Typo squatting checklist retrieval (#6361)

* Typo squatting checklist retrieval

* refactor and delete PackagesCheckListService

* update codes based on the review

* Change linq and Delete concurrent dictionary for normalized Ids

* Update index migration files and Fix issues in reviews

* include ID in the index

* Delete unnecessary codes in Facts

* Fix threshold

Author: zhhyu

src/NuGetGallery/Migrations/201808312302101_AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable.Designer.cs

@@ -0,0 +1,19 @@
+namespace NuGetGallery.Migrations
+{
+    using System;
+    using System.Data.Entity.Migrations;
+    
+    public partial class AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable : DbMigration
+    {
+        public override void Up()
+        {
+            // Used for getting checklist for typosquatting
+            Sql("CREATE NONCLUSTERED INDEX [IX_PackageRegistration_IsVerified_DownloadCount] ON [dbo].[PackageRegistrations] ([IsVerified], [DownloadCount]) INCLUDE ([Id])");
+        }
+        
+        public override void Down()
+        {
+            DropIndex("PackageRegistrations", name: "IX_PackageRegistration_IsVerified_DownloadCount");
+        }
+    }
+}

src/NuGetGallery/Migrations/201808312302101_AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable.cs

@@ -362,6 +362,10 @@
     <Compile Include="Migrations\201808032317064_FixSymbolCreatedColumnEFIssue.Designer.cs">
       <DependentUpon>201808032317064_FixSymbolCreatedColumnEFIssue.cs</DependentUpon>
     </Compile>
+    <Compile Include="Migrations\201808312302101_AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable.cs" />
+    <Compile Include="Migrations\201808312302101_AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable.Designer.cs">
+      <DependentUpon>201808312302101_AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable.cs</DependentUpon>
+    </Compile>
     <Compile Include="RequestModels\DeleteAccountRequest.cs" />
     <Compile Include="Migrations\201710301857232_Organizations.cs" />
     <Compile Include="Migrations\201710301857232_Organizations.Designer.cs">
@@ -392,6 +396,8 @@
     <Compile Include="Services\ISymbolPackageUploadService.cs" />
     <Compile Include="Services\ISymbolPackageFileService.cs" />
     <Compile Include="Services\ISymbolsConfiguration.cs" />
+    <Compile Include="Services\ITyposquattingCheckService.cs" />
+    <Compile Include="Services\ITyposquattingUserService.cs" />
     <Compile Include="Services\SymbolPackageUploadService.cs" />
     <Compile Include="Services\SymbolPackageFileService.cs" />
     <Compile Include="Services\SymbolPackageService.cs" />
@@ -500,6 +506,10 @@
     <Compile Include="Services\ReservedNamespaceService.cs" />
     <Compile Include="Services\ReadMeService.cs" />
     <Compile Include="Services\TelemetryClientWrapper.cs" />
+    <Compile Include="Services\TyposquattingCheckService.cs" />
+    <Compile Include="Services\TyposquattingDistanceCalculation.cs" />
+    <Compile Include="Services\TyposquattingStringNormalization.cs" />
+    <Compile Include="Services\TyposquattingUserService.cs" />
     <Compile Include="Services\ValidationService.cs" />
     <Compile Include="Telemetry\ClientInformationTelemetryEnricher.cs" />
     <Compile Include="Telemetry\ClientTelemetryPIIProcessor.cs" />
@@ -1558,6 +1568,9 @@
     <EmbeddedResource Include="Migrations\201808032317064_FixSymbolCreatedColumnEFIssue.resx">
       <DependentUpon>201808032317064_FixSymbolCreatedColumnEFIssue.cs</DependentUpon>
     </EmbeddedResource>
+    <EmbeddedResource Include="Migrations\201808312302101_AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable.resx">
+      <DependentUpon>201808312302101_AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable.cs</DependentUpon>
+    </EmbeddedResource>
     <EmbeddedResource Include="OData\QueryAllowed\Data\apiv1packages.json" />
     <EmbeddedResource Include="OData\QueryAllowed\Data\apiv1search.json" />
     <EmbeddedResource Include="OData\QueryAllowed\Data\apiv2getupdates.json" />

src/NuGetGallery/Migrations/201808312302101_AddIsVerifiedDownloadCountIdIndexForPackageRegistrationsTable.resx

@@ -2,34 +2,37 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Concurrent;
 using System.Collections.Generic;
-using System.Threading;
 using System.Threading.Tasks;
+using System.Linq;
 
 namespace NuGetGallery
 {
     public class TyposquattingCheckService : ITyposquattingCheckService
     {
+        // TODO: Length of checklist will be saved in the configuration file.
+        // https://github.com/NuGet/Engineering/issues/1645
+        private const int TyposquattingCheckListLength = 20000;
+
         // TODO: Threshold parameters will be saved in the configuration file.
         // https://github.com/NuGet/Engineering/issues/1645
-        private static List<ThresholdInfo> _thresholdsList = new List<ThresholdInfo>
+        private static readonly IReadOnlyList<ThresholdInfo> ThresholdsList = new List<ThresholdInfo>
         {
-            new ThresholdInfo { LowerBound = 0, UpperBound = 30, Threshold = 0 },
-            new ThresholdInfo { LowerBound = 30, UpperBound = 50, Threshold = 1 },
-            new ThresholdInfo { LowerBound = 50, UpperBound = 120, Threshold = 2 }
+            new ThresholdInfo (lowerBound: 0, upperBound: 30, threshold: 0),
+            new ThresholdInfo (lowerBound: 30, upperBound: 50, threshold: 1),
+            new ThresholdInfo (lowerBound: 50, upperBound: 121, threshold: 2)
         };
-        
-        // TODO: popular packages checklist will be implemented
-        // https://github.com/NuGet/Engineering/issues/1624
-        public static List<PackageInfo> PackagesCheckList { get; set; }
 
         private readonly ITyposquattingUserService _userTyposquattingService;
+        private readonly IEntityRepository<PackageRegistration> _packageRegistrationRepository;
 
-        public TyposquattingCheckService(ITyposquattingUserService typosquattingUserService)
+        public TyposquattingCheckService(ITyposquattingUserService typosquattingUserService, IEntityRepository<PackageRegistration> packageRegistrationRepository)
         {
             _userTyposquattingService = typosquattingUserService ?? throw new ArgumentNullException(nameof(typosquattingUserService));
+            _packageRegistrationRepository = packageRegistrationRepository ?? throw new ArgumentNullException(nameof(packageRegistrationRepository));
         }
-
+              
         public bool IsUploadedPackageIdTyposquatting(string uploadedPackageId, User uploadedPackageOwner)
         {
             if (uploadedPackageId == null)
@@ -42,38 +45,42 @@ public bool IsUploadedPackageIdTyposquatting(string uploadedPackageId, User uplo
                 throw new ArgumentNullException(nameof(uploadedPackageOwner));
             }
 
+            var packagesCheckList = _packageRegistrationRepository.GetAll()
+                .OrderByDescending(pr => pr.IsVerified)
+                .ThenByDescending(pr => pr.DownloadCount)
+                .Select(pr => pr.Id)
+                .Take(TyposquattingCheckListLength)
+                .ToList();
+
             var threshold = GetThreshold(uploadedPackageId);
             uploadedPackageId = TyposquattingStringNormalization.NormalizeString(uploadedPackageId);
 
-            var countCollision = 0;
-            Parallel.ForEach(PackagesCheckList, (package, loopState) =>
+            var collisionPackageIds = new ConcurrentBag<string>();
+            Parallel.ForEach(packagesCheckList, (packageId, loopState) =>
             {
                 // TODO: handle the package which is owned by an organization. 
                 // https://github.com/NuGet/Engineering/issues/1656
-                if (package.Owners.Contains(uploadedPackageOwner.Username))
+                string normalizedPackageId = TyposquattingStringNormalization.NormalizeString(packageId);
+                if (TyposquattingDistanceCalculation.IsDistanceLessThanThreshold(uploadedPackageId, normalizedPackageId, threshold))
                 {
-                    return;
+                    collisionPackageIds.Add(packageId);
                 }
+            });
 
-                if (TyposquattingDistanceCalculation.IsDistanceLessThanThreshold(uploadedPackageId, package.Id, threshold))
+            foreach (var packageId in collisionPackageIds)
+            {
+                if (!_userTyposquattingService.CanUserTyposquat(packageId, uploadedPackageOwner.Username))
                 {
-                    // Double check the owners list in the latest DB. 
-                    if (_userTyposquattingService.CanUserTyposquat(package.Id, uploadedPackageOwner.Username))
-                    {
-                        return;
-                    }
-
-                    Interlocked.Increment(ref countCollision);
-                    loopState.Stop();
+                    return true;
                 }
-            });
+            }
 
-            return countCollision != 0;
+            return false;
         }
 
         private static int GetThreshold(string packageId)
         {
-            foreach (var thresholdInfo in _thresholdsList)
+            foreach (var thresholdInfo in ThresholdsList)
             {
                 if (packageId.Length >= thresholdInfo.LowerBound && packageId.Length < thresholdInfo.UpperBound)
                 {
@@ -85,16 +92,16 @@ private static int GetThreshold(string packageId)
         }
     }
 
-    public class PackageInfo
-    {
-        public string Id { get; set; }
-        public HashSet<string> Owners { get; set; }
-    }
-
     public class ThresholdInfo
     {
-        public int LowerBound { get; set; }
-        public int UpperBound { get; set; }
-        public int Threshold { get; set; }
+        public int LowerBound { get; }
+        public int UpperBound { get; }
+        public int Threshold { get; }
+        public ThresholdInfo(int lowerBound, int upperBound, int threshold)
+        {
+            LowerBound = lowerBound;
+            UpperBound = upperBound;
+            Threshold = threshold;
+        }        
     }
 }

src/NuGetGallery/NuGetGallery.csproj

@@ -129,6 +129,7 @@
     <Compile Include="Security\RequirePackageMetadataCompliancePolicyFacts.cs" />
     <Compile Include="Services\ActionRequiringEntityPermissionsFacts.cs" />
     <Compile Include="Services\CertificatesConfigurationFacts.cs" />
+    <Compile Include="Services\TyposquattingCheckServiceFacts.cs" />
     <Compile Include="Services\CloudDownloadCountServiceFacts.cs" />
     <Compile Include="Services\CertificateServiceFacts.cs" />
     <Compile Include="Services\CertificateValidatorFacts.cs" />
@@ -169,6 +170,7 @@
     <Compile Include="Services\TelemetryServiceFacts.cs" />
     <Compile Include="Services\TestableActionRequiringEntityPermissions.cs" />
     <Compile Include="Services\TestablePermissionsEntity.cs" />
+    <Compile Include="Services\TyposquattingUserServiceFacts.cs" />
     <Compile Include="Services\ValidationServiceFacts.cs" />
     <Compile Include="Telemetry\ClientInformationTelemetryEnricherTests.cs" />
     <Compile Include="Telemetry\ClientTelemetryPIIProcessorTests.cs" />