rack-secure-upload 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cbe05978464d47ac087ea6adeb658393255286a1
+  data.tar.gz: 665a3cf199c8842d9e462817731bdd7eda1bf680
+SHA512:
+  metadata.gz: 586489032e752102f6fecc512fb2c382479ba6ba1866ae7f0eb85a3af91e7d7e240c23ec79d8c8023d3ba412442983574e6f8190dbd77fac382330ae9c85da0f
+  data.tar.gz: 2babc6bedc1898e099e400c80a4b9f5bbe14a594dc458d7c2dcda38a6b38fda2d2aaf5fd1a7592b5ff913086ff724a04674a84bb2dc8d6af751f9d0059883afd

data/.gitignore

@@ -0,0 +1,33 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+/log/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/.bundle/
+/lib/bundler/man/
+
+## Misc
+Gemfile.lock
+gemfiles/*.lock
+.ruby-version
+.ruby-gemset
+.rvmrc

data/.travis.yml

@@ -0,0 +1,18 @@
+language: ruby
+
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0
+gemfile:
+  - gemfiles/gemfile
+  - gemfiles/rack.1.4.x.gemfile
+  - gemfiles/rack.1.3.x.gemfile
+  - gemfiles/rack.1.2.x.gemfile
+  - gemfiles/rack.1.1.x.gemfile
+
+script: "bundle exec rake spec"
+
+branches:
+  only:
+    - master

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Daisuke Taniwaki
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,58 @@
+# rack-secure-upload
+
+Upload files securely
+
+## Installation
+
+Add the rack-secure-upload gem to your Gemfile.
+
+```ruby
+gem "rack-secure-upload"
+```
+
+And run `bundle install`.
+
+### Rack App
+
+```ruby
+require 'rack-secure-upload'
+use Rack::SecureUpload::Middleware, :fsecure
+run MyApp
+```
+
+### Rails App
+
+In `config/application.rb`
+
+```ruby
+module MyApp
+  class Application < Rails::Application
+    config.middleware.use Rack::DevMark::Middleware, :fsecure
+  end 
+end
+```
+
+## AntiVirus Softwares
+
+### F-Secure
+
+1. Get [license](http://www.f-secure.com/en/web/business_global/trial)
+2. Install the package
+
+```bash
+wget http://download.f-secure.com/webclub/f-secure-linux-security-10.00.60.tar.gz
+tar xvzf f-secure-linux-security-10.00.60.tar.gz
+sudo ./f-secure-linux-security-10.00.60/f-secure-linux-security-10.00.60
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new [Pull Request](../../pull/new/master)
+
+## Copyright
+
+Copyright (c) 2014 Daisuke Taniwaki. See [LICENSE](LICENSE) for details.

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+task :default => :spec

data/gemfiles/gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec :path => '../'

data/gemfiles/rack.1.1.x.gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gem 'rack', '~> 1.1.0'
+gemspec :path => '../'

data/gemfiles/rack.1.2.x.gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gem 'rack', '~> 1.2.0'
+gemspec :path => '../'

data/gemfiles/rack.1.3.x.gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gem 'rack', '~> 1.3.0'
+gemspec :path => '../'

data/gemfiles/rack.1.4.x.gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gem 'rack', '~> 1.4.0'
+gemspec :path => '../'

data/lib/rack-secure-upload.rb

@@ -0,0 +1 @@
+require 'rack/secure_upload'

data/lib/rack/secure_upload.rb

@@ -0,0 +1,11 @@
+require "logger"
+require "rack/secure_upload/errors"
+require "rack/secure_upload/middleware"
+
+module Rack
+  module SecureUpload
+    def self.logger
+      @logger ||= ::Logger.new($stderr)
+    end
+  end
+end

data/lib/rack/secure_upload/errors.rb

@@ -0,0 +1,6 @@
+module Rack
+  module SecureUpload
+    class RuntimeError < ::RuntimeError; end
+    class InsecureFileError < RuntimeError; end
+  end
+end

