Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent download of blob marked as infected #160

Open
7 tasks
SandGrainOne opened this issue Feb 20, 2023 · 1 comment
Open
7 tasks

Prevent download of blob marked as infected #160

SandGrainOne opened this issue Feb 20, 2023 · 1 comment
Assignees
Labels
kind/user-story Used for issues that describes functionality for our users. status/draft Status: When you create an issue before you have enough info to properly describe the issue.

Comments

@SandGrainOne
Copy link
Member

SandGrainOne commented Feb 20, 2023

Description

Infected files can currently be downloaded normally. We should consider stopping downloads if FileScan has marked a file as infected.

Additional Information

The current file-scan App(s) and solution will probably be discontinued. Looking into the Defender product and how that can be used has priority.

Tasks

  • Add a file scan status check to the download logic.
  • Identify an appropriate 4xx status code. Ideas:
    • 404 to indicate deleted?
    • 424 Failed Dependency? (means that the request failed due to the failure of a previous request.)
    • 423 Locked
    • 410 Gone

Acceptance Criterias

  • A GET request on a DataElement marked as infected results in status code: **
@SandGrainOne SandGrainOne added kind/user-story Used for issues that describes functionality for our users. status/draft Status: When you create an issue before you have enough info to properly describe the issue. labels Feb 20, 2023
@olebhansen
Copy link

olebhansen commented Jul 15, 2024

See also filescan; Altinn/altinn-file-scan#156 + Altinn/altinn-file-scan#49. Fundamental question is what do do about filescanning and if we should permitt infected files. Clarify how the current solution works and if it is needed to go above and beyond this (and if so "how").

@olebhansen olebhansen self-assigned this Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/user-story Used for issues that describes functionality for our users. status/draft Status: When you create an issue before you have enough info to properly describe the issue.
Projects
None yet
Development

No branches or pull requests

2 participants