diff --git a/app/services/clamav_service.rb b/app/services/clamav_service.rb index 7acae2a0a..5b7032a55 100644 --- a/app/services/clamav_service.rb +++ b/app/services/clamav_service.rb @@ -1,18 +1,18 @@ class ClamavService def self.safe_file?(file_path) - if Rails.env.development? - return true - end + return true if !Rails.configuration.x.clamav.enabled FileUtils.chmod(0666, file_path) client = ClamAV::Client.new response = client.execute(ClamAV::Commands::ScanCommand.new(file_path)).first - if response.class == ClamAV::SuccessResponse + + case response + when ClamAV::SuccessResponse true - elsif response.class == ClamAV::VirusResponse + when ClamAV::VirusResponse false - elsif response.class == ClamAV::ErrorResponse + when ClamAV::ErrorResponse raise "ClamAV ErrorResponse : #{response.error_str}" else raise "ClamAV unkown response #{response.class.name}" diff --git a/config/application.rb b/config/application.rb index 2d9b15e9f..b75d4ae9b 100644 --- a/config/application.rb +++ b/config/application.rb @@ -76,5 +76,9 @@ module TPS } config.skylight.probes += [:graphql] + + # Custom Configuration + # @see https://guides.rubyonrails.org/configuring.html#custom-configuration + config.x.clamav.enabled = ENV.fetch("CLAMAV_ENABLED", "enabled") == "enabled" end end diff --git a/config/env.example b/config/env.example index f557df768..bd3bd9ff6 100644 --- a/config/env.example +++ b/config/env.example @@ -138,3 +138,6 @@ ENCRYPTION_SERVICE_SALT="" # Salt for invisible_captcha session data. # Must be the same value for all app instances behind a load-balancer. INVISIBLE_CAPTCHA_SECRET="kikooloool" + +# Clamav antivirus usage +CLAMAV_ENABLED="disabled" diff --git a/spec/services/clamav_service_spec.rb b/spec/services/clamav_service_spec.rb index 2341f2229..5c6c028f3 100644 --- a/spec/services/clamav_service_spec.rb +++ b/spec/services/clamav_service_spec.rb @@ -4,25 +4,51 @@ describe ClamavService do subject { ClamavService.safe_file?(path_file) } - before do - client = double("ClamAV::Client", execute: [response]) - allow(ClamAV::Client).to receive(:new).and_return(client) - allow(FileUtils).to receive(:chmod).with(0666, path_file).and_return(true) + context "when ClamAV is enabled" do + before do + @saved_clamav = Rails.configuration.x.clamav.enabled + Rails.configuration.x.clamav.enabled = true + + client = double("ClamAV::Client", execute: [response]) + allow(ClamAV::Client).to receive(:new).and_return(client) + allow(FileUtils).to receive(:chmod).with(0666, path_file).and_return(true) + end + + after do + Rails.configuration.x.clamav.enabled = @saved_clamav + end + + context 'When response type is ClamAV::SuccessResponse' do + let(:response) { ClamAV::SuccessResponse.new("OK") } + it { expect(subject).to eq(true) } + end + + context 'When response type is ClamAV::VirusResponse' do + let(:response) { ClamAV::VirusResponse.new("KO", "VirusN4ame") } + it { expect(subject).to eq(false) } + end + + context 'When response type is ClamAV::ErrorResponse' do + let(:response) { ClamAV::ErrorResponse.new("File not found") } + it { expect { subject }.to raise_error("ClamAV ErrorResponse : File not found") } + end end - context 'When response type is ClamAV::SuccessResponse' do - let(:response) { ClamAV::SuccessResponse.new("OK") } - it { expect(subject).to eq(true) } - end + context "when ClamAV is disabled" do + before do + @saved_clamav = Rails.configuration.x.clamav.enabled + Rails.configuration.x.clamav.enabled = false + end - context 'When response type is ClamAV::VirusResponse' do - let(:response) { ClamAV::VirusResponse.new("KO", "VirusN4ame") } - it { expect(subject).to eq(false) } - end + after do + Rails.configuration.x.clamav.enabled = @saved_clamav + end - context 'When response type is ClamAV::ErrorResponse' do - let(:response) { ClamAV::ErrorResponse.new("File not found") } - it { expect { subject }.to raise_error("ClamAV ErrorResponse : File not found") } + it do + expect(ClamAV::Client).not_to receive(:new) + expect(FileUtils).not_to receive(:chmod) + expect(subject).to eq(true) + end end end end