carrierwave-virus_free 0.0.3 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 53ff921bee314e66dc7b2c62718af922b265b4cc
-  data.tar.gz: 8ce52e4ec315c7293a67ace9fe1cf61cb4760a20
+  metadata.gz: ee02200813acfb4ff5961f083501393455a85ef7
+  data.tar.gz: 01a9f1759272d7ca857484a33d5d1ef0d78296c0
 SHA512:
-  metadata.gz: 285d309ed1f62b5f289bfdd3a7155ed5c64688b1f72efc2dc5f436712cea1cac31e3e41065a9d34b15c5fe7031f6b9f6aed27801fcf0b2d59cc5a21f220cee88
-  data.tar.gz: 469e6e5c8f2e1684f2c64cd8bc9d4d9ff92e1ae2a9b9d485ef60e0861b6cccbf0b4745fdda6ee9bc1392d0e244d68c1741fc70096d83fcd2173f0ab4dc657758
+  metadata.gz: 071763af5b7df8061b5200e1139b8dede35b092e8b875eda20b84675ed8caf4c3b49e45aecfa6fecc7028902f11f5be327cfbd43af70ba8f07dc04bfdc79ecf1
+  data.tar.gz: e22c0e0f4080c3db77e221bb4a03c9ade87c127e7d6b0fc2a888a7082eb9d289d27e88ca359033f4efd7b0578a558204310bc3875983c9f9b26688c1e1af08ea

data/.gitignore

@@ -21,3 +21,5 @@ tmp
 *.a
 mkmf.log
 spec/data/
+.vagrant/
+spec/internal/db/*.sqlite

data/.rspec

@@ -1,3 +1,2 @@
 --color
---warnings
 --require spec_helper

data/CHANGELOG.md

@@ -0,0 +1,7 @@
+## Unreleased
+
+* Near-rewrite
+  * Use combustion for testing
+  * Don't re-scan a file that hasn't changed
+  * I18n railtie (closes [#1](https://github.com/jschroeder9000/carrierwave-virus_free/issues/1))
+  * Differentiate between error and unsafe (closes [#2](https://github.com/jschroeder9000/carrierwave-virus_free/issues/1))

data/Gemfile

@@ -2,5 +2,3 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in carrierwave-virus_free_validator.gemspec
 gemspec
-
-gem 'clam_scan', path: '/home/jschroeder/rails/clam_scan'

data/README.md

@@ -1,4 +1,4 @@
-# Carrierwave::VirusFreeValidator
+# Carrierwave::VirusFree
 
 Validate carrierwave uploads are virus free with clamav.
 
@@ -36,9 +36,23 @@ end
 
 It's that easy.
 
+## I18n
+
+Validation error messages are processed through I18n.  See [lib/carrierwave/virus_free/locale/en.yml](https://github.com/jschroeder9000/carrierwave-virus_free/blob/master/lib/carrierwave/virus_free/locale/en.yml) for default messages and relevant keys to override.
+
+## Lazy validation
+
+As of 0.1.0, validation is lazy in that it does nothing if the model attribute with the uploader mounted has not changed.  This increases compatibility in cases where the final storage location of a file is not local, but also implies that a file _could_ be changed to something malicious by an external process and would not be caught by further validation.  E.g.:
+
+* User uploads safe file which gets saved somewhere
+* Some external process overwrites this file with something malicious
+* You call `model.valid?` and it returns true because your model is not aware of the file changing (`model.file_changed?` is false) even though the file is now something that clamav would catch as malicious
+
+Please be aware of this caveat.  You can protect against this by preventing external processes from modifying you application's files and/or you can use [clam_scan](https://github.com/jschroeder9000/clam_scan) directly.
+
 ## Contributing
 
-1. Fork it ( https://github.com/[my-github-username]/carrierwave-virus_free_validator/fork )
+1. Fork it ( https://github.com/jschroeder9000/carrierwave-virus_free_validator/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/Rakefile

@@ -1,2 +1,5 @@
 require "bundler/gem_tasks"
 
