You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Previously a virus scan was only triggered if the file had "changed"
according to `ActiveModel::Dirty` [1]. However, this seemed to have been
based on whether the filename of the file had changed rather than
whether the content had changed which seems to be the more relevant
issue. This meant that (as described in #72) it was possible to update
an existing asset with a file having the same name, but different
content and for the asset to remain in the "clean" state. This seems
like a security hole.
Initially I investigated triggering a virus scan when the file *content*
changed. However, this proved awkward due to the way both
`state_machines` and `carrierwave` gems work. So after discussion with
@chrisroos & @chrislo, I decided to trigger a virus scan whenever the
`Asset#file` attribute is changed. While this means virus scans will
sometimes be triggered unnecessarily, I don't think it should happen too
often and it seems better to do this than allow unscanned files to be
served to the citizens.
I'm not sure it's the most elegant solution, but since the `Asset#file=`
method already existed, it seemed simplest to make use of it. A better
solution might involve persisting an MD5 digest of the file content
which has been virus scanned and then only re-scan the content if it has
changed. However, the extra complexity doesn't seem warranted.
Fixes#72.
[1]: http://api.rubyonrails.org/v4.2.7.1/classes/ActiveModel/Dirty.html
Updating an existing asset by uploading a different file but with the same name causes the asset-manager to bypass virus scanning.
Steps to reproduce:
Ensure virus scanning is running (
bundle exec rake jobs:work
) and that the response says the file is clean.Observe that the content matches the content of our temporary file created in step 1.
Stop the virus scanning job
Update the asset
NOTE. The file is already marked as clean in the response.
Observe that the content matches the content of our updated temporary file that we uploaded in step 7.
The text was updated successfully, but these errors were encountered: