carrierwave-attachmentscanner 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3747ea9b16fe64ca851ea8918f87d952930791e9
+  data.tar.gz: 9fc0592f74f6fd310255c30ca669a25975cd7e18
+SHA512:
+  metadata.gz: 21a01293633e09a2d047c35539357e6c591ac1f5e1ad3db4a22c84e331b7cc0ecab2c985dff2efd032f55ecfb603388ff4fc196b620f5c2d560d788a38a94165
+  data.tar.gz: 8a8d1813ac8e5eecb57b5e74d0345a2ec77407705fa0b430580ab0428dd919307d8c5538278fdab3fa35c43987561703f343192a040b76b526d1be2cf0364d7b

data/.gitignore

@@ -0,0 +1,23 @@
+*.gem
+/coverage/
+/tmp/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+Gemfile.lock
+.ruby-version
+.ruby-gemset
+
+# Docker is being used in development but we're not ready to push this yet.
+Dockerfile

data/.travis.yml

@@ -0,0 +1,16 @@
+language: ruby
+rvm:
+ - 2.4.0
+ - 2.3.1
+ - 2.2
+ - 2.1
+ - 2.0
+ - ruby-head
+ - jruby
+
+sudo: false
+
+before_install:
+  - gem update bundler
+
+script: bundle exec rspec

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in carrierwave-attachmentscan.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Steve Smith
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,106 @@
+# Carrierwave::Attachmentscanner
+
+[![Build Status](https://travis-ci.org/attachmentscanner/carrierwave-attachmentscanner.svg?branch=master)](https://travis-ci.org/attachmentscanner/carrierwave-attachmentscanner)
+
+Carrierwave::Attachmentscanner allows you to scan any file uploaded by
+[CarrierWave](https://github.com/carrierwaveuploader/carrierwave) for viruses or
+other malicious content.
+
+It works by sending the upload to [Attachment Scanner](http://www.attachmentscanner.com)
+to be checked and then raising an error if the file matches a known database.
+
+## Installation
+
+Add `carrierwave-attachmentscanner` to your `Gemfile`
+
+```ruby
+gem 'carrierwave-attachmentscanner'
+```
+
+Download and install by running:
+
+```bash
+bundle
+```
+
+Initialize the scanner with your `cluster_url` and `api_token`
+(If you don't already have these values head to
+[Attachment Scanner](http://www.attachmentscanner.com) and sign up for an account):
+
+### Adding to an Uploader
+
+You can then include `CarrierWave::AttachmentScanner` in your uploaders:
+
+```ruby
+class YourUploader < CarrierWave::Uploader::Base
+  include CarrierWave::AttachmentScanner
+end
+```
+
+### Adding your credentials
+
+```bash
+bundle exec rails generate carrierwave_attachmentscanner:config [CLUSTER_URL] [API_TOKEN]
+```
+
+This will create `config/initializers/carrierwave_attachmentscanner.rb` with the
+following content:
+
+```ruby
+CarrierWave::AttachmentScanner.configure do |config|
+  config.url = "CLUSTER_URL"
+  config.api_token = "API_TOKEN"
+end
+```
+
+If you leave things blank we'll assume that you're going to set the config values
+within ENV variables like the following:
+
+```ruby
+CarrierWave::AttachmentScanner.configure do |config|
+  config.url = ENV['ATTACHMENT_SCANNER_URL']
+  config.api_token = ENV['ATTACHMENT_SCANNER_API_TOKEN']
+end
+```
+
+# Usage
+
+Once installed `CarrierWave::AttachmentScanner` will call the endpoint with any
+file a user attempts to call on your uploader.
+
+It will raise a `CarrierWave::IntegrityError` whenever a malicious file is found,
+by default this will then prevent the model from saving.
+
+## Customising the response
+
+There are two methods that can be used to compare the response from the
+AttachmentScanner API and present an error message within CarrierWave.
+
+The first method `blocked_scan_statuses` is used to compare the scan result with
+a list of statuses.
+
+```ruby
+def blocked_scan_statuses
+  %w(found)
+end
+```
+
+The second can be overridden in order to use the response to alter the upload
+message.
+
+```ruby
+# This can be overridden in order to change the message
+def scan_error_message(result)
+  "AttachmentScanner prevented this upload"
+end
+```
+
+Finally if you need total control you can override the `scan_result_allowed?`
+method completely.
+
+# Development / Contributing
+
+Pull requests are welcome. There is an RSpec suite at `/spec`. Please ensure that
+tests pass before submitting a pull request.
+
+Thank you for making `CarrierWave::AttachmentScanner` better.

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/carrierwave-attachmentscanner.gemspec

@@ -0,0 +1,32 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'carrierwave/attachmentscanner/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "carrierwave-attachmentscanner"
+  spec.version       = CarrierWave::AttachmentScanner::VERSION
+  spec.authors       = ["Steve Smith"]
+  spec.email         = ["gems@dynedge.co.uk"]
+
+  spec.summary       = %q{Scan carrierwave attachments using AttachmentScanner}
+  spec.description   = %q{Automatically sends carrierwave uploads to AttachmentScanner to search for
+    viruses, malware and other malicious files. }
+  spec.homepage      = "http://www.attachmentscanner.com"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "carrierwave"
+  spec.add_dependency "faraday"
+  spec.add_dependency "faraday_middleware"
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/lib/carrierwave-attachmentscanner.rb

@@ -0,0 +1 @@
+require "carrierwave/attachmentscanner"

data/lib/carrierwave/attachmentscanner.rb

@@ -0,0 +1,89 @@
+require 'faraday'
+require 'faraday_middleware'
+require 'carrierwave/attachmentscanner/version'
+
+module CarrierWave
+  module AttachmentScanner
+    Config = Struct.new(:url, :api_token, :enabled, :logger)
+                   .new(ENV['ATTACHMENT_SCANNER_URL'], ENV['ATTACHMENT_SCANNER_API_TOKEN'],
+                     true, Logger.new(STDOUT))
+
+    DISABLED_WARNING = "[CarrierWave::AttachmentScanner] Disabled".freeze
+
+    class AttachmentScannerError < CarrierWave::IntegrityError
+      attr_accessor :status
+      attr_accessor :matches
+    end
+
+    def self.included(base)
+      if Config.enabled
+        raise ArgumentError, "AttachmentScanner API Token is required" unless Config.api_token
+        raise ArgumentError, "AttachmentScanner URL is required" unless Config.url
+      end
+
+      base.before :cache, :scan_file!
+    end
+
+    def self.configure
+      raise ArgumentError, "Block must be specified for configure" unless block_given?
+
+      yield(Config)
+    end
+
+    def scan_file!(new_file)
+      return Config.logger.warn(DISABLED_WARNING) unless Config.enabled
+
+      result = send_to_scanner(new_file)
+      scan_result_allowed?(result)
+    end
+
+    def scan_result_allowed?(result)
+      Config.logger.info("[CarrierWave::AttachmentScanner] status: #{result['status']}")
+      return true unless blocked_scan_statuses.include?(result['status'])
+
+      Config.logger.warn("[CarrierWave::AttachmentScanner] matched: #{result['matches']}")
+
+      error = AttachmentScannerError.new(scan_error_message(result))
+      error.status = result['status']
+      error.matches = result['matches']
+      raise error
+    end
+
+    def blocked_scan_statuses
+      %w(found)
+    end
+
+    # This can be overridden in order to change the message
+    def scan_error_message(_result)
+      "AttachmentScanner prevented this upload"
+    end
+
+    protected
+
+    def send_to_scanner(new_file)
+      # Needed to support the case that a StringIO is being passed.
+      # Passes the root StringIO to Faraday::UploadIO unless we think this is a
+      # file (i.e. has path) in which case we pass the file.
+      # We can't pass the SanitizedFile as it implements read without arguments.
+      root_file = new_file
+      root_file = root_file.file while root_file.is_a?(CarrierWave::SanitizedFile)
+      file_or_path = root_file.respond_to?(:path) ? new_file.path : root_file
+
+      Config.logger.info("[CarrierWave::AttachmentScanner] scanning #{new_file.filename}")
+      upload = Faraday::UploadIO.new(file_or_path, new_file.content_type, new_file.filename)
+      response = scan_connection.post('/requests', file: upload)
+      response.body
+    end
+
+    def scan_connection
+      Faraday.new(Config.url) do |f|
+        f.request :multipart
+        f.request :url_encoded
+        f.authorization :Bearer, Config.api_token
+        f.response :json
+        f.response :raise_error
+        f.adapter :net_http
+      end
+    end
+  end
+end

data/lib/carrierwave/attachmentscanner/version.rb

@@ -0,0 +1,5 @@
+module CarrierWave
+  module AttachmentScanner
+    VERSION = "0.1.0"
+  end
+end

data/lib/generators/carrierwave_attachmentscanner/config/config_generator.rb

@@ -0,0 +1,23 @@
+module CarrierwaveAttachmentscanner
+  module Generators
+    class ConfigGenerator < ::Rails::Generators::Base
+      DEFAULT_URL = "ENV['ATTACHMENT_SCANNER_URL']"
+      DEFAULT_API_TOKEN = "ENV['ATTACHMENT_SCANNER_API_TOKEN']"
+
+      desc 'Creates an initializer at config/initializers/carrierwave_attachmentscanner.rb'
+      argument :cluster_url, type: :string, default: DEFAULT_URL
+      argument :api_token, type: :string, default: DEFAULT_API_TOKEN
+
+      def self.source_root
+        File.expand_path("../templates", __FILE__)
+      end
+
+      def create_config_file
+        template(
+          'config.rb.erb',
+          File.join('config', 'initializers', 'carrierwave_attachmentscanner.rb')
+        )
+      end
+    end
+  end
+end

data/lib/generators/carrierwave_attachmentscanner/config/templates/config.rb.erb

@@ -0,0 +1,14 @@
+# Sets up credentials needed for AttachmentScanner to check files.
+# By default it will check the ENV variables of a project.
+# Change this to manually set the configuration.
+
+CarrierWave::AttachmentScanner.configure do |config|
+  config.url = <%= cluster_url.starts_with?("ENV") ? cluster_url : "\"#{cluster_url}\"" %>
+  config.api_token = <%= api_token.starts_with?("ENV") ? api_token : "\"#{api_token}\"" %>
+
+  # Set the logger to the Rails logger so we don't need to use STDOUT
+  config.logger = Rails.logger
+
+  # Disable in test and development environments
+  # config.enabled = false if Rails.env.development? || Rails.env.test?
+end

metadata

@@ -0,0 +1,141 @@
+--- !ruby/object:Gem::Specification
+name: carrierwave-attachmentscanner
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Steve Smith
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-04-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: carrierwave
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: "Automatically sends carrierwave uploads to AttachmentScanner to search
+  for\n    viruses, malware and other malicious files. "
+email:
+- gems@dynedge.co.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- carrierwave-attachmentscanner.gemspec
+- lib/carrierwave-attachmentscanner.rb
+- lib/carrierwave/attachmentscanner.rb
+- lib/carrierwave/attachmentscanner/version.rb
+- lib/generators/carrierwave_attachmentscanner/config/config_generator.rb
+- lib/generators/carrierwave_attachmentscanner/config/templates/config.rb.erb
+homepage: http://www.attachmentscanner.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: Scan carrierwave attachments using AttachmentScanner
+test_files: []