+task :console do
+  exec 'pry -r carrierwave/virus_free -I ./lib'
+end

data/Vagrantfile

@@ -0,0 +1,44 @@
+Vagrant.configure(2) do |config|
+  config.vm.box = 'ubuntu/trusty64'
+
+  config.vm.network :private_network, type: 'dhcp'
+
+  config.vm.provider 'virtualbox' do |v|
+    v.cpus = ENV['VAGRANT_CPUS'] || 4
+    v.memory = ENV['VAGRANT_MEMORY'] || 1024
+  end
+
+  if ENV['VAGRANT_NFS']
+    config.vm.synced_folder '.', '/vagrant', type: 'nfs'
+  elsif ENV['VAGRANT_RSYNC']
+    config.vm.synced_folder '.', '/vagrant', type: 'rsync'
+  end
+
+  # install packages
+  config.vm.provision 'shell', inline: <<-SCRIPT
+    apt-get update &&
+    apt-get -y install \
+      clamav-daemon \
+      git \
+      libgmp-dev
+  SCRIPT
+
+  # disable clamav apparmor
+  config.vm.provision 'shell', inline: <<-SCRIPT
+    ln -s /etc/apparmor.d/local/usr.sbin.clamd /etc/apparmor.d/disable &&
+    service apparmor restart
+  SCRIPT
+
+  # install ruby/rvm
+  config.vm.provision 'shell', privileged: false, inline: <<-SCRIPT
+    curl -sSL https://rvm.io/mpapis.asc | gpg --import - &&
+    curl -sSL https://get.rvm.io | bash -s stable --ruby=2.2.4
+  SCRIPT
+
+  # install gems
+  config.vm.provision 'shell', privileged: false, inline: <<-SCRIPT
+    cd /vagrant &&
+    gem install bundler &&
+    bundle install
+  SCRIPT
+end

data/carrierwave-virus_free.gemspec

@@ -22,7 +22,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency "carrierwave"
   spec.add_dependency "clam_scan"
 
+  spec.add_development_dependency "activerecord"
   spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "combustion", "~> 0.5.3"
+  spec.add_development_dependency "pry-byebug"
   spec.add_development_dependency "rake"
-  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "rspec-rails", "~> 3.4.0"
+  spec.add_development_dependency "sqlite3"
 end

data/config.ru

@@ -0,0 +1,7 @@
+require 'rubygems'
+require 'bundler'
+
+Bundler.require :default, :development
+
+Combustion.initialize! :all
+run Combustion::Application

data/lib/carrierwave/virus_free.rb

@@ -1,14 +1,12 @@
+require 'active_model'
 require 'clam_scan'
 
+require 'carrierwave/virus_free/railtie'
+require 'carrierwave/virus_free/version'
+require 'carrierwave/virus_free/virus_free_validator'
+
 module CarrierWave
   module VirusFree
-    class VirusFreeValidator < ActiveModel::EachValidator
-      def validate_each (record, attribute, value)
-        if value.present? && !ClamScan::Client.scan(location: value.url).safe?
-          record.errors.add(attribute, 'That file can not be accepted')
-        end
-      end
-    end
   end
 end
 

data/lib/carrierwave/virus_free/locale/en.yml

@@ -0,0 +1,5 @@
+en:
+  errors:
+    messages:
+      virus_free_error: 'could not be processed'
+      virus_free_unsafe: 'could not be accepted'

data/lib/carrierwave/virus_free/railtie.rb

@@ -0,0 +1,25 @@
+# heavily borrowed from https://github.com/carrierwaveuploader/carrierwave/blob/ecf57fe5fed17657b258d708a59feeec9fac74cd/lib/carrierwave.rb
+
+module CarrierWave
+  module VirusFree
+    if defined? Rails
+      class Railtie < Rails::Railtie
+        initializer "carrierwave_virus_free.setup_paths" do |app|
+          pattern = CarrierWave::VirusFree::Railtie.locales_pattern_from app.config.i18n.available_locales
+
+          files = Dir[File.join(File.dirname(__FILE__), 'locale', "#{pattern}.yml")]
+          # Loads the Carrierwave locale files before the Rails application locales
+          # letting the Rails application overrite the carrierwave locale defaults
+          I18n.load_path = files.concat I18n.load_path
+        end
+
+        private
+
+        def self.locales_pattern_from(args)
+          array = Array(args || [])
+          array.blank? ? '*' : "{#{array.join ','}}"
+        end
+      end
+    end
+  end
+end

