moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-09 02:46:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-64075 antivirus_clamav: refactor scan_file for tcpsocket

Browse source 
- Deprecate \antivirus_clamav\scanner::scan_file_execute_unixsocket()
This commit is contained in:
Didier 'OdyX' Raboud 2019-12-02 14:45:12 +01:00
parent 90c6f0cfea
commit fba44e2fed
No known key found for this signature in database
GPG key ID: A9C6FAC60D630169
2 changed files with 134 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

89
lib/antivirus/clamav/classes/scanner.php
View file

@ -70,12 +70,22 @@ class scanner extends \core\antivirus\scanner {
return self::SCAN_RESULT_ERROR; return self::SCAN_RESULT_ERROR;
} }
// Execute the scan using preferable method. // We can do direct stream scanning if unixsocket or tcpsocket running methods are in use,
$method = 'scan_file_execute_' . $this->get_config('runningmethod'); // if not, use default process.
if (!method_exists($this, $method)) { $runningmethod = $this->get_config('runningmethod');
throw new \coding_exception('Attempting to call non-existing method ' . $method); switch ($runningmethod) {
case 'unixsocket':
case 'tcpsocket':
$return = $this->scan_file_execute_socket($file, $runningmethod);
break;
case 'commandline':
$return = $this->scan_file_execute_commandline($file);
break;
default:
// This should not happen.
debugging('Unknown running method.');
return self::SCAN_RESULT_ERROR;
} }
$return = $this->$method($file);
if ($return === self::SCAN_RESULT_ERROR) { if ($return === self::SCAN_RESULT_ERROR) {
$this->message_admins($this->get_scanning_notice()); $this->message_admins($this->get_scanning_notice());
@ -211,13 +221,27 @@ class scanner extends \core\antivirus\scanner {
} }
/** /**
* Scan file using Unix domain sockets. * Scan file using sockets.
* *
* @param string $file Full path to the file. * @param string $file Full path to the file.
* @param string $type Either 'tcpsocket' or 'unixsocket'
* @return int Scanning result constant. * @return int Scanning result constant.
*/ */
public function scan_file_execute_unixsocket($file) { public function scan_file_execute_socket($file, $type) {
$socket = stream_socket_client($this->get_unixsocket_destination(), switch ($type) {
case "tcpsocket":
$socketurl = $this->get_tcpsocket_destination();
break;
case "unixsocket":
$socketurl = $this->get_unixsocket_destination();
break;
default;
// This should not happen.
debugging('Unknown socket type.');
return self::SCAN_RESULT_ERROR;
}
$socket = stream_socket_client($socketurl,
$errno, $errstr, ANTIVIRUS_CLAMAV_SOCKET_TIMEOUT); $errno, $errstr, ANTIVIRUS_CLAMAV_SOCKET_TIMEOUT);
if (!$socket) { if (!$socket) {
// Can't open socket for some reason, notify admins. // Can't open socket for some reason, notify admins.
@ -225,6 +249,7 @@ class scanner extends \core\antivirus\scanner {
$this->set_scanning_notice($notice); $this->set_scanning_notice($notice);
return self::SCAN_RESULT_ERROR; return self::SCAN_RESULT_ERROR;
} else { } else {
if ($type == "unixsocket") {
// Execute scanning. We are running SCAN command and passing file as an argument, // Execute scanning. We are running SCAN command and passing file as an argument,
// it is the fastest option, but clamav user need to be able to access it, so // it is the fastest option, but clamav user need to be able to access it, so
// we give group read permissions first and assume 'clamav' user is in web server // we give group read permissions first and assume 'clamav' user is in web server
@ -233,11 +258,41 @@ class scanner extends \core\antivirus\scanner {
// this is to avoid unexpected newline characters on different systems. // this is to avoid unexpected newline characters on different systems.
$perms = fileperms($file); $perms = fileperms($file);
chmod($file, 0640); chmod($file, 0640);
// Actual scan.
fwrite($socket, "nSCAN ".$file."\n"); fwrite($socket, "nSCAN ".$file."\n");
// Get ClamAV answer.
$output = stream_get_line($socket, 4096); $output = stream_get_line($socket, 4096);
fclose($socket);
// After scanning we revert permissions to initial ones. // After scanning we revert permissions to initial ones.
chmod($file, $perms); chmod($file, $perms);
} else if ($type == "tcpsocket") {
// Execute scanning by passing the entire file through the TCP socket.
// This is not fast, but is the only possibility over a network.
// Using 'n' as command prefix is forcing clamav to only treat \n as newline delimeter,
// this is to avoid unexpected newline characters on different systems.
// Actual scan.
fwrite($socket, "nINSTREAM\n");
// Open the file for reading.
$fhandle = fopen($file, 'rb');
while (!feof($fhandle)) {
// Read it by chunks; write them to the TCP socket.
$chunk = fread($fhandle, ANTIVIRUS_CLAMAV_SOCKET_CHUNKSIZE);
$size = pack('N', strlen($chunk));
fwrite($socket, $size);
fwrite($socket, $chunk);
}
// Terminate streaming.
fwrite($socket, pack('N', 0));
// Get ClamAV answer.
$output = stream_get_line($socket, 4096);
fclose($fhandle);
}
// Free up the ClamAV socket.
fclose($socket);
// Parse the output. // Parse the output.
return $this->parse_socket_response($output); return $this->parse_socket_response($output);
} }
@ -340,4 +395,20 @@ class scanner extends \core\antivirus\scanner {
'Use antivirus_clamav\scanner::scan_data_execute_socket() instead.', DEBUG_DEVELOPER); 'Use antivirus_clamav\scanner::scan_data_execute_socket() instead.', DEBUG_DEVELOPER);
return $this->scan_data_execute_socket($data, "unixsocket"); return $this->scan_data_execute_socket($data, "unixsocket");
} }
/**
* Scan file using Unix domain socket.
*
* @deprecated since Moodle 3.9 MDL-64075 - please do not use this function any more.
* @see antivirus_clamav\scanner::scan_file_execute_socket()
*
* @param string $file Full path to the file.
* @return int Scanning result constant.
*/
public function scan_file_execute_unixsocket($file) {
debugging('antivirus_clamav\scanner::scan_file_execute_unixsocket() is deprecated. ' .
'Use antivirus_clamav\scanner::scan_file_execute_socket() instead.', DEBUG_DEVELOPER);
return $this->scan_file_execute_socket($file, "unixsocket");
}
} }