data/lib/rack/secure_upload/middleware.rb

@@ -0,0 +1,40 @@
+require 'rack'
+require 'rack/secure_upload/utility'
+require 'rack/secure_upload/scanner'
+
+module Rack
+  module SecureUpload
+    class Middleware
+      include Utility
+
+      def initialize(app, scanners)
+        @app = app
+        @scanners = [scanners].flatten.map { |scanner| scanner.is_a?(Symbol) ? Rack::SecureUpload::Scanner.const_get(camelize(scanner.to_s)).new : scanner }
+      end
+
+      def call(env)
+        params = Rack::Multipart.parse_multipart(env)
+        if params && !params.empty?
+          traverse(params) do |value|
+            next unless [Tempfile, File].any?{ |klass| value.is_a?(klass) }
+            scan value.path
+          end
+        end
+
+        @app.call(env)
+      end
+
+      private
+
+      def scan(path)
+        secure = @scanners.any? do |scanner|
+          unless res = scanner.scan(path)
+            Rack::SecureUpload.logger.warn "#{scanner} found an insecure file: #{path}"
+          end
+          res
+        end
+        raise InsecureFileError, "The uploaded file \"#{path}\" is insecure!" unless secure
+      end
+    end
+  end
+end

data/lib/rack/secure_upload/scanner.rb

@@ -0,0 +1,10 @@
+module Rack
+  module SecureUpload
+    module Scanner
+    end
+  end
+end
+
+Dir[File.join(File.dirname(__FILE__), 'scanner', '*.rb')].each do |f|
+  require f
+end

data/lib/rack/secure_upload/scanner/base.rb

@@ -0,0 +1,30 @@
+require 'rack/secure_upload/errors'
+
+module Rack
+  module SecureUpload
+    module Scanner
+      class Base
+        attr_reader :options, :logger
+
+        def initialize(options = {})
+          raise RuntimeError, 'Abstract class can not be instantiated' if self.class == Rack::SecureUpload::Scanner::Base
+          @options = default_options.merge(options)
+        end
+
+        def scan(path)
+          # Scan the file here
+        end
+
+        def logger
+          options[:logger] || Rack::SecureUpload.logger
+        end
+
+        private
+
+        def default_options
+          {}
+        end
+      end
+    end
+  end
+end

data/lib/rack/secure_upload/scanner/fsecure.rb

@@ -0,0 +1,47 @@
+require 'cocaine'
+require 'rack/secure_upload/errors'
+
+module Rack
+  module SecureUpload
+    module Scanner
+      class Fsecure < Base
+        def scan(path)
+          now_umask = ::File.umask(0)
+
+          lock do
+            output = command.run(path: path)
+            logger.info output
+          end
+
+          ::File.exist?(path)
+        ensure
+          ::File.umask(now_umask)
+        end
+
+        private
+
+        def lock
+          ::File.open(options[:lockfile_path], 'w', 0666) do |f|
+            f.flock(::File::LOCK_EX)
+            begin
+              yield
+            ensure
+              f.flock(::File::LOCK_UN)
+            end
+          end
+        end
+
+        def command
+          Cocaine::CommandLine.new(options[:bin_path], "--auto --virus-action1=remove :path")
+        end
+
+        def default_options
+          {
+            :bin_path => "/usr/bin/fsav",
+            :lockfile_path => "/tmp/fsav_lock"
+          }
+        end
+      end
+    end
+  end
+end

data/lib/rack/secure_upload/utility.rb

@@ -0,0 +1,20 @@
+module Rack
+  module SecureUpload
+    module Utility
+      def traverse(value, &block)
+        if value.is_a?(Hash)
+          value.each do |k, v|
+            traverse(k, &block)
+            traverse(v, &block)
+          end
+        elsif value.is_a?(Array)
+          value.each do |v|
+            traverse(v, &block)
+          end
+        else
+          block.call(value)
+        end
+      end
+    end
+  end
+end

data/lib/rack/secure_upload/version.rb

@@ -0,0 +1,5 @@
+module Rack
+  module SecureUpload
+    VERSION = "0.0.1"
+  end
+end

data/rack-secure-upload.gemspec

@@ -0,0 +1,26 @@
+require File.expand_path('../lib/rack/secure_upload/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name        = "rack-secure-upload"
+  gem.version     = Rack::SecureUpload::VERSION
+  gem.platform    = Gem::Platform::RUBY
+  gem.authors     = ["Daisuke Taniwaki"]
+  gem.email       = ["daisuketaniwaki@gmail.com"]
+  gem.homepage    = "https://github.com/dtaniwaki/rack-secure-upload"
+  gem.summary     = "Upload files securely"
+  gem.description = "Upload files securely"
+  gem.license     = "MIT"
+
+  gem.files       = `git ls-files`.split("\n")
+  gem.test_files  = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.require_paths = ['lib']
+
+  gem.add_dependency 'logger', '>= 1.2'
+  gem.add_dependency "rack", ">= 1.1"
+  gem.add_dependency "cocaine"
+
+  gem.add_development_dependency "rake"
+  gem.add_development_dependency "rspec", ">= 3.0"
+  gem.add_development_dependency "coveralls"
+end

data/spec/rack/secure_upload/middleware_spec.rb

@@ -0,0 +1,33 @@
+require "spec_helper"
+
+describe Rack::SecureUpload::Middleware do
+  let(:env) { Rack::MockRequest.env_for('/') }
+  let(:file) { Rack::Multipart::UploadedFile.new(__FILE__) }
+  let(:scanner) { double scan: true }
+  subject { Rack::SecureUpload::Middleware.new(->env { ":)" }, scanner) }
+
+  context "with uploaded file" do
+    let(:env) { Rack::MockRequest.env_for('/', method: :post, params: {foo: file}) }
+
+    it "scans" do
+      expect(scanner).to receive(:scan)
+      subject.call(env)
+    end
+
+    context "with multiple uploaded files" do
+      let(:env) { Rack::MockRequest.env_for('/', method: :post, params: {foo: file, bar: file, zoo: file}) }
+
+      it "scans" do
+        expect(scanner).to receive(:scan).exactly(3).times
+        subject.call(env)
+      end
+    end
+  end
+
+  context "without uplaod file" do
+    it "does not scan" do
+      expect(scanner).not_to receive(:scan)
+      subject.call(env)
+    end
+  end
+end

data/spec/rack/secure_upload/scanner/base_spec.rb

@@ -0,0 +1,36 @@
+require "spec_helper"
+
+describe Rack::SecureUpload::Scanner::Base do
+  let(:klass) { Rack::SecureUpload::Scanner::Base }
+  it "has private initialize method" do
+    expect {
+      klass.new
+    }.to raise_error(Rack::SecureUpload::RuntimeError)
+  end
+  describe "subclass" do
+    describe "options" do
+      it "merges default options with argument options" do
+        scanner = Class.new(klass) {
+          def default_options
+            {color: :green}
+          end
+        }.new(foo: :bar)
+        expect(scanner.options).to eq(foo: :bar, color: :green)
+      end
+    end
+    describe "with logger option" do
+      let(:logger) { double }
+      it "uses its own logger if available" do
+        scanner = Class.new(klass).new(logger: logger)
+        expect(scanner.logger).to eq(logger)
+      end
+    end
+    describe "without logger option" do
+      let(:logger) { double }
+      it "uses its own logger if available" do
+        scanner = Class.new(klass).new
+        expect(scanner.logger).not_to eq(logger)
+      end
+    end
+  end
+end

data/spec/rack/secure_upload/scanner/fsecure_spec.rb

@@ -0,0 +1,35 @@
+require "spec_helper"
+
+describe Rack::SecureUpload::Scanner::Fsecure do
+  let(:path) { 'tmp/fsecure_spec_target' }
+  subject { Rack::SecureUpload::Scanner::Fsecure.new }
+
+  before do
+    ::File.open(path, 'w').close
+  end
+  after do
+    ::FileUtils.rm path if ::File.exists?(path)
+  end
+
+  context "normal files" do
+    let(:command) { double run: lambda {} }
+    it "detects an insecure file" do
+      allow(subject).to receive(:command).and_return(command)
+      expect(subject.scan(path)).to eq(true)
+    end
+  end
+
+  context "insecure files" do
+    let(:command) do
+      d = double
+      allow(d).to receive(:run) do
+        ::FileUtils.rm path
+      end
+      d
+    end
+    it "does not detect normal file" do
+      allow(subject).to receive(:command).and_return(command)
+      expect(subject.scan(path)).to eq(false)
+    end
+  end
+end

data/spec/rack/secure_upload/utility_spec.rb

@@ -0,0 +1,40 @@
+require "spec_helper"
+
+describe Rack::SecureUpload::Utility do
+  subject { Class.new{ include Rack::SecureUpload::Utility }.new }
+  
+  describe "#traverse" do
+    context "array" do
+      it "yields the block" do
+        targets = [1, 2, 3]
+        traversed = []
+        subject.traverse(targets) do |v|
+          traversed << v
+        end
+        expect(traversed).to eq(targets)
+      end
+    end
+
+    context "hash" do
+      it "yields the block" do
+        targets = {:a => 1, :b => 2, :c => 3}
+        traversed = Set.new
+        subject.traverse(targets) do |v|
+          traversed << v
+        end
+        expect(traversed).to eq(Set.new(targets.keys + targets.values))
+      end
+    end
+
+    context "complicated hash" do
+      it "yields the block" do
+        targets = {:a => [1, 2, 3], :b => {'x' => [0], 'y' => 'Y'}, :c => 3}
+        traversed = Set.new
+        subject.traverse(targets) do |v|
+          traversed << v
+        end
+        expect(traversed).to eq(Set.new([:a, 1, 2, 3, :b, 'x', 0, 'y', 'Y', :c, 3]))
+      end
+    end
+  end
+end

data/spec/rack/secure_upload_spec.rb

@@ -0,0 +1,7 @@
+require "spec_helper"
+
+describe Rack::SecureUpload do
+  it "has a logger" do
+    expect(Rack::SecureUpload.logger).to be_a(::Logger)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,13 @@
+require 'rubygems'
+require 'coveralls'
+Coveralls.wear!
+
+require 'rack'
+require 'rack-secure-upload'
+
+Dir[File.join(File.dirname(__FILE__), "support/**/*.rb")].each {|f| require f }
+
+ENV['RACK_ENV'] = 'test'
+RSpec.configure do |config|
+end
+

metadata

@@ -0,0 +1,162 @@
+--- !ruby/object:Gem::Specification
+name: rack-secure-upload
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Daisuke Taniwaki
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-06-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: cocaine
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Upload files securely
+email:
+- daisuketaniwaki@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- gemfiles/gemfile
+- gemfiles/rack.1.1.x.gemfile
+- gemfiles/rack.1.2.x.gemfile
+- gemfiles/rack.1.3.x.gemfile
+- gemfiles/rack.1.4.x.gemfile
+- lib/rack-secure-upload.rb
+- lib/rack/secure_upload.rb
+- lib/rack/secure_upload/errors.rb
+- lib/rack/secure_upload/middleware.rb
+- lib/rack/secure_upload/scanner.rb
+- lib/rack/secure_upload/scanner/base.rb
+- lib/rack/secure_upload/scanner/fsecure.rb
+- lib/rack/secure_upload/utility.rb
+- lib/rack/secure_upload/version.rb
+- rack-secure-upload.gemspec
+- spec/rack/secure_upload/middleware_spec.rb
+- spec/rack/secure_upload/scanner/base_spec.rb
+- spec/rack/secure_upload/scanner/fsecure_spec.rb
+- spec/rack/secure_upload/utility_spec.rb
+- spec/rack/secure_upload_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/dtaniwaki/rack-secure-upload
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Upload files securely
+test_files:
+- spec/rack/secure_upload/middleware_spec.rb
+- spec/rack/secure_upload/scanner/base_spec.rb
+- spec/rack/secure_upload/scanner/fsecure_spec.rb
+- spec/rack/secure_upload/utility_spec.rb
+- spec/rack/secure_upload_spec.rb
+- spec/spec_helper.rb
+has_rdoc: