2019-05-13-01 (#3860)

2019-05-13-01

app/lib/active_storage/virus_scanner.rb

@@ -35,12 +35,16 @@ class ActiveStorage::VirusScanner
   end
 
   def metadata
-    download_blob_to_tempfile do |file|
+    begin
-      if ClamavService.safe_file?(file.path)
+      download_blob_to_tempfile do |file|
-        { virus_scan_result: SAFE, scanned_at: Time.zone.now }
+        if ClamavService.safe_file?(file.path)
-      else
+          { virus_scan_result: SAFE, scanned_at: Time.zone.now }
-        { virus_scan_result: INFECTED, scanned_at: Time.zone.now }
+        else
+          { virus_scan_result: INFECTED, scanned_at: Time.zone.now }
+        end
       end
+    rescue StandardError => e
+      Raven.capture_exception(e)
     end
   end
 end

app/lib/helpscout/api.rb

@@ -22,17 +22,6 @@ class Helpscout::API
     })
   end
 
-  def add_custom_fields(conversation_id, dossier_id, browser)
-    body = {
-      'Dossier ID': dossier_id,
-      'Browser': browser
-    }.compact.map do |key, value|
-      { id: custom_fields[key], value: value }
-    end
-
-    call_api(:put, "#{CONVERSATIONS}/#{conversation_id}/#{FIELDS}", { fields: body })
-  end
-
   def create_conversation(email, subject, text, file)
     body = {
       subject: subject,

app/lib/helpscout/form_adapter.rb

@@ -41,8 +41,6 @@ class Helpscout::FormAdapter
 
     if conversation_id.present?
       add_tags(conversation_id)
-      add_custom_fields(conversation_id)
-
       true
     else
       false
@@ -55,10 +53,6 @@ class Helpscout::FormAdapter
     @api.add_tags(conversation_id, params[:tags])
   end
 
-  def add_custom_fields(conversation_id)
-    @api.add_custom_fields(conversation_id, params[:dossier_id], params[:browser])
-  end
-
   def create_conversation
     response = @api.create_conversation(
       params[:email],

app/uploaders/attestation_template_logo_uploader.rb

@@ -20,7 +20,7 @@ class AttestationTemplateLogoUploader < BaseUploader
 
   # Add a white list of extensions which are allowed to be uploaded.
   # For images you might use something like this:
-  def extension_white_list
+  def extension_whitelist
     ['jpg', 'jpeg', 'png']
   end
 

app/uploaders/attestation_template_signature_uploader.rb

@@ -20,7 +20,7 @@ class AttestationTemplateSignatureUploader < BaseUploader
 
   # Add a white list of extensions which are allowed to be uploaded.
   # For images you might use something like this:
-  def extension_white_list
+  def extension_whitelist
     ['jpg', 'jpeg', 'png']
   end
 

app/uploaders/commentaire_file_uploader.rb

@@ -13,11 +13,11 @@ class CommentaireFileUploader < BaseUploader
     "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
   end
 
-  def extension_white_list
+  def extension_whitelist
     ['pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx', 'odt', 'ods', 'odp', 'jpg', 'jpeg', 'png', 'zip', 'txt']
   end
 
   def accept_extension_list
-    extension_white_list.map { |e| ".#{e}" }.join(",")
+    extension_whitelist.map { |e| ".#{e}" }.join(",")
   end
 end

app/uploaders/piece_justificative_uploader.rb

@@ -18,7 +18,7 @@ class PieceJustificativeUploader < BaseUploader
 
   # Add a white list of extensions which are allowed to be uploaded.
   # For images you might use something like this:
-  def extension_white_list
+  def extension_whitelist
     ['pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx', 'odt', 'ods', 'odp', 'jpg', 'jpeg', 'png']
   end
 

app/uploaders/procedure_logo_uploader.rb

@@ -20,7 +20,7 @@ class ProcedureLogoUploader < BaseUploader
 
   # Add a white list of extensions which are allowed to be uploaded.
   # For images you might use something like this:
-  def extension_white_list
+  def extension_whitelist
     ['jpg', 'jpeg', 'png']
   end
 

config/initializers/content_security_policy.rb

@@ -1,18 +1,11 @@
 Rails.application.config.content_security_policy do |policy|
   # En cas de non respect d'une des règles, faire un POST sur cette URL
-  policy.report_uri "https://e30e0ed9c14194254481124271b34a72.report-uri.com/r/d/csp/reportOnly"
+  policy.report_uri "https://demarches-simplifiees.report-uri.com/r/d/csp/reportOnly"
   # Whitelist image
-  policy.img_src :self, "https://*.openstreetmap.org"
+  policy.img_src :self, "*.openstreetmap.org", "static.demarches-simplifiees.fr", "*.cloud.ovh.net", "stats.data.gouv.fr"
-  # Whitelist JS: nous, sendinblue et matomo, et… miniprofiler :(
+  # Whitelist JS: nous, sendinblue et matomo
-  if Rails.env.development?
+  # miniprofiler et nous avons quelques boutons inline :(
-    # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
+  policy.script_src :self, "*.sibautomation.com", "stats.data.gouv.fr", "*.sendinblue.com", :unsafe_eval, :unsafe_inline
-    policy.script_src :self, "https://sibautomation.com", "//stats.data.gouv.fr", :unsafe_eval, :unsafe_inline
-  else
-    policy.script_src :self, "https://sibautomation.com", "//stats.data.gouv.fr"
-  end
-  # Génération d'un nonce pour les balises script inline qu'on maitrise (Gon)
-  Rails.application.config.content_security_policy_nonce_generator = -> _request { SecureRandom.base64(16) }
-
   # Pour les CSS, on a beaucoup de style inline et quelques balises <style>
   # c'est trop compliqué pour être rectifié immédiatement (et sans valeur ajoutée:
   # c'est hardcodé dans les vues, donc pas injectable).

spec/lib/helpscout/form_adapter_spec.rb

@@ -62,8 +62,6 @@ describe Helpscout::FormAdapter do
           .with(email, subject, text, nil)
         expect(api).to have_received(:add_tags)
           .with(conversation_id, tags)
-        expect(api).to have_received(:add_custom_fields)
-          .with(conversation_id, nil, nil)
       end
     end
 
@@ -102,8 +100,6 @@ describe Helpscout::FormAdapter do
           .with(email, subject, text, nil)
         expect(api).to have_received(:add_phone_number)
           .with(email, phone)
-        expect(api).to have_received(:add_custom_fields)
-          .with(conversation_id, nil, nil)
       end
     end
   end