55
lib/antivirus/clamav/tests/scanner_test.php
View file

@ -58,7 +58,7 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
public function test_scan_file_no_virus() { public function test_scan_file_no_virus() {
$methods = array( $methods = array(
'scan_file_execute_commandline', 'scan_file_execute_commandline',
'scan_file_execute_unixsocket', 'scan_file_execute_socket',
'message_admins', 'message_admins',
'get_config', 'get_config',
); );
@ -69,10 +69,10 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
$configmap = array(array('runningmethod', 'commandline')); $configmap = array(array('runningmethod', 'commandline'));
$antivirus->method('get_config')->will($this->returnValueMap($configmap)); $antivirus->method('get_config')->will($this->returnValueMap($configmap));
// Configure scan_file_execute_commandline and scan_file_execute_unixsocket // Configure scan_file_execute_commandline and scan_file_execute_socket
// method stubs to behave as if no virus has been found (SCAN_RESULT_OK). // method stubs to behave as if no virus has been found (SCAN_RESULT_OK).
$antivirus->method('scan_file_execute_commandline')->willReturn(0); $antivirus->method('scan_file_execute_commandline')->willReturn(0);
$antivirus->method('scan_file_execute_unixsocket')->willReturn(0); $antivirus->method('scan_file_execute_socket')->willReturn(0);
// Set expectation that message_admins is NOT called. // Set expectation that message_admins is NOT called.
$antivirus->expects($this->never())->method('message_admins'); $antivirus->expects($this->never())->method('message_admins');
@ -87,12 +87,19 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
// Run mock scanning. // Run mock scanning.
$this->assertEquals(0, $antivirus->scan_file($this->tempfile, '')); $this->assertEquals(0, $antivirus->scan_file($this->tempfile, ''));
// Initiate mock scanning with configuration setting to use tcpsocket.
$configmap = array(array('runningmethod', 'tcpsocket'));
$antivirus->method('get_config')->will($this->returnValueMap($configmap));
// Run mock scanning.
$this->assertEquals(0, $antivirus->scan_file($this->tempfile, ''));
} }
public function test_scan_file_virus() { public function test_scan_file_virus() {
$methods = array( $methods = array(
'scan_file_execute_commandline', 'scan_file_execute_commandline',
'scan_file_execute_unixsocket', 'scan_file_execute_socket',
'message_admins', 'message_admins',
'get_config', 'get_config',
); );
@ -103,10 +110,10 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
$configmap = array(array('runningmethod', 'commandline')); $configmap = array(array('runningmethod', 'commandline'));
$antivirus->method('get_config')->will($this->returnValueMap($configmap)); $antivirus->method('get_config')->will($this->returnValueMap($configmap));
// Configure scan_file_execute_commandline and scan_file_execute_unixsocket // Configure scan_file_execute_commandline and scan_file_execute_socket
// method stubs to behave as if virus has been found (SCAN_RESULT_FOUND). // method stubs to behave as if virus has been found (SCAN_RESULT_FOUND).
$antivirus->method('scan_file_execute_commandline')->willReturn(1); $antivirus->method('scan_file_execute_commandline')->willReturn(1);
$antivirus->method('scan_file_execute_unixsocket')->willReturn(1); $antivirus->method('scan_file_execute_socket')->willReturn(1);
// Set expectation that message_admins is NOT called. // Set expectation that message_admins is NOT called.
$antivirus->expects($this->never())->method('message_admins'); $antivirus->expects($this->never())->method('message_admins');
@ -121,12 +128,19 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
// Run mock scanning. // Run mock scanning.
$this->assertEquals(1, $antivirus->scan_file($this->tempfile, '')); $this->assertEquals(1, $antivirus->scan_file($this->tempfile, ''));
// Initiate mock scanning with configuration setting to use tcpsocket.
$configmap = array(array('runningmethod', 'tcpsocket'));
$antivirus->method('get_config')->will($this->returnValueMap($configmap));
// Run mock scanning.
$this->assertEquals(1, $antivirus->scan_file($this->tempfile, ''));
} }
public function test_scan_file_error_donothing() { public function test_scan_file_error_donothing() {
