Repository: sunspikes/clamav-validator Branch: master Commit: 90e1a3d6cd53 Files: 22 Total size: 24.9 KB Directory structure: gitextract_lbbsn1te/ ├── .gitattributes ├── .gitignore ├── .scrutinizer.yml ├── .travis.yml ├── LICENSE ├── README.md ├── composer.json ├── config/ │ └── clamav.php ├── phpunit.xml ├── provides.json ├── src/ │ ├── ClamavValidator/ │ │ ├── ClamavValidatorException.php │ │ ├── ClamavValidatorServiceProvider.php │ │ └── Rules/ │ │ └── ClamAv.php │ └── lang/ │ └── en/ │ └── validation.php └── tests/ ├── .gitkeep ├── ClamavValidatorServiceProviderTest.php ├── ClamavValidatorTest.php ├── Helpers/ │ └── ValidatorHelper.php └── files/ ├── test1.txt ├── test2.txt ├── test3.txt └── test4.txt ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitattributes ================================================ /tests export-ignore .gitattributes export-ignore .gitignore export-ignore .travis.yml export-ignore phpunit.xml.dist export-ignore ================================================ FILE: .gitignore ================================================ .idea/ /vendor composer.phar composer.lock /.phpunit.result.cache ================================================ FILE: .scrutinizer.yml ================================================ checks: php: code_rating: true filter: paths: - src/ClamavValidator/* tools: external_code_coverage: true ================================================ FILE: .travis.yml ================================================ language: php php: - 8.0 - 8.1 - 8.2 - 8.3 - 8.4 before_install: - sudo apt-get update -qq - sudo apt-get install clamav-daemon -qq - sudo freshclam - sudo service clamav-daemon start before_script: - composer self-update - composer install --prefer-source --no-interaction --dev script: - php vendor/bin/phpunit --colors --coverage-clover build/logs/clover.xml after_script: if [ $(phpenv version-name) = "8.4" ]; then php vendor/bin/ocular code-coverage:upload --format=php-clover build/logs/clover.xml; fi ================================================ FILE: LICENSE ================================================ The MIT License (MIT) Copyright (c) 2014 Krishnaprasad MG Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: README.md ================================================ # ClamAV Virus Validator For Laravel [![Code Coverage](https://scrutinizer-ci.com/g/sunspikes/clamav-validator/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/sunspikes/clamav-validator/?branch=master) [![Code Quality](https://scrutinizer-ci.com/g/sunspikes/clamav-validator/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/sunspikes/clamav-validator) [![Latest Stable Version](https://poser.pugx.org/sunspikes/clamav-validator/v/stable)](https://packagist.org/packages/sunspikes/clamav-validator) [![License](https://poser.pugx.org/sunspikes/clamav-validator/license)](https://packagist.org/packages/sunspikes/clamav-validator) A custom Laravel virus validator based on ClamAV anti-virus scanner for file uploads. * [Requirements](#requirements) * [Installation](#installation) * [Configuration](#configuration) * [Usage](#usage) * [Author](#author) ## Requirements - PHP >= 8.0 - Laravel 9.x, 10.x, 11.x, 12.x, or 13.x - ClamAV anti-virus scanner running on the server You can see the ClamAV installation instructions on the official [ClamAV documentation](http://www.clamav.net/documents/installing-clamav). For example on an Ubuntu machine, you can do: ```sh # Install clamav virus scanner sudo apt-get update && sudo apt-get install -y clamav-daemon # Update virus definitions sudo freshclam # Start the scanner service sudo systemctl enable --now clamav-daemon clamav-freshclam ``` This package is not tested on Windows, but if you have ClamAV running (usually on port 3310) it should work. You will also need to have `sockets` extension installed and enabled (all executions without this module will fail with this error - `"Use of undefined constant 'AF_INET'"`). ## Installation #### 1. Install the package through [Composer](http://getcomposer.org). ```bash composer require sunspikes/clamav-validator ``` #### 2. Publish assets from the vendor package ##### Config file The default configuration file does use `ENV` to override the defaults. If you want to change the configuration file anyway you run the following command to publish the package config file: php artisan vendor:publish --provider="Sunspikes\ClamavValidator\ClamavValidatorServiceProvider" --tag=config Once the command is finished you should have a `config/clamav.php` file that will be used as well. ##### Language files If you want to customize the translation or add your own language you can run the following command to publish the language files to a folder you maintain: php artisan vendor:publish --provider="Sunspikes\ClamavValidator\ClamavValidatorServiceProvider" --tag=lang This will copy the language files to `lang/vendor/clamav-validator`. ## Configuration The package can be configured using environment variables: | Environment Variable | Default | Description | |---|---|---| | `CLAMAV_PREFERRED_SOCKET` | `unix_socket` | Socket type: `unix_socket` or `tcp_socket` | | `CLAMAV_UNIX_SOCKET` | `/var/run/clamav/clamd.ctl` | Path to the ClamAV unix socket | | `CLAMAV_TCP_SOCKET` | `tcp://127.0.0.1:3310` | TCP socket connection string | | `CLAMAV_SOCKET_CONNECT_TIMEOUT` | `null` | Connection timeout in seconds (`null` = no limit) | | `CLAMAV_SOCKET_READ_TIMEOUT` | `30` | Read timeout in seconds | | `CLAMAV_CLIENT_EXCEPTIONS` | `false` | Throw exceptions on scan failures instead of returning validation failure | | `CLAMAV_SKIP_VALIDATION` | `false` | Skip virus scanning entirely (useful for local development) | ## Usage Use it like any `Validator` rule: ```php $rules = [ 'file' => 'required|file|clamav', ]; ``` Or in a Form Request: ```php class UploadRequest extends FormRequest { public function rules(): array { return [ 'file' => 'required|file|clamav', ]; } } ``` `ClamavValidator` will automatically run multiple files one-by-one through ClamAV in case `file` represents multiple uploaded files. ## Author Krishnaprasad MG [@sunspikes] and other [awesome contributors](https://github.com/sunspikes/clamav-validator/graphs/contributors) ================================================ FILE: composer.json ================================================ { "name": "sunspikes/clamav-validator", "description": "Custom Laravel anti-virus validator for file uploads using ClamAV.", "keywords": [ "laravel", "validator", "clamav", "virus", "antivirus" ], "homepage": "https://github.com/sunspikes/clamav-validator", "license": "MIT", "authors": [ { "name": "Krishnaprasad MG", "email": "sunspikes@gmail.com" } ], "require": { "php": "^8.0", "ext-sockets": "*", "xenolope/quahog": "^3.0", "illuminate/support": "^9.0 || ^10.0 || ^11.0 || ^12.0 || ^13.0", "illuminate/validation": "^9.0 || ^10.0 || ^11.0 || ^12.0 || ^13.0" }, "require-dev": { "roave/security-advisories": "dev-master", "phpunit/phpunit": "^10.5 || ^11.0", "mockery/mockery": "^1.6" }, "autoload": { "psr-4": { "Sunspikes\\": "src/" } }, "extra": { "laravel": { "providers": [ "Sunspikes\\ClamavValidator\\ClamavValidatorServiceProvider" ] } }, "autoload-dev": { "psr-4": { "Sunspikes\\Tests\\ClamavValidator\\": "tests/" } }, "minimum-stability": "dev", "prefer-stable": true } ================================================ FILE: config/clamav.php ================================================ env('CLAMAV_PREFERRED_SOCKET', 'unix_socket'), /* |-------------------------------------------------------------------------- | Unix Socket |-------------------------------------------------------------------------- | This option defines the location to the unix socket-file. For example | /var/run/clamav/clamd.ctl */ 'unix_socket' => env('CLAMAV_UNIX_SOCKET', '/var/run/clamav/clamd.ctl'), /* |-------------------------------------------------------------------------- | TCP Socket |-------------------------------------------------------------------------- | This option defines the TCP socket to the ClamAV instance. */ 'tcp_socket' => env('CLAMAV_TCP_SOCKET', 