Merge pull request #6927 from adullact/feature/6885-deactivate-clamav

Ajout d'un réglage pour pouvoir désactiver ClamAV
This commit is contained in:
Pierre de La Morinerie 2022-02-15 09:21:52 +01:00 committed by GitHub
commit e7aa29b9b0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 54 additions and 21 deletions

View file

@ -1,18 +1,18 @@
class ClamavService
def self.safe_file?(file_path)
if Rails.env.development?
return true
end
return true if !Rails.configuration.x.clamav.enabled
FileUtils.chmod(0666, file_path)
client = ClamAV::Client.new
response = client.execute(ClamAV::Commands::ScanCommand.new(file_path)).first
if response.class == ClamAV::SuccessResponse
case response
when ClamAV::SuccessResponse
true
elsif response.class == ClamAV::VirusResponse
when ClamAV::VirusResponse
false
elsif response.class == ClamAV::ErrorResponse
when ClamAV::ErrorResponse
raise "ClamAV ErrorResponse : #{response.error_str}"
else
raise "ClamAV unkown response #{response.class.name}"

View file

@ -76,5 +76,9 @@ module TPS
}
config.skylight.probes += [:graphql]
# Custom Configuration
# @see https://guides.rubyonrails.org/configuring.html#custom-configuration
config.x.clamav.enabled = ENV.fetch("CLAMAV_ENABLED", "enabled") == "enabled"
end
end

View file

@ -138,3 +138,6 @@ ENCRYPTION_SERVICE_SALT=""
# Salt for invisible_captcha session data.
# Must be the same value for all app instances behind a load-balancer.
INVISIBLE_CAPTCHA_SECRET="kikooloool"
# Clamav antivirus usage
CLAMAV_ENABLED="disabled"

View file

@ -4,25 +4,51 @@ describe ClamavService do
subject { ClamavService.safe_file?(path_file) }
before do
client = double("ClamAV::Client", execute: [response])
allow(ClamAV::Client).to receive(:new).and_return(client)
allow(FileUtils).to receive(:chmod).with(0666, path_file).and_return(true)
context "when ClamAV is enabled" do
before do
@saved_clamav = Rails.configuration.x.clamav.enabled
Rails.configuration.x.clamav.enabled = true
client = double("ClamAV::Client", execute: [response])
allow(ClamAV::Client).to receive(:new).and_return(client)
allow(FileUtils).to receive(:chmod).with(0666, path_file).and_return(true)
end
after do
Rails.configuration.x.clamav.enabled = @saved_clamav
end
context 'When response type is ClamAV::SuccessResponse' do
let(:response) { ClamAV::SuccessResponse.new("OK") }
it { expect(subject).to eq(true) }
end
context 'When response type is ClamAV::VirusResponse' do
let(:response) { ClamAV::VirusResponse.new("KO", "VirusN4ame") }
it { expect(subject).to eq(false) }
end
context 'When response type is ClamAV::ErrorResponse' do
let(:response) { ClamAV::ErrorResponse.new("File not found") }
it { expect { subject }.to raise_error("ClamAV ErrorResponse : File not found") }
end
end
context 'When response type is ClamAV::SuccessResponse' do
let(:response) { ClamAV::SuccessResponse.new("OK") }
it { expect(subject).to eq(true) }
end
context "when ClamAV is disabled" do
before do
@saved_clamav = Rails.configuration.x.clamav.enabled
Rails.configuration.x.clamav.enabled = false
end
context 'When response type is ClamAV::VirusResponse' do
let(:response) { ClamAV::VirusResponse.new("KO", "VirusN4ame") }
it { expect(subject).to eq(false) }
end
after do
Rails.configuration.x.clamav.enabled = @saved_clamav
end
context 'When response type is ClamAV::ErrorResponse' do
let(:response) { ClamAV::ErrorResponse.new("File not found") }
it { expect { subject }.to raise_error("ClamAV ErrorResponse : File not found") }
it do
expect(ClamAV::Client).not_to receive(:new)
expect(FileUtils).not_to receive(:chmod)
expect(subject).to eq(true)
end
end
end
end