="isNewPackageRegistration">Determine whether the uploaded package is a new package without existing package registration info.</param>
         /// <returns>The package validation result.</returns>
         Task<PackageValidationResult> ValidateAfterGeneratePackageAsync(
             Package package,
             PackageArchiveReader nuGetPackage,
             User owner,
-            User currentUser);
+            User currentUser,
+            bool isNewPackageRegistration);
 
         /// <summary>
         /// Commit the provided package metadata and stream to the package file storage and to the database. This

…y/Services/ITyposquattingCheckService.cs …allery/Services/ITyposquattingService.cssrc/NuGetGallery/Services/ITyposquattingCheckService.cs renamed to src/NuGetGallery/Services/ITyposquattingService.cs src/NuGetGallery/Services/ITyposquattingCheckService.cs renamed to src/NuGetGallery/Services/ITyposquattingService.cs

@@ -1,18 +1,21 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Collections.Generic;
+
 namespace NuGetGallery
 {
     /// <summary>
     /// This interface is used to check typo-squatting of uploaded package ID with the owner.  
     /// </summary>
-    public interface ITyposquattingCheckService
+    public interface ITyposquattingService
     {
         /// <summary>
         /// The function is used to check whether the uploaded package is a typo-squatting package.
         /// </summary>
         /// <param name="uploadedPackageId"> The package ID of the uploaded package. We check the pacakge ID with the packages in the gallery for typo-squatting issue</param>
         /// <param name="uploadedPackageOwner"> The package owner of the uploaded package.</param>
-        bool IsUploadedPackageIdTyposquatting(string uploadedPackageId, User uploadedPackageOwner);
+        /// <param name="typosquattingCheckCollisionIds"> The return collision package Id list if it exists</param>
+        bool IsUploadedPackageIdTyposquatting(string uploadedPackageId, User uploadedPackageOwner, out List<string> typosquattingCheckCollisionIds);
     }
 }

src/NuGetGallery/Services/ITyposquattingUserService.cs

@@ -111,6 +111,11 @@ public async Task<Package> CreatePackageAsync(PackageArchiveReader nugetPackage,
             return package;
         }
 
+        public IQueryable<PackageRegistration> GetAllPackageRegistrations()
+        {
+            return _packageRegistrationRepository.GetAll();
+        }
+
         public override PackageRegistration FindPackageRegistrationById(string packageId)
         {
             if (packageId == null)

src/NuGetGallery/Services/PackageService.cs

@@ -23,21 +23,24 @@ public class PackageUploadService : IPackageUploadService
         private readonly IReservedNamespaceService _reservedNamespaceService;
         private readonly IValidationService _validationService;
         private readonly IAppConfiguration _config;
+        private readonly ITyposquattingService _typosquattingService;
 
         public PackageUploadService(
             IPackageService packageService,
             IPackageFileService packageFileService,
             IEntitiesContext entitiesContext,
             IReservedNamespaceService reservedNamespaceService,
             IValidationService validationService,
-            IAppConfiguration config)
+            IAppConfiguration config,
+            ITyposquattingService typosquattingService)
         {
             _packageService = packageService ?? throw new ArgumentNullException(nameof(packageService));
             _packageFileService = packageFileService ?? throw new ArgumentNullException(nameof(packageFileService));
             _entitiesContext = entitiesContext ?? throw new ArgumentNullException(nameof(entitiesContext));
             _reservedNamespaceService = reservedNamespaceService ?? throw new ArgumentNullException(nameof(reservedNamespaceService));
             _validationService = validationService ?? throw new ArgumentNullException(nameof(validationService));
             _config = config ?? throw new ArgumentNullException(nameof(config));
+            _typosquattingService = typosquattingService ?? throw new ArgumentNullException(nameof(typosquattingService));
         }
 
         public async Task<PackageValidationResult> ValidateBeforeGeneratePackageAsync(PackageArchiveReader nuGetPackage, PackageMetadata packageMetadata)
@@ -183,7 +186,8 @@ public async Task<PackageValidationResult> ValidateAfterGeneratePackageAsync(
             Package package,
             PackageArchiveReader nuGetPackage,
             User owner,
-            User currentUser)
+            User currentUser,
+            bool isNewPackageRegistration)
         {
             var result = await ValidateSignatureFilePresenceAsync(
                 package.PackageRegistration,
@@ -195,6 +199,11 @@ public async Task<PackageValidationResult> ValidateAfterGeneratePackageAsync(
                 return result;
             }
 
+            if (isNewPackageRegistration && _typosquattingService.IsUploadedPackageIdTyposquatting(package.Id, owner, out List<string> typosquattingCheckCollisionIds))
+            {
+                return PackageValidationResult.Invalid(string.Format(Strings.TyposquattingCheckFails, string.Join(",", typosquattingCheckCollisionIds)));
+            }
+
             return PackageValidationResult.Accepted();
         }