ddr-antivirus 2.2.0 → 3.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5004e827b8e72a4bad210f59e100daa8bc8ee87c7f02778c1507eac15ea97b8f
-  data.tar.gz: 302cc664882883e7830664df63f0c21caec065dcf98d116ad8f42c102f659525
+  metadata.gz: f9033df3eb197f13dc5cc039718792b0232a7a6c110ee287d5e79e869d20702e
+  data.tar.gz: 55364e7e8fe95e952ed40c10e3a2c92d3c105ab01a0d5919856fc6102dbba3d4
 SHA512:
-  metadata.gz: 341b67b0bbe4678f02beb2cf5d10bfe7186c3a46aeaa1fa2b1beac6fa8bdcf33a3c0a5010bd9c90121f0b58ac09040c49191e12b88ed709a9042b3b59866b563
-  data.tar.gz: ce3fc8405d17441a81856fcb80f946e76dffcaae7570edb59c55873f8639da924b8a9d350a53f08cf6c9c72d06049dc458ff2801d2aaf0a99df36efc2f03b40b
+  metadata.gz: 4ce9a5e1f5b922ee8306093a028477d12429903340bd4ff21a18dbd2f9d7a54b261e304a9cfa5dab0de4cd5889914ea79237ec82be87f7f897e5b691a647baf3
+  data.tar.gz: e9c7ca3a9a483645e4ecc1505bf89a9010642748de8013929c8a355c2ff72c6078f1f82571b05573c088682a1b7b9b8e5543b016613d4dc59ec7c3cd9ea63a42

data/.docker/Dockerfile

@@ -2,7 +2,9 @@ ARG RUBY_VERSION
 FROM ruby:${RUBY_VERSION}
 
 ARG APPUSER=appuser
-ARG APPGROUP=root
+ARG APPUID=1001
+ARG APPGROUP=$APPUSER
+ARG APPGID=1001
 ARG APPROOT=/usr/src/app
 
 RUN apt-get -y update \
@@ -12,18 +14,18 @@ RUN apt-get -y update \
 	vim \
 	wait-for-it
 
-WORKDIR /usr/src/app
+RUN groupadd -g $APPGID $APPGROUP \
+        && useradd -u $APPUID -m -g $APPGID $APPUSER
+
+WORKDIR $APPROOT
 COPY . .
-RUN gem install bundler -N \
+RUN gem install bundler \
 	&& bundle install
 
 COPY .docker/clamd.conf /etc/clamav/
 COPY .docker/docker-entrypoint.sh /usr/bin/
 RUN chmod +x /usr/bin/docker-entrypoint.sh
 
-RUN groupadd -r -f $APPGROUP \
-	&& useradd -m -r -g $APPGROUP $APPUSER
-
-USER $APPUSER
+USER $APPUID
 ENTRYPOINT ["docker-entrypoint.sh"]
 CMD ["bundle", "exec", "rake"]

data/.docker/docker-compose.yml

@@ -12,4 +12,4 @@ services:
       - clamav
 
   clamav:
-    image: gitlab-registry.oit.duke.edu/dul-its/clamav-docker:latest
+    image: gitlab-registry.oit.duke.edu/devops/containers/clamav:latest

data/README.md

@@ -86,11 +86,3 @@ To easily configure `Ddr::Antivirus` to use the `NullScannerAdapter` and log to
 ```ruby
 Ddr::Antivirus.test_mode!
 ```
-
-## Contributing
-
-1. Fork it ( https://github.com/[my-github-username]/ddr-antivirus/fork )
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create a new Pull Request

data/lib/ddr/antivirus/adapters/clamd_scanner_adapter.rb

@@ -1,5 +1,4 @@
 require "fileutils"
-require "shellwords"
 
 module Ddr::Antivirus
   #
@@ -7,13 +6,19 @@ module Ddr::Antivirus
   #
   class ClamdScannerAdapter < ScannerAdapter
 
-    SCANNER = "clamdscan".freeze
-    CONFIG = "clamconf".freeze
-
     MAX_FILE_SIZE_RE = Regexp.new('^MaxFileSize = "(\d+)"')
+    DEFAULT_MAX_FILE_SIZE = 26214400 # 25Mb
+
+    attr_reader :config
+
+    def initialize
+      @config = `clamconf` rescue nil
+    end
 
     def scan(path)
+      check_file_size(path) # raises Ddr::Antivirus::MaxFileSizeExceeded
       output, exitcode = clamdscan(path)
+      # FIXME I don't like where the scanned_at time is set, but I'm nit-picking --DCS
       result = ScanResult.new(path, output, version: version, scanned_at: Time.now.utc)
       case exitcode
       when 0
@@ -26,61 +31,33 @@ module Ddr::Antivirus
     end
 
     def clamdscan(path)
-      check_file_size(path) if max_file_size
-      output = make_readable(path) do
-        command "--fdpass", safe_path(path)
+      output = IO.popen(["clamdscan", "--fdpass", path, err: [:child, :out]]) do |io|
+        io.read
       end
       [ output, $?.exitstatus ]
     end
 
     def version
-      @version ||= command("-V").strip
-    end
-
-    def config
-      # If client and server are on separate hosts
-      # attempt to read config may raise an exception.
-      @config ||= `#{CONFIG}` rescue nil
+      @version ||= `clamdscan -V`.strip
     end
 
     def max_file_size
-      if m = MAX_FILE_SIZE_RE.match(config)
-        m[1].to_i
-      end
+      @max_file_size ||= if config && (m = MAX_FILE_SIZE_RE.match(config))
+                           m[1].to_i
+                         else
+                           DEFAULT_MAX_FILE_SIZE
+                         end
     end
 
     private
 
     def check_file_size(path)
       if (file_size = File.size(path)) > max_file_size
-        raise MaxFileSizeExceeded, "Unable to scan file \"#{path}\" because size (#{file_size})" \
-                                   " exceeds clamconf MaxFileSize (#{max_file_size})."
+        raise MaxFileSizeExceeded,
+              "Unable to scan file at \"#{path}\" -- size (#{file_size}) " \
+              "exceeds clamd MaxFileSize setting (#{max_file_size})."
       end
     end
 
-    def command(*args)
-      cmd = args.dup.unshift(SCANNER).join(" ")
-      `#{cmd}`
-    end
-
-    def make_readable(path)
-      changed = false
-      original = File.stat(path).mode # raises Errno::ENOENT
-      if !File.world_readable?(path)
-        changed = FileUtils.chmod("a+r", path)
-        logger.debug "#{self.class} - File \"#{path}\" made world-readable."
-      end
-      result = yield
-      if changed
-        FileUtils.chmod(original, path)
-        logger.debug "#{self.class} - Mode on file \"#{path}\" reset to original: #{original}."
-      end
-      result
-    end
-
-    def safe_path(path)
-      Shellwords.shellescape(path)
-    end
-
   end
 end

data/lib/ddr/antivirus/version.rb

@@ -1,5 +1,5 @@
 module Ddr
   module Antivirus
-    VERSION = "2.2.0"
+    VERSION = "3.0.0.rc1"
   end
 end

data/spec/unit/clamd_scanner_adapter_spec.rb

@@ -22,14 +22,6 @@ EOS
     describe "#scan" do
       describe "file size" do
         let(:path) { File.expand_path(File.join("..", "..", "fixtures", "blue-devil.png"), __FILE__) }
-        describe "when max file size is not set or unknown" do
-          before do
-            allow(subject).to receive(:max_file_size) { nil }
-          end
-          it "scans the file" do
-            expect { subject.scan(path) }.not_to raise_error
-          end
-        end
         describe "when max file size is greater than the size of the file to be scanned" do
           before do
             allow(subject).to receive(:max_file_size) { File.size(path) + 1 }
@@ -56,24 +48,6 @@ EOS
         end
       end
 
-      describe "permissions" do
-        before do
-          @file = Tempfile.new("test")
-          @file.write("Scan me!")
-          @file.close
-          FileUtils.chmod(0000, @file.path)
-        end
-        after { @file.unlink }
-        describe "when the file is not readable" do
-          it "scans the file" do
-            expect { subject.scan(@file.path) }.not_to raise_error
-          end
-          it "resets the original permissions" do
-            expect { subject.scan(@file.path) }.not_to change { File.stat(@file.path).mode }
-          end
-        end
-      end
-
       describe "result" do
         let(:path) { File.expand_path(File.join("..", "..", "fixtures", "blue-devil.png"), __FILE__) }
         before do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ddr-antivirus
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 3.0.0.rc1
 platform: ruby
 authors:
 - David Chandek-Stark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-01 00:00:00.000000000 Z
+date: 2019-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -115,9 +115,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.7.9