Skip to content

Commit

Permalink
run avScan in tmp dirs (#2113)
Browse files Browse the repository at this point in the history
  • Loading branch information
macrael authored Dec 14, 2023
1 parent e0fab73 commit ef65829
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 19 deletions.
3 changes: 3 additions & 0 deletions services/uploads/jest.config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,7 @@ module.exports = {
moduleFileExtensions: ['js', 'json', 'jsx', 'd.ts', 'ts', 'node'],
coveragePathIgnorePatterns: [],
modulePathIgnorePatterns: ['local_buckets'],
moduleNameMapper: {
'^uuid$': require.resolve('uuid'),
},
}
3 changes: 1 addition & 2 deletions services/uploads/src/lambdas/avScan.ts
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,7 @@ async function avScan(event: S3Event, _context: Context) {
clamAV,
s3ObjectKey,
s3ObjectBucket,
maxFileSize,
'/tmp/downloads'
maxFileSize
)

// Record the duration of the av scan
Expand Down
15 changes: 0 additions & 15 deletions services/uploads/src/lib/avScan.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ describe('avScan', () => {
it('tags clean for a clean file', async () => {
const thisDir = __dirname
const tmpDefsDir = await mkdtemp('/tmp/freshclam-')
const tmpScanDir = await mkdtemp('/tmp/clamscan-')

const s3Client = NewTestS3UploadsClient()

Expand Down Expand Up @@ -61,7 +60,6 @@ describe('avScan', () => {
goodFileKey,
'test-uploads',
MAX_FILE_SIZE,
tmpScanDir
)
if (scanResult instanceof Error) {
throw scanResult
Expand All @@ -78,13 +76,11 @@ describe('avScan', () => {
expect(virusScanStatus(res2)).toBe('CLEAN')

await rm(tmpDefsDir, { force: true, recursive: true })
await rm(tmpScanDir, { force: true, recursive: true })
})

it('marks infected for an infected file', async () => {
const thisDir = __dirname
const tmpDefsDir = await mkdtemp('/tmp/freshclam-')
const tmpScanDir = await mkdtemp('/tmp/clamscan-')

const s3Client = NewTestS3UploadsClient()

Expand Down Expand Up @@ -133,7 +129,6 @@ describe('avScan', () => {
badFileKey,
'test-uploads',
MAX_FILE_SIZE,
tmpScanDir
)
if (scanResult instanceof Error) {
throw scanResult
Expand All @@ -150,13 +145,11 @@ describe('avScan', () => {
expect(virusScanStatus(res2)).toBe('INFECTED')

await rm(tmpDefsDir, { force: true, recursive: true })
await rm(tmpScanDir, { force: true, recursive: true })
})

it('marks skipped for too big a file (config a smaller max size)', async () => {
const thisDir = __dirname
const tmpDefsDir = await mkdtemp('/tmp/freshclam-')
const tmpScanDir = await mkdtemp('/tmp/clamscan-')

const s3Client = NewTestS3UploadsClient()

Expand Down Expand Up @@ -205,7 +198,6 @@ describe('avScan', () => {
badFileKey,
'test-uploads',
2,
tmpScanDir
)
if (scanResult instanceof Error) {
throw scanResult
Expand All @@ -222,13 +214,11 @@ describe('avScan', () => {
expect(virusScanStatus(res2)).toBe('SKIPPED')

await rm(tmpDefsDir, { force: true, recursive: true })
await rm(tmpScanDir, { force: true, recursive: true })
})

it('marks error if ClamAV errors', async () => {
const thisDir = __dirname
const tmpDefsDir = await mkdtemp('/tmp/freshclam-')
const tmpScanDir = await mkdtemp('/tmp/clamscan-')

const s3Client = NewTestS3UploadsClient()

Expand Down Expand Up @@ -281,7 +271,6 @@ describe('avScan', () => {
badFileKey,
'test-uploads',
MAX_FILE_SIZE,
tmpScanDir
)
if (scanResult instanceof Error) {
throw scanResult
Expand All @@ -298,13 +287,11 @@ describe('avScan', () => {
expect(virusScanStatus(res2)).toBe('ERROR')

await rm(tmpDefsDir, { force: true, recursive: true })
await rm(tmpScanDir, { force: true, recursive: true })
})

it('returns not found if the key doesnt exist', async () => {
const thisDir = __dirname
const tmpDefsDir = await mkdtemp('/tmp/freshclam-')
const tmpScanDir = await mkdtemp('/tmp/clamscan-')

const s3Client = NewTestS3UploadsClient()

Expand Down Expand Up @@ -336,14 +323,12 @@ describe('avScan', () => {
badFileKey,
'test-uploads',
MAX_FILE_SIZE,
tmpScanDir
)
if (!(scanResult instanceof Error)) {
throw new Error('Didnt error on a nonexistant file')
}
expect(scanResult.name).toBe('NotFound')

await rm(tmpDefsDir, { force: true, recursive: true })
await rm(tmpScanDir, { force: true, recursive: true })
})
})
9 changes: 7 additions & 2 deletions services/uploads/src/lib/avScan.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { S3UploadsClient } from '../deps/s3'
import { mkdtemp } from 'fs/promises'
import { ClamAV } from '../deps/clamAV'
import { generateVirusScanTagSet, ScanStatus } from './tags'
import { scanFiles } from './scanFiles'
Expand All @@ -9,7 +10,6 @@ export async function scanFile(
key: string,
bucket: string,
maxFileSize: number,
scanDir: string
): Promise<undefined | Error> {
//You need to verify that you are not getting too large a file
//currently lambdas max out at 500MB storage.
Expand All @@ -24,12 +24,16 @@ export async function scanFile(
// tag with skipped.
tagResult = 'SKIPPED'
} else {

// make a tmp directory to scan this file in
const tmpScanDir = await mkdtemp('/tmp/clamscan-')

const infectedFiles = await scanFiles(
s3Client,
clamAV,
[key],
bucket,
scanDir
tmpScanDir
)

if (infectedFiles instanceof Error) {
Expand All @@ -41,6 +45,7 @@ export async function scanFile(
tagResult = 'INFECTED'
}
}

}

const tags = generateVirusScanTagSet(tagResult)
Expand Down

0 comments on commit ef65829

Please sign in to comment.