ratonvirus 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7fa55b1025e3d8099f86b8b9e9157cbd4473980441aac2c7acc98b92cf2c3ff6
-  data.tar.gz: f219700545adb3593677af4fad1bb9d198892fc94bd128101a817169118254a0
+  metadata.gz: a0ee734de35bb79c99398afaf866f42c87e023aa4ab813ee8e582f4a1ea89597
+  data.tar.gz: 3d15112835af1745bf61d7d7a0d6017a31b4e1d638211d26e909564baa19e733
 SHA512:
-  metadata.gz: 5fcd623e174c648393cc5489c27ce685ee0da9282a7289122a537daacff67950323123e7698da610af6a77b19b63753accb41ca22d06098dc95f4f8d41a109f9
-  data.tar.gz: 85100d78a0e6a476cb4c4e3dde833381e7ac2219d4c9127cef4f07458b8ca56ba3a0977275f5d715f64cbab7989bbcb047c733dade35e6d6a95192b48005d0bd
+  metadata.gz: a663b2d27b3c98c8f4d83093cb87f4dc5f7ad87cdd8897358a923d1105ff69cfcd1bbb10831b657aad6d1bf1ef84a7b1ef42ed4817eccdb27782fbf081be3b7d
+  data.tar.gz: 5ba1e916ee109f4988c46c6bc325be84616af57f9a35b28390f55ea616b24a15de6a812d4dcbc58df11006b1d80b2636b4880c70abd45e517551392d64afc239

data/CHANGELOG.md

@@ -1,3 +1,24 @@
+# v0.3.0
+
+Changed:
+
+- Minimum Ruby version is now set to 2.5
+
+Fixed:
+
+- Issue related with scanning files with CarrierWave storage engine using remote storage engines such as Fog. Related
+  to [#9](https://github.com/mainio/ratonvirus/pull/9)
+
+# v0.2.0
+
+Support for Rails 6
+
+The ActiveStorage storage engine has been updated and partly rewritten due to changes in its API. The new API introduces
+a changes concept in the library which this update takes in to account. In the new API, the blobs will not get uploaded
+to the storage service before the validations have been successful, which led to rethinking how this storage engine
+works in Ratonvirus.
+
+
 # v0.1.1
 
 Fixed:

data/README.md

@@ -3,7 +3,7 @@
 Rails antivirus made easy.
 Developed by [Mainio Tech](https://www.mainiotech.fi/).
 
-[![Build Status](https://travis-ci.org/mainio/ratonvirus.svg?branch=master)](https://travis-ci.org/mainio/ratonvirus)
+[![Build Status](https://github.com/mainio/ratonvirus/actions/workflows/ci_ratonvirus.yml/badge.svg)](https://github.com/mainio/ratonvirus/actions)
 [![codecov](https://codecov.io/gh/mainio/ratonvirus/branch/master/graph/badge.svg)](https://codecov.io/gh/mainio/ratonvirus)
 
 Ratonvirus allows your Rails application to rat on the viruses that your users

data/lib/ratonvirus.rb

@@ -12,6 +12,7 @@ require_relative "ratonvirus/scanner/support/callbacks"
 require_relative "ratonvirus/scanner/base"
 require_relative "ratonvirus/scanner/eicar"
 require_relative "ratonvirus/scanner/addon/remove_infected"
+require_relative "ratonvirus/storage/support/io_handling"
 require_relative "ratonvirus/storage/base"
 require_relative "ratonvirus/storage/filepath"
 require_relative "ratonvirus/storage/active_storage"

data/lib/ratonvirus/error.rb

@@ -4,6 +4,8 @@ module Ratonvirus
   class Error < StandardError; end
 
   class InvalidError < Error; end
+
   class NotDefinedError < Error; end
+
   class NotImplementedError < Error; end
 end

data/lib/ratonvirus/scanner/base.rb

@@ -11,8 +11,8 @@ module Ratonvirus
         end
       end
 
-      attr_reader :config
-      attr_reader :errors # Only available after `virus?` has been called.
+      # :errors - Only available after `virus?` has been called.
+      attr_reader :config, :errors
 
       def initialize(configuration = {})
         @config = default_config.merge!(configuration)

data/lib/ratonvirus/scanner/eicar.rb

@@ -19,11 +19,11 @@ module Ratonvirus
       protected
 
       def run_scan(path)
-        if !File.file?(path)
-          errors << :antivirus_file_not_found
-        else
+        if File.file?(path)
           sha256 = Digest::SHA256.file path
           errors << :antivirus_virus_detected if sha256 == EICAR_SHA256
+        else
+          errors << :antivirus_file_not_found
         end
       rescue StandardError
         errors << :antivirus_client_error

data/lib/ratonvirus/storage/active_storage.rb

@@ -3,6 +3,8 @@
 module Ratonvirus
   module Storage
     class ActiveStorage < Base
+      include Ratonvirus::Storage::Support::IoHandling
+
       def changed?(record, attribute)
         resource = record.public_send attribute
         !resource.record.attachment_changes[resource.name].nil?
@@ -20,9 +22,10 @@ module Ratonvirus
 
         change = resource.record.attachment_changes[resource.name]
 
-        if change.is_a?(::ActiveStorage::Attached::Changes::CreateOne)
+        case change
+        when ::ActiveStorage::Attached::Changes::CreateOne
           handle_create_one(change, &block)
-        elsif change.is_a?(::ActiveStorage::Attached::Changes::CreateMany)
+        when ::ActiveStorage::Attached::Changes::CreateMany
           handle_create_many(change, &block)
         end
       end
@@ -101,39 +104,6 @@ module Ratonvirus
 
         yield processable([change.attachment, attachable])
       end
-
-      # This creates a local copy of the io contents for the scanning process. A
-      # local copy is needed for processing because the io object may be a file
-      # stream in the memory which may not have a path associated with it on the
-      # filesystem.
-      def io_path(io, extension)
-        tempfile = Tempfile.open(
-          ["Ratonvirus", extension],
-          tempdir
-        )
-        # Important for the scanner to be able to access the file.
-        prepare_for_scanner tempfile.path
-
-        begin
-          tempfile.binmode
-          IO.copy_stream(io, tempfile)
-          tempfile.flush
-          tempfile.rewind
-
-          yield tempfile.path
-        ensure
-          tempfile.close!
-        end
-      end
-
-      def tempdir
-        Dir.tmpdir
-      end
-
-      def prepare_for_scanner(filepath)
-        # Important for the scanner to be able to access the file.
-        File.chmod(0o644, filepath)
-      end
     end
   end
 end

data/lib/ratonvirus/storage/carrierwave.rb

@@ -3,6 +3,8 @@
 module Ratonvirus
   module Storage
     class Carrierwave < Base
+      include Ratonvirus::Storage::Support::IoHandling
+
       def changed?(record, attribute)
         record.public_send :"#{attribute}_changed?"
       end
@@ -15,12 +17,22 @@ module Ratonvirus
         end
       end
 
-      def asset_path(asset)
+      def asset_path(asset, &block)
         return unless block_given?
         return if asset.nil?
         return if asset.file.nil?
 
-        yield asset.file.path
+        # If the file is a local SanitizedFile, it is faster to run the scan
+        # directly against that file instead of copying it to a tempfile first
+        # as below for external file storages.
+        return yield asset.file.path if asset.file.is_a?(::CarrierWave::SanitizedFile)
+
+        # The file could be externally stored, so we need to read it to memory
+        # in order to create a temporary file for the scanner to perform the
+        # scan on.
+        io = StringIO.new(asset.file.read)
+        ext = File.extname(asset.file.path)
+        io_path(io, ext, &block)
       end
 
       def asset_remove(asset)

data/lib/ratonvirus/storage/support/io_handling.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "tempfile"
+
+module Ratonvirus
+  module Storage
+    module Support
+      module IoHandling
+        private
+
+        # This creates a local copy of the io contents for the scanning process.
+        # A local copy is needed for processing because the io object may be a
+        # file stream in the memory which may not have a path associated with it
+        # on the filesystem.
+        def io_path(io, extension)
+          tempfile = Tempfile.open(
+            ["Ratonvirus", extension],
+            tempdir
+          )
+          # Important for the scanner to be able to access the file.
+          prepare_for_scanner tempfile.path
+
+          begin
+            tempfile.binmode
+            IO.copy_stream(io, tempfile)
+            tempfile.flush
+            tempfile.rewind
+
+            yield tempfile.path
+          ensure
+            tempfile.close!
+          end
+        end
+
+        def tempdir
+          Dir.tmpdir
+        end
+
+        def prepare_for_scanner(filepath)
+          # Important for the scanner to be able to access the file.
+          File.chmod(0o644, filepath)
+        end
+      end
+    end
+  end
+end

data/lib/ratonvirus/support/backend.rb

@@ -88,37 +88,37 @@ module Ratonvirus
       def define_backend(backend_type, backend_subclass)
         class_eval <<-CODE, __FILE__, __LINE__ + 1
           # Getter for #{backend_type}
-          def self.#{backend_type}
-            @#{backend_type} ||= create_#{backend_type}
-          end
+          def self.#{backend_type}                      # def self.foo
+            @#{backend_type} ||= create_#{backend_type} #   @foo ||= create_foo
+          end                                           # end
 
           # Setter for #{backend_type}
-          def self.#{backend_type}=(#{backend_type}_value)
-            set_backend(
-              :#{backend_type},
-              "#{backend_subclass}",
-              #{backend_type}_value
-            )
-          end
+          def self.#{backend_type}=(#{backend_type}_value) # def self.foo=(foo_value)
+            set_backend(                                   #   set_backend(
+              :#{backend_type},                            #     :foo
+              "#{backend_subclass}",                       #     "Foo"
+              #{backend_type}_value                        #     foo_value
+            )                                              #   )
+          end                                              # end
 
           # Destroys the currently active #{backend_type}.
           # The #{backend_type} is re-initialized when the getter is called.
-          def self.destroy_#{backend_type}
-            @#{backend_type} = nil
-          end
+          def self.destroy_#{backend_type} # def self.destroy_foo
+            @#{backend_type} = nil         #   @foo = nil
+          end                              # end
 
           # Creates a new backend instance
           # private
-          def self.create_#{backend_type}
-            if @#{backend_type}_defs.nil?
-              raise NotDefinedError.new("#{backend_subclass} not defined!")
-            end
-
-            @#{backend_type}_defs[:klass].new(
-              @#{backend_type}_defs[:config]
-            )
-          end
-          private_class_method :create_#{backend_type}
+          def self.create_#{backend_type}                                   # def self.create_foo
+            if @#{backend_type}_defs.nil?                                   #   if @foo_defs.nil?
+              raise NotDefinedError.new("#{backend_subclass} not defined!") #     raise NotDefinedError.new("Foo not defined")
+            end                                                             #   end
+                                                                            #
+            @#{backend_type}_defs[:klass].new(                              #   @foo_defs[:klass].new(
+              @#{backend_type}_defs[:config]                                #     @foo_defs[:config]
+            )                                                               #   )
+          end                                                               # end
+          private_class_method :create_#{backend_type}                      # private_class_method :create_foo
         CODE
       end
 
@@ -154,12 +154,13 @@ module Ratonvirus
           subtype = backend_value.class
           config = backend_value.config
         else
-          if backend_value.is_a?(Array)
+          case backend_value
+          when Array
             subtype = backend_value.shift
             config = backend_value.shift || {}
 
             raise InvalidError, "Invalid #{backend_type} type: #{subtype}" unless subtype.is_a?(Symbol)
-          elsif backend_value.is_a?(Symbol)
+          when Symbol
             subtype = backend_value
             config = {}
           else

data/lib/ratonvirus/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ratonvirus
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ratonvirus
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Antti Hukkanen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-27 00:00:00.000000000 Z
+date: 2021-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -128,28 +128,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.86.0
+        version: 1.11.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.86.0
+        version: 1.11.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.40'
+        version: 2.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.40'
+        version: 2.2.0
 description: Adds antivirus check capability for Rails applications.
 email:
 - antti.hukkanen@mainiotech.fi
@@ -177,6 +177,7 @@ files:
 - lib/ratonvirus/storage/carrierwave.rb
 - lib/ratonvirus/storage/filepath.rb
 - lib/ratonvirus/storage/multi.rb
+- lib/ratonvirus/storage/support/io_handling.rb
 - lib/ratonvirus/support/backend.rb
 - lib/ratonvirus/version.rb
 - lib/tasks/ratonvirus.rake
@@ -192,7 +193,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="