Image allowlist (#8406)

* image allowlist display image on upload, display, manage page
* store allowlist to content folder & add new imageValidator service

Author: lyndaidaii

src/NuGetGallery.Services/Configuration/FeatureFlagService.cs

@@ -44,6 +44,7 @@ public class FeatureFlagService : IFeatureFlagService
         private const string LicenseMdRenderingFlightName = GalleryPrefix + "LicenseMdRendering";
         private const string MarkdigMdRenderingFlightName = GalleryPrefix + "MarkdigMdRendering";
         private const string DeletePackageApiFlightName = GalleryPrefix + "DeletePackageApi";
+        private const string ImageAllowlistFlightName = GalleryPrefix + "ImageAllowlist";
 
         private const string ODataV1GetAllNonHijackedFeatureName = GalleryPrefix + "ODataV1GetAllNonHijacked";
         private const string ODataV1GetAllCountNonHijackedFeatureName = GalleryPrefix + "ODataV1GetAllCountNonHijacked";
@@ -308,5 +309,10 @@ public bool IsDeletePackageApiEnabled(User user)
         {
             return _client.IsEnabled(DeletePackageApiFlightName, user, defaultValue: false);
         }
+
+        public bool IsImageAllowlistEnabled()
+        {
+            return _client.IsEnabled(ImageAllowlistFlightName, defaultValue: false);
+        }
     }
 }

src/NuGetGallery.Services/Configuration/IFeatureFlagService.cs

@@ -245,5 +245,10 @@ public interface IFeatureFlagService
         /// Whether or not the user can delete a package through the API.
         /// </summary>
         bool IsDeletePackageApiEnabled(User user);
+
+        /// <summary>
+        /// Whether the allowlist is enabled for checking the image sources
+        /// </summary>
+        bool IsImageAllowlistEnabled();
     }
 }

src/NuGetGallery.Services/Configuration/ITrustedImageDomains.cs

@@ -0,0 +1,13 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Services
+{
+    public interface ITrustedImageDomains
+    {
+        /// <summary>
+        /// Return true if input imageDomain is in trusted image allowlist, Otherwise, return false
+        /// </summary>
+        bool IsImageDomainTrusted(string imageDomain);
+    }
+}

src/NuGetGallery.Services/Configuration/TrustedImageDomains.cs

@@ -0,0 +1,44 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Newtonsoft.Json;
+
+namespace NuGetGallery.Services
+{
+    public class TrustedImageDomains : ITrustedImageDomains
+    {
+        public HashSet<string> TrustedImageDomainList { get; }
+
+        public TrustedImageDomains()
+            : this(trustedImageDomainList: Enumerable.Empty<string>())
+        {
+
+        }
+
+        [JsonConstructor]
+        public TrustedImageDomains(IEnumerable<string> trustedImageDomainList)
+        {
+            if (trustedImageDomainList == null)
+            {
+                throw new ArgumentNullException(nameof(trustedImageDomainList));
+            }
+
+            TrustedImageDomainList = new HashSet<string>(trustedImageDomainList, StringComparer.OrdinalIgnoreCase);
+        }
+
+        public bool IsImageDomainTrusted(string imageDomain)
+        {
+            if (imageDomain == null)
+            {
+                return false;
+            }
+
+            return TrustedImageDomainList.Contains(imageDomain);
+        }
+    }
+}

src/NuGetGallery.Services/NuGetGallery.Services.csproj

@@ -120,6 +120,7 @@
     <Compile Include="Configuration\IQueryHintConfiguration.cs" />
     <Compile Include="Configuration\IServiceBusConfiguration.cs" />
     <Compile Include="Configuration\ISymbolsConfiguration.cs" />
+    <Compile Include="Configuration\ITrustedImageDomains.cs" />
     <Compile Include="Configuration\ITyposquattingConfiguration.cs" />
     <Compile Include="Configuration\LoginDiscontinuationConfiguration.cs" />
     <Compile Include="Configuration\ODataCacheConfiguration.cs" />
@@ -130,6 +131,7 @@
     <Compile Include="Configuration\ServiceBusConfiguration.cs" />
     <Compile Include="Configuration\SimpleBlobStorageConfiguration.cs" />
     <Compile Include="Configuration\SymbolsConfiguration.cs" />
+    <Compile Include="Configuration\TrustedImageDomains.cs" />
     <Compile Include="Configuration\TyposquattingConfiguration.cs" />
     <Compile Include="Diagnostics\DiagnosticsService.cs" />
     <Compile Include="Diagnostics\ElmahHandleErrorAttribute.cs" />

