FLS-448 Malware virus scanning for client side file upload (#195)

* Malware scanning for client side file upload

* Fix e2e test to have malware detection changes

* Disable Virus scan capability in local development but enable in e2e

* Adding in-progress state till file gets the tag

* Change endpoint into POST to a check and delete file based on the tag from guard duty

* Addressing review comments

* Adding .env to get AWS params

* Sonar fix

Author: nuwan-samarasinghe

.github/workflows/copilot_deploy.yml

@@ -295,6 +295,11 @@ jobs:
       - name: Start containers
         run: docker compose -f docker-compose.e2e.yml up -d
 
+      - name: Add localstack to /etc/hosts
+        run: |
+            echo "127.0.0.1 localhost localstack host.docker.internal" | sudo tee -a /etc/hosts
+            cat /etc/hosts
+
       - name: Create S3 bucket
         run: docker exec localstack /bin/sh -c "awslocal s3api create-bucket --bucket fsd-bucket --create-bucket-configuration LocationConstraint=eu-west-2 --region eu-west-2"
 

copilot/fsd-form-runner-adapter/manifest.yml

@@ -71,6 +71,7 @@ variables:
   SINGLE_REDIS: true
   JWT_AUTH_COOKIE_NAME: "fsd_user_token"
   JWT_AUTH_ENABLED: true
+  ENABLE_VIRUS_SCAN: true
   LOG_PRETTY_PRINT: false
 
 secrets:

docker-compose.e2e.yml

@@ -44,6 +44,7 @@ services:
       - SINGLE_REDIS=true
       - FORM_RUNNER_ADAPTER_REDIS_INSTANCE_URI=redis://redis-data:6379
       - PREVIEW_MODE=true
+      - ENABLE_VIRUS_SCAN=true
     command: yarn runner start:test
     logging:
       driver: "json-file"

e2e-test/cypress.config.js

@@ -2,10 +2,12 @@ const {defineConfig} = require("cypress");
 const webpack = require("@cypress/webpack-preprocessor");
 const preprocessor = require("@badeball/cypress-cucumber-preprocessor");
 const path = require("path");
+const AWS = require('aws-sdk');
+const dotenv = require("dotenv");
+dotenv.config({ path: path.resolve(__dirname, "../docker-localstack/.awslocal.env") });
 
 
 console.log("****************** starting e2e ******************")
-console.log(`e2e entry : [${path.resolve(__dirname, "../digital-form-builder/e2e")}]\n`)
 
 async function setupNodeEvents(on, config) {
   // This is required for the preprocessor to be able to generate JSON reports after each run, and more,
@@ -33,6 +35,45 @@ async function setupNodeEvents(on, config) {
       },
     })
   );
+
+  on('task', {
+    async tagAllS3Objects({ tags }) {
+      console.log('tagAllS3Objects task started with tags:', tags);
+      const s3 = new AWS.S3({
+        endpoint: process.env.AWS_ENDPOINT_OVERRIDE,
+        s3ForcePathStyle: true,
+        accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+        secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+        region: process.env.AWS_DEFAULT_REGION,
+      });
+      try {
+        const listedObjects = await s3.listObjectsV2({ Bucket: 'fsd-bucket' }).promise();
+        if (!listedObjects.Contents || listedObjects.Contents.length === 0) {
+          const msg = `No objects found in bucket fsd-bucket`;
+          console.log(msg);
+          return msg;
+        }
+        const taggingPromises = listedObjects.Contents.map((obj) => {
+          console.log(`Tagging object: ${obj.Key}`);
+          return s3.putObjectTagging({
+            Bucket: 'fsd-bucket',
+            Key: obj.Key,
+            Tagging: {
+              TagSet: Object.entries(tags).map(([Key, Value]) => ({ Key, Value })),
+            },
+          }).promise();
+        });
+        await Promise.all(taggingPromises);
+        const successMsg = `${listedObjects.Contents.length} object(s) in fsd-bucket tagged successfully.`;
+        console.log(successMsg);
+        return successMsg;
+      } catch (error) {
+        console.error("Error tagging S3 objects:", error);
+        throw error;
+      }
+    },
+  });
+
   // Make sure to return the config object as it might have been modified by the plugin
   return config;
 }

e2e-test/cypress/e2e/runner/clientSideFileUpload.feature

@@ -13,7 +13,6 @@ Feature: Client Side File Upload
     And I continue
     Then I see the error "Test Client Side file Upload is required" for "Upload the independent survey of works" component with problem title
 
-  @wip
   Scenario: Adding a single file into the client side file upload
     And the form session will be initiated with the given component type "text" key "clientSideFileUploadField1" title "Upload the independent survey of works" answer "" question "Upload the independent survey of works" and finally form "client-side-file-upload-single" and session "045a5791-1d76-45e6-a926-7d4ff26b4113"
       | form                           | redirectPath |
@@ -33,5 +32,12 @@ Feature: Client Side File Upload
     When I upload the file "passes.png" wait till upload
     Then I see the error "Test Client Side file Upload requires 2 files" for "Upload the independent survey of works" component with problem title
 
-
+  Scenario: Adding a single file into the client side file upload with a virus
+    And the form session will be initiated with the given component type "text" key "clientSideFileUploadField1" title "Upload the independent survey of works" answer "" question "Upload the independent survey of works" and finally form "client-side-file-upload-single" and session "045a5791-1d76-45e6-a926-7d4ff26b4113"
+      | form                           | redirectPath |
+      | client-side-file-upload-single | /            |
+    And I go to the initialised session URL with generated token
+    And I continue
+    When I upload the file "passes.png" with virus then wait till upload
+    Then I see the error "The selected file contains a virus" for "Upload the independent survey of works" component with problem title
 

e2e-test/cypress/support/step_definitions/runner/i_upload_a_file_and_continue.js

@@ -1,7 +1,14 @@
 import {When} from "@badeball/cypress-cucumber-preprocessor";
 
 When("I upload the file {string} wait till upload", (filename) => {
-  cy.get("input[type=file]").attachFile(filename);
-  cy.wait(2000)
-  cy.findByRole("button", {name: /continue/i}).click();
+  cy.get("input[type=file]").attachFile(filename, { force: true });
+  cy.wait(5000);
+  const tags = {
+    GuardDutyMalwareScanStatus: 'NO_THREATS_FOUND'
+  };
+  cy.task('tagAllS3Objects', { tags }).then(() => {
+    cy.wait(5000);
+    cy.log('tagAllS3Objects task completed');
+    cy.findByRole("button", { name: /continue/i }).click();
+  });
 });

e2e-test/cypress/support/step_definitions/runner/i_upload_a_file_with_virus.js

@@ -0,0 +1,13 @@
+import {When} from "@badeball/cypress-cucumber-preprocessor";
+
+When("I upload the file {string} with virus then wait till upload", (filename) => {
+  cy.get("input[type=file]").attachFile(filename);
+  cy.wait(5000);
+  const tags = {
+    GuardDutyMalwareScanStatus: 'THREATS_FOUND'
+  };
+  cy.task('tagAllS3Objects', { tags }).then(() => {
+    cy.wait(5000);
+    cy.log('tagAllS3Objects task completed');
+  });
+});

runner/config/custom-environment-variables.json

@@ -69,5 +69,6 @@
   "ignoreSectionsFromSummary": "IGNORE_SECTIONS_FROM_SUMMARY_PAGE",
   "sentryDsn": "SENTRY_DSN",
   "sentryTracesSampleRate": "SENTRY_TRACES_SAMPLE_RATE",
-  "copilotEnv": "COPILOT_ENV"
+  "copilotEnv": "COPILOT_ENV",
+  "enableVirusScan": "ENABLE_VIRUS_SCAN"
 }

runner/config/default.js

@@ -112,5 +112,7 @@ module.exports = {
   /*sentry configurations*/
   sentryDsn: "",
   sentryTracesSampleRate: "",
-  copilotEnv: ""
+  copilotEnv: "",
+
+  enableVirusScan: false,
 };

runner/locales/cy.json

@@ -24,6 +24,7 @@
       "filePartiallyUploadError": "Nid yw'r ffeiliau wedi'u llwytho i fyny yn llawn",
       "fileUploadSizeError": "Rhaid i'r ffeil fod o dan ",
       "fileUploadCombinedSizeError": "Rhaid i faint ffeiliau cyfun fod o dan ",
+      "fileUploadVirusError": "The selected file contains a virus",
       "fileUploadTypeError": "Ni allwch uwchlwytho ffeiliau o'r math hwn.",
       "fileUploadCountSingleError": "Dim ond un ffeil y gallwch ei uwchlwytho",
       "fileUploadCountMaxError": "Dim ond ffeiliau {maxFiles} y gallwch chi eu huwchlwytho",
@@ -52,6 +53,7 @@
         "fileActionCol": "Gweithredu",
         "fileActionComplete": "Cyflawn",
         "fileActionFailed": "Wedi methu",
+        "fileActionInProgress": "In progress",
         "deleteBtn": "Dileu"
       }
     },