Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test for tags #44

Merged
merged 5 commits into from
Jun 24, 2024
Merged

Add test for tags #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d317246
add testing for tags
Jun 13, 2024
f76e174
adds test for the tag-unscanned job
Jun 13, 2024
150cf0e
adds a test for when the unscanned tag is disabled
unglaublicherdude Jun 24, 2024
4a97a1c
adds a test for the wontscan tag
unglaublicherdude Jun 24, 2024
ee3cc0f
fixes the upload fix
unglaublicherdude Jun 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions appinfo/info.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ If you have any questions about scanning, usage or similar, please feel free to
<commands>
<command>OCA\GDataVaas\Command\ScanCommand</command>
<command>OCA\GDataVaas\Command\TagUnscannedCommand</command>
<command>OCA\GDataVaas\Command\GetTagsForFileCommand</command>
</commands>
<dependencies>
<nextcloud min-version="29" max-version="29"/>
Expand Down
63 changes: 63 additions & 0 deletions lib/Command/GetTagsForFileCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
<?php

namespace OCA\GDataVaas\Command;

use OCA\GDataVaas\Logging\ConsoleCommandLogger;
use OCP\Files\IRootFolder;
use OCP\SystemTag\ISystemTagManager;
use OCP\SystemTag\ISystemTagObjectMapper;
use Psr\Log\LoggerInterface;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;

class GetTagsForFileCommand extends Command {
public const FILE_PATH = 'file-path';

private LoggerInterface $logger;
private IRootFolder $rootFolder;
private ISystemTagObjectMapper $systemTagObjectMapper;
private ISystemTagManager $tagManager;

public function __construct(LoggerInterface $logger, IRootFolder $rootFolder, ISystemTagObjectMapper $systemTagObjectMapper, ISystemTagManager $tagManager) {
parent::__construct();

$this->logger = $logger;
$this->rootFolder = $rootFolder;
$this->systemTagObjectMapper = $systemTagObjectMapper;
$this->tagManager = $tagManager;
}

/**
* @return void
*/
protected function configure() {
$this->setName('gdatavaas:get-tags-for-file');
$this->setDescription('get tags for file');

$this->addArgument(self::FILE_PATH, InputArgument::REQUIRED, "path to file (username/files/filename)");
}

/**
* @param $argument
* @return void
* @throws \OCP\DB\Exception if the database platform is not supported
*/
protected function execute(InputInterface $input, OutputInterface $output): int {
$logger = new ConsoleCommandLogger($this->logger, $output);

$filePath = $input->getArgument('file-path');

$node = $this->rootFolder->get($filePath);
$tagIds = $this->systemTagObjectMapper->getTagIdsForObjects($node->getId(), 'files');
foreach ($tagIds[$node->getId()] as $tagId) {
$tags = $this->tagManager->getTagsByIds([$tagId]);
foreach ($tags as $tag) {
$logger->info("tag: ".$tag->getName());
}
}

return 0;
}
}
1 change: 1 addition & 0 deletions lib/Service/VerdictService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ private function tagFile(int $fileId, string $tagName) {
$unscannedTagIsDisabled = $this->appConfig->getValueBool(Application::APP_ID, 'disableUnscannedTag');
if (!$unscannedTagIsDisabled)
$this->tagService->setTag($fileId, $tagName);
break;
case TagService::CLEAN:
case TagService::PUP:
case TagService::WONT_SCAN:
Expand Down
42 changes: 41 additions & 1 deletion tests/functionality-parallel.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ setup_file() {
mkdir -p $FOLDER_PREFIX
curl --output $FOLDER_PREFIX/pup.exe http://amtso.eicar.org/PotentiallyUnwanted.exe
docker exec --env OC_PASS=$TESTUSER_PASSWORD --user www-data nextcloud-container php occ user:add $TESTUSER --password-from-env || echo "already exists"
docker exec -u www-data -i nextcloud-container mkdir -p /var/www/html/data/$TESTUSER/files

docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"
sleep 2
Expand Down Expand Up @@ -52,12 +53,51 @@ setup_file() {
}

@test "test testuser pup Upload" {
RESULT=$(curl --silent -w "%{http_code}" -u $TESTUSER:$TESTUSER_PASSWORD -T $FOLDER_PREFIX/pup.exe http://127.0.0.1/remote.php/dav/files/$TESTUSER/functionality-parallel.pup.exe)
RESULT=$(curl --silent -w "%{http_code}" -u $TESTUSER:$TESTUSER_PASSWORD -T $FOLDER_PREFIX/pup.exe http://127.0.0.1/remote.php/dav/files/$TESTUSER/functionality-parallel.pup.exe)
echo "Actual: $RESULT"
curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/functionality-parallel.pup.exe || echo "file not found"
[[ $RESULT -ge 200 && $RESULT -lt 300 ]] || exit 1
}

@test "test unscanned job for admin" {
docker cp $FOLDER_PREFIX/pup.exe nextcloud-container:/var/www/html/data/admin/files/admin.unscanned.pup.exe
docker exec -i nextcloud-container chown www-data:www-data /var/www/html/data/admin/files/admin.unscanned.pup.exe
docker exec -i --user www-data nextcloud-container php occ files:scan --all
docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.unscanned.pup.exe | grep "Unscanned") ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.unscanned.pup.exe | wc -l ) -eq "1" ]]

docker exec -i --user www-data nextcloud-container rm /var/www/html/data/admin/files/admin.unscanned.pup.exe
}

@test "test unscanned job for testuser" {
docker cp $FOLDER_PREFIX/pup.exe nextcloud-container:/var/www/html/data/$TESTUSER/files/$TESTUSER.unscanned.pup.exe
docker exec -i nextcloud-container chown www-data:www-data /var/www/html/data/$TESTUSER/files/$TESTUSER.unscanned.pup.exe
docker exec -i --user www-data nextcloud-container php occ files:scan --all
docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.unscanned.pup.exe | grep "Unscanned") ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.unscanned.pup.exe | wc -l ) -eq "1" ]]

docker exec -i --user www-data nextcloud-container rm /var/www/html/data/$TESTUSER/files/$TESTUSER.unscanned.pup.exe
}

@test "test wontscan tag for testuser" {
dd if=/dev/zero of=$FOLDER_PREFIX/too-large.dat bs=268435457 count=1

docker cp $FOLDER_PREFIX/too-large.dat nextcloud-container:/var/www/html/data/$TESTUSER/files/$TESTUSER.too-large.dat
docker exec -i nextcloud-container chown www-data:www-data /var/www/html/data/$TESTUSER/files/$TESTUSER.too-large.dat
docker exec -i --user www-data nextcloud-container php occ files:scan --all
docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned

docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.too-large.dat
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.too-large.dat | grep "Won't scan") ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.too-large.dat | wc -l ) -eq "1" ]]

docker exec -i --user www-data nextcloud-container rm /var/www/html/data/$TESTUSER/files/$TESTUSER.too-large.dat
}

@tearddown_file() {
rm -rf $FOLDER_PREFIX/
}
Expand Down
62 changes: 60 additions & 2 deletions tests/functionality-sequential.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ setup_file() {
mkdir -p $FOLDER_PREFIX/
curl --output $FOLDER_PREFIX/pup.exe http://amtso.eicar.org/PotentiallyUnwanted.exe
docker exec --env OC_PASS=$TESTUSER_PASSWORD --user www-data nextcloud-container php occ user:add $TESTUSER --password-from-env || echo "already exists"
docker exec -u www-data -i nextcloud-container mkdir -p /var/www/html/data/$TESTUSER/files

docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"
BATS_NO_PARALLELIZE_WITHIN_FILE=true
Expand All @@ -33,9 +34,28 @@ setup_file() {

docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"

docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned
# check for unscanned tag
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.eicar.com.txt | grep "Unscanned") ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.eicar.com.txt | wc -l ) -eq "1" ]]

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.pup.exe | grep "Unscanned" ) ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.pup.exe | wc -l ) -eq "1" ]]

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.clean.txt | grep "Unscanned" ) ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.clean.txt | wc -l ) -eq "1" ]]

docker exec -i --user www-data nextcloud-container php occ gdatavaas:scan

# check for tags (only one specific should exist for each file)
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.eicar.com.txt | grep "Malicious") ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.eicar.com.txt | wc -l ) -eq "1" ]]

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.pup.exe | grep "Pup" ) ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.pup.exe | wc -l ) -eq "1" ]]

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.clean.txt | grep "Clean" ) ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file admin/files/admin.functionality-sequential.clean.txt | wc -l ) -eq "1" ]]

LOGS=$(docker exec --user www-data -i nextcloud-container php occ log:tail -nr 5000 | egrep "admin.functionality-sequential.eicar.com.txt|admin.functionality-sequential.clean.txt|admin.pup.exe" )

curl --silent -q -u admin:admin -X DELETE http://127.0.0.1/remote.php/dav/files/admin/admin.functionality-sequential.eicar.com.txt
Expand All @@ -56,19 +76,57 @@ setup_file() {

docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"

docker exec -i --user www-data nextcloud-container php occ gdatavaas:tag-unscanned
# check for unscanned tag
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | grep "Unscanned") ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | wc -l ) -eq "1" ]]

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.pup.exe | grep "Unscanned" ) ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.pup.exe | wc -l ) -eq "1" ]]

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | grep "Unscanned" ) ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | wc -l ) -eq "1" ]]

docker exec -i --user www-data nextcloud-container php occ gdatavaas:scan

# check for tags (only one specific should exist for each file)
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | grep "Malicious") ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | wc -l ) -eq "1" ]]

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.pup.exe | grep "Pup" ) ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.pup.exe | wc -l ) -eq "1" ]]

[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | grep "Clean" ) ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | wc -l ) -eq "1" ]]

LOGS=$(docker exec --user www-data -i nextcloud-container php occ log:tail -nr 5000 | egrep "$TESTUSER.functionality-sequential.eicar.com.txt|$TESTUSER.functionality-sequential.clean.txt|$TESTUSER.pup.exe")

curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.eicar.com.txt
curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.pup.exe
curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.clean.txt

# check for scans
[[ $LOGS =~ ^.*$TESTUSER.functionality-sequential.eicar.com.txt.*Verdict:.*Malicious ]]
[[ $LOGS =~ ^.*$TESTUSER.pup.exe.*Verdict:.*Pup ]]
[[ $LOGS =~ ^.*$TESTUSER.functionality-sequential.clean.txt.*Verdict:.*Clean ]]
}

@test "test when unscanned tag is deactivated" {
docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="WRONG_PASSWORD"
docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas disableUnscannedTag --value="true"

echo $EICAR_STRING |curl --silent -w "%{http_code}" -u $TESTUSER:$TESTUSER_PASSWORD -T - http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.eicar.com.txt
echo $CLEAN_STRING |curl --silent -w "%{http_code}" -u $TESTUSER:$TESTUSER_PASSWORD -T - http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.clean.txt

docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"

# check for unscanned tag
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.eicar.com.txt | grep "Unscanned" | wc -l) -eq "0" ]]
[[ $(docker exec -i --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file $TESTUSER/files/$TESTUSER.functionality-sequential.clean.txt | grep "Unscanned" | wc -l ) -eq "0" ]]

docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas disableUnscannedTag --value="false"

curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.eicar.com.txt
curl --silent -q -u $TESTUSER:$TESTUSER_PASSWORD -X DELETE http://127.0.0.1/remote.php/dav/files/$TESTUSER/$TESTUSER.functionality-sequential.clean.txt
}

tearddown_file() {
Expand Down
Loading