Merge pull request #7991 from NuGet/dev

[ReleasePrep][2020.05.12]RI of dev into master

Author: Daniel Jacinto

src/AccountDeleter/AccountDeleter.csproj

@@ -125,4 +125,5 @@
   </PropertyGroup>
   <Import Project="$(SignPath)\sign.targets" Condition="Exists('$(SignPath)\sign.targets')" />
   <Import Project="$(SignPath)\sign.microbuild.targets" Condition="Exists('$(SignPath)\sign.microbuild.targets')" />
+  <Import Project="$(NuGetBuildExtensions)" Condition="'$(NuGetBuildExtensions)' != '' And Exists('$(NuGetBuildExtensions)')" />
 </Project>

src/GitHubVulnerabilities2Db/GitHubVulnerabilities2Db.csproj

@@ -118,4 +118,5 @@
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <Import Project="$(SignPath)\sign.targets" Condition="Exists('$(SignPath)\sign.targets')" />
   <Import Project="$(SignPath)\sign.microbuild.targets" Condition="Exists('$(SignPath)\sign.microbuild.targets')" />
+  <Import Project="$(NuGetBuildExtensions)" Condition="'$(NuGetBuildExtensions)' != '' And Exists('$(NuGetBuildExtensions)')" />
 </Project>

src/NuGetGallery/Controllers/PackagesController.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Collections.Specialized;
 using System.Diagnostics;
 using System.Globalization;
 using System.IO;
@@ -796,6 +797,12 @@ private static async Task<byte[]> ReadPackageFile(PackageArchiveReader packageAr
             }
         }
 
+        // This additional delete action addresses issue https://github.com/NuGet/Engineering/issues/2866 - we need to error out.
+        [HttpDelete]
+        public HttpStatusCodeResult DisplayPackage() 
+            => new HttpStatusCodeWithHeadersResult(HttpStatusCode.MethodNotAllowed, new NameValueCollection() { { "allow", "GET" } });
+
+        [HttpGet]
         public virtual async Task<ActionResult> DisplayPackage(string id, string version)
         {
             string normalized = NuGetVersionFormatter.Normalize(version);

src/NuGetGallery/GalleryConstants.cs

@@ -27,7 +27,7 @@ public static class GalleryConstants
         public const int GravatarCacheDurationSeconds = 300;
 
         public const int MaxEmailSubjectLength = 255;
-        internal static readonly NuGetVersion MaxSupportedMinClientVersion = new NuGetVersion("5.5.0.0");
+        internal static readonly NuGetVersion MaxSupportedMinClientVersion = new NuGetVersion("5.6.0.0");
         public const string PackageFileDownloadUriTemplate = "packages/{0}/{1}/download";
 
         public const string ReadMeFileSavePathTemplateActive = "active/{0}/{1}{2}";

src/NuGetGallery/Helpers/ValidationHelper.cs

@@ -0,0 +1,20 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using NuGet.Packaging;
+
+namespace NuGetGallery.Helpers
+{
+    public class ValidationHelper
+    {
+        public static bool HasDuplicatedEntries(PackageArchiveReader nuGetPackage)
+        {
+            // Normalize paths and ensures case sensitivity is also considered
+            var packageFiles = nuGetPackage.GetFiles().Select(packageFile => FileNameHelper.GetZipEntryPath(packageFile));
+
+            return packageFiles.Count() != packageFiles.Distinct(StringComparer.OrdinalIgnoreCase).Count();
+        }
+    }
+}

src/NuGetGallery/Infrastructure/HttpStatusCodeWithHeadersResult.cs

@@ -0,0 +1,27 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Specialized;
+using System.Net;
+using System.Web.Mvc;
+
+namespace NuGetGallery
+{
+    public class HttpStatusCodeWithHeadersResult : HttpStatusCodeResult
+    {
+        public readonly NameValueCollection Headers;
+
+        public HttpStatusCodeWithHeadersResult(HttpStatusCode statusCode, NameValueCollection headers)
+            : base(statusCode)
+        {
+            Headers = headers;
+        }
+
+        public override void ExecuteResult(ControllerContext context)
+        {
+            base.ExecuteResult(context);
+            var response = context.RequestContext.HttpContext.Response;
+            response.Headers.Add(Headers);
+        }
+    }
+}

