This is an automated email from the ASF dual-hosted git repository. olli pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-clam.git
commit 22b109008e965185b9a87ecd09fb36c0f82cc842 Author: Oliver Lietz <[email protected]> AuthorDate: Fri Jun 1 23:07:13 2018 +0200 SLING-7702 Provide Commons Clam --- .gitignore | 17 ++ LICENSE | 202 ++++++++++++++++++++ README.md | 15 ++ bnd.bnd | 3 + pom.xml | 208 +++++++++++++++++++++ .../org/apache/sling/commons/clam/ClamService.java | 33 ++++ .../org/apache/sling/commons/clam/ScanResult.java | 54 ++++++ .../sling/commons/clam/internal/ClamdService.java | 177 ++++++++++++++++++ .../clam/internal/ClamdServiceConfiguration.java | 54 ++++++ .../InstreamSizeLimitExceededException.java | 29 +++ .../apache/sling/commons/clam/package-info.java | 22 +++ .../commons/clam/it/tests/ClamTestSupport.java | 66 +++++++ .../commons/clam/it/tests/ClamdServiceIT.java | 86 +++++++++ src/test/resources/eicar/eicarcom2.zip/xaa | Bin 0 -> 154 bytes src/test/resources/eicar/eicarcom2.zip/xab | Bin 0 -> 154 bytes src/test/resources/exam.properties | 19 ++ src/test/resources/logback.xml | 30 +++ 17 files changed, 1015 insertions(+) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5b783ed --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +/target +.idea +.classpath +.metadata +.project +.settings +.externalToolBuilders +maven-eclipse.xml +*.swp +*.iml +*.ipr +*.iws +*.bak +.vlt +.DS_Store +jcr.log +atlassian-ide-plugin.xml diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..453c4c8 --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# Apache Sling Commons Clam + +This module is part of the [Apache Sling](https://sling.apache.org) project. + +Scans data for malware using [ClamAV](https://www.clamav.net). + +Integration tests require a running clam daemon and are not enabled by default. + +## EICAR + +[EICAR](http://www.eicar.org) provides anti-malware [test files](http://www.eicar.org/85-0-Download.html) which are used by this module. Read carefully about [intended use](http://www.eicar.org/86-0-Intended-use.html). + +The test files are split to prevent alarms on development and build systems. + + split -b 154 eicarcom2.zip diff --git a/bnd.bnd b/bnd.bnd new file mode 100644 index 0000000..e36a0d6 --- /dev/null +++ b/bnd.bnd @@ -0,0 +1,3 @@ +-removeheaders:\ + Include-Resource,\ + Private-Package diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..917f4c9 --- /dev/null +++ b/pom.xml @@ -0,0 +1,208 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.sling</groupId> + <artifactId>sling</artifactId> + <version>34-SNAPSHOT</version> + <relativePath /> + </parent> + + <artifactId>org.apache.sling.commons.clam</artifactId> + <version>1.0.0-SNAPSHOT</version> + + <name>Apache Sling Commons Clam</name> + <description>Apache Sling Commons Clam</description> + + <properties> + <sling.java.version>8</sling.java.version> + <org.ops4j.pax.exam.version>4.11.0</org.ops4j.pax.exam.version> + </properties> + + <scm> + <connection>scm:git:https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-clam.git</connection> + <developerConnection>scm:git:https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-clam.git</developerConnection> + <url>https://gitbox.apache.org/repos/asf?p=sling-org-apache-sling-commons-clam.git</url> + </scm> + + <build> + <plugins> + <plugin> + <groupId>biz.aQute.bnd</groupId> + <artifactId>bnd-maven-plugin</artifactId> + </plugin> + <!-- + <plugin> + <groupId>biz.aQute.bnd</groupId> + <artifactId>bnd-baseline-maven-plugin</artifactId> + </plugin> + --> + <plugin> + <groupId>org.apache.servicemix.tooling</groupId> + <artifactId>depends-maven-plugin</artifactId> + </plugin> + </plugins> + </build> + + <profiles> + <profile> + <!-- integration tests require a running clam daemon --> + <id>it</id> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-failsafe-plugin</artifactId> + <executions> + <execution> + <goals> + <goal>integration-test</goal> + <goal>verify</goal> + </goals> + </execution> + </executions> + <configuration> + <redirectTestOutputToFile>true</redirectTestOutputToFile> + <systemProperties> + <property> + <name>bundle.filename</name> + <value>${basedir}/target/${project.build.finalName}.jar</value> + </property> + </systemProperties> + </configuration> + </plugin> + </plugins> + </build> + </profile> + </profiles> + + <dependencies> + <!-- javax --> + <dependency> + <groupId>javax.inject</groupId> + <artifactId>javax.inject</artifactId> + <scope>test</scope> + </dependency> + <!-- OSGi --> + <dependency> + <groupId>org.osgi</groupId> + <artifactId>org.osgi.annotation.versioning</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.osgi</groupId> + <artifactId>osgi.cmpn</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.osgi</groupId> + <artifactId>osgi.core</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.osgi</groupId> + <artifactId>org.osgi.service.component.annotations</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.osgi</groupId> + <artifactId>org.osgi.service.metatype.annotations</artifactId> + <scope>provided</scope> + </dependency> + <!-- Apache Commons --> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>2.6</version> + <scope>provided</scope> + </dependency> + <!-- Apache Felix --> + <dependency> + <groupId>org.apache.felix</groupId> + <artifactId>org.apache.felix.framework</artifactId> + <version>5.6.10</version> + <scope>test</scope> + </dependency> + <!-- Apache Sling --> + <dependency> + <groupId>org.apache.sling</groupId> + <artifactId>org.apache.sling.testing.paxexam</artifactId> + <version>2.0.0</version> + <scope>test</scope> + </dependency> + <!-- jsr305 --> + <dependency> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + </dependency> + <!-- logging --> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <scope>provided</scope> + </dependency> + <!-- testing --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.servicemix.bundles</groupId> + <artifactId>org.apache.servicemix.bundles.hamcrest</artifactId> + <version>1.3_1</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam</artifactId> + <version>${org.ops4j.pax.exam.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam-cm</artifactId> + <version>${org.ops4j.pax.exam.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam-container-forked</artifactId> + <version>${org.ops4j.pax.exam.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam-junit4</artifactId> + <version>${org.ops4j.pax.exam.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam-link-mvn</artifactId> + <version>${org.ops4j.pax.exam.version}</version> + <scope>test</scope> + </dependency> + </dependencies> + +</project> diff --git a/src/main/java/org/apache/sling/commons/clam/ClamService.java b/src/main/java/org/apache/sling/commons/clam/ClamService.java new file mode 100644 index 0000000..a6788ea --- /dev/null +++ b/src/main/java/org/apache/sling/commons/clam/ClamService.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.commons.clam; + +import java.io.InputStream; + +import javax.annotation.Nonnull; + +import org.osgi.annotation.versioning.ProviderType; + +@ProviderType +public interface ClamService { + + @Nonnull + ScanResult scan(@Nonnull final InputStream data); + +} diff --git a/src/main/java/org/apache/sling/commons/clam/ScanResult.java b/src/main/java/org/apache/sling/commons/clam/ScanResult.java new file mode 100644 index 0000000..fdcde5c --- /dev/null +++ b/src/main/java/org/apache/sling/commons/clam/ScanResult.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.commons.clam; + +import org.osgi.annotation.versioning.ProviderType; + +@ProviderType +public class ScanResult { + + private final Status status; + + private final String message; + + public ScanResult(final Status status, final String message) { + this.status = status; + this.message = message; + } + + public Status getStatus() { + return status; + } + + public String getMessage() { + return message; + } + + public boolean isOk() { + return Status.OK.equals(status); + } + + public enum Status { + OK, + FOUND, + ERROR, + UNKNOWN + } + +} diff --git a/src/main/java/org/apache/sling/commons/clam/internal/ClamdService.java b/src/main/java/org/apache/sling/commons/clam/internal/ClamdService.java new file mode 100644 index 0000000..661005a --- /dev/null +++ b/src/main/java/org/apache/sling/commons/clam/internal/ClamdService.java @@ -0,0 +1,177 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.commons.clam.internal; + +import