ddr-antivirus 2.1.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 1e2dc2816bc43d784563002fecfa27809184e0e7
-  data.tar.gz: f662098335165f8b839dde9af1540901fbcb412e
+SHA256:
+  metadata.gz: 5004e827b8e72a4bad210f59e100daa8bc8ee87c7f02778c1507eac15ea97b8f
+  data.tar.gz: 302cc664882883e7830664df63f0c21caec065dcf98d116ad8f42c102f659525
 SHA512:
-  metadata.gz: 296903f26f411e4638f61a27782b5a6f2fd5c4d654d0c5edec1bfab8de6846c8fdd0156efdd5d302bd85135d31c7f097fd9c679bcc706e394ee740460f3812cd
-  data.tar.gz: d88a0465de7c6d7de55827de7b8264ba808ca3e1d1ec9ad5f28e5b728de9a2771d19b706ce5945d0084f0a989f3c84893d27786c35e422b3996cdefc51815eb2
+  metadata.gz: 341b67b0bbe4678f02beb2cf5d10bfe7186c3a46aeaa1fa2b1beac6fa8bdcf33a3c0a5010bd9c90121f0b58ac09040c49191e12b88ed709a9042b3b59866b563
+  data.tar.gz: ce3fc8405d17441a81856fcb80f946e76dffcaae7570edb59c55873f8639da924b8a9d350a53f08cf6c9c72d06049dc458ff2801d2aaf0a99df36efc2f03b40b

data/.docker/Dockerfile

@@ -0,0 +1,29 @@
+ARG RUBY_VERSION
+FROM ruby:${RUBY_VERSION}
+
+ARG APPUSER=appuser
+ARG APPGROUP=root
+ARG APPROOT=/usr/src/app
+
+RUN apt-get -y update \
+	&& apt-get -y install \
+	clamdscan \
+	less \
+	vim \
+	wait-for-it
+
+WORKDIR /usr/src/app
+COPY . .
+RUN gem install bundler -N \
+	&& bundle install
+
+COPY .docker/clamd.conf /etc/clamav/
+COPY .docker/docker-entrypoint.sh /usr/bin/
+RUN chmod +x /usr/bin/docker-entrypoint.sh
+
+RUN groupadd -r -f $APPGROUP \
+	&& useradd -m -r -g $APPGROUP $APPUSER
+
+USER $APPUSER
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["bundle", "exec", "rake"]

data/.docker/clamd.conf

@@ -0,0 +1,2 @@
+TCPSocket 3310
+TCPAddr clamav

data/.docker/docker-compose.yml

@@ -0,0 +1,15 @@
+version: '3.7'
+
+services:
+  app:
+    image: ddr-antivirus-ruby-${RUBY_VERSION}
+    build:
+      context: ..
+      dockerfile: .docker/Dockerfile
+      args:
+        - RUBY_VERSION
+    depends_on:
+      - clamav
+
+  clamav:
+    image: gitlab-registry.oit.duke.edu/dul-its/clamav-docker:latest

data/.docker/docker-entrypoint.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+wait-for-it clamav:3310 -t 60 -- "$@"

data/.dockerignore

@@ -0,0 +1,4 @@
+.docker/*
+!.docker/clamd.conf
+!.docker/docker-entrypoint.sh
+.gitlab-ci.yml

data/.gitlab-ci.yml

@@ -0,0 +1,30 @@
+stages:
+  - build
+
+variables:
+  COMPOSE_FILE: .docker/docker-compose.yml
+
+.build_app_template: &build_app_def
+  stage: build
+  before_script:
+    - docker --version
+    - docker-compose --version
+  script:
+    - docker-compose up --build --exit-code-from app
+  after_script:
+    - docker-compose down
+
+build_app_ruby24:
+  <<: *build_app_def
+  variables:
+    RUBY_VERSION: '2.4'
+
+build_app_ruby25:
+  <<: *build_app_def
+  variables:
+    RUBY_VERSION: '2.5'
+
+build_app_ruby26:
+  <<: *build_app_def
+  variables:
+    RUBY_VERSION: '2.6'

data/README.md

@@ -2,9 +2,6 @@
 
 Pluggable antivirus service for Ruby applications.
 
