-
Notifications
You must be signed in to change notification settings - Fork 26
/
scan_interceptor.go
120 lines (111 loc) · 3.14 KB
/
scan_interceptor.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/*
* The Clammit application intercepts HTTP POST requests including content-type
* "multipart/form-data", forwards any "file" form-data elements to ClamAV
* and only forwards the request to the application if ClamAV passes all
* of these elements as virus-free.
*/
package main
import (
"clammit/scanner"
"fmt"
"io"
"mime"
"mime/multipart"
"net/http"
)
// The implementation of the Scan interceptor
type ScanInterceptor struct {
VirusStatusCode int
Scanner scanner.Scanner
}
/*
* Interceptor implementation
*
* Runs a multi-part parser across the request body and sends all file contents to Scanner
*
* returns True if the body contains a virus
*/
func (c *ScanInterceptor) Handle(w http.ResponseWriter, req *http.Request, body io.Reader) bool {
//
// Don't care unless we have some content. When the length is unknown, the length will be -1,
// but we attempt anyway to read the body.
//
if req.ContentLength == 0 {
if ctx.Config.App.Debug {
ctx.Logger.Println("Not handling request with zero length")
}
return false
}
ctx.Logger.Printf("New request %s %s len %d from %s (%s)\n", req.Method, req.URL.Path, req.ContentLength, req.RemoteAddr, req.Header.Get("X-Forwarded-For"))
//
// Find any attachments
//
contentType, params, err := mime.ParseMediaType(req.Header.Get("Content-Type"))
if err != nil {
ctx.Logger.Println("Unable to parse media type:", err)
return false
}
if contentType == "multipart/form-data" {
boundary := params["boundary"]
if boundary == "" {
ctx.Logger.Println("Multipart boundary is not defined")
return false
}
reader := multipart.NewReader(body, boundary)
//
// Scan them
//
count := 0
for {
if part, err := reader.NextPart(); err != nil {
if err == io.EOF {
break // all done
}
ctx.Logger.Println("Error parsing multipart form:", err)
http.Error(w, "Bad Request", 400)
return true
} else {
count++
filename := part.FileName()
if filename == "" {
filename = "untitled"
}
defer part.Close()
if ctx.Config.App.Debug {
ctx.Logger.Println("Scanning", part.FileName())
}
if responded := c.respondOnVirus(w, filename, part); responded == true {
return true
}
}
}
if ctx.Config.App.Debug {
ctx.Logger.Printf("Processed %d form parts", count)
}
} else {
filename := "untitled"
_, params, err := mime.ParseMediaType(req.Header.Get("Content-Disposition"))
if err == nil {
filename = params["filename"]
}
return c.respondOnVirus(w, filename, body)
}
return false
}
/*
* This function performs the virus scan and handles the http response in case of a virus.
*
* returns True if a virus has been found and a http error response has been written
*/
func (c *ScanInterceptor) respondOnVirus(w http.ResponseWriter, filename string, reader io.Reader) bool {
if hasVirus, err := c.Scanner.HasVirus(reader); err != nil {
ctx.Logger.Printf("Unable to scan file (%s): %v\n", filename, err)
http.Error(w, "Internal Server Error", 500)
return true
} else if hasVirus {
w.WriteHeader(c.VirusStatusCode)
w.Write([]byte(fmt.Sprintf("File %s has a virus!", filename)))
return true
}
return false
}