java.io.BufferedOutputStream; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.Socket; +import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; + +import javax.annotation.Nonnull; + +import org.apache.commons.io.IOUtils; +import org.apache.sling.commons.clam.ClamService; +import org.apache.sling.commons.clam.ScanResult; +import org.apache.sling.commons.clam.ScanResult.Status; +import org.osgi.framework.Constants; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Deactivate; +import org.osgi.service.component.annotations.Modified; +import org.osgi.service.metatype.annotations.Designate; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@Component( + property = { + Constants.SERVICE_DESCRIPTION + "=Sling Commons Clamd Service", + Constants.SERVICE_VENDOR + "=The Apache Software Foundation" + } +) +@Designate( + ocd = ClamdServiceConfiguration.class +) +public class ClamdService implements ClamService { + + private ClamdServiceConfiguration configuration; + + private static final byte[] INSTREAM_COMMAND = "nINSTREAM\n".getBytes(StandardCharsets.US_ASCII); + + private static final String OK_REPLY_PATTERN = "stream: OK"; + + private static final String FOUND_REPLY_PATTERN = "stream: .+ FOUND"; + + private static final String INSTREAM_SIZE_LIMIT_EXCEEDED_PATTERN = "INSTREAM size limit exceeded. ERROR"; + + private final Logger logger = LoggerFactory.getLogger(ClamdService.class); + + public ClamdService() { + } + + @Activate + private void activate(final ClamdServiceConfiguration configuration) { + logger.debug("activating"); + configure(configuration); + } + + @Modified + private void modified(final ClamdServiceConfiguration configuration) { + logger.debug("modifying"); + configure(configuration); + } + + @Deactivate + private void deactivate() { + logger.debug("deactivating"); + } + + private void configure(final ClamdServiceConfiguration configuration) { + this.configuration = configuration; + // TODO play ping pong on configuration change + } + + @Override + @Nonnull + public ScanResult scan(@Nonnull final InputStream inputStream) { + try { + final byte[] reply = doInstream(inputStream); + return parseClamdReply(reply); + } catch (Exception e) { + logger.error("doing INSTREAM failed", e); + return new ScanResult(ScanResult.Status.ERROR, e.getMessage()); + } + } + + /** + * man (8) clamd + * INSTREAM + * It is mandatory to prefix this command with n or z. + * Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the + * command was sent. This avoids the overhead of establishing new TCP connections and problems with NAT. + * The format of the chunk is: '<length><data>' where <length> is the size of the following data in bytes + * expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. + * Streaming is terminated by sending a zero-length chunk. + * Note: do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will reply with INSTREAM size + * limit exceeded and close the connection. + * + * @param inputStream data sent to clamd in chunks + * @return reply from clamd + */ + private byte[] doInstream(final InputStream inputStream) throws Exception { + logger.info("connecting to clam daemon at {}:{} for scanning", configuration.clamd_host(), configuration.clamd_port()); + try (final Socket socket = new Socket(configuration.clamd_host(), configuration.clamd_port()); + final OutputStream out = new BufferedOutputStream(socket.getOutputStream()); + final InputStream in = socket.getInputStream()) { + + socket.setSoTimeout(configuration.connection_timeout()); + + // send command + out.write(INSTREAM_COMMAND); + out.flush(); + + // send data in chunks + byte[] data = new byte[configuration.chunk_length()]; + long total = 0; + int read = inputStream.read(data); + while (read >= 0) { + logger.trace("current chunk length: {}", read); + total = total + read; + final byte[] length = ByteBuffer.allocate(4).putInt(read).array(); + + out.write(length); + out.write(data, 0, read); + + // handle premature reply + if (in.available() > 0) { + logger.info("total bytes sent: {}", total); + final byte[] reply = IOUtils.toByteArray(in); + throw new InstreamSizeLimitExceededException(reply); + } + + read = inputStream.read(data); + } + + logger.info("total bytes sent: {}", total); + + // terminate by sending a zero-length chunk + out.write(new byte[]{0, 0, 0, 