Version validation should use the original NuGet.Core regex to ensure…

… compat #3226
NuGet · Sep 12, 2016 · 76a6104 · 76a6104
1 parent deac8c3
commit 76a6104
Show file tree

Hide file tree

Showing 3 changed files with 119 additions and 7 deletions.
diff --git a/src/NuGetGallery.Core/NuGetVersionExtensions.cs b/src/NuGetGallery.Core/NuGetVersionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Linq;
+using System.Text.RegularExpressions;
 using NuGet.Versioning;
 
 namespace NuGetGallery
@@ -23,6 +24,9 @@ public static string Normalize(string version)
 
     public static class NuGetVersionExtensions
     {
+        private const RegexOptions Flags = RegexOptions.Compiled | RegexOptions.IgnoreCase | RegexOptions.ExplicitCapture;
+        private static readonly Regex SemanticVersionRegex = new Regex(@"^(?<Version>\d+(\s*\.\s*\d+){0,3})(?<Release>-[a-z][0-9a-z-]*)?$", Flags);
+
         public static string ToNormalizedStringSafe(this NuGetVersion self)
         {
             return self != null ? self.ToNormalizedString() : String.Empty;
@@ -32,5 +36,12 @@ public static bool IsSemVer200(this NuGetVersion self)
         {
             return self.ReleaseLabels.Count() > 1 || self.HasMetadata;
         }
+
+        public static bool IsValidVersion(this NuGetVersion self)
+        {
+            var match = SemanticVersionRegex.Match(self.ToString().Trim());
+
+            return match.Success;
+        }
     }
 }
diff --git a/src/NuGetGallery.Core/Packaging/ManifestValidator.cs b/src/NuGetGallery.Core/Packaging/ManifestValidator.cs
@@ -8,6 +8,7 @@
 using System.IO;
 using System.Linq;
 using NuGet.Packaging;
+using NuGet.Versioning;
 
 namespace NuGetGallery.Packaging
 {
@@ -77,13 +78,10 @@ private static IEnumerable<ValidationResult> ValidateCore(PackageMetadata packag
                     Strings.Manifest_InvalidVersion,
                     version));
             }
-            if (packageMetadata.Version.IsSemVer200())
-            {
 
-                yield return new ValidationResult(String.Format(
-                    CultureInfo.CurrentCulture,
-                    Strings.Manifest_InvalidVersionSemVer200,
-                    packageMetadata.Version.ToFullString()));
+            foreach (var validationResult in ValidateVersion(packageMetadata.Version))
+            {
+                yield return validationResult;
             }
 
             // Check framework reference groups
@@ -122,7 +120,7 @@ private static IEnumerable<ValidationResult> ValidateCore(PackageMetadata packag
                             dependencyGroup.TargetFramework?.ToString()));
                     }
 
-                    // Verify package id's
+                    // Verify package id's and versions
                     foreach (var dependency in dependencyGroup.Packages)
                     {
                         bool duplicate = !dependencyIds.Add(dependency.Id);
@@ -143,11 +141,47 @@ private static IEnumerable<ValidationResult> ValidateCore(PackageMetadata packag
                                 dependency.Id,
                                 dependency.VersionRange.OriginalString));
                         }
+
+                        // Versions
+                        if (dependency.VersionRange.MinVersion != null)
+                        {
+                            foreach (var validationResult in ValidateVersion(dependency.VersionRange.MinVersion))
+                            {
+                                yield return validationResult;
+                            }
+                        }
+
+                        if (dependency.VersionRange.MaxVersion != null 
+                            && dependency.VersionRange.MaxVersion != dependency.VersionRange.MinVersion)
+                        {
+                            foreach (var validationResult in ValidateVersion(dependency.VersionRange.MaxVersion))
+                            {
+                                yield return validationResult;
+                            }
+                        }
                     }
                 }
             }
         }
 
+        private static IEnumerable<ValidationResult> ValidateVersion(NuGetVersion version)
+        {
+            if (version.IsSemVer200())
+            {
+                yield return new ValidationResult(string.Format(
+                    CultureInfo.CurrentCulture,
+                    Strings.Manifest_InvalidVersionSemVer200,
+                    version.ToFullString()));
+            }
+            else if (!version.IsValidVersion())
+            {
+                yield return new ValidationResult(string.Format(
+                    CultureInfo.CurrentCulture,
+                    Strings.Manifest_InvalidVersion,
+                    version));
+            }
+        }
+
         private static IEnumerable<ValidationResult> CheckUrls(params string[] urls)
         {
             foreach (var url in urls)

diff --git a/tests/NuGetGallery.Core.Facts/Packaging/ManifestValidatorFacts.cs b/tests/NuGetGallery.Core.Facts/Packaging/ManifestValidatorFacts.cs
@@ -102,6 +102,40 @@ public class ManifestValidatorFacts
                       </metadata>
                     </package>";
 
+        private const string NuSpecDependencyVersionPlaceholder = @"<?xml version=""1.0""?>
+                    <package xmlns=""http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"">
+                      <metadata>
+                        <id>valid</id>
+                        <version>2.0.0</version>
+                        <title>Package A</title>
+                        <authors>ownera, ownerb</authors>
+                        <owners>ownera, ownerb</owners>
+                        <requireLicenseAcceptance>false</requireLicenseAcceptance>
+                        <description>package A description.</description>
+                        <language>en-US</language>
+                        <dependencies>
+                            <group targetFramework=""net40"">
+                              <dependency id=""Dep"" version=""{0}"" />
+                            </group>
+                        </dependencies>
+                      </metadata>
+                    </package>";
+
+        private const string NuSpecPlaceholderVersion = @"<?xml version=""1.0""?>
+                    <package xmlns=""http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"">
+                      <metadata>
+                        <id>valid</id>
+                        <version>{0}</version>
+                        <title>Package A</title>
+                        <authors>ownera, ownerb</authors>
+                        <owners>ownera, ownerb</owners>
+                        <requireLicenseAcceptance>false</requireLicenseAcceptance>
+                        <description>package A description.</description>
+                        <language>en-US</language>
+                        <dependencies />
+                      </metadata>
+                    </package>";
+
         private const string NuSpecIconUrlInvalid = @"<?xml version=""1.0""?>
                     <package xmlns=""http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"">
                       <metadata>
@@ -399,6 +433,39 @@ public void ReturnsErrorIfVersionIsSemVer200()
             Assert.Equal(new[] { String.Format(Strings.Manifest_InvalidVersionSemVer200, "2.0.0+123") }, GetErrors(nuspecStream));
         }
 
+        [Theory]
+        [InlineData("1.0.0-beta.1")]
+        [InlineData("3.0.0-beta+12")]
+        public void ReturnsErrorIfDependencyVersionIsSemVer200(string version)
+        {
+            var nuspecStream = CreateNuspecStream(string.Format(NuSpecDependencyVersionPlaceholder, version));
+
+            Assert.Equal(new[] { String.Format(Strings.Manifest_InvalidVersionSemVer200, version) }, GetErrors(nuspecStream));
+        }
+
+        [Theory]
+        [InlineData("1.0.0-10")]
+        [InlineData("1.0.0--")]
+        public void ReturnsErrorIfVersionIsInvalid(string version)
+        {
+            // https://github.com/NuGet/NuGetGallery/issues/3226
+
+            var nuspecStream = CreateNuspecStream(string.Format(NuSpecPlaceholderVersion, version));
+
+            Assert.Equal(new[] { String.Format(Strings.Manifest_InvalidVersion, version) }, GetErrors(nuspecStream));
+        }
+
+
+        [Theory]
+        [InlineData("1.0.0-10")]
+        [InlineData("1.0.0--")]
+        public void ReturnsErrorIfDependencyVersionIsInvalid(string version)
+        {
+            var nuspecStream = CreateNuspecStream(string.Format(NuSpecDependencyVersionPlaceholder, version));
+
+            Assert.Equal(new[] { String.Format(Strings.Manifest_InvalidVersion, version) }, GetErrors(nuspecStream));
+        }
+
         [Fact]
         public void ReturnsErrorIfFrameworkAssemblyReferenceContainsUnsupportedTargetFramework()
         {