Fix NuGet package upload error handling (#37074)
Wrap `zip.NewReader` errors in NuGet `ParsePackageMetaData` and `ExtractPortablePdb` as `ErrInvalidArgument` so invalid packages return HTTP 400 (Bad Request) instead of 500 (Internal Server Error). Add integration test for multipart/form-data NuGet upload path (used by `dotnet nuget push`) which was previously untested. Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
@@ -140,7 +140,7 @@ type nuspecPackage struct {
|
|||||||
func ParsePackageMetaData(r io.ReaderAt, size int64) (*Package, error) {
|
func ParsePackageMetaData(r io.ReaderAt, size int64) (*Package, error) {
|
||||||
archive, err := zip.NewReader(r, size)
|
archive, err := zip.NewReader(r, size)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, util.NewInvalidArgumentErrorf("unable to parse package meta: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, file := range archive.File {
|
for _, file := range archive.File {
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ func (l PortablePdbList) Close() {
|
|||||||
func ExtractPortablePdb(r io.ReaderAt, size int64) (PortablePdbList, error) {
|
func ExtractPortablePdb(r io.ReaderAt, size int64) (PortablePdbList, error) {
|
||||||
archive, err := zip.NewReader(r, size)
|
archive, err := zip.NewReader(r, size)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, util.NewInvalidArgumentErrorf("unable to extract portable pdb: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var pdbs PortablePdbList
|
var pdbs PortablePdbList
|
||||||
|
|||||||
@@ -10,6 +10,7 @@ import (
|
|||||||
"encoding/xml"
|
"encoding/xml"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
"mime/multipart"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
neturl "net/url"
|
neturl "net/url"
|
||||||
@@ -930,4 +931,34 @@ AAAjQmxvYgAAAGm7ENm9SGxMtAFVvPUsPJTF6PbtAAAAAFcVogEJAAAAAQAAAA==`)
|
|||||||
AddBasicAuth(user.Name)
|
AddBasicAuth(user.Name)
|
||||||
MakeRequest(t, req, http.StatusNotFound)
|
MakeRequest(t, req, http.StatusNotFound)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("UploadMultipartForm", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
packageContent := createPackage(packageName, packageVersion).Bytes()
|
||||||
|
|
||||||
|
// Simulate dotnet nuget push which sends multipart/form-data with X-NuGet-ApiKey auth
|
||||||
|
var body bytes.Buffer
|
||||||
|
mpw := multipart.NewWriter(&body)
|
||||||
|
part, err := mpw.CreateFormFile("package", "package.nupkg")
|
||||||
|
assert.NoError(t, err)
|
||||||
|
_, err = part.Write(packageContent)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
err = mpw.Close()
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
req := NewRequestWithBody(t, "PUT", url, &body).
|
||||||
|
SetHeader("Content-Type", mpw.FormDataContentType())
|
||||||
|
addNuGetAPIKeyHeader(req, writeToken)
|
||||||
|
MakeRequest(t, req, http.StatusCreated)
|
||||||
|
|
||||||
|
pvs, err := packages.GetVersionsByPackageType(t.Context(), user.ID, packages.TypeNuGet)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Len(t, pvs, 1)
|
||||||
|
|
||||||
|
// Clean up
|
||||||
|
req = NewRequest(t, "DELETE", fmt.Sprintf("%s/%s/%s", url, packageName, packageVersion)).
|
||||||
|
AddBasicAuth(user.Name)
|
||||||
|
MakeRequest(t, req, http.StatusNoContent)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user