From ab61dfbd48bcea6facf36ebd7d58cc2eb98a391c Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Fri, 14 Nov 2025 09:16:09 +0100
Subject: [PATCH] C#: Do not use NuGet feeds that returns a 401 unathorized
 message.

---
 .../NugetPackageRestorer.cs                   | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
index e0e1bc649fa4..ac41a5b69686 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
@@ -611,15 +611,9 @@ private void TryChangeProjectFile(DirectoryInfo projectDir, Regex pattern, strin
             }
         }
 
-        private static async Task ExecuteGetRequest(string address, HttpClient httpClient, CancellationToken cancellationToken)
+        private static async Task<HttpResponseMessage> ExecuteGetRequest(string address, HttpClient httpClient, CancellationToken cancellationToken)
         {
-            using var stream = await httpClient.GetStreamAsync(address, cancellationToken);
-            var buffer = new byte[1024];
-            int bytesRead;
-            while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0)
-            {
-                // do nothing
-            }
+            return await httpClient.GetAsync(address, cancellationToken);
         }
 
         private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, bool allowExceptions = true)
@@ -661,7 +655,8 @@ private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount,
                 cts.CancelAfter(timeoutMilliSeconds);
                 try
                 {
-                    ExecuteGetRequest(feed, client, cts.Token).GetAwaiter().GetResult();
+                    var response = ExecuteGetRequest(feed, client, cts.Token).GetAwaiter().GetResult();
+                    response.EnsureSuccessStatusCode();
                     logger.LogInfo($"Querying NuGet feed '{feed}' succeeded.");
                     return true;
                 }
@@ -675,6 +670,13 @@ private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount,
                         timeoutMilliSeconds *= 2;
                         continue;
                     }
+                    if (exc is HttpRequestException hre &&
+                        hre.StatusCode == HttpStatusCode.Unauthorized)
+                    {
+
+                        logger.LogInfo($"Received 401 Unauthorized error from NuGet feed '{feed}'.");
+                        return false;
+                    }
 
                     // We're only interested in timeouts.
                     var start = allowExceptions ? "Considering" : "Not considering";