From 4bbe2db66892a32d16256484cd8ea2b0aaeff74a Mon Sep 17 00:00:00 2001
From: simon lehericey <mail@simon.lehericey.net>
Date: Fri, 8 Apr 2022 14:45:51 +0200
Subject: [PATCH] only export safe pj

---
 app/services/pieces_justificatives_service.rb |  9 ++++
 .../pieces_justificatives_service_spec.rb     | 54 ++++++++++++++++---
 2 files changed, 56 insertions(+), 7 deletions(-)

diff --git a/app/services/pieces_justificatives_service.rb b/app/services/pieces_justificatives_service.rb
index 72b9e9fc8..7b8472563 100644
--- a/app/services/pieces_justificatives_service.rb
+++ b/app/services/pieces_justificatives_service.rb
@@ -165,6 +165,7 @@ class PiecesJustificativesService
     ActiveStorage::Attachment
       .includes(:blob)
       .where(record_type: "Champ", record_id: champ_id_dossier_id.keys)
+      .filter { |a| safe_attachment(a) }
       .map do |a|
         dossier_id = champ_id_dossier_id[a.record_id]
         ActiveStorage::DownloadableFile.pj_and_path(dossier_id, a)
@@ -181,6 +182,7 @@ class PiecesJustificativesService
     ActiveStorage::Attachment
       .includes(:blob)
       .where(record_type: "Commentaire", record_id: commentaire_id_dossier_id.keys)
+      .filter { |a| safe_attachment(a) }
       .map do |a|
         dossier_id = commentaire_id_dossier_id[a.record_id]
         ActiveStorage::DownloadableFile.pj_and_path(dossier_id, a)
@@ -212,6 +214,7 @@ class PiecesJustificativesService
     ActiveStorage::Attachment
       .includes(:blob)
       .where(record_type: "Dossier", name: "justificatif_motivation", record_id: dossiers)
+      .filter { |a| safe_attachment(a) }
       .map do |a|
         dossier_id = a.record_id
         ActiveStorage::DownloadableFile.pj_and_path(dossier_id, a)
@@ -262,4 +265,10 @@ class PiecesJustificativesService
       .where(record_type: "BillSignature", record_id: bill_ids)
       .map { |bill| ActiveStorage::DownloadableFile.bill_and_path(bill) }
   end
+
+  def self.safe_attachment(attachment)
+    attachment
+      .blob
+      .metadata[:virus_scan_result] == ActiveStorage::VirusScanner::SAFE
+  end
 end
diff --git a/spec/services/pieces_justificatives_service_spec.rb b/spec/services/pieces_justificatives_service_spec.rb
index a768a0c63..a262d6817 100644
--- a/spec/services/pieces_justificatives_service_spec.rb
+++ b/spec/services/pieces_justificatives_service_spec.rb
@@ -23,6 +23,16 @@ describe PiecesJustificativesService do
       it { expect(subject).to match_array([pj_champ.call(dossier).piece_justificative_file.attachment]) }
     end
 
+    context 'with a pj not safe on a champ' do
+      let(:procedure) { create(:procedure, :with_piece_justificative) }
+      let(:dossier) { create(:dossier, procedure: procedure) }
+      let(:pj_champ) { -> (d) { d.champs.find { |c| c.type == 'Champs::PieceJustificativeChamp' } } }
+
+      before { attach_file_to_champ(pj_champ.call(dossier), safe = false) }
+
+      it { expect(subject).to be_empty }
+    end
+
     context 'with a private pj champ' do
       let(:procedure) { create(:procedure) }
       let(:dossier) { create(:dossier, procedure: procedure) }
@@ -64,12 +74,26 @@ describe PiecesJustificativesService do
       let(:dossier) { create(:dossier) }
       let(:witness) { create(:dossier) }
 
-      let!(:commentaire) { create(:commentaire, :with_file, dossier: dossier) }
-      let!(:witness_commentaire) { create(:commentaire, :with_file, dossier: witness) }
+      let!(:commentaire) { create(:commentaire, dossier: dossier) }
+      let!(:witness_commentaire) { create(:commentaire, dossier: witness) }
+
+      before do
+        attach_file(commentaire.piece_jointe)
+        attach_file(witness_commentaire.piece_jointe)
+      end
 
       it { expect(subject).to match_array(dossier.commentaires.first.piece_jointe.attachment) }
     end
 
+    context 'with a pj not safe on a commentaire' do
+      let(:dossier) { create(:dossier) }
+      let!(:commentaire) { create(:commentaire, dossier: dossier) }
+
+      before { attach_file(commentaire.piece_jointe, safe = false) }
+
+      it { expect(subject).to be_empty }
+    end
+
     context 'with a motivation' do
       let(:dossier) { create(:dossier, :with_justificatif) }
       let!(:witness) { create(:dossier, :with_justificatif) }
@@ -77,6 +101,14 @@ describe PiecesJustificativesService do
       it { expect(subject).to match_array(dossier.justificatif_motivation.attachment) }
     end
 
+    context 'with a motivation not safe' do
+      let(:dossier) { create(:dossier) }
+
+      before { attach_file(dossier.justificatif_motivation, safe = false) }
+
+      it { expect(subject).to be_empty }
+    end
+
     context 'with an attestation' do
       let(:dossier) { create(:dossier, :with_attestation) }
       let!(:witness) { create(:dossier, :with_attestation) }
@@ -167,12 +199,20 @@ describe PiecesJustificativesService do
     end
   end
 
-  def attach_file_to_champ(champ)
-    attach_file(champ.piece_justificative_file)
+  def attach_file_to_champ(champ, safe = true)
+    attach_file(champ.piece_justificative_file, safe)
   end
 
-  def attach_file(attachable)
-    attachable
-      .attach(io: StringIO.new("toto"), filename: "toto.png", content_type: "image/png")
+  def attach_file(attachable, safe = true)
+    to_be_attached = {
+      io: StringIO.new("toto"),
+      filename: "toto.png", content_type: "image/png"
+    }
+
+    if safe
+      to_be_attached[:metadata] = { virus_scan_result: ActiveStorage::VirusScanner::SAFE }
+    end
+
+    attachable.attach(to_be_attached)
   end
 end