From 9178af68f1a21013d2ca39a4e55b774c48410d22 Mon Sep 17 00:00:00 2001
From: Graeme Porteous <graeme@rgbp.co.uk>
Date: Fri, 23 Feb 2024 12:38:35 +0000
Subject: [PATCH] Handle when ExcelAnalyzer detects issues

Hide spreadsheets and automatically send a report.
---
 lib/alavetelitheme.rb                         |  3 +-
 lib/excel_analyzer.rb                         | 43 +++++++++++++++++++
 .../excel_analyzer_notifier/report.text.erb   | 11 +++++
 3 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 lib/excel_analyzer.rb
 create mode 100644 lib/views/excel_analyzer_notifier/report.text.erb

diff --git a/lib/alavetelitheme.rb b/lib/alavetelitheme.rb
index f49cadf0..505c863c 100644
--- a/lib/alavetelitheme.rb
+++ b/lib/alavetelitheme.rb
@@ -59,7 +59,8 @@ def prepend_theme_assets
               'public_body_questions.rb',
               'school_late_calculator.rb',
               'volunteer_contact_form.rb',
-              'data_breach.rb']
+              'data_breach.rb',
+              'excel_analyzer.rb']
     require File.expand_path "../#{patch}", __FILE__
 end
 
diff --git a/lib/excel_analyzer.rb b/lib/excel_analyzer.rb
new file mode 100644
index 00000000..39f823c1
--- /dev/null
+++ b/lib/excel_analyzer.rb
@@ -0,0 +1,43 @@
+ExcelAnalyzer.on_hidden_metadata = ->(attachment_blob, metadata) do
+  foi_attachment = FoiAttachment.joins(:file_blob).
+    find_by(active_storage_blobs: { id: attachment_blob })
+
+  incoming_message = foi_attachment.incoming_message
+  next if incoming_message.sent_at < 1.day.ago
+
+  foi_attachment.update_and_log_event(
+    prominence: 'hidden',
+    event: {
+      editor: User.internal_admin_user,
+      reason: 'ExcelAnalyzer: hidden data dectected'
+    }
+  )
+
+  ExcelAnalyzerNotifier.report(foi_attachment, metadata).deliver_now
+end
+
+Rails.configuration.to_prepare do
+  class ExcelAnalyzerNotifier < ApplicationMailer
+    include Rails.application.routes.url_helpers
+    default_url_options[:host] = AlaveteliConfiguration.domain
+
+    def report(foi_attachment, metadata)
+      @foi_attachment = foi_attachment
+      @metadata = metadata
+
+      from = email_address_with_name(
+        blackhole_email, 'WhatDoTheyKnow.com Execl Analyzer report'
+      )
+
+      headers['X-WDTK-Contact'] = 'wdtk-excel-anaylzer-report'
+      headers['X-WDTK-CaseRef'] = @foi_attachment.id
+
+      mail(
+        from: from,
+        to: pro_contact_from_name_and_email,
+        subject: _('ExcelAnalyzer: hidden data dectected [{{reference}}]',
+                   reference: @foi_attachment.id)
+      )
+    end
+  end
+end
diff --git a/lib/views/excel_analyzer_notifier/report.text.erb b/lib/views/excel_analyzer_notifier/report.text.erb
new file mode 100644
index 00000000..c32dd616
--- /dev/null
+++ b/lib/views/excel_analyzer_notifier/report.text.erb
@@ -0,0 +1,11 @@
+ExcelAnalyzer has flagged and automatically set hidden prominence of a received
+spreadsheet due to the detection of potentially suspect hidden data.
+
+Admin URL: <%= edit_admin_foi_attachment_url(@foi_attachment) %>
+
+The following was detected:
+<% @metadata.each do |key, value| %>
+  <%= key %>: <%= value %>
+<% end %>
+
+Please review the file carefully.