'tcp://127.0.0.1:3310'), /* |-------------------------------------------------------------------------- | Socket connect timeout |-------------------------------------------------------------------------- | This option defines the maximum time to wait in seconds for socket connection attempts before failure or timeout, default null = no limit. */ 'socket_connect_timeout' => env('CLAMAV_SOCKET_CONNECT_TIMEOUT', null), /* |-------------------------------------------------------------------------- | Socket read timeout |-------------------------------------------------------------------------- | This option defines the maximum time to wait in seconds for a read. */ 'socket_read_timeout' => env('CLAMAV_SOCKET_READ_TIMEOUT', 30), /* |-------------------------------------------------------------------------- | Throw exceptions instead of returning failures when scan fails. |-------------------------------------------------------------------------- | This makes it easier for a developer to find the source of a clamav | failure, but an end user may only see a 500 error for the user | if exceptions are not displayed. */ 'client_exceptions' => env('CLAMAV_CLIENT_EXCEPTIONS', false), /* |-------------------------------------------------------------------------- | Skip validation |-------------------------------------------------------------------------- | This skips the virus validation for current environment. | | Please note when true it won't connect to ClamAV and will skip the virus validation. */ 'skip_validation' => env('CLAMAV_SKIP_VALIDATION', false), ]; ================================================ FILE: phpunit.xml ================================================ src ./tests/ ================================================ FILE: provides.json ================================================ { "providers": [ "Sunspikes\\ClamavValidator\\ClamavValidatorServiceProvider" ] } ================================================ FILE: src/ClamavValidator/ClamavValidatorException.php ================================================ getFilename(), $result->getReason() ) ); } public static function forClientException(Throwable $exception): static { return new static( sprintf('ClamAV scanner client failed with error "%s"', $exception->getMessage()), 0, $exception ); } } ================================================ FILE: src/ClamavValidator/ClamavValidatorServiceProvider.php ================================================ ClamAv::class, ]; public function boot(): void { $this->loadTranslationsFrom(__DIR__ . '/../lang', 'clamav-validator'); $this->publishes([ __DIR__ . '/../../config/clamav.php' => $this->app->configPath('clamav.php'), ], 'config'); $this->publishes([ __DIR__ . '/../lang' => lang_path('vendor/clamav-validator'), ], 'lang'); $this->addNewRules(); } public function getRules(): array { return $this->rules; } protected function addNewRules(): void { foreach ($this->getRules() as $token => $rule) { $this->extendValidator($token, $rule); } } protected function extendValidator(string $token, string $rule): void { $translation = $this->app['translator']->get('clamav-validator::validation'); $this->app['validator']->extend( $token, $rule . '@validate', $translation[$token] ?? [] ); } public function register(): void { $this->mergeConfigFrom(__DIR__ . '/../../config/clamav.php', 'clamav'); } } ================================================ FILE: src/ClamavValidator/Rules/ClamAv.php ================================================ validateFileWithClamAv($file); } return (bool) $result; } return $this->validateFileWithClamAv($value); } protected function validateFileWithClamAv(mixed $value): bool { $file = $this->getFilePath($value); if (!is_readable($file)) { throw ClamavValidatorException::forNonReadableFile($file); } try { $socket = $this->getClamavSocket(); $scanner = $this->createQuahogScannerClient($socket); $result = $scanner->scanResourceStream(fopen($file, 'rb')); } catch (Exception $exception) { if (Config::get('clamav.client_exceptions')) { throw ClamavValidatorException::forClientException($exception); } return false; } if ($result->isError()) { if (Config::get('clamav.client_exceptions')) { throw ClamavValidatorException::forScanResult($result); } return false; } return $result->isOk(); } protected function getClamavSocket(): string { $preferredSocket = Config::get('clamav.preferred_socket'); if ($preferredSocket === 'unix_socket') { $unixSocket = Config::get('clamav.unix_socket'); if (file_exists($unixSocket)) { return 'unix://' . $unixSocket; } } return Config::get('clamav.tcp_socket'); } protected function getFilePath(UploadedFile|array|string $file): string { if ($file instanceof UploadedFile) { return $file->getRealPath(); } if (is_array($file) && Arr::get($file, 'tmp_name') !== null) { return $file['tmp_name']; } return $file; } protected function createQuahogScannerClient(string $socket): QuahogClient { $client = (new SocketFactory())->createClient($socket, Config::get('clamav.socket_connect_timeout')); return new QuahogClient($client, Config::get('clamav.socket_read_timeout'), PHP_NORMAL_READ); } } ================================================ FILE: src/lang/en/validation.php ================================================ ':attribute contains virus.', ]; ================================================ FILE: tests/.gitkeep ================================================ ================================================ FILE: tests/ClamavValidatorServiceProviderTest.php ================================================ shouldReceive('get')->with('clamav-validator::validation')->andReturn('error'); $translator->shouldReceive('addNamespace'); $presence = Mockery::mock(PresenceVerifierInterface::class); $factory = new Factory($translator); $factory->setPresenceVerifier($presence); /** @var Mockery\Mock|Application $container */ $container = Mockery::mock(Container::class)->makePartial(); $container->shouldReceive('offsetGet')->with('translator')->andReturn($translator); $container->shouldReceive('offsetGet')->with('validator')->andReturn($factory); $container->shouldReceive('configPath'); Facade::setFacadeApplication($container); $serviceProvider = new ClamavValidatorServiceProvider($container); $serviceProvider->boot(); $validator = $factory->make([], []); foreach ($validator->extensions as $rule => $class_and_method) { $this->assertArrayHasKey($rule, $serviceProvider->getRules()); [$class, $method] = Str::parseCallback($class_and_method); $this->assertTrue(method_exists($class, $method)); } } protected function tearDown(): void { Mockery::close(); } } ================================================ FILE: tests/ClamavValidatorTest.php ================================================ cleanFile = $this->getTempPath(__DIR__ . '/files/test1.txt'); $this->virusFile = $this->getTempPath(__DIR__ . '/files/test2.txt'); $this->errorFile = $this->getTempPath(__DIR__ . '/files/test3.txt'); $this->clean_data = ['file' => $this->cleanFile]; $this->virus_data = ['file' => $this->virusFile]; $this->error_data = ['file' => $this->errorFile]; $this->multiple_files_all_clean = [ 'files' => [ $this->cleanFile, $this->getTempPath(__DIR__ . '/files/test4.txt'), ] ]; $this->multiple_files_some_with_virus = [ 'files' => [ $this->cleanFile, $this->virusFile, $this->getTempPath(__DIR__ . '/files/test4.txt'), ] ]; } private function setConfig(array $opts = []): void { $opts = array_merge(['error' => false, 'skip' => false, 'exception' => false], $opts); $config = Mockery::mock(); $config->shouldReceive('get')->with('clamav.preferred_socket')->andReturn('unix_socket'); $config->shouldReceive('get')->with('clamav.client_exceptions')->andReturn($opts['exception']); $config->shouldReceive('get')->with('clamav.unix_socket')->andReturn(!$opts['error'] ? '/var/run/clamav/clamd.ctl' : '/dev/null'); $config->shouldReceive('get')->with('clamav.tcp_socket')->andReturn(!$opts['error'] ? 'tcp://127.0.0.1:3310' : 'tcp://127.0.0.1:0'); $config->shouldReceive('get')->with('clamav.socket_read_timeout')->andReturn(30); $config->shouldReceive('get')->with('clamav.socket_connect_timeout')->andReturn(5); $config->shouldReceive('get')->with('clamav.skip_validation')->andReturn($opts['skip']); Config::swap($config); } protected function tearDown(): void { chmod($this->errorFile, 0644); Container::getInstance()->flush(); Mockery::close(); } public function testValidatesSkipped(): void { $this->setConfig(['skip' => true]); $validator = $this->makeValidator( $this->clean_data, ['file' => 'clamav'], ); $this->assertTrue($validator->passes()); } public function testValidatesSkippedForBoolValidatedConfigValues(): void { $this->setConfig(['skip' => '1']); $validator = $this->makeValidator( $this->clean_data, ['file' => 'clamav'], ); $this->assertTrue($validator->passes()); } public function testValidatesClean(): void { $this->setConfig(); $validator = $this->makeValidator( $this->clean_data, ['file' => 'clamav'], ); $this->assertTrue($validator->passes()); } public function testValidatesCleanMultiFile(): void { $this->setConfig(); $validator = $this->makeValidator( $this->multiple_files_all_clean, ['files' => 'clamav'], ); $this->assertTrue($validator->passes()); } public function testValidatesVirus(): void { $this->setConfig(); $validator = $this->makeValidator( $this->virus_data, ['file' => 'clamav'], ); $this->assertTrue($validator->fails()); } public function testValidatesVirusMultiFile(): void { $this->setConfig(); $validator = $this->makeValidator( $this->multiple_files_some_with_virus, ['files' => 'clamav'], ); $this->assertTrue($validator->fails()); } public function testCannotValidateNonReadable(): void { $this->setConfig(); $this->expectException(ClamavValidatorException::class); $validator = $this->makeValidator( $this->error_data, ['file' => 'clamav'], ); chmod($this->errorFile, 0000); $validator->passes(); } public function testFailsValidationOnError(): void { $this->setConfig(['error' => true]); $validator = $this->makeValidator( $this->clean_data, ['file' => 'clamav'], ); $this->assertTrue($validator->fails()); } public function testThrowsExceptionOnValidationError(): void { $this->setConfig(['error' => true, 'exception' => true]); $this->expectException(ClamavValidatorException::class); $validator = $this->makeValidator( $this->clean_data, ['file' => 'clamav'], ); $this->assertTrue($validator->fails()); } } ================================================ FILE: tests/Helpers/ValidatorHelper.php ================================================ makeMockedTranslator(); $messages = !empty($messages) ? $messages : $this->defaultErrorMessages(); $factory = new Factory($translator, Container::getInstance()); foreach ($this->rules() as $token => $rule) { $factory->extend( $token, $rule . '@validate', $messages ); } return $factory->make($data, $rules); } protected function rules(): array { return [ 'clamav' => ClamAv::class, ]; } protected function makeMockedTranslator(): Translator { $translator = Mockery::mock(Translator::class); $translator ->shouldReceive('get') ->with('validation.custom.file.clamav') ->andReturn('error'); $translator ->shouldReceive('get') ->withAnyArgs() ->andReturn(null); $translator ->shouldReceive('get') ->with('validation.attributes') ->andReturn([]); return $translator; } protected function defaultErrorMessages(): array { return [ 'clamav' => ':attribute contains virus.' ]; } protected function getTempPath(string $file): string { $tempPath = sys_get_temp_dir() . DIRECTORY_SEPARATOR . basename($file); copy($file, $tempPath); chmod($tempPath, 0644); return $tempPath; } } ================================================ FILE: tests/files/test1.txt ================================================ dfdsfdsfdsf ds fds fdsfds fdsfdsfds ================================================ FILE: tests/files/test2.txt ================================================ X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* ================================================ FILE: tests/files/test3.txt ================================================ dfdsfdsfdsf ds fds fdsfds fdsfdsfds ================================================ FILE: tests/files/test4.txt ================================================ dfdsfdsfdsf ds fds fdsfds fdsfdsfds