carrierwave-attachmentscanner 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +23 -0
- data/.travis.yml +16 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +106 -0
- data/Rakefile +6 -0
- data/carrierwave-attachmentscanner.gemspec +32 -0
- data/lib/carrierwave-attachmentscanner.rb +1 -0
- data/lib/carrierwave/attachmentscanner.rb +89 -0
- data/lib/carrierwave/attachmentscanner/version.rb +5 -0
- data/lib/generators/carrierwave_attachmentscanner/config/config_generator.rb +23 -0
- data/lib/generators/carrierwave_attachmentscanner/config/templates/config.rb.erb +14 -0
- metadata +141 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 3747ea9b16fe64ca851ea8918f87d952930791e9
|
4
|
+
data.tar.gz: 9fc0592f74f6fd310255c30ca669a25975cd7e18
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 21a01293633e09a2d047c35539357e6c591ac1f5e1ad3db4a22c84e331b7cc0ecab2c985dff2efd032f55ecfb603388ff4fc196b620f5c2d560d788a38a94165
|
7
|
+
data.tar.gz: 8a8d1813ac8e5eecb57b5e74d0345a2ec77407705fa0b430580ab0428dd919307d8c5538278fdab3fa35c43987561703f343192a040b76b526d1be2cf0364d7b
|
data/.gitignore
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
*.gem
|
2
|
+
/coverage/
|
3
|
+
/tmp/
|
4
|
+
|
5
|
+
## Documentation cache and generated files:
|
6
|
+
/.yardoc/
|
7
|
+
/_yardoc/
|
8
|
+
/doc/
|
9
|
+
/rdoc/
|
10
|
+
|
11
|
+
## Environment normalization:
|
12
|
+
/.bundle/
|
13
|
+
/vendor/bundle
|
14
|
+
/lib/bundler/man/
|
15
|
+
|
16
|
+
# for a library or gem, you might want to ignore these files since the code is
|
17
|
+
# intended to run in multiple environments; otherwise, check them in:
|
18
|
+
Gemfile.lock
|
19
|
+
.ruby-version
|
20
|
+
.ruby-gemset
|
21
|
+
|
22
|
+
# Docker is being used in development but we're not ready to push this yet.
|
23
|
+
Dockerfile
|
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2017 Steve Smith
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,106 @@
|
|
1
|
+
# Carrierwave::Attachmentscanner
|
2
|
+
|
3
|
+
[![Build Status](https://travis-ci.org/attachmentscanner/carrierwave-attachmentscanner.svg?branch=master)](https://travis-ci.org/attachmentscanner/carrierwave-attachmentscanner)
|
4
|
+
|
5
|
+
Carrierwave::Attachmentscanner allows you to scan any file uploaded by
|
6
|
+
[CarrierWave](https://github.com/carrierwaveuploader/carrierwave) for viruses or
|
7
|
+
other malicious content.
|
8
|
+
|
9
|
+
It works by sending the upload to [Attachment Scanner](http://www.attachmentscanner.com)
|
10
|
+
to be checked and then raising an error if the file matches a known database.
|
11
|
+
|
12
|
+
## Installation
|
13
|
+
|
14
|
+
Add `carrierwave-attachmentscanner` to your `Gemfile`
|
15
|
+
|
16
|
+
```ruby
|
17
|
+
gem 'carrierwave-attachmentscanner'
|
18
|
+
```
|
19
|
+
|
20
|
+
Download and install by running:
|
21
|
+
|
22
|
+
```bash
|
23
|
+
bundle
|
24
|
+
```
|
25
|
+
|
26
|
+
Initialize the scanner with your `cluster_url` and `api_token`
|
27
|
+
(If you don't already have these values head to
|
28
|
+
[Attachment Scanner](http://www.attachmentscanner.com) and sign up for an account):
|
29
|
+
|
30
|
+
### Adding to an Uploader
|
31
|
+
|
32
|
+
You can then include `CarrierWave::AttachmentScanner` in your uploaders:
|
33
|
+
|
34
|
+
```ruby
|
35
|
+
class YourUploader < CarrierWave::Uploader::Base
|
36
|
+
include CarrierWave::AttachmentScanner
|
37
|
+
end
|
38
|
+
```
|
39
|
+
|
40
|
+
### Adding your credentials
|
41
|
+
|
42
|
+
```bash
|
43
|
+
bundle exec rails generate carrierwave_attachmentscanner:config [CLUSTER_URL] [API_TOKEN]
|
44
|
+
```
|
45
|
+
|
46
|
+
This will create `config/initializers/carrierwave_attachmentscanner.rb` with the
|
47
|
+
following content:
|
48
|
+
|
49
|
+
```ruby
|
50
|
+
CarrierWave::AttachmentScanner.configure do |config|
|
51
|
+
config.url = "CLUSTER_URL"
|
52
|
+
config.api_token = "API_TOKEN"
|
53
|
+
end
|
54
|
+
```
|
55
|
+
|
56
|
+
If you leave things blank we'll assume that you're going to set the config values
|
57
|
+
within ENV variables like the following:
|
58
|
+
|
59
|
+
```ruby
|
60
|
+
CarrierWave::AttachmentScanner.configure do |config|
|
61
|
+
config.url = ENV['ATTACHMENT_SCANNER_URL']
|
62
|
+
config.api_token = ENV['ATTACHMENT_SCANNER_API_TOKEN']
|
63
|
+
end
|
64
|
+
```
|
65
|
+
|
66
|
+
# Usage
|
67
|
+
|
68
|
+
Once installed `CarrierWave::AttachmentScanner` will call the endpoint with any
|
69
|
+
file a user attempts to call on your uploader.
|
70
|
+
|
71
|
+
It will raise a `CarrierWave::IntegrityError` whenever a malicious file is found,
|
72
|
+
by default this will then prevent the model from saving.
|
73
|
+
|
74
|
+
## Customising the response
|
75
|
+
|
76
|
+
There are two methods that can be used to compare the response from the
|
77
|
+
AttachmentScanner API and present an error message within CarrierWave.
|
78
|
+
|
79
|
+
The first method `blocked_scan_statuses` is used to compare the scan result with
|
80
|
+
a list of statuses.
|
81
|
+
|
82
|
+
```ruby
|
83
|
+
def blocked_scan_statuses
|
84
|
+
%w(found)
|
85
|
+
end
|
86
|
+
```
|
87
|
+
|
88
|
+
The second can be overridden in order to use the response to alter the upload
|
89
|
+
message.
|
90
|
+
|
91
|
+
```ruby
|
92
|
+
# This can be overridden in order to change the message
|
93
|
+
def scan_error_message(result)
|
94
|
+
"AttachmentScanner prevented this upload"
|
95
|
+
end
|
96
|
+
```
|
97
|
+
|
98
|
+
Finally if you need total control you can override the `scan_result_allowed?`
|
99
|
+
method completely.
|
100
|
+
|
101
|
+
# Development / Contributing
|
102
|
+
|
103
|
+
Pull requests are welcome. There is an RSpec suite at `/spec`. Please ensure that
|
104
|
+
tests pass before submitting a pull request.
|
105
|
+
|
106
|
+
Thank you for making `CarrierWave::AttachmentScanner` better.
|
data/Rakefile
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'carrierwave/attachmentscanner/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "carrierwave-attachmentscanner"
|
8
|
+
spec.version = CarrierWave::AttachmentScanner::VERSION
|
9
|
+
spec.authors = ["Steve Smith"]
|
10
|
+
spec.email = ["gems@dynedge.co.uk"]
|
11
|
+
|
12
|
+
spec.summary = %q{Scan carrierwave attachments using AttachmentScanner}
|
13
|
+
spec.description = %q{Automatically sends carrierwave uploads to AttachmentScanner to search for
|
14
|
+
viruses, malware and other malicious files. }
|
15
|
+
spec.homepage = "http://www.attachmentscanner.com"
|
16
|
+
spec.license = "MIT"
|
17
|
+
|
18
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
19
|
+
f.match(%r{^(test|spec|features)/})
|
20
|
+
end
|
21
|
+
spec.bindir = "exe"
|
22
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
23
|
+
spec.require_paths = ["lib"]
|
24
|
+
|
25
|
+
spec.add_dependency "carrierwave"
|
26
|
+
spec.add_dependency "faraday"
|
27
|
+
spec.add_dependency "faraday_middleware"
|
28
|
+
|
29
|
+
spec.add_development_dependency "bundler"
|
30
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
31
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
32
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require "carrierwave/attachmentscanner"
|
@@ -0,0 +1,89 @@
|
|
1
|
+
require 'faraday'
|
2
|
+
require 'faraday_middleware'
|
3
|
+
require 'carrierwave/attachmentscanner/version'
|
4
|
+
|
5
|
+
module CarrierWave
|
6
|
+
module AttachmentScanner
|
7
|
+
Config = Struct.new(:url, :api_token, :enabled, :logger)
|
8
|
+
.new(ENV['ATTACHMENT_SCANNER_URL'], ENV['ATTACHMENT_SCANNER_API_TOKEN'],
|
9
|
+
true, Logger.new(STDOUT))
|
10
|
+
|
11
|
+
DISABLED_WARNING = "[CarrierWave::AttachmentScanner] Disabled".freeze
|
12
|
+
|
13
|
+
class AttachmentScannerError < CarrierWave::IntegrityError
|
14
|
+
attr_accessor :status
|
15
|
+
attr_accessor :matches
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.included(base)
|
19
|
+
if Config.enabled
|
20
|
+
raise ArgumentError, "AttachmentScanner API Token is required" unless Config.api_token
|
21
|
+
raise ArgumentError, "AttachmentScanner URL is required" unless Config.url
|
22
|
+
end
|
23
|
+
|
24
|
+
base.before :cache, :scan_file!
|
25
|
+
end
|
26
|
+
|
27
|
+
def self.configure
|
28
|
+
raise ArgumentError, "Block must be specified for configure" unless block_given?
|
29
|
+
|
30
|
+
yield(Config)
|
31
|
+
end
|
32
|
+
|
33
|
+
def scan_file!(new_file)
|
34
|
+
return Config.logger.warn(DISABLED_WARNING) unless Config.enabled
|
35
|
+
|
36
|
+
result = send_to_scanner(new_file)
|
37
|
+
scan_result_allowed?(result)
|
38
|
+
end
|
39
|
+
|
40
|
+
def scan_result_allowed?(result)
|
41
|
+
Config.logger.info("[CarrierWave::AttachmentScanner] status: #{result['status']}")
|
42
|
+
return true unless blocked_scan_statuses.include?(result['status'])
|
43
|
+
|
44
|
+
Config.logger.warn("[CarrierWave::AttachmentScanner] matched: #{result['matches']}")
|
45
|
+
|
46
|
+
error = AttachmentScannerError.new(scan_error_message(result))
|
47
|
+
error.status = result['status']
|
48
|
+
error.matches = result['matches']
|
49
|
+
raise error
|
50
|
+
end
|
51
|
+
|
52
|
+
def blocked_scan_statuses
|
53
|
+
%w(found)
|
54
|
+
end
|
55
|
+
|
56
|
+
# This can be overridden in order to change the message
|
57
|
+
def scan_error_message(_result)
|
58
|
+
"AttachmentScanner prevented this upload"
|
59
|
+
end
|
60
|
+
|
61
|
+
protected
|
62
|
+
|
63
|
+
def send_to_scanner(new_file)
