-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use Carrierwave for file uploads Update to use DBT-Scanner via URL with credentials Add specs for new functionality and update existing specs where appropriate
- Loading branch information
1 parent
03e62ef
commit 4e10c15
Showing
29 changed files
with
714 additions
and
181 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,10 +2,6 @@ | |
version: v1.7.0 | ||
# ignores vulnerabilities until expiry date; change duration by modifying expiry date | ||
ignore: | ||
SNYK-RUBY-FARADAYMIDDLEWARE-20334: | ||
- '* > [email protected]': | ||
reason: None given | ||
expires: '2017-06-09T12:30:08.169Z' | ||
SNYK-RUBY-NOKOGIRI-20299: | ||
- '*': | ||
reason: an application using Nokogiri needs to be opt into the DTDLOAD option and opt out of the NONET option in order to be vulnerable | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
web: bundle exec rake cf:run_migrations db:migrate && bundle exec puma -C config/puma.rb | ||
worker: bundle exec sidekiq -L ./log/worker.log -C ./config/sidekiq.yml | ||
worker: bundle exec sidekiq -C ./config/sidekiq.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
web: bundle exec rake cf:run_migrations db:migrate && bundle exec puma -C config/puma.rb | ||
worker: bundle exec sidekiq -L ./log/worker.log -C ./config/sidekiq.yml | ||
worker: bundle exec sidekiq -C ./config/sidekiq.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
class FileScanJob < ApplicationJob | ||
queue_as :default | ||
|
||
def perform(key, class_name, record_id, attribute_name) | ||
record = class_name.constantize.find(record_id) | ||
file = record.send(attribute_name) | ||
|
||
return if file.blank? | ||
|
||
begin | ||
file_to_scan = get_file_to_scan(file) | ||
scan_result = VirusScanner.scan_file(file_to_scan) | ||
status = scan_result[:malware] ? "infected" : "clean" | ||
record.send(:"on_scan_#{attribute_name}", status: status) | ||
rescue VirusScanner::AuthenticationError => e | ||
handle_authentication_error(record, attribute_name, e) | ||
rescue VirusScanner::FileTooLargeError => e | ||
handle_file_too_large_error(record, attribute_name, e) | ||
rescue VirusScanner::ScanError => e | ||
handle_scan_error(record, attribute_name, e) | ||
ensure | ||
file_to_scan.close if file_to_scan.respond_to?(:close) | ||
end | ||
end | ||
|
||
private | ||
|
||
def get_file_to_scan(file) | ||
if file.is_a?(String) | ||
File.open(file, "rb") | ||
elsif file.respond_to?(:read) | ||
file | ||
elsif file.is_a?(CarrierWave::SanitizedFile) | ||
File.open(file.file, "rb") | ||
elsif file.respond_to?(:file) | ||
if file.file.is_a?(CarrierWave::SanitizedFile) | ||
File.open(file.file.file, "rb") | ||
elsif file.file.respond_to?(:path) | ||
File.open(file.file.path, "rb") | ||
elsif file.file.respond_to?(:read) | ||
file.file | ||
else | ||
raise ArgumentError, "Don't know how to handle #{file.file.class}" | ||
end | ||
elsif file.respond_to?(:path) | ||
File.open(file.path, "rb") | ||
else | ||
raise ArgumentError, "Don't know how to handle #{file.class}" | ||
end | ||
end | ||
|
||
def handle_authentication_error(record, attribute_name, error) | ||
Rails.logger.error("VirusScanner Authentication Error: #{error.message}") | ||
record.send(:"on_scan_#{attribute_name}", status: :error) | ||
end | ||
|
||
def handle_file_too_large_error(record, attribute_name, error) | ||
Rails.logger.warn("File too large for virus scanning: #{error.message}") | ||
record.send(:"on_scan_#{attribute_name}", status: :error) | ||
end | ||
|
||
def handle_scan_error(record, attribute_name, error) | ||
Rails.logger.error("VirusScanner Error: #{error.message}") | ||
record.send(:"on_scan_#{attribute_name}", status: :error) | ||
end | ||
end |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.