Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2429/single clamav #2718

Merged
merged 44 commits into from
Oct 12, 2023
Merged

2429/single clamav #2718

merged 44 commits into from
Oct 12, 2023

Conversation

George-Hudson
Copy link

@George-Hudson George-Hudson commented Sep 29, 2023

Summary of Changes

In order to preserve cf space in dev and staging, we are reducing the number of ClamAV instances we are using. Only the ClamAV instance in the prod space will be used. We also created NGINX servers to act as gatekeepers for each space and to forward requests to the production ClamAV server.

Pull request closes #2429

How to Test

  • the ClamAV scan needs function as intended when running through the gatekeeper.

Deliverables

More details on how deliverables herein are assessed included here.

Deliverable 1: Accepted Features

Checklist of ACs:

  • [ClamAV scans still work appropriately]
  • lfrohlich and/or adpennington confirmed that ACs are met.

Deliverable 2: Tested Code

  • Are all areas of code introduced in this PR meaningfully tested?
    • If this PR introduces backend code changes, are they meaningfully tested?
    • If this PR introduces frontend code changes, are they meaningfully tested?
  • Are code coverage minimums met?
    • Frontend coverage: [insert coverage %] (see CodeCov Report comment in PR)
    • Backend coverage: [insert coverage %] (see CodeCov Report comment in PR)

Deliverable 3: Properly Styled Code

  • Are backend code style checks passing on CircleCI?
  • Are frontend code style checks passing on CircleCI?
  • Are code maintainability principles being followed?

Deliverable 4: Accessible

  • Does this PR complete the epic?
  • Are links included to any other gov-approved PRs associated with epic?
  • Does PR include documentation for Raft's a11y review?
  • Did automated and manual testing with iamjolly and ttran-hub using Accessibility Insights reveal any errors introduced in this PR?

Deliverable 5: Deployed

  • Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?

Deliverable 6: Documented

  • Does this PR provide background for why coding decisions were made?
  • If this PR introduces backend code, is that code easy to understand and sufficiently documented, both inline and overall?
  • If this PR introduces frontend code, is that code easy to understand and sufficiently documented, both inline and overall?
  • If this PR introduces dependencies, are their licenses documented?
  • Can reviewer explain and take ownership of these elements presented in this code review?

Deliverable 7: Secure

  • Does the OWASP Scan pass on CircleCI?
  • Do manual code review and manual testing detect any new security issues?
  • If new issues detected, is investigation and/or remediation plan documented?

Deliverable 8: User Research

Research product(s) clearly articulate(s):

  • the purpose of the research
  • methods used to conduct the research
  • who participated in the research
  • what was tested and how
  • impact of research on TDP
  • (if applicable) final design mockups produced for TDP development

George Hudson and others added 30 commits August 14, 2023 14:16
…CAN enpoint to tanf-prod clam av scanner only
Copy link

@jtimpe jtimpe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! just one question for clarification

Copy link

@raftmsohani raftmsohani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@George-Hudson George-Hudson added QASP Review Deploy with CircleCI-qasp Deploy to https://tdp-frontend-qasp.app.cloud.gov through CircleCI and removed raft review This issue is ready for raft review labels Oct 5, 2023
@ADPennington
Copy link
Collaborator

ADPennington commented Oct 5, 2023

@George-Hudson @raftmsohani getting the following result in logs when submitting a file:
clamav_qasp

17:01:20.841: [APP/PROC/WEB.0] 2023-10-05 21:01:20,840 ERROR clients.py::scan_file:L74 :  ClamAV connection failure: HTTPSConnectionPool(host='tdp-clamav-nginx-dev.apps.internal', port=9000): Max retries exceeded with url: /scan (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997)')))
17:01:20.841: [APP/PROC/WEB.0] ClamAV connection failure: HTTPSConnectionPool(host='tdp-clamav-nginx-dev.apps.internal', port=9000): Max retries exceeded with url: /scan (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997)')))

@ADPennington ADPennington removed the Deploy with CircleCI-qasp Deploy to https://tdp-frontend-qasp.app.cloud.gov through CircleCI label Oct 6, 2023
@George-Hudson George-Hudson added Deploy with CircleCI-raft Deploy to https://tdp-frontend-raft.app.cloud.gov through CircleCI and removed QASP Review labels Oct 11, 2023
@George-Hudson George-Hudson removed the Deploy with CircleCI-raft Deploy to https://tdp-frontend-raft.app.cloud.gov through CircleCI label Oct 11, 2023
@George-Hudson George-Hudson added Deploy with CircleCI-raft Deploy to https://tdp-frontend-raft.app.cloud.gov through CircleCI and removed Deploy with CircleCI-raft Deploy to https://tdp-frontend-raft.app.cloud.gov through CircleCI labels Oct 11, 2023
@George-Hudson George-Hudson added Deploy with CircleCI-raft Deploy to https://tdp-frontend-raft.app.cloud.gov through CircleCI QASP Review Deploy with CircleCI-qasp Deploy to https://tdp-frontend-qasp.app.cloud.gov through CircleCI and removed Deploy with CircleCI-raft Deploy to https://tdp-frontend-raft.app.cloud.gov through CircleCI labels Oct 11, 2023
Copy link
Collaborator

@ADPennington ADPennington left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great @George-Hudson @raftmsohani 🚀

file scan via nginx router in tdp-backend-qasp logs
clam2

file being scanned in prod clamav instance
clam1

scan results saved in DAC in qasp env only (also verified that prod apps unaffected by scans in dev env
clam3

@ADPennington ADPennington added Ready to Merge and removed QASP Review Deploy with CircleCI-qasp Deploy to https://tdp-frontend-qasp.app.cloud.gov through CircleCI labels Oct 12, 2023
@andrew-jameson andrew-jameson merged commit 932a41e into develop Oct 12, 2023
11 checks passed
@andrew-jameson andrew-jameson deleted the 2429/single-clamav branch October 12, 2023 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Singular ClamAV Scanner
6 participants