|
64
|
+
# Needed to support the case that a StringIO is being passed.
|
65
|
+
# Passes the root StringIO to Faraday::UploadIO unless we think this is a
|
66
|
+
# file (i.e. has path) in which case we pass the file.
|
67
|
+
# We can't pass the SanitizedFile as it implements read without arguments.
|
68
|
+
root_file = new_file
|
69
|
+
root_file = root_file.file while root_file.is_a?(CarrierWave::SanitizedFile)
|
70
|
+
file_or_path = root_file.respond_to?(:path) ? new_file.path : root_file
|
71
|
+
|
72
|
+
Config.logger.info("[CarrierWave::AttachmentScanner] scanning #{new_file.filename}")
|
73
|
+
upload = Faraday::UploadIO.new(file_or_path, new_file.content_type, new_file.filename)
|
74
|
+
response = scan_connection.post('/requests', file: upload)
|
75
|
+
response.body
|
76
|
+
end
|
77
|
+
|
78
|
+
def scan_connection
|
79
|
+
Faraday.new(Config.url) do |f|
|
80
|
+
f.request :multipart
|
81
|
+
f.request :url_encoded
|
82
|
+
f.authorization :Bearer, Config.api_token
|
83
|
+
f.response :json
|
84
|
+
f.response :raise_error
|
85
|
+
f.adapter :net_http
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module CarrierwaveAttachmentscanner
|
2
|
+
module Generators
|
3
|
+
class ConfigGenerator < ::Rails::Generators::Base
|
4
|
+
DEFAULT_URL = "ENV['ATTACHMENT_SCANNER_URL']"
|
5
|
+
DEFAULT_API_TOKEN = "ENV['ATTACHMENT_SCANNER_API_TOKEN']"
|
6
|
+
|
7
|
+
desc 'Creates an initializer at config/initializers/carrierwave_attachmentscanner.rb'
|
8
|
+
argument :cluster_url, type: :string, default: DEFAULT_URL
|
9
|
+
argument :api_token, type: :string, default: DEFAULT_API_TOKEN
|
10
|
+
|
11
|
+
def self.source_root
|
12
|
+
File.expand_path("../templates", __FILE__)
|
13
|
+
end
|
14
|
+
|
15
|
+
def create_config_file
|
16
|
+
template(
|
17
|
+
'config.rb.erb',
|
18
|
+
File.join('config', 'initializers', 'carrierwave_attachmentscanner.rb')
|
19
|
+
)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# Sets up credentials needed for AttachmentScanner to check files.
|
2
|
+
# By default it will check the ENV variables of a project.
|
3
|
+
# Change this to manually set the configuration.
|
4
|
+
|
5
|
+
CarrierWave::AttachmentScanner.configure do |config|
|
6
|
+
config.url = <%= cluster_url.starts_with?("ENV") ? cluster_url : "\"#{cluster_url}\"" %>
|
7
|
+
config.api_token = <%= api_token.starts_with?("ENV") ? api_token : "\"#{api_token}\"" %>
|
8
|
+
|
9
|
+
# Set the logger to the Rails logger so we don't need to use STDOUT
|
10
|
+
config.logger = Rails.logger
|
11
|
+
|
12
|
+
# Disable in test and development environments
|
13
|
+
# config.enabled = false if Rails.env.development? || Rails.env.test?
|
14
|
+
end
|
metadata
ADDED
@@ -0,0 +1,141 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: carrierwave-attachmentscanner
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Steve Smith
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-04-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: carrierwave
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: faraday
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: faraday_middleware
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: bundler
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rake
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '10.0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '10.0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rspec
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '3.0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '3.0'
|
97
|
+
description: "Automatically sends carrierwave uploads to AttachmentScanner to search
|
98
|
+
for\n viruses, malware and other malicious files. "
|
99
|
+
email:
|
100
|
+
- gems@dynedge.co.uk
|
101
|
+
executables: []
|
102
|
+
extensions: []
|
103
|
+
extra_rdoc_files: []
|
104
|
+
files:
|
105
|
+
- ".gitignore"
|
106
|
+
- ".travis.yml"
|
107
|
+
- Gemfile
|
108
|
+
- LICENSE.txt
|
109
|
+
- README.md
|
110
|
+
- Rakefile
|
111
|
+
- carrierwave-attachmentscanner.gemspec
|
112
|
+
- lib/carrierwave-attachmentscanner.rb
|
113
|
+
- lib/carrierwave/attachmentscanner.rb
|
114
|
+
- lib/carrierwave/attachmentscanner/version.rb
|
115
|
+
- lib/generators/carrierwave_attachmentscanner/config/config_generator.rb
|
116
|
+
- lib/generators/carrierwave_attachmentscanner/config/templates/config.rb.erb
|
117
|
+
homepage: http://www.attachmentscanner.com
|
118
|
+
licenses:
|
119
|
+
- MIT
|
120
|
+
metadata: {}
|
121
|
+
post_install_message:
|
122
|
+
rdoc_options: []
|
123
|
+
require_paths:
|
124
|
+
- lib
|
125
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
126
|
+
requirements:
|
127
|
+
- - ">="
|
128
|
+
- !ruby/object:Gem::Version
|
129
|
+
version: '0'
|
130
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
131
|
+
requirements:
|
132
|
+
- - ">="
|
133
|
+
- !ruby/object:Gem::Version
|
134
|
+
version: '0'
|
135
|
+
requirements: []
|
136
|
+
rubyforge_project:
|
137
|
+
rubygems_version: 2.6.8
|
138
|
+
signing_key:
|
139
|
+
specification_version: 4
|
140
|
+
summary: Scan carrierwave attachments using AttachmentScanner
|
141
|
+
test_files: []
|