From f7650135f4c9b60d1e60081ae0f5d60e18d2480c Mon Sep 17 00:00:00 2001 From: Mathieu Magnin Date: Tue, 5 Feb 2019 20:57:58 +0100 Subject: [PATCH] [Fix #3375] on the API display safe files only --- .../champs/piece_justificative_champ.rb | 2 +- .../champs/piece_justificative_champ_spec.rb | 24 +++++++++++++++++++ spec/serializers/champ_serializer_spec.rb | 5 +++- 3 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 spec/models/champs/piece_justificative_champ_spec.rb diff --git a/app/models/champs/piece_justificative_champ.rb b/app/models/champs/piece_justificative_champ.rb index 7e7e897b6..8f140c8e4 100644 --- a/app/models/champs/piece_justificative_champ.rb +++ b/app/models/champs/piece_justificative_champ.rb @@ -49,7 +49,7 @@ class Champs::PieceJustificativeChamp < Champ end def for_api - if piece_justificative_file.attached? + if piece_justificative_file.attached? && virus_scan&.safe? Rails.application.routes.url_helpers.url_for(piece_justificative_file) end end diff --git a/spec/models/champs/piece_justificative_champ_spec.rb b/spec/models/champs/piece_justificative_champ_spec.rb new file mode 100644 index 000000000..3c44c791b --- /dev/null +++ b/spec/models/champs/piece_justificative_champ_spec.rb @@ -0,0 +1,24 @@ +describe Champs::PieceJustificativeChamp do + describe '#for_api' do + let(:champ_pj) { create(:champ_piece_justificative) } + + before { champ_pj.virus_scan.update(status: status) } + + subject { champ_pj.for_api } + + context 'when file is safe' do + let(:status) { 'safe' } + it { is_expected.to include("/rails/active_storage/blobs/") } + end + + context 'when file is not scanned' do + let(:status) { 'pending' } + it { is_expected.to be_nil } + end + + context 'when file is infected' do + let(:status) { 'infected' } + it { is_expected.to be_nil } + end + end +end diff --git a/spec/serializers/champ_serializer_spec.rb b/spec/serializers/champ_serializer_spec.rb index d88916685..af119ca69 100644 --- a/spec/serializers/champ_serializer_spec.rb +++ b/spec/serializers/champ_serializer_spec.rb @@ -8,7 +8,10 @@ describe ChampSerializer do let(:champ) { create(:champ_piece_justificative) } - before { champ.piece_justificative_file.attach({ filename: __FILE__, io: File.open(__FILE__) }) } + before do + champ.piece_justificative_file.attach({ filename: __FILE__, io: File.open(__FILE__) }) + champ.reload.virus_scan.safe! + end after { champ.piece_justificative_file.purge } it { is_expected.to include(value: url_for(champ.piece_justificative_file)) }