-[![Gem Version](https://badge.fury.io/rb/ddr-antivirus.svg)](http://badge.fury.io/rb/ddr-antivirus)
-[![Build Status](https://travis-ci.org/duke-libraries/ddr-antivirus.svg?branch=develop)](https://travis-ci.org/duke-libraries/ddr-antivirus)
-
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -31,22 +28,12 @@ Ddr::Antivirus.scanner do |scanner|
 end
 ```
 
-### Exceptions
-
-All exceptions under the `Ddr::Antivirus` namespace.
-
-`Error` - Parent exception class.
-
-`VirusFoundError` - A virus was found. The message includes the original output from the scanner.
-
-`ScannerError` - The scanner encountered an error (e.g., error exit status).
-
 ### Example
 
 ```
 > require 'ddr/antivirus'
  => true
- 
+
 > Ddr::Antivirus.scanner_adapter = :clamd
  => :clamd
 
@@ -74,7 +61,7 @@ Time: 0.001 sec (0 m 0 s)
 
 ### Logging
 
-In a Rails application, `Ddr::Antivirus` will log messages to the Rails logger by default. The fallback logger writes to STDERR.  You may also explicitly set `Ddr::Antivirus.logger` to any object that supports the Ruby logger API:
+In a Rails application, `Ddr::Antivirus` will log messages to the Rails logger by default. The fallback logger writes to `STDERR`.  You may also explicitly set `Ddr::Antivirus.logger` to any object that supports the Ruby logger API:
 
 ```ruby
 require "logger"

data/ddr-antivirus.gemspec

@@ -18,7 +18,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rspec-its"
 end

data/lib/ddr/antivirus.rb

@@ -1,6 +1,7 @@
 require "logger"
 
 require_relative "antivirus/version"
+require_relative "antivirus/exceptions"
 require_relative "antivirus/scanner"
 require_relative "antivirus/scan_result"
 require_relative "antivirus/scanner_adapter"
@@ -9,20 +10,6 @@ require_relative "antivirus/adapters/null_scanner_adapter"
 module Ddr
   module Antivirus
 
-    class Error < ::StandardError; end
-
-    class ResultError < Error
-      attr_reader :result
-      def initialize(result)
-        super(result.to_s)
-        @result = result
-      end
-    end
-
-    class VirusFoundError < ResultError; end
-
-    class ScannerError < ResultError; end
-
     class << self
       attr_accessor :logger, :scanner_adapter
 

data/lib/ddr/antivirus/adapters/clamd_scanner_adapter.rb

@@ -26,6 +26,7 @@ module Ddr::Antivirus
     end
 
     def clamdscan(path)
+      check_file_size(path) if max_file_size
       output = make_readable(path) do
         command "--fdpass", safe_path(path)
       end
@@ -37,17 +38,26 @@ module Ddr::Antivirus
     end
 
     def config
-      @config ||= `#{CONFIG}`
+      # If client and server are on separate hosts
+      # attempt to read config may raise an exception.
+      @config ||= `#{CONFIG}` rescue nil
     end
 
     def max_file_size
       if m = MAX_FILE_SIZE_RE.match(config)
-        m[1]
+        m[1].to_i
       end
     end
 
     private
 
+    def check_file_size(path)
+      if (file_size = File.size(path)) > max_file_size
+        raise MaxFileSizeExceeded, "Unable to scan file \"#{path}\" because size (#{file_size})" \
+                                   " exceeds clamconf MaxFileSize (#{max_file_size})."
+      end
+    end
+
     def command(*args)
       cmd = args.dup.unshift(SCANNER).join(" ")
       `#{cmd}`

data/lib/ddr/antivirus/exceptions.rb

@@ -0,0 +1,19 @@
+module Ddr::Antivirus
+
+  class Error < ::StandardError; end
+
+  class MaxFileSizeExceeded < Error; end
+
+  class ResultError < Error
+    attr_reader :result
+    def initialize(result)
+      super(result.to_s)
+      @result = result
+    end
+  end
+
+  class VirusFoundError < ResultError; end
+
+  class ScannerError < ResultError; end
+
+end

data/lib/ddr/antivirus/scanner_adapter.rb

@@ -9,16 +9,11 @@ module Ddr::Antivirus
     # Scan a file path for viruses.
     #
     # @param path [String] file path to scan.
-    # @return [Ddr::Antivirus::Adapters::ScanResult] the result of the scan.
+    # @return [Ddr::Antivirus::ScanResult] the result of the scan.
     def scan(path)
       raise NotImplementedError, "Adapters must implement the `scan' method."
     end
 
-    # Return the adapter configuration options
-    def config
-      Ddr::Antivirus.adapter_config
-    end
-
     private
 
     def logger

data/lib/ddr/antivirus/version.rb

@@ -1,5 +1,5 @@
 module Ddr
   module Antivirus
-    VERSION = "2.1.1"
+    VERSION = "2.2.0"
   end
 end

data/spec/spec_helper.rb

@@ -2,6 +2,8 @@ require 'ddr/antivirus'
 
 Ddr::Antivirus.test_mode!
 
+require 'rspec/its'
+
 RSpec.configure do |config|
 # The settings below are suggested to provide a good initial experience
 # with RSpec, but feel free to customize to your heart's content.

data/spec/unit/clamd_scanner_adapter_spec.rb

@@ -7,56 +7,104 @@ module Ddr::Antivirus
 
     before do
       allow(subject).to receive(:version) { "version" }
+      allow(subject).to receive(:config) do
+        <<-EOS
+MaxScanSize = "104857600"
+MaxFileSize = "26214400"
+MaxRecursion = "16"
+MaxFiles = "10000"
+EOS
+      end
     end
 
-    describe "permissions" do
-      before do
-        @file = Tempfile.new("test")
-        @file.write("Scan me!")
-        @file.close
-        FileUtils.chmod(0000, @file.path)
-      end
-      after { @file.unlink }
-      describe "when the file is not readable" do
-        it "scans the file" do
-          expect { subject.scan(@file.path) }.not_to raise_error
+    its(:max_file_size) { is_expected.to eq(26214400) }
+
+    describe "#scan" do
+      describe "file size" do
+        let(:path) { File.expand_path(File.join("..", "..", "fixtures", "blue-devil.png"), __FILE__) }
+        describe "when max file size is not set or unknown" do
+          before do
+            allow(subject).to receive(:max_file_size) { nil }
+          end
+          it "scans the file" do
+            expect { subject.scan(path) }.not_to raise_error
+          end
+        end
+        describe "when max file size is greater than the size of the file to be scanned" do
+          before do
+            allow(subject).to receive(:max_file_size) { File.size(path) + 1 }
+          end
+          it "scans the file" do
+            expect { subject.scan(path) }.not_to raise_error
+          end
+        end
+        describe "when max file size is equal to the size of the file to be scanned" do
+          before do
+            allow(subject).to receive(:max_file_size) { File.size(path) }
+          end
+          it "scans the file" do
+            expect { subject.scan(path) }.not_to raise_error
+          end
         end
-        it "resets the original permissions" do
-          expect { subject.scan(@file.path) }.not_to change { File.stat(@file.path).mode }
+        describe "when max file size is less than the size of the file to be scanned" do
+          before do
+            allow(subject).to receive(:max_file_size) { File.size(path) - 1 }
+          end
+          it "raises an exception" do
+            expect { subject.scan(path) }.to raise_error(MaxFileSizeExceeded)
+          end
         end
       end
-    end
 
-    describe "result" do
-      let(:path) { File.expand_path(File.join("..", "..", "fixtures", "blue-devil.png"), __FILE__) }
-      before do
-        allow(subject).to receive(:clamdscan).with(path) { ["output", exitcode] }
-      end
-      describe "when a virus is found" do
-        let(:exitcode) { 1 }
-        it "should raise a VirusFoundError" do
-          expect { subject.scan(path) }.to raise_error(VirusFoundError)
+      describe "permissions" do
+        before do
+          @file = Tempfile.new("test")
