Merge pull request #9881 from NuGet/dev

[ReleasePrep][2024.03.26] RI of dev into main

Author: v-manil2

Directory.Build.props

@@ -1,8 +1,8 @@
 <Project>
   <PropertyGroup>
     <NuGetClientPackageVersion>6.9.1</NuGetClientPackageVersion>
-    <ServerCommonPackageVersion>2.117.0</ServerCommonPackageVersion>
-    <NuGetJobsPackageVersion>4.3.0-dev-9116469</NuGetJobsPackageVersion>
+    <ServerCommonPackageVersion>2.120.0</ServerCommonPackageVersion>
+    <NuGetJobsPackageVersion>4.3.0-dev-9310589</NuGetJobsPackageVersion>
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers">

src/NuGetGallery.Core/Services/ITyposquattingServiceHelper.cs

@@ -15,5 +15,20 @@ public interface ITyposquattingServiceHelper
         /// <param name="packageId">Package Id compared to</param>
         /// <returns>Return true if distance is less than the threshold</returns>
         bool IsDistanceLessThanOrEqualToThreshold(string uploadedPackageId, string packageId);
+
+        /// <summary>
+        /// This method is used to check if the distance between the currently uploaded package ID and another package ID is less than or equal to the threshold.
+        /// </summary>
+        /// <param name="uploadedPackageId">Uploaded package Id</param>
+        /// <param name="normalizedPackageId">Normalized Package Id compared to</param>
+        /// <returns>Return true if distance is less than the threshold</returns>
+        bool IsDistanceLessThanOrEqualToThresholdWithNormalizedPackageId(string uploadedPackageId, string normalizedPackageId);
+
+        /// <summary>
+        /// This method is used to normalize string.
+        /// </summary>
+        /// <param name="str">String to normalize</param>
+        /// <returns>Normalized string</returns>
+        string NormalizeString(string str);
     }
 }

src/NuGetGallery.Services/NuGetGallery.Services.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\SdkProjects.props" />
 
@@ -66,6 +66,9 @@
     <PackageReference Include="Microsoft.AspNetCore.Cryptography.KeyDerivation">
       <Version>1.0.0</Version>
     </PackageReference>
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens">
+      <Version>7.3.1</Version>
+    </PackageReference>	  
     <PackageReference Include="Microsoft.Owin">
       <Version>4.2.2</Version>
     </PackageReference>

src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json

@@ -26,6 +26,7 @@
         "img.shields.io",
         "i.imgur.com",
         "isitmaintained.com",
+        "media.githubusercontent.com",
         "opencollective.com",
         "snyk.io",
         "sonarcloud.io",

src/NuGetGallery/Services/NullTyposquattingService.cs

@@ -1,13 +1,30 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
+
 namespace NuGetGallery.Services
 {
     public class ExactMatchTyposquattingServiceHelper : ITyposquattingServiceHelper
     {
         public bool IsDistanceLessThanOrEqualToThreshold(string uploadedPackageId, string packageId)
         {
-            return uploadedPackageId.ToLowerInvariant() == packageId.ToLowerInvariant();
+            return StringComparer.OrdinalIgnoreCase.Equals(uploadedPackageId, packageId);
+        }
+
+        public bool IsDistanceLessThanOrEqualToThresholdWithNormalizedPackageId(string uploadedPackageId, string normalizedPackageId)
+        {
+            return StringComparer.OrdinalIgnoreCase.Equals(uploadedPackageId, normalizedPackageId);
+        }
+
+        public string NormalizeString(string packageId)
+        {
+            if (string.IsNullOrEmpty(packageId))
+            {
+                return string.Empty;
+            }
+
+            return packageId.ToLowerInvariant();
         }
     }
 }

src/NuGetGallery/Services/TyposquattingCheckListCacheService.cs

@@ -10,16 +10,18 @@ namespace NuGetGallery
     public class TyposquattingCheckListCacheService : ITyposquattingCheckListCacheService
     {
         private readonly object Locker = new object();
+        private readonly ITyposquattingServiceHelper _typosquattingServiceHelper;
 
         private List<string> Cache;
         private DateTime LastRefreshTime;
 
         private int TyposquattingCheckListConfiguredLength;
 
