carrierwave-attachmentscanner 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 3747ea9b16fe64ca851ea8918f87d952930791e9
4
+ data.tar.gz: 9fc0592f74f6fd310255c30ca669a25975cd7e18
5
+ SHA512:
6
+ metadata.gz: 21a01293633e09a2d047c35539357e6c591ac1f5e1ad3db4a22c84e331b7cc0ecab2c985dff2efd032f55ecfb603388ff4fc196b620f5c2d560d788a38a94165
7
+ data.tar.gz: 8a8d1813ac8e5eecb57b5e74d0345a2ec77407705fa0b430580ab0428dd919307d8c5538278fdab3fa35c43987561703f343192a040b76b526d1be2cf0364d7b
data/.gitignore ADDED
@@ -0,0 +1,23 @@
1
+ *.gem
2
+ /coverage/
3
+ /tmp/
4
+
5
+ ## Documentation cache and generated files:
6
+ /.yardoc/
7
+ /_yardoc/
8
+ /doc/
9
+ /rdoc/
10
+
11
+ ## Environment normalization:
12
+ /.bundle/
13
+ /vendor/bundle
14
+ /lib/bundler/man/
15
+
16
+ # for a library or gem, you might want to ignore these files since the code is
17
+ # intended to run in multiple environments; otherwise, check them in:
18
+ Gemfile.lock
19
+ .ruby-version
20
+ .ruby-gemset
21
+
22
+ # Docker is being used in development but we're not ready to push this yet.
23
+ Dockerfile
data/.travis.yml ADDED
@@ -0,0 +1,16 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.4.0
4
+ - 2.3.1
5
+ - 2.2
6
+ - 2.1
7
+ - 2.0
8
+ - ruby-head
9
+ - jruby
10
+
11
+ sudo: false
12
+
13
+ before_install:
14
+ - gem update bundler
15
+
16
+ script: bundle exec rspec
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in carrierwave-attachmentscan.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2017 Steve Smith
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,106 @@
1
+ # Carrierwave::Attachmentscanner
2
+
3
+ [![Build Status](https://travis-ci.org/attachmentscanner/carrierwave-attachmentscanner.svg?branch=master)](https://travis-ci.org/attachmentscanner/carrierwave-attachmentscanner)
4
+
5
+ Carrierwave::Attachmentscanner allows you to scan any file uploaded by
6
+ [CarrierWave](https://github.com/carrierwaveuploader/carrierwave) for viruses or
7
+ other malicious content.
8
+
9
+ It works by sending the upload to [Attachment Scanner](http://www.attachmentscanner.com)
10
+ to be checked and then raising an error if the file matches a known database.
11
+
12
+ ## Installation
13
+
14
+ Add `carrierwave-attachmentscanner` to your `Gemfile`
15
+
16
+ ```ruby
17
+ gem 'carrierwave-attachmentscanner'
18
+ ```
19
+
20
+ Download and install by running:
21
+
22
+ ```bash
23
+ bundle
24
+ ```
25
+
26
+ Initialize the scanner with your `cluster_url` and `api_token`
27
+ (If you don't already have these values head to
28
+ [Attachment Scanner](http://www.attachmentscanner.com) and sign up for an account):
29
+
30
+ ### Adding to an Uploader
31
+
32
+ You can then include `CarrierWave::AttachmentScanner` in your uploaders:
33
+
34
+ ```ruby
35
+ class YourUploader < CarrierWave::Uploader::Base
36
+ include CarrierWave::AttachmentScanner
37
+ end
38
+ ```
39
+
40
+ ### Adding your credentials
41
+
42
+ ```bash
43
+ bundle exec rails generate carrierwave_attachmentscanner:config [CLUSTER_URL] [API_TOKEN]
44
+ ```
45
+
46
+ This will create `config/initializers/carrierwave_attachmentscanner.rb` with the
47
+ following content:
48
+
49
+ ```ruby
50
+ CarrierWave::AttachmentScanner.configure do |config|
51
+ config.url = "CLUSTER_URL"
52
+ config.api_token = "API_TOKEN"
53
+ end
54
+ ```
55
+
56
+ If you leave things blank we'll assume that you're going to set the config values
57
+ within ENV variables like the following:
58
+
59
+ ```ruby
60
+ CarrierWave::AttachmentScanner.configure do |config|
61
+ config.url = ENV['ATTACHMENT_SCANNER_URL']
62
+ config.api_token = ENV['ATTACHMENT_SCANNER_API_TOKEN']
63
+ end
64
+ ```
65
+
66
+ # Usage
67
+
68
+ Once installed `CarrierWave::AttachmentScanner` will call the endpoint with any
69
+ file a user attempts to call on your uploader.
70
+
71
+ It will raise a `CarrierWave::IntegrityError` whenever a malicious file is found,
72
+ by default this will then prevent the model from saving.
73
+
74
+ ## Customising the response
75
+
76
+ There are two methods that can be used to compare the response from the
77
+ AttachmentScanner API and present an error message within CarrierWave.
78
+
79
+ The first method `blocked_scan_statuses` is used to compare the scan result with
80
+ a list of statuses.
81
+
82
+ ```ruby
83
+ def blocked_scan_statuses
84
+ %w(found)
85
+ end
86
+ ```
87
+
88
+ The second can be overridden in order to use the response to alter the upload
89
+ message.
90
+
91
+ ```ruby
92
+ # This can be overridden in order to change the message
93
+ def scan_error_message(result)
94
+ "AttachmentScanner prevented this upload"
95
+ end
96
+ ```
97
+
98
+ Finally if you need total control you can override the `scan_result_allowed?`
99
+ method completely.
100
+
101
+ # Development / Contributing
102
+
103
+ Pull requests are welcome. There is an RSpec suite at `/spec`. Please ensure that
104
+ tests pass before submitting a pull request.
105
+
106
+ Thank you for making `CarrierWave::AttachmentScanner` better.
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -0,0 +1,32 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'carrierwave/attachmentscanner/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "carrierwave-attachmentscanner"
8
+ spec.version = CarrierWave::AttachmentScanner::VERSION
9
+ spec.authors = ["Steve Smith"]
10
+ spec.email = ["gems@dynedge.co.uk"]
11
+
12
+ spec.summary = %q{Scan carrierwave attachments using AttachmentScanner}
13
+ spec.description = %q{Automatically sends carrierwave uploads to AttachmentScanner to search for
14
+ viruses, malware and other malicious files. }
15
+ spec.homepage = "http://www.attachmentscanner.com"
16
+ spec.license = "MIT"
17
+
18
+ spec.files = `git ls-files -z`.split("\x0").reject do |f|
19
+ f.match(%r{^(test|spec|features)/})
20
+ end
21
+ spec.bindir = "exe"
22
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
+ spec.require_paths = ["lib"]
24
+
25
+ spec.add_dependency "carrierwave"
26
+ spec.add_dependency "faraday"
27
+ spec.add_dependency "faraday_middleware"
28
+
29
+ spec.add_development_dependency "bundler"
30
+ spec.add_development_dependency "rake", "~> 10.0"
31
+ spec.add_development_dependency "rspec", "~> 3.0"
32
+ end
@@ -0,0 +1 @@
1
+ require "carrierwave/attachmentscanner"
@@ -0,0 +1,89 @@
1
+ require 'faraday'
2
+ require 'faraday_middleware'
3
+ require 'carrierwave/attachmentscanner/version'
4
+
5
+ module CarrierWave
6
+ module AttachmentScanner
7
+ Config = Struct.new(:url, :api_token, :enabled, :logger)
8
+ .new(ENV['ATTACHMENT_SCANNER_URL'], ENV['ATTACHMENT_SCANNER_API_TOKEN'],
9
+ true, Logger.new(STDOUT))
10
+
11
+ DISABLED_WARNING = "[CarrierWave::AttachmentScanner] Disabled".freeze
12
+
13
+ class AttachmentScannerError < CarrierWave::IntegrityError
14
+ attr_accessor :status
15
+ attr_accessor :matches
16
+ end
17
+
18
+ def self.included(base)
19
+ if Config.enabled
20
+ raise ArgumentError, "AttachmentScanner API Token is required" unless Config.api_token
21
+ raise ArgumentError, "AttachmentScanner URL is required" unless Config.url
22
+ end
23
+
24
+ base.before :cache, :scan_file!
25
+ end
26
+
27
+ def self.configure
28
+ raise ArgumentError, "Block must be specified for configure" unless block_given?
29
+
30
+ yield(Config)
31
+ end
32
+
33
+ def scan_file!(new_file)
34
+ return Config.logger.warn(DISABLED_WARNING) unless Config.enabled
35
+
36
+ result = send_to_scanner(new_file)
37
+ scan_result_allowed?(result)
38
+ end
39
+
40
+ def scan_result_allowed?(result)
41
+ Config.logger.info("[CarrierWave::AttachmentScanner] status: #{result['status']}")
42
+ return true unless blocked_scan_statuses.include?(result['status'])
43
+
44
+ Config.logger.warn("[CarrierWave::AttachmentScanner] matched: #{result['matches']}")
45
+
46
+ error = AttachmentScannerError.new(scan_error_message(result))
47
+ error.status = result['status']
48
+ error.matches = result['matches']
49
+ raise error
50
+ end
51
+
52
+ def blocked_scan_statuses
53
+ %w(found)
54
+ end
55
+
56
+ # This can be overridden in order to change the message
57
+ def scan_error_message(_result)
58
+ "AttachmentScanner prevented this upload"
59
+ end
60
+
61
+ protected
62
+
63
+ def send_to_scanner(new_file)
64
+ # Needed to support the case that a StringIO is being passed.
65
+ # Passes the root StringIO to Faraday::UploadIO unless we think this is a
66
+ # file (i.e. has path) in which case we pass the file.
67
+ # We can't pass the SanitizedFile as it implements read without arguments.
68
+ root_file = new_file
69
+ root_file = root_file.file while root_file.is_a?(CarrierWave::SanitizedFile)
70
+ file_or_path = root_file.respond_to?(:path) ? new_file.path : root_file
71
+
72
+ Config.logger.info("[CarrierWave::AttachmentScanner] scanning #{new_file.filename}")
73
+ upload = Faraday::UploadIO.new(file_or_path, new_file.content_type, new_file.filename)
74
+ response = scan_connection.post('/requests', file: upload)
75
+ response.body
76
+ end
77
+
78
+ def scan_connection
79
+ Faraday.new(Config.url) do |f|
80
+ f.request :multipart
81
+ f.request :url_encoded
82
+ f.authorization :Bearer, Config.api_token
83
+ f.response :json
84
+ f.response :raise_error
85
+ f.adapter :net_http
86
+ end
87
+ end
88
+ end
89
+ end
@@ -0,0 +1,5 @@
1
+ module CarrierWave
2
+ module AttachmentScanner
3
+ VERSION = "0.1.0"
4
+ end
5
+ end
@@ -0,0 +1,23 @@
1
+ module CarrierwaveAttachmentscanner
2
+ module Generators
3
+ class ConfigGenerator < ::Rails::Generators::Base
4
+ DEFAULT_URL = "ENV['ATTACHMENT_SCANNER_URL']"
5
+ DEFAULT_API_TOKEN = "ENV['ATTACHMENT_SCANNER_API_TOKEN']"
6
+
7
+ desc 'Creates an initializer at config/initializers/carrierwave_attachmentscanner.rb'
8
+ argument :cluster_url, type: :string, default: DEFAULT_URL
9
+ argument :api_token, type: :string, default: DEFAULT_API_TOKEN
10
+
11
+ def self.source_root
12
+ File.expand_path("../templates", __FILE__)
13
+ end
14
+
15
+ def create_config_file
16
+ template(
17
+ 'config.rb.erb',
18
+ File.join('config', 'initializers', 'carrierwave_attachmentscanner.rb')
19
+ )
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,14 @@
1
+ # Sets up credentials needed for AttachmentScanner to check files.
2
+ # By default it will check the ENV variables of a project.
3
+ # Change this to manually set the configuration.
4
+
5
+ CarrierWave::AttachmentScanner.configure do |config|
6
+ config.url = <%= cluster_url.starts_with?("ENV") ? cluster_url : "\"#{cluster_url}\"" %>
7
+ config.api_token = <%= api_token.starts_with?("ENV") ? api_token : "\"#{api_token}\"" %>
8
+
9
+ # Set the logger to the Rails logger so we don't need to use STDOUT
10
+ config.logger = Rails.logger
11
+
12
+ # Disable in test and development environments
13
+ # config.enabled = false if Rails.env.development? || Rails.env.test?
14
+ end
metadata ADDED
@@ -0,0 +1,141 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: carrierwave-attachmentscanner
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Steve Smith
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2017-04-03 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: carrierwave
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: faraday
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: faraday_middleware
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: bundler
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rake
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '10.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '10.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rspec
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.0'
97
+ description: "Automatically sends carrierwave uploads to AttachmentScanner to search
98
+ for\n viruses, malware and other malicious files. "
99
+ email:
100
+ - gems@dynedge.co.uk
101
+ executables: []
102
+ extensions: []
103
+ extra_rdoc_files: []
104
+ files:
105
+ - ".gitignore"
106
+ - ".travis.yml"
107
+ - Gemfile
108
+ - LICENSE.txt
109
+ - README.md
110
+ - Rakefile
111
+ - carrierwave-attachmentscanner.gemspec
112
+ - lib/carrierwave-attachmentscanner.rb
113
+ - lib/carrierwave/attachmentscanner.rb
114
+ - lib/carrierwave/attachmentscanner/version.rb
115
+ - lib/generators/carrierwave_attachmentscanner/config/config_generator.rb
116
+ - lib/generators/carrierwave_attachmentscanner/config/templates/config.rb.erb
117
+ homepage: http://www.attachmentscanner.com
118
+ licenses:
119
+ - MIT
120
+ metadata: {}
121
+ post_install_message:
122
+ rdoc_options: []
123
+ require_paths:
124
+ - lib
125
+ required_ruby_version: !ruby/object:Gem::Requirement
126
+ requirements:
127
+ - - ">="
128
+ - !ruby/object:Gem::Version
129
+ version: '0'
130
+ required_rubygems_version: !ruby/object:Gem::Requirement
131
+ requirements:
132
+ - - ">="
133
+ - !ruby/object:Gem::Version
134
+ version: '0'
135
+ requirements: []
136
+ rubyforge_project:
137
+ rubygems_version: 2.6.8
138
+ signing_key:
139
+ specification_version: 4
140
+ summary: Scan carrierwave attachments using AttachmentScanner
141
+ test_files: []