0}); + out.flush(); + + // return reply on complete + return IOUtils.toByteArray(in); + } + } + + private ScanResult parseClamdReply(final byte[] reply) { + final String message = new String(reply, StandardCharsets.US_ASCII).trim(); + logger.info("reply message from clam daemon: '{}'", message); + if (message.matches(OK_REPLY_PATTERN)) { + return new ScanResult(Status.OK, message); + } else if (message.matches(FOUND_REPLY_PATTERN)) { + return new ScanResult(Status.FOUND, message); + } else if (message.matches(INSTREAM_SIZE_LIMIT_EXCEEDED_PATTERN)) { + return new ScanResult(Status.ERROR, message); + } else { + return new ScanResult(Status.UNKNOWN, message); + } + } + +} diff --git a/src/main/java/org/apache/sling/commons/clam/internal/ClamdServiceConfiguration.java b/src/main/java/org/apache/sling/commons/clam/internal/ClamdServiceConfiguration.java new file mode 100644 index 0000000..cf49f5a --- /dev/null +++ b/src/main/java/org/apache/sling/commons/clam/internal/ClamdServiceConfiguration.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.commons.clam.internal; + +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; + +@ObjectClassDefinition( + name = "Apache Sling Commons Clam", + description = "Service for scanning data with Clam daemon." +) +@interface ClamdServiceConfiguration { + + @AttributeDefinition( + name = "clamd host", + description = "host where Clam AntiVirus Daemon is running" + ) + String clamd_host() default "localhost"; + + @AttributeDefinition( + name = "clamd port", + description = "port where Clam AntiVirus Daemon will listen on" + ) + int clamd_port() default 3310; + + @AttributeDefinition( + name = "connection timeout", + description = "timeout in milliseconds until connection expires" + ) + int connection_timeout() default 1000; + + @AttributeDefinition( + name = "chunk length", + description = "length of chunks in bytes sending to Clam daemon" + ) + int chunk_length() default 2048; + +} diff --git a/src/main/java/org/apache/sling/commons/clam/internal/InstreamSizeLimitExceededException.java b/src/main/java/org/apache/sling/commons/clam/internal/InstreamSizeLimitExceededException.java new file mode 100644 index 0000000..ec7aeef --- /dev/null +++ b/src/main/java/org/apache/sling/commons/clam/internal/InstreamSizeLimitExceededException.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.commons.clam.internal; + +import java.nio.charset.StandardCharsets; + +class InstreamSizeLimitExceededException extends Exception { + + InstreamSizeLimitExceededException(final byte[] reply) { + super(new String(reply, StandardCharsets.US_ASCII).trim()); + } + +} diff --git a/src/main/java/org/apache/sling/commons/clam/package-info.java b/src/main/java/org/apache/sling/commons/clam/package-info.java new file mode 100644 index 0000000..18154be --- /dev/null +++ b/src/main/java/org/apache/sling/commons/clam/package-info.java @@ -0,0 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +@Version("0.0.1") +package org.apache.sling.commons.clam; + +import org.osgi.annotation.versioning.Version; diff --git a/src/test/java/org/apache/sling/commons/clam/it/tests/ClamTestSupport.java b/src/test/java/org/apache/sling/commons/clam/it/tests/ClamTestSupport.java new file mode 100644 index 0000000..d205926 --- /dev/null +++ b/src/test/java/org/apache/sling/commons/clam/it/tests/ClamTestSupport.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.commons.clam.it.tests; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Arrays; + +import org.apache.sling.testing.paxexam.TestSupport; +import org.ops4j.pax.exam.Configuration; +import org.ops4j.pax.exam.Option; + +import static org.apache.sling.testing.paxexam.SlingOptions.logback; +import static org.apache.sling.testing.paxexam.SlingOptions.scr; +import static org.ops4j.pax.exam.CoreOptions.junitBundles; +import static org.ops4j.pax.exam.CoreOptions.mavenBundle; + +public abstract class ClamTestSupport extends TestSupport { + + @Configuration + public Option[] configuration() { + return new Option[]{ + baseConfiguration(), + // Sling Commons Clam + testBundle("bundle.filename"), + mavenBundle().groupId("commons-io").artifactId("commons-io").versionAsInProject(), + scr(), + // testing + mavenBundle().groupId("org.apache.servicemix.bundles").artifactId("org.apache.servicemix.bundles.hamcrest").versionAsInProject(), + junitBundles(), + logback() + }; + } + + protected class InfiniteInputStream extends InputStream { + + @Override + public int read() throws IOException { + return 0; + } + + @Override + public int read(byte[] bytes) throws IOException { + Arrays.fill(bytes, (byte) 1); + return bytes.length; + } + + } + +} diff --git a/src/test/java/org/apache/sling/commons/clam/it/tests/ClamdServiceIT.java b/src/test/java/org/apache/sling/commons/clam/it/tests/ClamdServiceIT.java new file mode 100644 index 0000000..4fdb198 --- /dev/null +++ b/src/test/java/org/apache/sling/commons/clam/it/tests/ClamdServiceIT.java @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.commons.clam.it.tests; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; + +import javax.inject.Inject; + +import org.apache.commons.io.IOUtils; +import org.apache.sling.commons.clam.ClamService; +import org.apache.sling.commons.clam.ScanResult; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.ops4j.pax.exam.junit.PaxExam; +import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy; +import org.ops4j.pax.exam.spi.reactors.PerClass; +import org.ops4j.pax.exam.util.PathUtils; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +@RunWith(PaxExam.class) +@ExamReactorStrategy(PerClass.class) +public class ClamdServiceIT extends ClamTestSupport { + + @Inject + private ClamService clamService; + + private static final String INSTREAM_SIZE_LIMIT_EXCEEDED_ERROR_MESSAGE = "INSTREAM size limit exceeded. ERROR"; + + @Test + public void testClamService() { + assertNotNull(clamService); + } + + @Test + public void testScan_ok() throws Exception { + final String data = "ok – no malware here"; + try (final InputStream inputStream = IOUtils.toInputStream(data, StandardCharsets.UTF_8)) { + final ScanResult result = clamService.scan(inputStream); + assertEquals(ScanResult.Status.OK, result.getStatus()); + } + } + + @Test + public void testScan_eicarcom2_zip() throws Exception { + final byte[] xaa = Files.readAllBytes(Paths.get(PathUtils.getBaseDir(), "src/test/resources/eicar/eicarcom2.zip/xaa")); + final byte[] xab = Files.readAllBytes(Paths.get(PathUtils.getBaseDir(), "src/test/resources/eicar/eicarcom2.zip/xab")); + byte[] eicarcom2_zip = ByteBuffer.allocate(xaa.length + xab.length).put(xaa).put(xab).array(); + try (final InputStream fileInputStream = new ByteArrayInputStream(eicarcom2_zip)) { + final ScanResult result = clamService.scan(fileInputStream); + assertEquals(ScanResult.Status.FOUND, result.getStatus()); + } + } + + @Test + public void testScan_infiniteStream() throws Exception { + try (final InputStream inputStream = new InfiniteInputStream()) { + final ScanResult result = clamService.scan(inputStream); + assertEquals(ScanResult.Status.ERROR, result.getStatus()); + assertEquals(INSTREAM_SIZE_LIMIT_EXCEEDED_ERROR_MESSAGE, result.getMessage()); + } + } + +} diff --git a/src/test/resources/eicar/eicarcom2.zip/xaa b/src/test/resources/eicar/eicarcom2.zip/xaa new file mode 100644 index 0000000..0162fed Binary files /dev/null and b/src/test/resources/eicar/eicarcom2.zip/xaa differ diff --git a/src/test/resources/eicar/eicarcom2.zip/xab b/src/test/resources/eicar/eicarcom2.zip/xab new file mode 100644 index 0000000..d5bef42 Binary files /dev/null and b/src/test/resources/eicar/eicarcom2.zip/xab differ diff --git a/src/test/resources/exam.properties b/src/test/resources/exam.properties new file mode 100644 index 0000000..c98a668 --- /dev/null +++ b/src/test/resources/exam.properties @@ -0,0 +1,19 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +pax.exam.logging=none diff --git a/src/test/resources/logback.xml b/src/test/resources/logback.xml new file mode 100644 index 0000000..d46a4ae --- /dev/null +++ b/src/test/resources/logback.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<configuration> + <appender name="file" class="ch.qos.logback.core.FileAppender"> + <file>target/testing.log</file> + <encoder> + <pattern>%date %level [%thread] %logger{10} [%file : %line] %msg%n</pattern> + </encoder> + </appender> + <root level="debug"> + <appender-ref ref="file"/> + </root> +</configuration> -- To stop receiving notification emails like this one, please contact [email protected].
