all files / src/controllers/ content-inspection-evaluation.js

90% Statements 54/60
81.82% Branches 36/44
100% Functions 7/7
90% Lines 54/60
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115          464×       464× 464×   396×     68×     50×   50× 14×     36× 36× 10×     36× 36× 36× 56× 32× 32×     36× 36×     464× 464×       464×   464×       464× 1848× 1848×   464×     1384×   56×   1384×     464×       36× 36×           36× 36× 36×                               36×    
'use strict';
 
const _ = require('lodash');
const logger = require(__dirname + '/../loggers/logger');
 
//export namespace as `contentInspectionEvaluation`
const contentInspectionEvaluation = exports;
 
let isVTEnabled = function(policy, globalVTEnabled) {
   Iif (!policy.content || !globalVTEnabled) {
      return false;
   }
 
   let cNode = policy.content;
   if ((!cNode.documentAv || !cNode.documentAv.enabled) &&
       (!cNode.fileAv || !cNode.fileAv.enabled)) {
      return false;
   }
 
   return true;
};
 
contentInspectionEvaluation.isActiveException = function(rule, enabledModules) {
   let rNode = rule.rule;
 
   if (!rNode.modules || _.isEmpty(rNode.modules)) {
      return true;
   }
 
   let checkModules = rNode.modules;
   if (rNode.modules[0] === 'All') {
      checkModules = _.keys(enabledModules);
   }
 
   let result = false;
   let validModules = [];
   _.forEach(checkModules, function(module) {
      if (enabledModules[module]) {
         result = true;
         validModules.push(module);
      }
   });
   rule.rule.modules = validModules;
   return result;
};
 
contentInspectionEvaluation.getModules = function(policy, globalVTEnabled) {
   let modules = {};
   Iif (!policy) {
      return modules;
   }
 
   modules.hash = isVTEnabled(policy, globalVTEnabled);
 
   Iif (!policy.contentInspection) {
      return modules;
   }
 
   _.forEach(policy.contentInspection.order, function(module) {
      let isEnabled = false;
      if (module === 'hash') {
         // Special case not contained in content inspection policy
         return; //continue iteration
      }
 
      if (policy.contentInspection[module] &&
          policy.contentInspection[module].enabled) {
         isEnabled = true;
      }
      modules[module] = isEnabled;
   });
 
   return modules;
};
 
contentInspectionEvaluation.evaluateHashException = function(eNode, analyticsData,
   result) {
      let ruleNode = eNode.rule;
      Iif (!ruleNode.fileHashes || _.isEmpty(ruleNode.fileHashes)) {
         logger.warn('msg="Invalid content inspection exception rule"' +
            ' tid=' + analyticsData.tid + ' eNode=' + JSON.stringify(eNode));
         return false;
      }
 
      let isMatch = false;
      _.forEach(ruleNode.fileHashes, function(hash) {
         if (hash === analyticsData.sha256) {
            isMatch = true;
            // skip AV if mark as infected or mark as clean
            result.skipAV = ruleNode.action === 'inspect' ? false : true;
            // treat inspect as allow for icap purposes
            result.action = ruleNode.action === 'inspect' ? 'allow' : ruleNode.action;
            result.modules = ruleNode.modules || [];
 
            Iif (!result.skipVT) {
               result.skipVT = !_.contains(result.modules, 'hash');
            }
 
            result.is_hash_match = true;
            result.download_original = result.action;
 
            if (result.action === 'block') {
               // Mark the scan result as 'ExceptionBlock' which will be picked up in
               // avLogHandler and an 'Infected' message logged to druid/kafka
               // If result was 'allow' the log is already correct, but if we wanted
               // to change that in the future we should add 'ExceptionAllow'
               analyticsData.av_scan_result = 'ExceptionBlock';
            }
 
            return false; //stop iteration
         }
      });
      return isMatch;
};