-        public TyposquattingCheckListCacheService()
+        public TyposquattingCheckListCacheService(ITyposquattingServiceHelper typosquattingServiceHelper)
         {
             TyposquattingCheckListConfiguredLength = -1;
             LastRefreshTime = DateTime.MinValue;
+            _typosquattingServiceHelper = typosquattingServiceHelper;
         }
 
         public IReadOnlyCollection<string> GetTyposquattingCheckList(int checkListConfiguredLength, TimeSpan checkListExpireTime, IPackageService packageService)
@@ -44,14 +46,17 @@ public IReadOnlyCollection<string> GetTyposquattingCheckList(int checkListConfig
                     if (ShouldCacheBeUpdated(checkListConfiguredLength, checkListExpireTime))
                     {
                         TyposquattingCheckListConfiguredLength = checkListConfiguredLength;
-
-                        Cache = packageService.GetAllPackageRegistrations()
+                        List<string> cachedPackages = packageService.GetAllPackageRegistrations()
                             .OrderByDescending(pr => pr.IsVerified)
                             .ThenByDescending(pr => pr.DownloadCount)
                             .Select(pr => pr.Id)
                             .Take(TyposquattingCheckListConfiguredLength)
                             .ToList();
 
+                        Cache = cachedPackages
+                            .Select(pr => _typosquattingServiceHelper.NormalizeString(pr))
+                            .ToList();
+
                         LastRefreshTime = DateTime.UtcNow;
                     }
                 }

src/NuGetGallery/Services/TyposquattingService.cs

@@ -60,18 +60,20 @@ public bool IsUploadedPackageIdTyposquatting(string uploadedPackageId, User uplo
 
             var totalTimeStopwatch = Stopwatch.StartNew();
             var checklistRetrievalStopwatch = Stopwatch.StartNew();
-            var packageIdsCheckList = _typosquattingCheckListCacheService.GetTyposquattingCheckList(checkListConfiguredLength, checkListExpireTimeInHours, _packageService);
+            
+            // It must be normalized during initial list creation
+            var normalizedPackageIdsCheckList = _typosquattingCheckListCacheService.GetTyposquattingCheckList(checkListConfiguredLength, checkListExpireTimeInHours, _packageService);
             checklistRetrievalStopwatch.Stop();
 
             _telemetryService.TrackMetricForTyposquattingChecklistRetrievalTime(uploadedPackageId, checklistRetrievalStopwatch.Elapsed);
 
             var algorithmProcessingStopwatch = Stopwatch.StartNew();
             var collisionIds = new ConcurrentBag<string>();
-            Parallel.ForEach(packageIdsCheckList, (packageId, loopState) =>
+            Parallel.ForEach(normalizedPackageIdsCheckList, (normalizedPackageId, loopState) =>
             {
-                if (_typosquattingServiceHelper.IsDistanceLessThanOrEqualToThreshold(uploadedPackageId, packageId))
+                if (_typosquattingServiceHelper.IsDistanceLessThanOrEqualToThresholdWithNormalizedPackageId(uploadedPackageId, normalizedPackageId))
                 {
-                    collisionIds.Add(packageId);
+                    collisionIds.Add(normalizedPackageId);
                 }
             });
             algorithmProcessingStopwatch.Stop();
@@ -86,7 +88,7 @@ public bool IsUploadedPackageIdTyposquatting(string uploadedPackageId, User uplo
                     totalTimeStopwatch.Elapsed,
                     wasUploadBlocked,
                     typosquattingCheckCollisionIds,
-                    packageIdsCheckList.Count,
+                    normalizedPackageIdsCheckList.Count,
                     checkListExpireTimeInHours);
 
                 return false;
@@ -126,7 +128,7 @@ public bool IsUploadedPackageIdTyposquatting(string uploadedPackageId, User uplo
                     totalTimeStopwatch.Elapsed,
                     wasUploadBlocked,
                     typosquattingCheckCollisionIds,
-                    packageIdsCheckList.Count,
+                    normalizedPackageIdsCheckList.Count,
                     checkListExpireTimeInHours);
 
             return wasUploadBlocked;

src/NuGetGallery/ViewModels/LogOnViewModel.cs

@@ -49,8 +49,8 @@ public enum ExistingUserLinkingErrorType
     public class SignInViewModel
     {
         [Required]
-        [Display(Name = "Username or Email")]
-        [Hint("Enter your username or email address.")]
+        [Display(Name = "Email Address")]
+        [Hint("Enter your email address.")]
         public string UserNameOrEmail { get; set; }
 