src/NuGetGallery.Services/ServicesConstants.cs

@@ -62,6 +62,7 @@ public static class ContentNames
             public static readonly string ODataCacheConfiguration = "OData-Cache-Configuration";
             public static readonly string CacheConfiguration = "Cache-Configuration";
             public static readonly string QueryHintConfiguration = "Query-Hint-Configuration";
+            public static readonly string TrustedImageDomains = "Trusted-Image-Domains";
         }
     }
 }

src/NuGetGallery.Services/Storage/ContentObjectService.cs

@@ -28,6 +28,7 @@ public ContentObjectService(IContentService contentService)
             ODataCacheConfiguration = new ODataCacheConfiguration();
             CacheConfiguration = new CacheConfiguration();
             QueryHintConfiguration = new QueryHintConfiguration();
+            TrustedImageDomains = new TrustedImageDomains();
         }
 
         public ILoginDiscontinuationConfiguration LoginDiscontinuationConfiguration { get; private set; }
@@ -39,6 +40,7 @@ public ContentObjectService(IContentService contentService)
         public IODataCacheConfiguration ODataCacheConfiguration { get; private set; }
         public ICacheConfiguration CacheConfiguration { get; private set; }
         public IQueryHintConfiguration QueryHintConfiguration { get; private set; }
+        public ITrustedImageDomains TrustedImageDomains { get; private set; }
 
         public async Task Refresh()
         {
@@ -78,6 +80,10 @@ await Refresh<CacheConfiguration>(ServicesConstants.ContentNames.CacheConfigurat
             QueryHintConfiguration =
                 await Refresh<QueryHintConfiguration>(ServicesConstants.ContentNames.QueryHintConfiguration) ??
                 new QueryHintConfiguration();
+
+            TrustedImageDomains =
+                await Refresh<TrustedImageDomains>(ServicesConstants.ContentNames.TrustedImageDomains) ??
+                new TrustedImageDomains();
         }
 
         private async Task<T> Refresh<T>(string contentName)

src/NuGetGallery.Services/Storage/IContentObjectService.cs

@@ -17,6 +17,7 @@ public interface IContentObjectService
         IODataCacheConfiguration ODataCacheConfiguration { get; }
         ICacheConfiguration CacheConfiguration { get; }
         IQueryHintConfiguration QueryHintConfiguration { get; }
+        ITrustedImageDomains TrustedImageDomains { get; }
 
         Task Refresh();
     }

src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json

@@ -0,0 +1,32 @@
+{
+    "TrustedImageDomainList": [
+        "api.bintray.com",
+        "api.codacy.com",
+        "api.codeclimate.com",
+        "api.dependabot.com",
+        "api.travis-ci.com",
+        "api.travis-ci.org",
+        "app.fossa.io",
+        "badge.fury.io",
+        "badgen.net",
+        "badges.gitter.im",
+        "bettercodehub.com",
+        "buildstats.info",
+        "ci.appveyor.com",
+        "circleci.com",
+        "codecov.io",
+        "codefactor.io",
+        "coveralls.io",
+        "dev.azure.com",
+        "gitlab.com",
+        "img.shields.io",
+        "isitmaintained.com",
+        "opencollective.com",
+        "snyk.io",
+        "sonarcloud.io",
+        "raw.github.com",
+        "raw.githubusercontent.com",
+        "user-images.githubusercontent.com",
+        "camo.githubusercontent.com"
+    ]
+  }

src/NuGetGallery/App_Start/DefaultDependenciesModule.cs

@@ -374,6 +374,10 @@ protected override void Load(ContainerBuilder builder)
             builder.RegisterType<MarkdownService>()
                 .As<IMarkdownService>()
                 .InstancePerLifetimeScope();
+            
+            builder.RegisterType<ImageDomainValidator>()
+                .As<IImageDomainValidator>()
+                .InstancePerLifetimeScope();
 
             builder.RegisterType<ApiScopeEvaluator>()
                 .AsSelf()