From b7a345ffb54df1a33f1d29d3472195f9e4bb632c Mon Sep 17 00:00:00 2001 From: Cory Knox Date: Mon, 25 Nov 2024 06:48:30 -0800 Subject: [PATCH] (#3565) Do case insensitive comparisons --- .../nuget/ChocolateyNugetCredentialProvider.cs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/chocolatey/infrastructure.app/nuget/ChocolateyNugetCredentialProvider.cs b/src/chocolatey/infrastructure.app/nuget/ChocolateyNugetCredentialProvider.cs index a140839df..0aefe1bfa 100644 --- a/src/chocolatey/infrastructure.app/nuget/ChocolateyNugetCredentialProvider.cs +++ b/src/chocolatey/infrastructure.app/nuget/ChocolateyNugetCredentialProvider.cs @@ -92,7 +92,8 @@ public Task GetAsync(Uri uri, IWebProxy proxy, CredentialReq // If the user has specified --source with a *named* source and not a URL, try to find the matching one // with the correct URL for this credential request. - var namedExplicitSources = _config.ExplicitSources?.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries) + // Lower case all of the explicitly named sources so that we can use .Contains to compare them. + var namedExplicitSources = _config.ExplicitSources?.ToLower().Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries) .Where(s => !Uri.IsWellFormedUriString(s, UriKind.Absolute)) .ToList(); @@ -101,7 +102,9 @@ public Task GetAsync(Uri uri, IWebProxy proxy, CredentialReq // Uri.Equals() and == operator compare hostnames case-insensitively and the remainder of the url case-sensitively // while ignoring #fragments on the URLs, but does care about trailing slashes, which we do not here. source = _config.MachineSources - .Where(s => namedExplicitSources.Contains(s.Name) && new Uri(s.Key.TrimEnd('/')) == trimmedTargetUri) + .Where(s => namedExplicitSources.Contains(s.Name.ToLower()) + && Uri.TryCreate(s.Key.TrimEnd('/'), UriKind.Absolute, out var trimmedSourceUri) + && Uri.Compare(trimmedSourceUri, trimmedTargetUri, UriComponents.HttpRequestUrl, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0) .FirstOrDefault(); } @@ -113,11 +116,12 @@ public Task GetAsync(Uri uri, IWebProxy proxy, CredentialReq // Note: This behaviour remains as removing it would be a breaking change, but we may want // to remove this in a future version, as specifying an explicit URL should potentially // not go looking in the configuration file for saved credentials anyway. + // See GitHub Issue: https://github.com/chocolatey/choco/issues/3573 var candidateSources = _config.MachineSources .Where(s => !string.IsNullOrWhiteSpace(s.Username) && !string.IsNullOrWhiteSpace(s.EncryptedPassword) && Uri.TryCreate(s.Key.TrimEnd('/'), UriKind.Absolute, out var trimmedSourceUri) - && trimmedSourceUri == trimmedTargetUri) + && Uri.Compare(trimmedSourceUri, trimmedTargetUri, UriComponents.HttpRequestUrl, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0) .ToList(); if (candidateSources.Count == 1)