         [Required]

src/NuGetGallery/Views/Packages/_SupportedFrameworksBadges.cshtml

@@ -1,5 +1,6 @@
 @using String = NuGetGallery.Strings;
 @using NuGetGallery.Frameworks;
+
 @model PackageFrameworkCompatibilityBadges
 @{
     var eventName = "search-selection";
@@ -18,6 +19,7 @@
         itemIndex = parsedItemIndex;
     }
 }
+
 @functions
 {
     public enum FrameworkContext
@@ -31,25 +33,7 @@
     public string GetBadgeTooltip(FrameworkContext context, PackageFrameworkCompatibilityData tfmCompatibilityData)
     {
         var badgeVersion = tfmCompatibilityData.Framework.GetBadgeVersion();
-        string tfmType;
-        switch (context)
-        {
-            case FrameworkContext.Net:
-                tfmType = ".NET";
-                break;
-            case FrameworkContext.NetCore:
-                tfmType = ".NET Core";
-                break;
-            case FrameworkContext.NetStandard:
-                tfmType = ".NET Standard";
-                break;
-            case FrameworkContext.NetFramework:
-                tfmType = ".NET Framework";
-                break;
-            default:
-                tfmType = "";
-                break;
-        }
+        string tfmType = GetFrameworkProductName(context);
 
         if (badgeVersion.IsEmpty())
         {
@@ -65,85 +49,68 @@
 
         return toolTip;
     }
+
+    public string GetBadgeDisplayName(FrameworkContext context, PackageFrameworkCompatibilityData tfmCompatibilityData)
+    {
+        var badgeVersion = tfmCompatibilityData.Framework.GetBadgeVersion();
+        string displayName = GetFrameworkProductName(context);
+
+        if (badgeVersion.IsEmpty())
+        {
+            return displayName;
+        }
+
+        return displayName + " " + badgeVersion;
+    }
+
+    public string GetFrameworkProductName(FrameworkContext context)
+    {
+        switch (context)
+        {
+            case FrameworkContext.Net:
+                return ".NET";
+            case FrameworkContext.NetCore:
+                return ".NET Core";
+            case FrameworkContext.NetStandard:
+                return ".NET Standard";
+            case FrameworkContext.NetFramework:
+                return ".NET Framework";
+            default:
+                return "";
+        }
+    }
+}
+
+@helper DisplayFrameworkBadge(PackageFrameworkCompatibilityData tfmCompatibilityData, FrameworkContext context, int? itemIndex, string eventName)
+{
+    <a href=@Url.FrameworksTab(Model.PackageId, Model.PackageVersion)
+       @if (itemIndex.HasValue)
+       {
+            @: data-track="@eventName" data-track-value="@itemIndex" data-click-source="FrameworkBadge"
+            @: data-package-id="@Model.PackageId" data-package-version="@Model.PackageVersion"
+            @: data-badge-framework="@tfmCompatibilityData.Framework.GetShortFolderName()" data-badge-is-computed="@tfmCompatibilityData.IsComputed"
+       }>
+        <span class=@(tfmCompatibilityData.IsComputed ? "framework-badge-computed" : "framework-badge-asset") aria-label="@GetBadgeTooltip(context, tfmCompatibilityData)" data-content="@GetBadgeTooltip(context, tfmCompatibilityData)">
+            @GetBadgeDisplayName(context, tfmCompatibilityData)
+        </span>
+    </a>
 }
 
