feat: check for clean file key valid uuid

opengovsg · Sep 25, 2023 · dcf37c2 · dcf37c2
1 parent a924eb2
commit dcf37c2
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 16 deletions.
diff --git a/src/app/modules/submission/encrypt-submission/__tests__/encrypt-submission.service.spec.ts b/src/app/modules/submission/encrypt-submission/__tests__/encrypt-submission.service.spec.ts
@@ -33,7 +33,7 @@ import {
   AttachmentSizeLimitExceededError,
   DownloadCleanFileFailedError,
   InvalidFieldIdError,
-  InvalidQuarantineFileKeyError,
+  InvalidFileKeyError,
   VirusScanFailedError,
 } from '../encrypt-submission.errors'
 import {
@@ -1176,9 +1176,7 @@ describe('encrypt-submission.service', () => {
       // Assert
       expect(awsSpy).not.toHaveBeenCalled()
       expect(actualResult.isErr()).toEqual(true)
-      expect(actualResult._unsafeUnwrapErr()).toEqual(
-        new InvalidQuarantineFileKeyError(),
-      )
+      expect(actualResult._unsafeUnwrapErr()).toEqual(new InvalidFileKeyError())
     })
 
     it('should return errAsync when lambda invocation fails', async () => {
@@ -1473,13 +1471,28 @@ describe('encrypt-submission.service', () => {
   })
 
   describe('downloadCleanFile', () => {
+    const MOCK_VALID_UUID = '0f3d2e22-d2aa-44f8-965a-27e46102936e'
+    it('should return errAsync(InvalidFileKeyError) if cleanFileKey is invalid', async () => {
+      // Arrange
+      const awsSpy = jest.spyOn(aws.s3, 'getObject')
+
+      // Act
+      // empty string for version id to simulate failure
+      const actualResult = await downloadCleanFile('invalid-key', '')
+
+      // Assert
+      expect(awsSpy).not.toHaveBeenCalled()
+      expect(actualResult.isErr()).toEqual(true)
+      expect(actualResult._unsafeUnwrapErr()).toEqual(new InvalidFileKeyError())
+    })
+
     it('should return errAsync(DownloadCleanFileFailedError) if file download failed', async () => {
       // Arrange
       const awsSpy = jest.spyOn(aws.s3, 'getObject')
 
       // Act
-      // empty strings for invalid keys and version ids
-      const actualResult = await downloadCleanFile('', '')
+      // empty string for version id to simulate failure
+      const actualResult = await downloadCleanFile(MOCK_VALID_UUID, '')
 
       // Assert
       expect(awsSpy).toHaveBeenCalledOnce()
@@ -1510,12 +1523,11 @@ describe('encrypt-submission.service', () => {
         .spyOn(aws.s3, 'getObject')
         .mockImplementationOnce(mockGetObject)
 
-      const cleanFileKey = 'your-clean-file-key'
       const versionId = 'your-version-id'
 
       // Act
       // empty strings for invalid keys and version ids
-      const actualResult = await downloadCleanFile(cleanFileKey, versionId)
+      const actualResult = await downloadCleanFile(MOCK_VALID_UUID, versionId)
 
       // Assert
       expect(awsSpy).toHaveBeenCalledOnce()

diff --git a/src/app/modules/submission/encrypt-submission/encrypt-submission.errors.ts b/src/app/modules/submission/encrypt-submission/encrypt-submission.errors.ts
@@ -50,10 +50,8 @@ export class FeatureDisabledError extends ApplicationError {
   }
 }
 
-export class InvalidQuarantineFileKeyError extends ApplicationError {
-  constructor(
-    message = 'Invalid quarantine file key. Quarantine file key should be a valid UUID.',
-  ) {
+export class InvalidFileKeyError extends ApplicationError {
+  constructor(message = 'Invalid file key. File keys should be valid UUIDs.') {
     super(message)
   }
 }

diff --git a/src/app/modules/submission/encrypt-submission/encrypt-submission.service.ts b/src/app/modules/submission/encrypt-submission/encrypt-submission.service.ts
@@ -65,7 +65,7 @@ import {
   AttachmentSizeLimitExceededError,
   DownloadCleanFileFailedError,
   InvalidFieldIdError,
-  InvalidQuarantineFileKeyError,
+  InvalidFileKeyError,
   JsonParseFailedError,
   VirusScanFailedError,
 } from './encrypt-submission.errors'
@@ -744,7 +744,7 @@ export const triggerVirusScanning = (
       meta: logMeta,
     })
 
-    return errAsync(new InvalidQuarantineFileKeyError())
+    return errAsync(new InvalidFileKeyError())
   }
 
   return ResultAsync.fromPromise(
@@ -802,6 +802,15 @@ export const downloadCleanFile = (cleanFileKey: string, versionId: string) => {
     versionId,
   }
 
+  if (!validate(cleanFileKey)) {
+    logger.error({
+      message: 'Invalid file key - not a valid uuid',
+      meta: logMeta,
+    })
+
+    return errAsync(new InvalidFileKeyError())
+  }
+
   let buffer = Buffer.alloc(0)
 
   const writeStream = new Writable({

diff --git a/src/app/modules/submission/encrypt-submission/encrypt-submission.utils.ts b/src/app/modules/submission/encrypt-submission/encrypt-submission.utils.ts
@@ -75,7 +75,7 @@ import {
   DownloadCleanFileFailedError,
   FeatureDisabledError,
   InvalidFieldIdError,
-  InvalidQuarantineFileKeyError,
+  InvalidFileKeyError,
   SubmissionFailedError,
   VirusScanFailedError,
 } from './encrypt-submission.errors'
@@ -231,7 +231,7 @@ const errorMapper: MapRouteError = (
     case SubmissionFailedError:
     case InvalidFieldIdError:
     case AttachmentSizeLimitExceededError:
-    case InvalidQuarantineFileKeyError:
+    case InvalidFileKeyError:
       return {
         statusCode: StatusCodes.BAD_REQUEST,
         errorMessage: error.message,