data/lib/carrierwave/virus_free/version.rb

@@ -1,5 +1,5 @@
 module Carrierwave
   module VirusFree
-    VERSION = "0.0.3"
+    VERSION = "0.1.0"
   end
 end

data/lib/carrierwave/virus_free/virus_free_validator.rb

@@ -0,0 +1,16 @@
+module CarrierWave
+  module VirusFree
+    class VirusFreeValidator < ActiveModel::EachValidator
+      def validate_each(record, attribute, value)
+        return unless record.send :"#{attribute}_changed?"
+
+        response = ClamScan::Client.scan(location: value.path)
+        if response.error? || response.unknown?
+          record.errors.add attribute, :virus_free_error
+        elsif !response.safe?
+          record.errors.add attribute, :virus_free_unsafe
+        end
+      end
+    end
+  end
+end

data/spec/internal/app/models/user.rb

@@ -0,0 +1,4 @@
+class User < ActiveRecord::Base
+  mount_uploader :avatar, CarrierWave::Uploader::Base
+  validates :avatar, virus_free: true
+end

data/spec/internal/config/database.yml

@@ -0,0 +1,3 @@
+test:
+  adapter:  sqlite3
+  database: db/combustion_test.sqlite

data/spec/internal/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  #
+end

data/spec/internal/db/schema.rb

@@ -0,0 +1,5 @@
+ActiveRecord::Schema.define do
+  create_table :users, force: true do |t|
+    t.string :avatar
+  end
+end

data/spec/internal/log/.gitignore

@@ -0,0 +1 @@
+*.log

data/spec/models/user_spec.rb

@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+describe User do
+  describe 'i18n' do
+    context 'error' do
+      before do
+        mock_clam_scan_response 2
+        subject.avatar = File.open safe_path
+        subject.valid?
+      end
+
+      it 'uses i18n' do
+        expect(subject.errors.full_messages).to include('Avatar could not be processed')
+      end
+    end
+
+    context 'unknown' do
+      before do
+        mock_clam_scan_response 4
+        subject.avatar = File.open safe_path
+        subject.valid?
+      end
+
+      it 'uses i18n' do
+        expect(subject.errors.full_messages).to include('Avatar could not be processed')
+      end
+    end
+
+    context 'unsafe' do
+      before do
+        subject.avatar = File.open eicar_path
+        subject.valid?
+      end
+
+      it 'uses i18n' do
+        expect(subject.errors.full_messages).to include('Avatar could not be accepted')
+      end
+    end
+  end
+
+  describe 'validation' do
+    context 'error scanning' do
+      before do
+        mock_clam_scan_response 2
+        subject.avatar = File.open safe_path
+      end
+
+      it 'is not valid' do
+        expect(subject).not_to be_valid
+      end
+    end
+
+    context 'nothing is uploaded' do
+      it 'is valid' do
+        expect(subject).to be_valid
+      end
+    end
+
+    context 'safe file is uploaded' do
+      before do
+        subject.avatar = File.open safe_path
+      end
+
+      it 'is valid' do
+        expect(subject).to be_valid
+      end
+    end
+
+    context 'unknown clamav response' do
+      before do
+        mock_clam_scan_response 4
+        subject.avatar = File.open safe_path
+      end
+
+      it 'is not valid' do
+        expect(subject).not_to be_valid
+      end
+    end
+
+    context 'unsafe file is uploaded' do
+      before do
+        subject.avatar = File.open eicar_path
+      end
+
+      it 'is not valid' do
+        expect(subject).not_to be_valid
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -17,9 +17,17 @@
 
 # end initial stuff
 
-require 'active_model'
+require 'combustion'
+
+require 'active_record'
+require 'carrierwave'
 require 'carrierwave/virus_free'
-require 'clam_scan'
+require 'pry'
+require 'sqlite3'
+
+Combustion.initialize! :active_record
+
+require 'rspec/rails'
 
 Dir[File.expand_path(File.join('..', 'support', '**', '*.rb'), __FILE__)].each { |f| require f }
 
@@ -85,7 +93,13 @@ RSpec.configure do |config|
 
   # end default stuff
 
-  config.before(:suite) do
+  config.include DataHelpers
+  config.include MockHelpers
+
+  # this should really be before :suite
+  # but it doesn't work and i'm not exactly sure why
+  # http://stackoverflow.com/q/34403095/4283486
+  config.before(:context) do
     # make data dir if it doesn't exist
     unless File.directory? data_path
       require 'fileutils'

data/spec/support/data_helpers.rb

@@ -0,0 +1,13 @@
+module DataHelpers
+  def data_path
+    File.expand_path(File.join('..', '..', 'data'), __FILE__)
+  end
+
+  def eicar_path
+    File.join(data_path, 'eicar.com')
+  end
+
+  def safe_path
+    File.join(data_path, 'foo.txt')
+  end
+end

data/spec/support/mock_helpers.rb

@@ -0,0 +1,6 @@
+module MockHelpers
+  def mock_clam_scan_response(exit_status)
+    process_status = instance_double('Process::Status', exitstatus: exit_status)
+    allow(ClamScan::Client).to receive(:scan).and_return(ClamScan::Response.new(process_status, ''))
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: carrierwave-virus_free
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - John Schroeder
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-30 00:00:00.000000000 Z
+date: 2015-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +80,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.3
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -81,7 +123,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -103,17 +159,29 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- Vagrantfile
 - carrierwave-virus_free.gemspec
+- config.ru
 - lib/carrierwave/virus_free.rb
+- lib/carrierwave/virus_free/locale/en.yml
+- lib/carrierwave/virus_free/railtie.rb
 - lib/carrierwave/virus_free/version.rb
+- lib/carrierwave/virus_free/virus_free_validator.rb
+- spec/internal/app/models/user.rb
+- spec/internal/config/database.yml
+- spec/internal/config/routes.rb
+- spec/internal/db/schema.rb
+- spec/internal/log/.gitignore
+- spec/internal/public/favicon.ico
+- spec/models/user_spec.rb
 - spec/spec_helper.rb
-- spec/support/data.rb
-- spec/support/mock.rb
-- spec/virus_free_validator_spec.rb
+- spec/support/data_helpers.rb
+- spec/support/mock_helpers.rb
 homepage: https://github.com/jschroeder9000/carrierwave-virus_free
 licenses:
 - MIT
@@ -134,12 +202,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: Validate carrierwave uploads are virus free with clamav.
 test_files:
+- spec/internal/app/models/user.rb
+- spec/internal/config/database.yml
+- spec/internal/config/routes.rb
+- spec/internal/db/schema.rb
+- spec/internal/log/.gitignore
+- spec/internal/public/favicon.ico
+- spec/models/user_spec.rb
 - spec/spec_helper.rb
-- spec/support/data.rb
-- spec/support/mock.rb
-- spec/virus_free_validator_spec.rb
+- spec/support/data_helpers.rb
+- spec/support/mock_helpers.rb

data/spec/support/data.rb

@@ -1,11 +0,0 @@
-def data_path
-  File.expand_path(File.join('..', '..', 'data'), __FILE__)
-end
-
-def eicar_path
-  File.join(data_path, 'eicar.com')
-end
-
-def safe_path
-  File.join(data_path, 'foo.txt')
-end

data/spec/support/mock.rb

@@ -1,29 +0,0 @@
-# okay... this isn't exactly great
-# but after spending too much time looking for the perfect way to test this, it's good enough for now
-# something better is welcome
-
-class MyModel
-  include ActiveModel::Validations
-
-  attr_accessor :file
-  validates :file, :virus_free => true
-
-  def initialize (present, virus)
-    @file = MyFile.new(present, virus)
-  end
-end
-
-class MyFile
-  def initialize (present, virus)
-    @present = present
-    @virus = virus
-  end
-
-  def present?
-    @present
-  end
-
-  def url
-    @virus ? eicar_path : safe_path
-  end
-end

data/spec/virus_free_validator_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-
-describe CarrierWave::VirusFree do
-  it 'is not valid when a virus is uploaded' do
-    expect(MyModel.new(true, true).valid?).to be_falsey
-  end
-
-  it 'is valid when something not infected is uploaded' do
-    expect(MyModel.new(true, false).valid?).to be_truthy
-  end
-
-  it 'is valid when nothing is uploaded' do
-    expect(MyModel.new(false, false).valid?).to be_truthy
-  end
-end