From 46fa9677fffd80b61c5c0acb676f5ae2f52ea6b4 Mon Sep 17 00:00:00 2001
From: Bobby Wibowo <bobbywibowo98@gmail.com>
Date: Sat, 4 Apr 2020 21:20:01 +0700
Subject: [PATCH] Extended configuration for virus scanning

Added whitelist extensions
Added max size limit
---
 config.sample.js                | 22 ++++++++++++++++++++--
 controllers/uploadController.js | 11 ++++++++++-
 controllers/utilsController.js  |  5 ++++-
 3 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/config.sample.js b/config.sample.js
index cf8c9d5..6aa34dc 100644
--- a/config.sample.js
+++ b/config.sample.js
@@ -296,15 +296,33 @@ module.exports = {
       groupBypass: Name of the lowest ranked group whose files will not be scanned.
       Lowest ranked meanning that group AND any groups higher than it are included.
       Example: 'moderator' = moderators, admins & superadmins.
-      More about groups at controllers/permissionController.js.
     */
     scan: {
       enabled: false,
+
       ip: '127.0.0.1',
       port: 3310,
       timeout: 180 * 1000,
       chunkSize: 64 * 1024,
-      groupBypass: 'admin'
+
+      groupBypass: 'admin', // Other group names in controllers/permissionController.js
+      whitelistExtensions: null, /* [
+        '.webp',
+        '.jpg',
+        '.jpeg',
+        '.gif',
+        '.png',
+        '.tiff',
+        '.tif',
+        '.svg',
+        '.webm',
+        '.mp4',
+        '.wmv',
+        '.avi',
+        '.mov',
+        '.mkv'
+      ], */
+      maxSize: null // '25MB' // Needs to be in MB
     },
 
     /*
diff --git a/controllers/uploadController.js b/controllers/uploadController.js
index 59d7438..8b2f9ab 100644
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@@ -536,11 +536,20 @@ self.cleanUpChunks = async (uuid) => {
 }
 
 self.scanFiles = async (req, user, infoMap) => {
-  if (user && utils.clamd.groupBypass && perms.is(user, utils.clamd.groupBypass))
+  // eslint-disable-next-line curly
+  if (user && utils.clamd.groupBypass && perms.is(user, utils.clamd.groupBypass)) {
+    // logger.log(`[ClamAV]: Skipping ${infoMap.length} file(s), ${utils.clamd.groupBypass} group bypass`)
     return false
+  }
 
   const foundThreats = []
   const results = await Promise.all(infoMap.map(async info => {
+    if (utils.clamd.whitelistExtensions && utils.clamd.whitelistExtensions.includes(info.data.extname))
+      return // logger.log(`[ClamAV]: Skipping ${info.data.filename}, extension whitelisted`)
+
+    if (utils.clamd.maxSize && info.data.size > utils.clamd.maxSize)
+      return // logger.log(`[ClamAV]: Skipping ${info.data.filename}, size ${info.data.size} > ${utils.clamd.maxSize}`)
+
     const reply = await utils.clamd.scanner.scanFile(info.path, utils.clamd.timeout, utils.clamd.chunkSize)
     if (!reply.includes('OK') || reply.includes('FOUND')) {
       // eslint-disable-next-line no-control-regex
diff --git a/controllers/utilsController.js b/controllers/utilsController.js
index 76216df..183c2c3 100644
--- a/controllers/utilsController.js
+++ b/controllers/utilsController.js
@@ -16,7 +16,10 @@ const self = {
     scanner: null,
     timeout: config.uploads.scan.timeout || 5000,
     chunkSize: config.uploads.scan.chunkSize || 64 * 1024,
-    groupBypass: config.uploads.scan.groupBypass || null
+    groupBypass: config.uploads.scan.groupBypass || null,
+    whitelistExtensions: (Array.isArray(config.uploads.scan.whitelistExtensions) &&
+     config.uploads.scan.whitelistExtensions.length) ? config.uploads.scan.whitelistExtensions : null,
+    maxSize: (parseInt(config.uploads.scan.maxSize) * 1e6) || null
   },
   gitHash: null,
   idSet: null,