From 02da621efe8249785c0982aaedb15e61c3728c20 Mon Sep 17 00:00:00 2001
From: Niel Markwick <nielm@google.com>
Date: Wed, 4 Dec 2024 19:29:46 +0100
Subject: [PATCH] fix: correct status log messages

---
 cloudrun-malware-scanner/bootstrap.sh         |  4 +--
 cloudrun-malware-scanner/package.json         |  2 +-
 cloudrun-malware-scanner/scanner.js           | 27 +++++++++----------
 cloudrun-malware-scanner/spec/scanner.spec.js |  7 ++++-
 4 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/cloudrun-malware-scanner/bootstrap.sh b/cloudrun-malware-scanner/bootstrap.sh
index 47b4737..0b8d3de 100755
--- a/cloudrun-malware-scanner/bootstrap.sh
+++ b/cloudrun-malware-scanner/bootstrap.sh
@@ -184,9 +184,9 @@ Log INFO main "Starting clamav services"
 CLAMAV_NO_CLAMD=false
 CLAMAV_NO_FRESHCLAMD=false
 CLAMAV_NO_MILTERD=true
-FRESHCLAM_CHECKS=48
+FRESHCLAM_CHECKS=48 # 48/day = every half hour.
 export CLAMAV_NO_CLAMD CLAMAV_NO_FRESHCLAMD CLAMAV_NO_MILTERD FRESHCLAM_CHECKS
-bash -x /init &
+/init &
 
 sleep 30
 
diff --git a/cloudrun-malware-scanner/package.json b/cloudrun-malware-scanner/package.json
index 5c758fa..9e4040f 100644
--- a/cloudrun-malware-scanner/package.json
+++ b/cloudrun-malware-scanner/package.json
@@ -12,7 +12,7 @@
     "prettier": "prettier --config .prettierrc.js --write ..",
     "prettier-check": "prettier --config .prettierrc.js --check --log-level=warn ..",
     "start-proxy": "node gcs-proxy-server.js",
-    "test": "jasmine",
+    "test": "env NODE_ENV=test jasmine",
     "eslint": "eslint *.js",
     "eslint-fix": "eslint --fix *.js",
     "prepare": "{ git rev-parse --is-inside-work-tree >/dev/null 2>/dev/null && test \"$NODE_ENV\" != production -a \"$CI\" != true && cd .. && husky cloudrun-malware-scanner/.husky ; } || echo 'skipping husky setup'",
diff --git a/cloudrun-malware-scanner/scanner.js b/cloudrun-malware-scanner/scanner.js
index c176ef5..6de55ea 100644
--- a/cloudrun-malware-scanner/scanner.js
+++ b/cloudrun-malware-scanner/scanner.js
@@ -21,6 +21,7 @@ const {logger} = require('./logger.js');
 /** @typedef {import('node:stream').Readable} Readable */
 /** @typedef {typeof import('./metrics.js')} MetricsClient */
 /** @typedef {import('@google-cloud/storage').Storage} Storage */
+/** @typedef {import('@google-cloud/storage').File} File */
 
 // @ts-ignore -- TS7016: Could not find a declaration file
 /** @typedef {typeof import('clamdjs')} ClamdClient */
@@ -207,7 +208,7 @@ class Scanner {
       if (!(await gcsFile.exists())[0]) {
         // Warn in logs, but return successful to client.
         logger.warn(
-          `Ignoring no longer existing file: gs://${gcsFile.bucket}/${gcsFile.name}`,
+          `Ignoring no longer existing file: ${gcsFile.cloudStorageURI.href}`,
         );
         return {status: 'ignored', message: 'file deleted'};
       }
@@ -219,7 +220,7 @@ class Scanner {
       const metadataSize = parseInt(String(metadata.size));
       if (fileSize !== metadataSize) {
         logger.info(
-          `Scan status for gs://${gcsFile.bucket}/${gcsFile.name}: IGNORED (File size mismatch (reported: ${fileSize}, metadata: ${metadataSize}). File upload may not be complete).`,
+          `Scan status for ${gcsFile.cloudStorageURI.href}: IGNORED (File size mismatch (reported: ${fileSize}, metadata: ${metadataSize}). File upload may not be complete).`,
         );
         this.metricsClient.writeScanIgnored(
           bucketDefs.unscanned,
@@ -232,7 +233,7 @@ class Scanner {
 
       const clamdVersion = await this.getClamVersion();
       logger.info(
-        `Scan request for gs://${gcsFile.bucket}/${gcsFile.name}, (${fileSize} bytes) scanning with clam ${clamdVersion}`,
+        `Scan request for ${gcsFile.cloudStorageURI.href}, (${fileSize} bytes) scanning with clam ${clamdVersion}`,
       );
       const startTime = Date.now();
       const readStream = await gcsFile.createReadStream();
@@ -248,7 +249,7 @@ class Scanner {
 
       if (this.clamdClient.isCleanReply(result)) {
         logger.info(
-          `Scan status for gs://${gcsFile.bucket}/${gcsFile.name}: CLEAN (${fileSize} bytes in ${scanDuration} ms)`,
+          `Scan status for ${gcsFile.cloudStorageURI.href}: CLEAN (${fileSize} bytes in ${scanDuration} ms)`,
         );
         this.metricsClient.writeScanClean(
           bucketDefs.unscanned,
@@ -260,7 +261,7 @@ class Scanner {
 
         // Move document to the bucket that holds clean documents. This can
         // fail due to permissions or if the file has been deleted.
-        await this.moveProcessedFile(gcsFile.name, true, bucketDefs);
+        await this.moveProcessedFile(gcsFile, bucketDefs.clean);
 
         // Respond to API client.
         return {
@@ -270,7 +271,7 @@ class Scanner {
         };
       } else {
         logger.warn(
-          `Scan status for gs://${gcsFile.bucket}/${gcsFile.name}: INFECTED ${result} (${fileSize} bytes in ${scanDuration} ms)`,
+          `Scan status for ${gcsFile.cloudStorageURI.href}: INFECTED ${result} (${fileSize} bytes in ${scanDuration} ms)`,
         );
         this.metricsClient.writeScanInfected(
           bucketDefs.unscanned,
@@ -282,7 +283,7 @@ class Scanner {
 
         // Move document to the bucket that holds infected documents. This can
         // fail due to permissions or if the file has been deleted.
-        await this.moveProcessedFile(gcsFile.name, false, bucketDefs);
+        await this.moveProcessedFile(gcsFile, bucketDefs.quarantined);
 
         // Respond to API client.
         return {
@@ -315,19 +316,15 @@ class Scanner {
   /**
    * Move the file to the appropriate bucket.
    * @async
-   * @param {string} filename
-   * @param {boolean} isClean
-   * @param {!import('./config.js').BucketDefs} config
+   * @param {File} srcfile
+   * @param {string} destinationBucketName
    */
-  async moveProcessedFile(filename, isClean, config) {
-    const srcBucketName = config.unscanned;
-    const srcfile = this.storageClient.bucket(srcBucketName).file(filename);
-    const destinationBucketName = isClean ? config.clean : config.quarantined;
+  async moveProcessedFile(srcfile, destinationBucketName) {
     const destinationBucket = this.storageClient.bucket(destinationBucketName);
 
     await srcfile.move(destinationBucket);
     logger.info(
-      `Successfully moved file gs://${srcBucketName}/${filename} to gs://${destinationBucketName}/${filename}`,
+      `Successfully moved file ${srcfile.cloudStorageURI.href} to gs://${destinationBucketName}/${srcfile.name}`,
     );
   }
 }
diff --git a/cloudrun-malware-scanner/spec/scanner.spec.js b/cloudrun-malware-scanner/spec/scanner.spec.js
index 66a302e..fc2b594 100644
--- a/cloudrun-malware-scanner/spec/scanner.spec.js
+++ b/cloudrun-malware-scanner/spec/scanner.spec.js
@@ -89,7 +89,12 @@ describe('Scanner', () => {
     mockFile = jasmine.createSpyObj(
       'testFile',
       ['exists', 'getMetadata', 'createReadStream', 'move'],
-      {name: TEST_FILE_NAME},
+      {
+        name: TEST_FILE_NAME,
+        cloudStorageURI: new URL(
+          `gs://${CONFIG.buckets[0].clean}/${TEST_FILE_NAME}`,
+        ),
+      },
     );
     mockUnscannedBucket.file.withArgs(TEST_FILE_NAME).and.returnValue(mockFile);