-
Notifications
You must be signed in to change notification settings - Fork 643
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix issue 1043: Obfuscate AI data on request redirect (#5236)
Fix for issue 1043 - obfuscate the AI data on request redirect.
- v2024.12.06
- v2024.12.05
- v2024.05.28
- v2023.04.25
- v2023.02.27
- v2022.10.19
- v2021.04.08
- v2020.06.09
- v2019.06.24
- v2019.01.14
- v2018.12.12
- v2018.11.12
- v2018.11.06
- v2018.11.05
- v2018.10.20
- v2018.09.25
- v2018.08.20
- v2018.08.08
- v2018.08.01
- v2018.07.16
- v2018.05.21
- v2018.05.08
- v2018.04.25
- v2018.04.05
- v2018.03.12
- v2018.02.22
- v2018.01.29
1 parent
90e8ada
commit 18bc2a1
Showing
7 changed files
with
216 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
// Copyright (c) .NET Foundation. All rights reserved. | ||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | ||
|
||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Web.Mvc; | ||
using System.Web.Routing; | ||
|
||
namespace NuGetGallery | ||
{ | ||
public static class RouteExtensions | ||
{ | ||
public struct ObfuscatedMetadata | ||
{ | ||
public int ObfuscatedSegment | ||
{ get; } | ||
|
||
public string ObfuscateValue | ||
{ get; } | ||
|
||
public ObfuscatedMetadata(int obfuscatedSegment, string obfuscateValue) | ||
{ | ||
ObfuscatedSegment = obfuscatedSegment; | ||
ObfuscateValue = obfuscateValue; | ||
} | ||
} | ||
|
||
internal static Dictionary<string, ObfuscatedMetadata> ObfuscatedRouteMap = new Dictionary<string, ObfuscatedMetadata>(); | ||
|
||
public static void MapRoute(this RouteCollection routes, string name, string url, object defaults, ObfuscatedMetadata obfuscationMetadata) | ||
{ | ||
routes.MapRoute(name, url, defaults); | ||
if (!ObfuscatedRouteMap.ContainsKey(url)) { ObfuscatedRouteMap.Add(url, obfuscationMetadata); } | ||
} | ||
|
||
public static string ObfuscateUrlPath(this Route route, string urlPath) | ||
{ | ||
var path = route.Url; | ||
if (!ObfuscatedRouteMap.ContainsKey(path)) | ||
{ | ||
return null; | ||
} | ||
var metadata = ObfuscatedRouteMap[path]; | ||
string[] segments = urlPath.Split('/'); | ||
segments[metadata.ObfuscatedSegment] = metadata.ObfuscateValue; | ||
return string.Join("/", segments); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
tests/NuGetGallery.Facts/Extensions/RouteExtensionsFacts.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
// Copyright (c) .NET Foundation. All rights reserved. | ||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | ||
|
||
using System.Web.Routing; | ||
using Xunit; | ||
|
||
namespace NuGetGallery.Extensions | ||
{ | ||
public class RouteExtensionsFacts | ||
{ | ||
private static string _routeUrl = "test/{user}"; | ||
private static string _url = "test/user1"; | ||
private static int _segment = 1; | ||
private static string _obfuscatedValue = "obfuscatedData"; | ||
|
||
[Fact] | ||
public void MapRouteAddObfuscation() | ||
{ | ||
// Arrange | ||
var routes = new RouteCollection(); | ||
routes.MapRoute("test", _routeUrl, null, new RouteExtensions.ObfuscatedMetadata(_segment, _obfuscatedValue)); | ||
|
||
// Act + Assert | ||
Assert.True(RouteExtensions.ObfuscatedRouteMap.ContainsKey(_routeUrl)); | ||
Assert.Equal(_segment, RouteExtensions.ObfuscatedRouteMap[_routeUrl].ObfuscatedSegment); | ||
Assert.Equal(_obfuscatedValue, RouteExtensions.ObfuscatedRouteMap[_routeUrl].ObfuscateValue); | ||
} | ||
|
||
[Fact] | ||
public void ObfuscateRoutePath_ReturnsNullWhenNotObfuscated() | ||
{ | ||
//Arrange | ||
var urlInput = "newtest/{user}"; | ||
var route = new Route(url: urlInput, routeHandler:null); | ||
|
||
// Act | ||
var obfuscated = route.ObfuscateUrlPath("newtest/user1"); | ||
|
||
//Assert | ||
Assert.Null(obfuscated); | ||
} | ||
|
||
[Fact] | ||
public void ObfuscateRoutePath_CorrectObfuscation() | ||
{ | ||
//Arrange | ||
var routes = new RouteCollection(); | ||
routes.MapRoute("test", _routeUrl, null, new RouteExtensions.ObfuscatedMetadata(_segment, _obfuscatedValue)); | ||
var route = new Route(url: _routeUrl, routeHandler: null); | ||
|
||
// Act | ||
var obfuscated = route.ObfuscateUrlPath(_url); | ||
|
||
//Assert | ||
Assert.Equal($"test/{_obfuscatedValue}", obfuscated); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters