rack-secure-upload 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cbe05978464d47ac087ea6adeb658393255286a1
-  data.tar.gz: 665a3cf199c8842d9e462817731bdd7eda1bf680
+  metadata.gz: d0ba9f53bce6aa9b457f8e3b239d6a4d3bc3ffaf
+  data.tar.gz: ebd770e5e8bb8a5043f0ab6c7a1305a790471f67
 SHA512:
-  metadata.gz: 586489032e752102f6fecc512fb2c382479ba6ba1866ae7f0eb85a3af91e7d7e240c23ec79d8c8023d3ba412442983574e6f8190dbd77fac382330ae9c85da0f
-  data.tar.gz: 2babc6bedc1898e099e400c80a4b9f5bbe14a594dc458d7c2dcda38a6b38fda2d2aaf5fd1a7592b5ff913086ff724a04674a84bb2dc8d6af751f9d0059883afd
+  metadata.gz: a05f9640d310478531800cb2ffe6661e1badb469d95eabe720e24d1211056edf2ee6a96ecdd09f94bdf78c515b88ea2ca4376608c912aedd1754d756c4591727
+  data.tar.gz: 6643d906405bff3ab54651a8fc2f2f9513981fb9adf2a1e8d99f2857a957b3bb9b391698b088494b3c74db4c8999d1b6afb08cdf9cf3eaaf909776d5de792b79

data/.travis.yml

@@ -8,8 +8,6 @@ gemfile:
   - gemfiles/gemfile
   - gemfiles/rack.1.4.x.gemfile
   - gemfiles/rack.1.3.x.gemfile
-  - gemfiles/rack.1.2.x.gemfile
-  - gemfiles/rack.1.1.x.gemfile
 
 script: "bundle exec rake spec"
 

data/README.md

@@ -1,5 +1,7 @@
 # rack-secure-upload
 
+[![Gem Version](https://badge.fury.io/rb/rack-secure-upload.svg)](http://badge.fury.io/rb/rack-secure-upload) [![Build Status](https://travis-ci.org/dtaniwaki/rack-secure-upload.svg?branch=master)](https://travis-ci.org/dtaniwaki/rack-secure-upload) [![Coverage Status](https://coveralls.io/repos/dtaniwaki/rack-secure-upload/badge.png)](https://coveralls.io/r/dtaniwaki/rack-secure-upload)
+
 Upload files securely
 
 ## Installation
@@ -34,9 +36,21 @@ end
 
 ## AntiVirus Softwares
 
+### Avast
+
+1. Get [license](http://www.avast.com/registration-free-antivirus.php)
+2. Install the package
+
+```bash
+wget -c http://files.avast.com/files/linux/avast4workstation-1.3.0-1.i586.rpm
+sudo yum localinstall avast4workstation-1.3.0-1.i586.rpm
+avast -V # Input your license
+avast-update
+```
+
 ### F-Secure
 
-1. Get [license](http://www.f-secure.com/en/web/business_global/trial)
+1. Get [license](http://www.f-secure.com/en/web/business_global/trial) (Optional)
 2. Install the package
 
 ```bash
@@ -45,6 +59,13 @@ tar xvzf f-secure-linux-security-10.00.60.tar.gz
 sudo ./f-secure-linux-security-10.00.60/f-secure-linux-security-10.00.60
 ```
 
+## Test this middleware
+
+1. Download [eicar test file](http://www.f-secure.com/virus-info/eicar.com)
+2. Upload it
+
+You can try this with [sample app](https://github.com/dtaniwaki/rack-secure-upload-sample-app)
+
 ## Contributing
 
 1. Fork it

data/lib/rack/secure_upload/errors.rb

@@ -1,6 +1,7 @@
 module Rack
   module SecureUpload
     class RuntimeError < ::RuntimeError; end
+    class SetupError < RuntimeError; end
     class InsecureFileError < RuntimeError; end
   end
 end

data/lib/rack/secure_upload/middleware.rb

@@ -10,10 +10,14 @@ module Rack
       def initialize(app, scanners)
         @app = app
         @scanners = [scanners].flatten.map { |scanner| scanner.is_a?(Symbol) ? Rack::SecureUpload::Scanner.const_get(camelize(scanner.to_s)).new : scanner }
+        @scanners.each do |scanner|
+          scanner.setup
+        end
       end
 
       def call(env)
         params = Rack::Multipart.parse_multipart(env)
+
         if params && !params.empty?
           traverse(params) do |value|
             next unless [Tempfile, File].any?{ |klass| value.is_a?(klass) }

data/lib/rack/secure_upload/scanner/avast.rb

@@ -0,0 +1,50 @@
+require 'rack/secure_upload/scanner/base'
+
+module Rack
+  module SecureUpload
+    module Scanner
+      class Avast < Base
+        def setup
+          raise SetupError, "#{options[:bin_path]} is not found." unless ::File.exists?(options[:bin_path])
+        end
+
+        def scan(path)
+          now_umask = ::File.umask(0)
+
+          lock do
+            output = command.run(path: path)
+            logger.info output
+          end
+
+          ::File.exist?(path)
+        ensure
+          ::File.umask(now_umask)
+        end
+
+        private
+
+        def lock
+          ::File.open(options[:lockfile_path], 'w', 0666) do |f|
+            f.flock(::File::LOCK_EX)
+            begin
+              yield
+            ensure
+              f.flock(::File::LOCK_UN)
+            end
+          end
+        end
+
+        def command
+          Cocaine::CommandLine.new(options[:bin_path], "-p 1 :path", :expected_outcodes => [0, 1])
+        end
+
+        def default_options
+          {
+            :bin_path => "/usr/bin/avast",
+            :lockfile_path => "/tmp/avast_lock"
+          }
+        end
+      end
+    end
+  end
+end

data/lib/rack/secure_upload/scanner/base.rb

@@ -1,3 +1,4 @@
+require 'cocaine'
 require 'rack/secure_upload/errors'
 
 module Rack
@@ -11,6 +12,9 @@ module Rack
           @options = default_options.merge(options)
         end
 
+        def setup
+        end
+
         def scan(path)
           # Scan the file here
         end

data/lib/rack/secure_upload/scanner/fsecure.rb

@@ -1,10 +1,13 @@
-require 'cocaine'
-require 'rack/secure_upload/errors'
+require 'rack/secure_upload/scanner/base'
 
 module Rack
   module SecureUpload
     module Scanner
       class Fsecure < Base
+        def setup
+          raise SetupError, "#{options[:bin_path]} is not found." unless ::File.exists?(options[:bin_path])
+        end
+
         def scan(path)
           now_umask = ::File.umask(0)
 
@@ -32,7 +35,7 @@ module Rack
         end
 
         def command
-          Cocaine::CommandLine.new(options[:bin_path], "--auto --virus-action1=remove :path")
+          Cocaine::CommandLine.new(options[:bin_path], "--auto --virus-action1=remove :path", :expected_outcodes => [0, 1])
         end
 
         def default_options

data/lib/rack/secure_upload/utility.rb

@@ -15,6 +15,10 @@ module Rack
           block.call(value)
         end
       end
+
+      def camelize(s)
+        s.split('_').map{ |_s| "#{_s[0].upcase}#{_s[1..-1]}" }.join
+      end
     end
   end
 end

data/lib/rack/secure_upload/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module SecureUpload
-    VERSION = "0.0.1"
+    VERSION = "0.1.0"
   end
 end

data/rack-secure-upload.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ['lib']
 
   gem.add_dependency 'logger', '>= 1.2'
-  gem.add_dependency "rack", ">= 1.1"
+  gem.add_dependency "rack", ">= 1.3"
   gem.add_dependency "cocaine"
 
   gem.add_development_dependency "rake"

data/spec/rack/secure_upload/middleware_spec.rb

@@ -3,7 +3,7 @@ require "spec_helper"
 describe Rack::SecureUpload::Middleware do
   let(:env) { Rack::MockRequest.env_for('/') }
   let(:file) { Rack::Multipart::UploadedFile.new(__FILE__) }
-  let(:scanner) { double scan: true }
+  let(:scanner) { double setup: true, scan: true }
   subject { Rack::SecureUpload::Middleware.new(->env { ":)" }, scanner) }
 
   context "with uploaded file" do

data/spec/rack/secure_upload/scanner/avast_spec.rb

@@ -0,0 +1,51 @@
+require "spec_helper"
+
+describe Rack::SecureUpload::Scanner::Avast do
+  let(:path) { 'tmp/avast_spec_target' }
+  subject { Rack::SecureUpload::Scanner::Avast.new }
+
+  before do
+    ::File.open(path, 'w').close
+  end
+
+  describe "#setup" do
+    subject { Rack::SecureUpload::Scanner::Avast.new(bin_path: 'tmp/avast_binary') }
+    context "bin file exists" do
+      before do
+        ::File.open('tmp/avast_binary', 'w').close
+      end
+      it "does not raise an exception" do
+        expect{ subject.setup }.not_to raise_error
+      end
+    end
+    context "no bin file" do
+      it "raises an exception" do
+        expect{ subject.setup }.to raise_error(Rack::SecureUpload::SetupError)
+      end
+    end
+  end
+
+  describe "#scan" do
+    context "normal files" do
+      let(:command) { double run: lambda {} }
+      it "detects an insecure file" do
+        allow(subject).to receive(:command).and_return(command)
+        expect(subject.scan(path)).to eq(true)
+      end
+    end
+
+    context "insecure files" do
+      let(:command) do
+        d = double
+        allow(d).to receive(:run) do
+          ::FileUtils.rm path
+        end
+        d
+      end
+      it "does not detect normal file" do
+        allow(subject).to receive(:command).and_return(command)
+        expect(subject.scan(path)).to eq(false)
+      end
+    end
+  end
+end

data/spec/rack/secure_upload/scanner/fsecure_spec.rb

@@ -7,29 +7,45 @@ describe Rack::SecureUpload::Scanner::Fsecure do
   before do
     ::File.open(path, 'w').close
   end
-  after do
-    ::FileUtils.rm path if ::File.exists?(path)
-  end
 
-  context "normal files" do
-    let(:command) { double run: lambda {} }
-    it "detects an insecure file" do
-      allow(subject).to receive(:command).and_return(command)
-      expect(subject.scan(path)).to eq(true)
+  describe "#setup" do
+    subject { Rack::SecureUpload::Scanner::Fsecure.new(bin_path: 'tmp/fsecure_binary') }
+    context "bin file exists" do
+      before do
+        ::File.open('tmp/fsecure_binary', 'w').close
+      end
+      it "does not raise an exception" do
+        expect{ subject.setup }.not_to raise_error
+      end
+    end
+    context "no bin file" do
+      it "raises an exception" do
+        expect{ subject.setup }.to raise_error(Rack::SecureUpload::SetupError)
+      end
     end
   end
 
-  context "insecure files" do
-    let(:command) do
-      d = double
-      allow(d).to receive(:run) do
-        ::FileUtils.rm path
+  describe "#scan" do
+    context "normal files" do
+      let(:command) { double run: lambda {} }
+      it "detects an insecure file" do
+        allow(subject).to receive(:command).and_return(command)
+        expect(subject.scan(path)).to eq(true)
       end
-      d
     end
-    it "does not detect normal file" do
-      allow(subject).to receive(:command).and_return(command)
-      expect(subject.scan(path)).to eq(false)
+
+    context "insecure files" do
+      let(:command) do
+        d = double
+        allow(d).to receive(:run) do
+          ::FileUtils.rm path
+        end
+        d
+      end
+      it "does not detect normal file" do
+        allow(subject).to receive(:command).and_return(command)
+        expect(subject.scan(path)).to eq(false)
+      end
     end
   end
 end

data/spec/rack/secure_upload/utility_spec.rb

@@ -37,4 +37,10 @@ describe Rack::SecureUpload::Utility do
       end
     end
   end
+
+  describe "#camelize" do
+    it "camelizes" do
+      expect(subject.camelize("test_test_test")).to eq("TestTestTest")
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -9,5 +9,11 @@ Dir[File.join(File.dirname(__FILE__), "support/**/*.rb")].each {|f| require f }
 
 ENV['RACK_ENV'] = 'test'
 RSpec.configure do |config|
+  config.before do
+    ::FileUtils.mkdir_p 'tmp'
+  end
+  config.after do
+    ::FileUtils.remove_dir 'tmp'
+  end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-secure-upload
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Daisuke Taniwaki
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: cocaine
   requirement: !ruby/object:Gem::Requirement
@@ -108,8 +108,6 @@ files:
 - README.md
 - Rakefile
 - gemfiles/gemfile
-- gemfiles/rack.1.1.x.gemfile
-- gemfiles/rack.1.2.x.gemfile
 - gemfiles/rack.1.3.x.gemfile
 - gemfiles/rack.1.4.x.gemfile
 - lib/rack-secure-upload.rb
@@ -117,12 +115,14 @@ files:
 - lib/rack/secure_upload/errors.rb
 - lib/rack/secure_upload/middleware.rb
 - lib/rack/secure_upload/scanner.rb
+- lib/rack/secure_upload/scanner/avast.rb
 - lib/rack/secure_upload/scanner/base.rb
 - lib/rack/secure_upload/scanner/fsecure.rb
 - lib/rack/secure_upload/utility.rb
 - lib/rack/secure_upload/version.rb
 - rack-secure-upload.gemspec
 - spec/rack/secure_upload/middleware_spec.rb
+- spec/rack/secure_upload/scanner/avast_spec.rb
 - spec/rack/secure_upload/scanner/base_spec.rb
 - spec/rack/secure_upload/scanner/fsecure_spec.rb
 - spec/rack/secure_upload/utility_spec.rb
@@ -154,6 +154,7 @@ specification_version: 4
 summary: Upload files securely
 test_files:
 - spec/rack/secure_upload/middleware_spec.rb
+- spec/rack/secure_upload/scanner/avast_spec.rb
 - spec/rack/secure_upload/scanner/base_spec.rb
 - spec/rack/secure_upload/scanner/fsecure_spec.rb
 - spec/rack/secure_upload/utility_spec.rb

data/gemfiles/rack.1.1.x.gemfile

@@ -1,4 +0,0 @@
-source "http://rubygems.org"
-
-gem 'rack', '~> 1.1.0'
-gemspec :path => '../'

data/gemfiles/rack.1.2.x.gemfile

@@ -1,4 +0,0 @@
-source "http://rubygems.org"
-
-gem 'rack', '~> 1.2.0'
-gemspec :path => '../'