Abstract typosquatting (#9767)

NuGet · Jan 8, 2024 · c1115f8 · c1115f8
1 parent 2a982dc
commit c1115f8
Show file tree

Hide file tree

Showing 9 changed files with 78 additions and 559 deletions.
diff --git a/src/NuGetGallery.Core/Services/ITyposquattingServiceHelper.cs b/src/NuGetGallery.Core/Services/ITyposquattingServiceHelper.cs
@@ -0,0 +1,19 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery
+{
+    /// <summary>
+    /// This interface for providing additional methods for ITyposquattingService.
+    /// </summary>
+    public interface ITyposquattingServiceHelper
+    {
+        /// <summary>
+        /// This method is used to check if the distance between the currently uploaded package ID and another package ID is less than or equal to the threshold.
+        /// </summary>
+        /// <param name="uploadedPackageId">Uploaded package Id</param>
+        /// <param name="packageId">Package Id compared to</param>
+        /// <returns>Return true if distance is less than the threshold</returns>
+        bool IsDistanceLessThanOrEqualToThreshold(string uploadedPackageId, string packageId);
+    }
+}
diff --git a/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs b/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs
@@ -54,7 +54,6 @@
 using NuGetGallery.Infrastructure.Mail;
 using NuGetGallery.Infrastructure.Search;
 using NuGetGallery.Infrastructure.Search.Correlation;
-using NuGetGallery.Login;
 using NuGetGallery.Security;
 using NuGetGallery.Services;
 using Role = NuGet.Services.Entities.Role;
@@ -407,6 +406,8 @@ protected override void Load(ContainerBuilder builder)
                 .AsSelf()
                 .As<ICertificateService>()
                 .InstancePerLifetimeScope();
+
+            RegisterTyposquattingServiceHelper(builder, loggerFactory);
 
             builder.RegisterType<TyposquattingService>()
                 .AsSelf()
@@ -1587,5 +1588,32 @@ private static void RegisterCookieComplianceService(ConfigurationService configu
 
             CookieComplianceService.Initialize(service ?? new NullCookieComplianceService(), logger);
         }
+
+        private static void RegisterTyposquattingServiceHelper(ContainerBuilder builder, ILoggerFactory loggerFactory)
+        {
+            var logger = loggerFactory.CreateLogger(nameof(ITyposquattingServiceHelper));
+
+            builder.Register(c =>
+            {
+                var typosquattingService = GetAddInServices<ITyposquattingServiceHelper>(sp =>
+                {
+                    sp.ComposeExportedValue<ILogger>(logger);
+                }).FirstOrDefault();
+
+                if (typosquattingService == null)
+                {
+                    typosquattingService = new ExactMatchTyposquattingServiceHelper();
+                    logger.LogInformation("No typosquatting service helper was found, using ExactMatchTyposquattingServiceHelper instead.");
+                }
+                else
+                {
+                    logger.LogInformation("ITyposquattingServiceHelper found.");
+                }
+
+                return typosquattingService;
+            })
+            .As<ITyposquattingServiceHelper>()
+            .SingleInstance();
+        }
     }
 }
diff --git a/src/NuGetGallery/NuGetGallery.csproj b/src/NuGetGallery/NuGetGallery.csproj
@@ -351,6 +351,7 @@
     <Compile Include="RequestModels\DeletePackagesApiRequest.cs" />
     <Compile Include="RequestModels\UpdateListedRequest.cs" />
     <Compile Include="Services\MissingLicenseValidationMessageV2.cs" />
+    <Compile Include="Services\NullTyposquattingService.cs" />
     <Compile Include="Services\UploadPackageMissingReadme.cs" />
     <Compile Include="Services\MissingLicenseValidationMessage.cs" />
     <Compile Include="Services\UploadPackageIdNamespaceConflict.cs" />
@@ -650,8 +651,6 @@
     <Compile Include="Services\PackageValidationResultType.cs" />
     <Compile Include="Services\ReadMeService.cs" />
     <Compile Include="Services\TyposquattingService.cs" />
-    <Compile Include="Services\TyposquattingDistanceCalculation.cs" />
-    <Compile Include="Services\TyposquattingStringNormalization.cs" />
     <Compile Include="Services\UpdateDeprecationError.cs" />
     <Compile Include="Services\ValidationService.cs" />
     <Compile Include="Strings.Designer.cs">

diff --git a/src/NuGetGallery/Services/NullTyposquattingService.cs b/src/NuGetGallery/Services/NullTyposquattingService.cs
@@ -0,0 +1,13 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Services
+{
+    public class ExactMatchTyposquattingServiceHelper : ITyposquattingServiceHelper
+    {
+        public bool IsDistanceLessThanOrEqualToThreshold(string uploadedPackageId, string packageId)
+        {
+            return uploadedPackageId.ToLowerInvariant() == packageId.ToLowerInvariant();
+        }
+    }
+}
diff --git a/src/NuGetGallery/Services/TyposquattingDistanceCalculation.cs b/src/NuGetGallery/Services/TyposquattingDistanceCalculation.cs