-
Notifications
You must be signed in to change notification settings - Fork 2
/
helper.js
107 lines (95 loc) · 2.89 KB
/
helper.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/**
* Contains generic helper methods
*/
global.Promise = require('bluebird')
const _ = require('lodash')
const config = require('config')
const clamav = require('clamav.js')
const streamifier = require('streamifier')
const logger = require('./logger')
const request = require('axios')
const m2mAuth = require('tc-core-library-js').auth.m2m
const m2m = m2mAuth(_.pick(config, ['AUTH0_URL', 'AUTH0_AUDIENCE', 'TOKEN_CACHE_TIME', 'AUTH0_PROXY_SERVER_URL']))
const AWS = require('aws-sdk')
const AmazonS3URI = require('amazon-s3-uri')
const pure = require("@ronomon/pure");
AWS.config.region = config.get('aws.REGION')
const s3 = new AWS.S3()
// Initialize ClamAV
const clamavScanner = clamav.createScanner(config.CLAMAV_PORT, config.CLAMAV_HOST)
/**
* Function to download file from given URL
* @param{String} fileURL URL of the file to be downloaded
* @returns {Buffer} Buffer of downloaded file
*/
function * downloadFile (fileURL) {
let downloadedFile
if (/.*amazonaws.*/.test(fileURL)) {
const { bucket, key } = AmazonS3URI(fileURL)
logger.info(`downloadFile(): file is on S3 ${bucket} / ${key}`)
downloadedFile = yield s3.getObject({ Bucket: bucket, Key: key }).promise()
return downloadedFile.Body
} else {
logger.info(`downloadFile(): file is (hopefully) a public URL at ${fileURL}`)
downloadedFile = yield request.get(fileURL, { responseType: 'arraybuffer' })
return downloadedFile.data
}
}
/**
* check if the file is a zipbomb
*
* @param {string} fileBuffer the file buffer
* @returns
*/
function isZipBomb(fileBuffer) {
const error = pure.zip(fileBuffer, 0);
// we only care about zip bombs
if (error.code === "PURE_E_OK" || error.code.indexOf("ZIP_BOMB") === -1) {
return [false];
} else {
return [true, error.code, error.message];
}
}
function * scanWithClamAV (file) {
// Scan
const fileStream = streamifier.createReadStream(file)
return new Promise((resolve, reject) => {
clamavScanner.scan(fileStream, (scanErr, object, malicious) => {
if (scanErr) {
reject(scanErr)
}
// Return True / False depending on Scan result
if (malicious) {
resolve(true)
} else {
resolve(false)
}
})
})
}
/* Function to get M2M token
* @returns {Promise}
*/
function * getM2Mtoken () {
return yield m2m.getMachineToken(config.AUTH0_CLIENT_ID, config.AUTH0_CLIENT_SECRET)
}
/**
* Function to POST to Bus API
* @param{Object} reqBody Body of the request to be Posted
* @returns {Promise}
*/
function * postToBusAPI (reqBody) {
// M2M token necessary for pushing to Bus API
const token = yield getM2Mtoken()
Promise.promisifyAll(request)
// Post the request body to Bus API
yield request
.post(config.BUSAPI_EVENTS_URL, reqBody,
{ headers: { 'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json' }})
}
module.exports = {
isZipBomb,
scanWithClamAV,
postToBusAPI
}