feat(ClamAV): add config to disable clamav usage
This commit is contained in:
parent
628625366b
commit
97feca6305
4 changed files with 54 additions and 21 deletions
|
@ -1,18 +1,18 @@
|
||||||
class ClamavService
|
class ClamavService
|
||||||
def self.safe_file?(file_path)
|
def self.safe_file?(file_path)
|
||||||
if Rails.env.development?
|
return true if !Rails.configuration.x.clamav.enabled
|
||||||
return true
|
|
||||||
end
|
|
||||||
|
|
||||||
FileUtils.chmod(0666, file_path)
|
FileUtils.chmod(0666, file_path)
|
||||||
|
|
||||||
client = ClamAV::Client.new
|
client = ClamAV::Client.new
|
||||||
response = client.execute(ClamAV::Commands::ScanCommand.new(file_path)).first
|
response = client.execute(ClamAV::Commands::ScanCommand.new(file_path)).first
|
||||||
if response.class == ClamAV::SuccessResponse
|
|
||||||
|
case response
|
||||||
|
when ClamAV::SuccessResponse
|
||||||
true
|
true
|
||||||
elsif response.class == ClamAV::VirusResponse
|
when ClamAV::VirusResponse
|
||||||
false
|
false
|
||||||
elsif response.class == ClamAV::ErrorResponse
|
when ClamAV::ErrorResponse
|
||||||
raise "ClamAV ErrorResponse : #{response.error_str}"
|
raise "ClamAV ErrorResponse : #{response.error_str}"
|
||||||
else
|
else
|
||||||
raise "ClamAV unkown response #{response.class.name}"
|
raise "ClamAV unkown response #{response.class.name}"
|
||||||
|
|
|
@ -76,5 +76,9 @@ module TPS
|
||||||
}
|
}
|
||||||
|
|
||||||
config.skylight.probes += [:graphql]
|
config.skylight.probes += [:graphql]
|
||||||
|
|
||||||
|
# Custom Configuration
|
||||||
|
# @see https://guides.rubyonrails.org/configuring.html#custom-configuration
|
||||||
|
config.x.clamav.enabled = ENV.fetch("CLAMAV_ENABLED", "enabled") == "enabled"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -138,3 +138,6 @@ ENCRYPTION_SERVICE_SALT=""
|
||||||
# Salt for invisible_captcha session data.
|
# Salt for invisible_captcha session data.
|
||||||
# Must be the same value for all app instances behind a load-balancer.
|
# Must be the same value for all app instances behind a load-balancer.
|
||||||
INVISIBLE_CAPTCHA_SECRET="kikooloool"
|
INVISIBLE_CAPTCHA_SECRET="kikooloool"
|
||||||
|
|
||||||
|
# Clamav antivirus usage
|
||||||
|
CLAMAV_ENABLED="disabled"
|
||||||
|
|
|
@ -4,25 +4,51 @@ describe ClamavService do
|
||||||
|
|
||||||
subject { ClamavService.safe_file?(path_file) }
|
subject { ClamavService.safe_file?(path_file) }
|
||||||
|
|
||||||
before do
|
context "when ClamAV is enabled" do
|
||||||
client = double("ClamAV::Client", execute: [response])
|
before do
|
||||||
allow(ClamAV::Client).to receive(:new).and_return(client)
|
@saved_clamav = Rails.configuration.x.clamav.enabled
|
||||||
allow(FileUtils).to receive(:chmod).with(0666, path_file).and_return(true)
|
Rails.configuration.x.clamav.enabled = true
|
||||||
|
|
||||||
|
client = double("ClamAV::Client", execute: [response])
|
||||||
|
allow(ClamAV::Client).to receive(:new).and_return(client)
|
||||||
|
allow(FileUtils).to receive(:chmod).with(0666, path_file).and_return(true)
|
||||||
|
end
|
||||||
|
|
||||||
|
after do
|
||||||
|
Rails.configuration.x.clamav.enabled = @saved_clamav
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'When response type is ClamAV::SuccessResponse' do
|
||||||
|
let(:response) { ClamAV::SuccessResponse.new("OK") }
|
||||||
|
it { expect(subject).to eq(true) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'When response type is ClamAV::VirusResponse' do
|
||||||
|
let(:response) { ClamAV::VirusResponse.new("KO", "VirusN4ame") }
|
||||||
|
it { expect(subject).to eq(false) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'When response type is ClamAV::ErrorResponse' do
|
||||||
|
let(:response) { ClamAV::ErrorResponse.new("File not found") }
|
||||||
|
it { expect { subject }.to raise_error("ClamAV ErrorResponse : File not found") }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'When response type is ClamAV::SuccessResponse' do
|
context "when ClamAV is disabled" do
|
||||||
let(:response) { ClamAV::SuccessResponse.new("OK") }
|
before do
|
||||||
it { expect(subject).to eq(true) }
|
@saved_clamav = Rails.configuration.x.clamav.enabled
|
||||||
end
|
Rails.configuration.x.clamav.enabled = false
|
||||||
|
end
|
||||||
|
|
||||||
context 'When response type is ClamAV::VirusResponse' do
|
after do
|
||||||
let(:response) { ClamAV::VirusResponse.new("KO", "VirusN4ame") }
|
Rails.configuration.x.clamav.enabled = @saved_clamav
|
||||||
it { expect(subject).to eq(false) }
|
end
|
||||||
end
|
|
||||||
|
|
||||||
context 'When response type is ClamAV::ErrorResponse' do
|
it do
|
||||||
let(:response) { ClamAV::ErrorResponse.new("File not found") }
|
expect(ClamAV::Client).not_to receive(:new)
|
||||||
it { expect { subject }.to raise_error("ClamAV ErrorResponse : File not found") }
|
expect(FileUtils).not_to receive(:chmod)
|
||||||
|
expect(subject).to eq(true)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue