Skip to content

Commit ab486a0

Browse files
shishirx34shishirx34
authored
[NuGet Symbol Server] Auditing (#6431)
1 parent 5e04233 commit ab486a0

2 files changed

Lines changed: 30 additions & 2 deletions

File tree

src/NuGetGallery/Controllers/ApiController.cs

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -444,6 +444,13 @@ public virtual async Task<ActionResult> CreateSymbolPackagePutAsync()
444444
var apiScopeEvaluationResult = EvaluateApiScope(ActionsRequiringPermissions.UploadSymbolPackage, package.PackageRegistration, NuGetScopes.PackagePushVersion, NuGetScopes.PackagePush);
445445
if (!apiScopeEvaluationResult.IsSuccessful())
446446
{
447+
await AuditingService.SaveAuditRecordAsync(
448+
new FailedAuthenticatedOperationAuditRecord(
449+
currentUser.Username,
450+
AuditedAuthenticatedOperationAction.SymbolsPackagePushAttemptByNonOwner,
451+
attemptedPackage: new AuditedPackageIdentifier(
452+
id, version.ToNormalizedStringSafe())));
453+
447454
// User cannot push a symbol package as the current user's scopes does not allow it to push for the corresponding package.
448455
return GetHttpResultFromFailedApiScopeEvaluationForPush(apiScopeEvaluationResult, id, version);
449456
}
@@ -467,6 +474,7 @@ public virtual async Task<ActionResult> CreateSymbolPackagePutAsync()
467474
{
468475
message = ex.Message;
469476
}
477+
470478
TelemetryService.TrackSymbolPackageFailedGalleryValidationEvent(id, normalizedVersion);
471479
return new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, message);
472480
}
@@ -497,6 +505,9 @@ public virtual async Task<ActionResult> CreateSymbolPackagePutAsync()
497505
throw new NotImplementedException($"The symbol package commit result {commitResult} is not supported.");
498506
}
499507

508+
await AuditingService.SaveAuditRecordAsync(
509+
new PackageAuditRecord(package, AuditedPackageAction.SymbolsCreate, PackageCreatedVia.Api));
510+
500511
TelemetryService.TrackSymbolPackagePushEvent(id, normalizedVersion);
501512

502513
return new HttpStatusCodeResult(HttpStatusCode.Created);

tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -321,8 +321,9 @@ public async Task CreateSymbolPackage_UnauthorizedUserWillGet403()
321321

322322
var controller = new TestableApiController(GetConfigurationService());
323323
controller.SetCurrentUser(user);
324-
325-
var nuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.42");
324+
var packageId = "theId";
325+
var version = "1.0.42";
326+
var nuGetPackage = TestPackage.CreateTestPackageStream(packageId, version);
326327
controller.SetupPackageFromInputStream(nuGetPackage);
327328

328329
var package = new Package()
@@ -357,6 +358,16 @@ public async Task CreateSymbolPackage_UnauthorizedUserWillGet403()
357358

358359
// Assert
359360
ResultAssert.IsStatusCode(result, HttpStatusCode.Unauthorized);
361+
362+
controller.AuditingService.WroteRecord<FailedAuthenticatedOperationAuditRecord>(
363+
(record) =>
364+
{
365+
return
366+
record.UsernameOrEmail == user.Username &&
367+
record.Action == AuditedAuthenticatedOperationAction.SymbolsPackagePushAttemptByNonOwner &&
368+
record.AttemptedPackage.Id == packageId &&
369+
record.AttemptedPackage.Version == version;
370+
});
360371
}
361372

362373
[Fact]
@@ -520,7 +531,13 @@ public async Task CreateSymbolPackage_WillCreateSymbolPackageSuccessfully()
520531
controller.MockTelemetryService.Verify(
521532
x => x.TrackSymbolPackagePushEvent(It.IsAny<string>(), It.IsAny<string>()),
522533
Times.Once());
534+
523535
ResultAssert.IsStatusCode(result, HttpStatusCode.Created);
536+
537+
Assert.True(controller.AuditingService.WroteRecord<PackageAuditRecord>(ar =>
538+
ar.Action == AuditedPackageAction.SymbolsCreate
539+
&& ar.Id == package.PackageRegistration.Id
540+
&& ar.Version == package.Version));
524541
}
525542

526543
[Fact]

0 commit comments

Comments
 (0)