 <div class="framework framework-badges">
     @if (Model.Net != null)
     {
-        <!-- .NET cannot be an empty version since the lowest version for this framework is "net5.0", if the package contains just "net" framework it will fall into .NET Framework badge instead.' -->
-        <a href=@Url.FrameworksTab(Model.PackageId, Model.PackageVersion)
-            @if (itemIndex.HasValue)
-            {
-                @:data-track="@eventName" data-track-value="@itemIndex" data-click-source="FrameworkBadge"
-                @:data-package-id="@Model.PackageId" data-package-version="@Model.PackageVersion"
-                @:data-badge-framework="@Model.Net.Framework.GetShortFolderName()" data-badge-is-computed="@Model.Net.IsComputed"
-            }>
-            <span class=@(Model.Net.IsComputed ? "framework-badge-computed" : "framework-badge-asset") aria-label="@GetBadgeTooltip(FrameworkContext.Net, Model.Net)" data-content="@GetBadgeTooltip(FrameworkContext.Net, Model.Net)">
-                .NET @Model.Net.Framework.GetBadgeVersion()
-            </span>
-        </a>
+        @DisplayFrameworkBadge(Model.Net, FrameworkContext.Net, itemIndex, eventName)
     }
     @if (Model.NetCore != null)
     {
-        <a href=@Url.FrameworksTab(Model.PackageId, Model.PackageVersion)
-            @if (itemIndex.HasValue)
-            {
-                    @:data-track="@eventName" data-track-value="@itemIndex" data-click-source="FrameworkBadge"
-                    @:data-package-id="@Model.PackageId" data-package-version="@Model.PackageVersion"
-                    @:data-badge-framework="@Model.NetCore.Framework.GetShortFolderName()" data-badge-is-computed="@Model.NetCore.IsComputed"
-            }>
-            <span class=@(Model.NetCore.IsComputed ? "framework-badge-computed" : "framework-badge-asset") aria-label="@GetBadgeTooltip(FrameworkContext.NetCore, Model.NetCore)" data-content="@GetBadgeTooltip(FrameworkContext.NetCore, Model.NetCore)">
-            @if (Model.NetCore.Framework.GetBadgeVersion().IsEmpty())
-            {
-                @:.NET Core
-            }
-            else
-            {
-                @:.NET Core @Model.NetCore.Framework.GetBadgeVersion()
-            }
-            </span>
-        </a>
+        @DisplayFrameworkBadge(Model.NetCore, FrameworkContext.NetCore, itemIndex, eventName)
     }
     @if (Model.NetStandard != null)
     {
-        <a href=@Url.FrameworksTab(Model.PackageId, Model.PackageVersion)
-            @if (itemIndex.HasValue)
-            {
-                    @:data-track="@eventName" data-track-value="@itemIndex" data-click-source="FrameworkBadge"
-                    @:data-package-id="@Model.PackageId" data-package-version="@Model.PackageVersion"
-                    @:data-badge-framework="@Model.NetStandard.Framework.GetShortFolderName()" data-badge-is-computed="@Model.NetStandard.IsComputed"
-            }>
-            <span class=@(Model.NetStandard.IsComputed ? "framework-badge-computed" : "framework-badge-asset") aria-label="@GetBadgeTooltip(FrameworkContext.NetStandard, Model.NetStandard)" data-content="@GetBadgeTooltip(FrameworkContext.NetStandard, Model.NetStandard)">
-            @if (Model.NetStandard.Framework.GetBadgeVersion().IsEmpty())
-            {
-                @:.NET Standard
-            }
-            else
-            {
-                @:.NET Standard @Model.NetStandard.Framework.GetBadgeVersion()
-            }
-            </span>
-        </a>
+        @DisplayFrameworkBadge(Model.NetStandard, FrameworkContext.NetStandard, itemIndex, eventName)
     }
     @if (Model.NetFramework != null)
     {
-        <a href=@Url.FrameworksTab(Model.PackageId, Model.PackageVersion)
-            @if (itemIndex.HasValue)
-            {
-                    @:data-track="@eventName" data-track-value="@itemIndex" data-click-source="FrameworkBadge"
-                    @:data-package-id="@Model.PackageId" data-package-version="@Model.PackageVersion"
-                    @:data-badge-framework="@Model.NetFramework.Framework.GetShortFolderName()" data-badge-is-computed="@Model.NetFramework.IsComputed"
-            }>
-            <span class=@(Model.NetFramework.IsComputed ? "framework-badge-computed" : "framework-badge-asset") aria-label="@GetBadgeTooltip(FrameworkContext.NetFramework, Model.NetFramework)" data-content="@GetBadgeTooltip(FrameworkContext.NetFramework, Model.NetFramework)">
-            @if (Model.NetFramework.Framework.GetBadgeVersion().IsEmpty())
-            {
-                @:.NET Framework
-            }
-            else
-            {
-                @:.NET Framework @Model.NetFramework.Framework.GetBadgeVersion()
-            }
-            </span>
-        </a>
+        @DisplayFrameworkBadge(Model.NetFramework, FrameworkContext.NetFramework, itemIndex, eventName)
     }
 </div>

src/NuGetGallery/Web.config

@@ -586,6 +586,22 @@
   </system.diagnostics>
   <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+		<dependentAssembly>
+			<assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
+			<bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0"/>
+		</dependentAssembly>
+		<dependentAssembly>
+			<assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
+			<bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0"/>
+		</dependentAssembly>
+		<dependentAssembly>
+			<assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
+			<bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0"/>
+		</dependentAssembly>
+		<dependentAssembly>
+			<assemblyIdentity name="Microsoft.IdentityModel.Abstractions" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
+			<bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0"/>
+		</dependentAssembly>
 	    <dependentAssembly>
 		    <assemblyIdentity name="WebGrease" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
 		    <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930"/>