From ce97246fa997348b61af5a8e84e08d821703d890 Mon Sep 17 00:00:00 2001
From: Matthias Simonis <github@matthias-simonis.de>
Date: Mon, 24 Jun 2024 17:08:03 +0200
Subject: [PATCH] Add test for tags (#44)

* adds test for the tag-unscanned job
* adds a test for when the unscanned tag is disabled
* adds a test for the wontscan tag

---------

Co-authored-by: Simonis, Matthias <Matthias.Simonis@gdata.de>
(cherry picked from commit 49b9f62d701be7dc747a898d56f4ce576e606c24)
---
 appinfo/info.xml                      |  1 +
 lib/Command/GetTagsForFileCommand.php | 63 +++++++++++++++++++++++++++
 lib/Service/VerdictService.php        |  1 +
 tests/functionality-parallel.bats     | 42 +++++++++++++++++-
 tests/functionality-sequential.bats   | 62 +++++++++++++++++++++++++-
 5 files changed, 166 insertions(+), 3 deletions(-)
 create mode 100644 lib/Command/GetTagsForFileCommand.php

diff --git a/appinfo/info.xml b/appinfo/info.xml
index 736b5066..5d4fa697 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -39,6 +39,7 @@ If you have any questions about scanning, usage or similar, please feel free to
     <commands>
         <command>OCA\GDataVaas\Command\ScanCommand</command>
         <command>OCA\GDataVaas\Command\TagUnscannedCommand</command>
+        <command>OCA\GDataVaas\Command\GetTagsForFileCommand</command>
 	</commands>
     <dependencies>
         <nextcloud min-version="29" max-version="29"/>
diff --git a/lib/Command/GetTagsForFileCommand.php b/lib/Command/GetTagsForFileCommand.php
new file mode 100644
index 00000000..e424a48b
--- /dev/null
+++ b/lib/Command/GetTagsForFileCommand.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace OCA\GDataVaas\Command;
+
+use OCA\GDataVaas\Logging\ConsoleCommandLogger;
+use OCP\Files\IRootFolder;
+use OCP\SystemTag\ISystemTagManager;
+use OCP\SystemTag\ISystemTagObjectMapper;
+use Psr\Log\LoggerInterface;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class GetTagsForFileCommand extends Command {
+	public const FILE_PATH = 'file-path';
+	
+	private LoggerInterface $logger;
+	private IRootFolder $rootFolder;
+	private ISystemTagObjectMapper $systemTagObjectMapper;
+	private ISystemTagManager $tagManager;
+
+	public function __construct(LoggerInterface $logger, IRootFolder $rootFolder, ISystemTagObjectMapper $systemTagObjectMapper, ISystemTagManager $tagManager) {
+		parent::__construct();
+
+		$this->logger = $logger;
+		$this->rootFolder = $rootFolder;
+		$this->systemTagObjectMapper = $systemTagObjectMapper;
+		$this->tagManager = $tagManager;
+	}
+
+	/**
+	 * @return void
+	 */
+	protected function configure() {
+		$this->setName('gdatavaas:get-tags-for-file');
+		$this->setDescription('get tags for file');
+		
+		$this->addArgument(self::FILE_PATH, InputArgument::REQUIRED, "path to file (username/files/filename)");
+	}
+
+	/**
+	 * @param $argument
+	 * @return void
+	 * @throws \OCP\DB\Exception if the database platform is not supported
+	 */
+	protected function execute(InputInterface $input, OutputInterface $output): int {
+		$logger = new ConsoleCommandLogger($this->logger, $output);
+
+		$filePath = $input->getArgument('file-path');
+
+		$node = $this->rootFolder->get($filePath);
+		$tagIds = $this->systemTagObjectMapper->getTagIdsForObjects($node->getId(), 'files');
+		foreach ($tagIds[$node->getId()] as $tagId) {
+			$tags = $this->tagManager->getTagsByIds([$tagId]);
+			foreach ($tags as $tag) {
+				$logger->info("tag: ".$tag->getName());
+			}
+		}
+
+		return 0;
+	}
+}
diff --git a/lib/Service/VerdictService.php b/lib/Service/VerdictService.php
index 2467fe36..1a06ce74 100644
--- a/lib/Service/VerdictService.php
+++ b/lib/Service/VerdictService.php
@@ -124,6 +124,7 @@ private function tagFile(int $fileId, string $tagName) {
 				$unscannedTagIsDisabled = $this->appConfig->getValueBool(Application::APP_ID, 'disableUnscannedTag');
 				if (!$unscannedTagIsDisabled)
 					$this->tagService->setTag($fileId, $tagName);
+				break;
             case TagService::CLEAN:
             case TagService::PUP:
             case TagService::WONT_SCAN:
diff --git a/tests/functionality-parallel.bats b/tests/functionality-parallel.bats
index 69292efd..1cbf739f 100755
--- a/tests/functionality-parallel.bats
+++ b/tests/functionality-parallel.bats
@@ -10,6 +10,7 @@ setup_file() {
     mkdir -p $FOLDER_PREFIX
     curl --output $FOLDER_PREFIX/pup.exe http://amtso.eicar.org/PotentiallyUnwanted.exe
     docker exec --env OC_PASS=$TESTUSER_PASSWORD --user www-data nextcloud-container php occ user:add $TESTUSER --password-from-env || echo "already exists"
+    docker exec -u www-data -i nextcloud-container mkdir -p /var/www/html/data/$TESTUSER/files
 
     docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"
     sleep 2
@@ -52,12 +53,51 @@ setup_file() {
 }
 
 @test "test testuser pup Upload" {
-   RESULT=$(curl --silent -w "%{http_code}" -u $TESTUSER:$TESTUSER_PASSWORD -T $FOLDER_PREFIX/pup.exe http://127.0.0.1/remote.php/dav/files/$TESTUSER/functionality-parallel.pup.exe)
+    RESULT=$(curl --silent -w "%{http_code}" -u $TESTUSER:$TESTUSER_PASSWORD -T $FOLDER_PREFIX/pup.exe http://127.0.0.1/remote.php/dav/files/$TESTUSER/functionality-parallel.pup.exe)
     echo "Actual: $RESULT"
     curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/functionality-parallel.pup.exe || echo "file not found"
     [[ $RESULT -ge 200 && $RESULT -lt 300 ]] || exit 1
 }
 
+@test "test unscanned job for admin" {
+    docker cp $FOLDER_PREFIX/pup.exe nextcloud-container:/var/www/html/data/admin/files/admin.unscanned.pup.exe
+    docker exec -i nextcloud-container chown www-data:www-data /var/www/html/data/admin/files/admin.unscanned.pup.exe
+    docker exec -i --user www-data nextcloud-container php occ files:scan --all
+    docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.unscanned.pup.exe | grep "Unscanned") ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.unscanned.pup.exe | wc -l ) -eq "1" ]]
+    
+    docker exec -i --user www-data nextcloud-container rm /var/www/html/data/admin/files/admin.unscanned.pup.exe
+}
+
+@test "test unscanned job for testuser" {
+    docker cp $FOLDER_PREFIX/pup.exe nextcloud-container:/var/www/html/data/$TESTUSER/files/$TESTUSER.unscanned.pup.exe
+    docker exec -i nextcloud-container chown www-data:www-data /var/www/html/data/$TESTUSER/files/$TESTUSER.unscanned.pup.exe
+    docker exec -i --user www-data nextcloud-container php occ files:scan --all
+    docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.unscanned.pup.exe | grep "Unscanned") ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.unscanned.pup.exe | wc -l ) -eq "1" ]]
+
+    docker exec -i --user www-data nextcloud-container rm /var/www/html/data/$TESTUSER/files/$TESTUSER.unscanned.pup.exe
+}
+
+@test "test wontscan tag for testuser" {
+    dd if=/dev/zero of=$FOLDER_PREFIX/too-large.dat  bs=268435457  count=1
+
+    docker cp $FOLDER_PREFIX/too-large.dat nextcloud-container:/var/www/html/data/$TESTUSER/files/$TESTUSER.too-large.dat
+    docker exec -i nextcloud-container chown www-data:www-data /var/www/html/data/$TESTUSER/files/$TESTUSER.too-large.dat
+    docker exec -i --user www-data nextcloud-container php occ files:scan --all
+    docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned
+
+    docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.too-large.dat
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.too-large.dat | grep "Won't scan") ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.too-large.dat | wc -l ) -eq "1" ]]
+
+    docker exec -i --user www-data nextcloud-container rm /var/www/html/data/$TESTUSER/files/$TESTUSER.too-large.dat
+}
+
 @tearddown_file() {
     rm -rf $FOLDER_PREFIX/
 }
diff --git a/tests/functionality-sequential.bats b/tests/functionality-sequential.bats
index 2ddd44f9..d691c9a0 100644
--- a/tests/functionality-sequential.bats
+++ b/tests/functionality-sequential.bats
@@ -10,6 +10,7 @@ setup_file() {
     mkdir -p $FOLDER_PREFIX/
     curl --output $FOLDER_PREFIX/pup.exe http://amtso.eicar.org/PotentiallyUnwanted.exe
     docker exec --env OC_PASS=$TESTUSER_PASSWORD --user www-data nextcloud-container php occ user:add $TESTUSER --password-from-env || echo "already exists"
+    docker exec -u www-data -i nextcloud-container mkdir -p /var/www/html/data/$TESTUSER/files
 
     docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"
     BATS_NO_PARALLELIZE_WITHIN_FILE=true
@@ -33,9 +34,28 @@ setup_file() {
 
     docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"
 
-    docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned
+    # check for unscanned tag
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.eicar.com.txt | grep "Unscanned") ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.eicar.com.txt | wc -l ) -eq "1" ]]
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.pup.exe | grep "Unscanned" ) ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.pup.exe | wc -l ) -eq "1" ]]
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.clean.txt | grep "Unscanned" ) ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.clean.txt | wc -l ) -eq "1" ]]
+
     docker exec -i --user www-data nextcloud-container php occ gdatavaas:scan
 
+    # check for tags (only one specific should exist for each file)
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.eicar.com.txt | grep "Malicious") ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.eicar.com.txt | wc -l ) -eq "1" ]]
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.pup.exe | grep "Pup" ) ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.pup.exe | wc -l ) -eq "1" ]]
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.clean.txt | grep "Clean" ) ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.clean.txt | wc -l ) -eq "1" ]]
+
     LOGS=$(docker exec --user www-data -i nextcloud-container php occ log:tail -nr 5000 | egrep "admin.functionality-sequential.eicar.com.txt|admin.functionality-sequential.clean.txt|admin.pup.exe" )
 
     curl --silent -q -u admin:admin -X DELETE http://127.0.0.1/remote.php/dav/files/admin/admin.functionality-sequential.eicar.com.txt
@@ -56,19 +76,57 @@ setup_file() {
 
     docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"
 
-    docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned
+    # check for unscanned tag
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | grep "Unscanned") ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | wc -l ) -eq "1" ]]
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.pup.exe | grep "Unscanned" ) ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.pup.exe | wc -l ) -eq "1" ]]
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | grep "Unscanned" ) ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | wc -l ) -eq "1" ]]
+
     docker exec -i --user www-data nextcloud-container php occ gdatavaas:scan
 
+    # check for tags (only one specific should exist for each file)
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | grep "Malicious") ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | wc -l ) -eq "1" ]]
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.pup.exe | grep "Pup" ) ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.pup.exe | wc -l ) -eq "1" ]]
+
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | grep "Clean" ) ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | wc -l ) -eq "1" ]]
+
     LOGS=$(docker exec --user www-data -i nextcloud-container php occ log:tail -nr 5000 | egrep "$TESTUSER.functionality-sequential.eicar.com.txt|$TESTUSER.functionality-sequential.clean.txt|$TESTUSER.pup.exe")
 
     curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.eicar.com.txt
     curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.pup.exe
     curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.clean.txt
 
+    # check for scans
     [[ $LOGS =~ ^.*$TESTUSER.functionality-sequential.eicar.com.txt.*Verdict:.*Malicious ]]
     [[ $LOGS =~ ^.*$TESTUSER.pup.exe.*Verdict:.*Pup ]]
     [[ $LOGS =~ ^.*$TESTUSER.functionality-sequential.clean.txt.*Verdict:.*Clean ]]
+}
+
+@test "test when unscanned tag is deactivated" {
+    docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="WRONG_PASSWORD"
+    docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas disableUnscannedTag --value="true"
+    
+    echo $EICAR_STRING |curl --silent -w "%{http_code}" -u $TESTUSER:$TESTUSER_PASSWORD -T - http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.eicar.com.txt
+    echo $CLEAN_STRING |curl --silent -w "%{http_code}" -u $TESTUSER:$TESTUSER_PASSWORD -T - http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.clean.txt
 
+    docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"
+
+    # check for unscanned tag
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | grep "Unscanned" | wc -l) -eq "0" ]]
+    [[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | grep "Unscanned" | wc -l ) -eq "0" ]]
+
+    docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas disableUnscannedTag --value="false"
+
+    curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.eicar.com.txt
+    curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.clean.txt
 }
 
 tearddown_file() {