+          @file.write("Scan me!")
+          @file.close
+          FileUtils.chmod(0000, @file.path)
         end
-      end
-      describe "when there is an error" do
-        let(:exitcode) { 2 }
-        it "raises a ScannerError" do
-          expect { subject.scan(path) }.to raise_error(ScannerError)
+        after { @file.unlink }
+        describe "when the file is not readable" do
+          it "scans the file" do
+            expect { subject.scan(@file.path) }.not_to raise_error
+          end
+          it "resets the original permissions" do
+            expect { subject.scan(@file.path) }.not_to change { File.stat(@file.path).mode }
+          end
         end
       end
-      describe "success" do
-        let(:exitcode) { 0 }
-        it "has output" do
-          expect(subject.scan(path).output).to eq("output")
+
+      describe "result" do
+        let(:path) { File.expand_path(File.join("..", "..", "fixtures", "blue-devil.png"), __FILE__) }
+        before do
+          allow(subject).to receive(:clamdscan).with(path) { ["output", exitcode] }
         end
-        it "has a scanned_at time" do
-          expect(subject.scan(path).scanned_at).to be_a(Time)
+        describe "when a virus is found" do
+          let(:exitcode) { 1 }
+          it "should raise a VirusFoundError" do
+            expect { subject.scan(path) }.to raise_error(VirusFoundError)
+          end
         end
-        it "has a version" do
-          expect(subject.scan(path).version).to eq("version")
+        describe "when there is an error" do
+          let(:exitcode) { 2 }
+          it "raises a ScannerError" do
+            expect { subject.scan(path) }.to raise_error(ScannerError)
+          end
         end
-        it "has the file_path" do
-          expect(subject.scan(path).file_path).to eq(path)
+        describe "success" do
+          let(:exitcode) { 0 }
+          it "has output" do
+            expect(subject.scan(path).output).to eq("output")
+          end
+          it "has a scanned_at time" do
+            expect(subject.scan(path).scanned_at).to be_a(Time)
+          end
+          it "has a version" do
+            expect(subject.scan(path).version).to eq("version")
+          end
+          it "has the file_path" do
+            expect(subject.scan(path).file_path).to eq(path)
+          end
         end
       end
     end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: ddr-antivirus
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.2.0
 platform: ruby
 authors:
 - David Chandek-Stark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-04 00:00:00.000000000 Z
+date: 2019-08-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Pluggable antivirus scanning service.
 email:
 - dchandekstark@gmail.com
@@ -59,9 +73,14 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".docker/Dockerfile"
+- ".docker/clamd.conf"
+- ".docker/docker-compose.yml"
+- ".docker/docker-entrypoint.sh"
+- ".dockerignore"
 - ".gitignore"
+- ".gitlab-ci.yml"
 - ".rspec"
-- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -71,6 +90,7 @@ files:
 - lib/ddr/antivirus.rb
 - lib/ddr/antivirus/adapters/clamd_scanner_adapter.rb
 - lib/ddr/antivirus/adapters/null_scanner_adapter.rb
+- lib/ddr/antivirus/exceptions.rb
 - lib/ddr/antivirus/scan_result.rb
 - lib/ddr/antivirus/scanner.rb
 - lib/ddr/antivirus/scanner_adapter.rb
@@ -100,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.7.9
 signing_key: 
 specification_version: 4
 summary: Pluggable antivirus scanning service.

data/.travis.yml

@@ -1,12 +0,0 @@
-language: ruby
-rvm:
-  - 2.1.5
-cache: 
-  - bundler
-  - apt
-before_install:
-  - sudo apt-get update -qq
-  - sudo apt-get install -y clamav-daemon
-before_script:
-  - sudo freshclam -v
-  - sudo /etc/init.d/clamav-daemon start