feat(ClamAV): add config to disable clamav usage

This commit is contained in:
Jon 2022-01-28 16:20:11 +01:00 committed by Pierre de La Morinerie
parent 628625366b
commit 97feca6305
4 changed files with 54 additions and 21 deletions

View file

@ -1,18 +1,18 @@
class ClamavService class ClamavService
def self.safe_file?(file_path) def self.safe_file?(file_path)
if Rails.env.development? return true if !Rails.configuration.x.clamav.enabled
return true
end
FileUtils.chmod(0666, file_path) FileUtils.chmod(0666, file_path)
client = ClamAV::Client.new client = ClamAV::Client.new
response = client.execute(ClamAV::Commands::ScanCommand.new(file_path)).first response = client.execute(ClamAV::Commands::ScanCommand.new(file_path)).first
if response.class == ClamAV::SuccessResponse
case response
when ClamAV::SuccessResponse
true true
elsif response.class == ClamAV::VirusResponse when ClamAV::VirusResponse
false false
elsif response.class == ClamAV::ErrorResponse when ClamAV::ErrorResponse
raise "ClamAV ErrorResponse : #{response.error_str}" raise "ClamAV ErrorResponse : #{response.error_str}"
else else
raise "ClamAV unkown response #{response.class.name}" raise "ClamAV unkown response #{response.class.name}"

View file

@ -76,5 +76,9 @@ module TPS
} }
config.skylight.probes += [:graphql] config.skylight.probes += [:graphql]
# Custom Configuration
# @see https://guides.rubyonrails.org/configuring.html#custom-configuration
config.x.clamav.enabled = ENV.fetch("CLAMAV_ENABLED", "enabled") == "enabled"
end end
end end

View file

@ -138,3 +138,6 @@ ENCRYPTION_SERVICE_SALT=""
# Salt for invisible_captcha session data. # Salt for invisible_captcha session data.
# Must be the same value for all app instances behind a load-balancer. # Must be the same value for all app instances behind a load-balancer.
INVISIBLE_CAPTCHA_SECRET="kikooloool" INVISIBLE_CAPTCHA_SECRET="kikooloool"
# Clamav antivirus usage
CLAMAV_ENABLED="disabled"

View file

@ -4,25 +4,51 @@ describe ClamavService do
subject { ClamavService.safe_file?(path_file) } subject { ClamavService.safe_file?(path_file) }
before do context "when ClamAV is enabled" do
client = double("ClamAV::Client", execute: [response]) before do
allow(ClamAV::Client).to receive(:new).and_return(client) @saved_clamav = Rails.configuration.x.clamav.enabled
allow(FileUtils).to receive(:chmod).with(0666, path_file).and_return(true) Rails.configuration.x.clamav.enabled = true
client = double("ClamAV::Client", execute: [response])
allow(ClamAV::Client).to receive(:new).and_return(client)
allow(FileUtils).to receive(:chmod).with(0666, path_file).and_return(true)
end
after do
Rails.configuration.x.clamav.enabled = @saved_clamav
end
context 'When response type is ClamAV::SuccessResponse' do
let(:response) { ClamAV::SuccessResponse.new("OK") }
it { expect(subject).to eq(true) }
end
context 'When response type is ClamAV::VirusResponse' do
let(:response) { ClamAV::VirusResponse.new("KO", "VirusN4ame") }
it { expect(subject).to eq(false) }
end
context 'When response type is ClamAV::ErrorResponse' do
let(:response) { ClamAV::ErrorResponse.new("File not found") }
it { expect { subject }.to raise_error("ClamAV ErrorResponse : File not found") }
end
end end
context 'When response type is ClamAV::SuccessResponse' do context "when ClamAV is disabled" do
let(:response) { ClamAV::SuccessResponse.new("OK") } before do
it { expect(subject).to eq(true) } @saved_clamav = Rails.configuration.x.clamav.enabled
end Rails.configuration.x.clamav.enabled = false
end
context 'When response type is ClamAV::VirusResponse' do after do
let(:response) { ClamAV::VirusResponse.new("KO", "VirusN4ame") } Rails.configuration.x.clamav.enabled = @saved_clamav
it { expect(subject).to eq(false) } end
end
context 'When response type is ClamAV::ErrorResponse' do it do
let(:response) { ClamAV::ErrorResponse.new("File not found") } expect(ClamAV::Client).not_to receive(:new)
it { expect { subject }.to raise_error("ClamAV ErrorResponse : File not found") } expect(FileUtils).not_to receive(:chmod)
expect(subject).to eq(true)
end
end end
end end
end end