$methods = array( $methods = array(
'scan_file_execute_commandline', 'scan_file_execute_commandline',
'scan_file_execute_unixsocket', 'scan_file_execute_socket',
'message_admins', 'message_admins',
'get_config', 'get_config',
'get_scanning_notice', 'get_scanning_notice',
@ -135,10 +149,10 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
->setMethods($methods) ->setMethods($methods)
->getMock(); ->getMock();
// Configure scan_file_execute_commandline and scan_file_execute_unixsocket // Configure scan_file_execute_commandline and scan_file_execute_socket
// method stubs to behave as if there is a scanning error (SCAN_RESULT_ERROR). // method stubs to behave as if there is a scanning error (SCAN_RESULT_ERROR).
$antivirus->method('scan_file_execute_commandline')->willReturn(2); $antivirus->method('scan_file_execute_commandline')->willReturn(2);
$antivirus->method('scan_file_execute_unixsocket')->willReturn(2); $antivirus->method('scan_file_execute_socket')->willReturn(2);
$antivirus->method('get_scanning_notice')->willReturn('someerror'); $antivirus->method('get_scanning_notice')->willReturn('someerror');
// Set expectation that message_admins is called. // Set expectation that message_admins is called.
@ -160,12 +174,20 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
// Run mock scanning. // Run mock scanning.
$this->assertEquals(2, $antivirus->scan_file($this->tempfile, '')); $this->assertEquals(2, $antivirus->scan_file($this->tempfile, ''));
// Initiate mock scanning with configuration setting to do nothing on
// scanning error and using tcpsocket.
$configmap = array(array('clamfailureonupload', 'donothing'), array('runningmethod', 'tcpsocket'));
$antivirus->method('get_config')->will($this->returnValueMap($configmap));
// Run mock scanning.
$this->assertEquals(2, $antivirus->scan_file($this->tempfile, ''));
} }
public function test_scan_file_error_actlikevirus() { public function test_scan_file_error_actlikevirus() {
$methods = array( $methods = array(
'scan_file_execute_commandline', 'scan_file_execute_commandline',
'scan_file_execute_unixsocket', 'scan_file_execute_socket',
'message_admins', 'message_admins',
'get_config', 'get_config',
'get_scanning_notice', 'get_scanning_notice',
@ -174,10 +196,10 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
->setMethods($methods) ->setMethods($methods)
->getMock(); ->getMock();
// Configure scan_file_execute_commandline and scan_file_execute_unixsocket // Configure scan_file_execute_commandline and scan_file_execute_socket
// method stubs to behave as if there is a scanning error (SCAN_RESULT_ERROR). // method stubs to behave as if there is a scanning error (SCAN_RESULT_ERROR).
$antivirus->method('scan_file_execute_commandline')->willReturn(2); $antivirus->method('scan_file_execute_commandline')->willReturn(2);
$antivirus->method('scan_file_execute_unixsocket')->willReturn(2); $antivirus->method('scan_file_execute_socket')->willReturn(2);
$antivirus->method('get_scanning_notice')->willReturn('someerror'); $antivirus->method('get_scanning_notice')->willReturn('someerror');
// Set expectation that message_admins is called. // Set expectation that message_admins is called.
@ -201,6 +223,15 @@ class antivirus_clamav_scanner_testcase extends advanced_testcase {
// Run mock scanning, we expect SCAN_RESULT_FOUND since configuration // Run mock scanning, we expect SCAN_RESULT_FOUND since configuration
// require us to act like virus. // require us to act like virus.
$this->assertEquals(1, $antivirus->scan_file($this->tempfile, '')); $this->assertEquals(1, $antivirus->scan_file($this->tempfile, ''));
// Initiate mock scanning with configuration setting to act like virus on
// scanning error and using tcpsocket.
$configmap = array(array('clamfailureonupload', 'actlikevirus'), array('runningmethod', 'tcpsocket'));
$antivirus->method('get_config')->will($this->returnValueMap($configmap));
// Run mock scanning, we expect SCAN_RESULT_FOUND since configuration
// require us to act like virus.
$this->assertEquals(1, $antivirus->scan_file($this->tempfile, ''));
} }
public function test_scan_data_no_virus() { public function test_scan_data_no_virus() {