Canonicalize filename when comparing for duplicates

di · di · commit ea0289cda46c · 2021-12-13T20:50:21.000-05:00
diff --git a/tests/unit/forklift/test_legacy.py b/tests/unit/forklift/test_legacy.py
@@ -666,6 +666,45 @@ def test_is_duplicate_true(self, pyramid_config, db_request):
 
         assert legacy._is_duplicate_file(db_request.db, filename, hashes)
 
+    @pytest.mark.parametrize("file_name_prefix", ["foo_bar", "foo.bar"])
+    @pytest.mark.parametrize("project_name", ["foo_bar", "foo.bar"])
+    def test_is_duplicate_true_non_normalized_filename(
+        self, pyramid_config, db_request, file_name_prefix, project_name
+    ):
+        pyramid_config.testing_securitypolicy(userid=1)
+
+        user = UserFactory.create()
+        EmailFactory.create(user=user)
+        project = ProjectFactory.create(name=project_name)
+        release = ReleaseFactory.create(project=project, version="1.0")
+        RoleFactory.create(user=user, project=project)
+
+        filename = "{}-{}.tar.gz".format(project_name, release.version)
+        file_content = io.BytesIO(_TAR_GZ_PKG_TESTDATA)
+        file_value = file_content.getvalue()
+
+        hashes = {
+            "sha256": hashlib.sha256(file_value).hexdigest(),
+            "md5": hashlib.md5(file_value).hexdigest(),
+            "blake2_256": hashlib.blake2b(file_value, digest_size=256 // 8).hexdigest(),
+        }
+        db_request.db.add(
+            File(
+                release=release,
+                filename=filename,
+                md5_digest=hashes["md5"],
+                sha256_digest=hashes["sha256"],
+                blake2_256_digest=hashes["blake2_256"],
+                path="source/{name[0]}/{name}/{filename}".format(
+                    name=project.name, filename=filename
+                ),
+            )
+        )
+
+        duplicate_filename = "{}-{}.tar.gz".format(file_name_prefix, release.version)
+
+        assert legacy._is_duplicate_file(db_request.db, duplicate_filename, hashes)
+
     def test_is_duplicate_none(self, pyramid_config, db_request):
         pyramid_config.testing_securitypolicy(userid=1)
 
diff --git a/warehouse/forklift/legacy.py b/warehouse/forklift/legacy.py
@@ -766,7 +766,8 @@ def _is_duplicate_file(db_session, filename, hashes):
 
     if file_ is not None:
         return (
-            file_.filename == filename
+            # This has the effect of canonicalizing the project name and version
+            _parse_filename(file_.filename) == _parse_filename(filename)
             and file_.sha256_digest == hashes["sha256"]
             and file_.md5_digest == hashes["md5"]
             and file_.blake2_256_digest == hashes["blake2_256"]