src/NuGetGallery/NuGetGallery.csproj

@@ -213,6 +213,7 @@
     <Compile Include="Controllers\ManageDeprecationJsonApiController.cs" />
     <Compile Include="ExtensionMethods.cs" />
     <Compile Include="Extensions\ImageExtensions.cs" />
+    <Compile Include="Helpers\ValidationHelper.cs" />
     <Compile Include="Helpers\ViewModelExtensions\DeleteAccountListPackageItemViewModelFactory.cs" />
     <Compile Include="Helpers\ViewModelExtensions\DeletePackageViewModelFactory.cs" />
     <Compile Include="Helpers\ViewModelExtensions\DisplayLicenseViewModelFactory.cs" />
@@ -226,6 +227,7 @@
     <Compile Include="Infrastructure\ABTestEnrollmentFactory.cs" />
     <Compile Include="Infrastructure\CookieBasedABTestService.cs" />
     <Compile Include="Infrastructure\RequestValidationExceptionFilter.cs" />
+    <Compile Include="Infrastructure\HttpStatusCodeWithHeadersResult.cs" />
     <Compile Include="Infrastructure\IABTestEnrollmentFactory.cs" />
     <Compile Include="Infrastructure\IABTestService.cs" />
     <Compile Include="Infrastructure\ILuceneDocumentFactory.cs" />

src/NuGetGallery/Services/PackageUploadService.cs

@@ -118,6 +118,13 @@ public async Task<PackageValidationResult> ValidateBeforeGeneratePackageAsync(
                 return result;
             }
 
+            result = CheckPackageDuplicatedEntries(nuGetPackage);
+
+            if (result != null)
+            {
+                return result;
+            }
+
             var nuspecFileEntry = nuGetPackage.GetEntry(nuGetPackage.GetNuspecFile());
             using (var nuspecFileStream = await nuGetPackage.GetNuspecAsync(CancellationToken.None))
             {
@@ -599,6 +606,16 @@ private async Task<PackageValidationResult> CheckPackageEntryCountAsync(
             return null;
         }
 
+        private PackageValidationResult CheckPackageDuplicatedEntries(PackageArchiveReader nuGetPackage)
+        {
+            if (ValidationHelper.HasDuplicatedEntries(nuGetPackage))
+            {
+                return PackageValidationResult.Invalid(Strings.UploadPackage_PackageContainsDuplicatedEntries);
+            }
+
+            return null;
+        }
+
         /// <summary>
         /// Validate repository metadata: 
         /// 1. If the type is "git" - allow the URL scheme "git://" or "https://". We will translate "git://" to "https://" at display time for known domains.

src/NuGetGallery/Services/SymbolPackageUploadService.cs

@@ -10,6 +10,7 @@
 using NuGet.Frameworks;
 using NuGet.Packaging;
 using NuGet.Services.Entities;
+using NuGetGallery.Helpers;
 using NuGetGallery.Packaging;
 
 namespace NuGetGallery
@@ -88,6 +89,12 @@ public async Task<SymbolPackageValidationResult> ValidateUploadedSymbolsPackage(
                             normalizedVersion));
                     }
 
+                    // Check for duplicated entries in symbols package
+                    if (ValidationHelper.HasDuplicatedEntries(packageToPush))
+                    {
+                        return SymbolPackageValidationResult.Invalid(Strings.UploadPackage_PackageContainsDuplicatedEntries);
+                    }
+
                     // Do not allow to upload a snupkg to a package which has symbols package pending validations.
                     if (package.SymbolPackages.Any(sp => sp.StatusKey == PackageStatus.Validating))
                     {