Add independent MalwareScanner feature#785
Conversation
![hyperspace-insights[bot]](https://avatars.githubusercontent.com/u/2531208?s=60&v=4){kind=small}
There was a problem hiding this comment.
The PR introduces a well-structured independent MalwareScannerService with proper interface/implementation separation, event context, and handler registration. The main concerns raised are: (1) missing test coverage for the ENCRYPTED scan result status in the handler tests, (2) the semantics of the DEFAULT_ON ordering constant warrant clarification to ensure user-provided @On handlers can override the default, and (3) the DEFAULT_NAME Javadoc could better document its dual-use role in both registration and lookup.
PR Bot Information
Version: 1.20.11 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback
- LLM:
anthropic--claude-4.6-sonnet - Correlation ID:
aab8a0c0-345f-11f1-8614-8f9ec63b6357 - File Content Strategy: Full file content
- Event Trigger:
pull_request.opened
...ava/com/sap/cds/feature/attachments/service/handler/DefaultMalwareScannerServiceHandler.java
Show resolved
Hide resolved
...ava/com/sap/cds/feature/attachments/service/handler/DefaultMalwareScannerServiceHandler.java
Show resolved
Hide resolved
...attachments/src/main/java/com/sap/cds/feature/attachments/service/MalwareScannerService.java
Show resolved
Hide resolved
…independant-of-the-attachmentservice
|
Can you explain this a bit further? The issue https://github.wdf.sap.corp/cds-java/home/issues/1500 says that we should provide a cds-feature-malwarescanner plugin. Does this PR now add such a service which could be in a separate cds-feature-malwarescanner plugin? |
No I already talked with Max about this, and we were both the opinion we don't need an extra plugin just for malware scanning. Therefore, this PR adds a MalwareScannerService just like the AttachmentService, so Users can manually trigger the malware scanner. |
|
I'll write ITests! |
…independant-of-the-attachmentservice
SummaryThe following content is AI-generated and provides a summary of the pull request: Add Independent
|
There was a problem hiding this comment.
The PR introduces a well-structured MalwareScannerService with proper CAP service/handler wiring, good test coverage, and clean separation of concerns. Three issues were flagged: a potential null return from scanContent that could cause NPEs at call sites, a handler order constant whose formula deserves explicit documentation or verification, and duplicated parameterizable test cases in the handler test that should be consolidated for maintainability.
PR Bot Information
Version: 1.20.11 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback
- LLM:
anthropic--claude-4.6-sonnet - File Content Strategy: Full file content
- Event Trigger:
pull_request.ready_for_review - Correlation ID:
e56726d0-3750-11f1-8e9f-1630d2a135a4
...ava/com/sap/cds/feature/attachments/service/handler/DefaultMalwareScannerServiceHandler.java
Show resolved
Hide resolved
...chments/src/main/java/com/sap/cds/feature/attachments/service/MalwareScannerServiceImpl.java
Show resolved
Hide resolved
...com/sap/cds/feature/attachments/service/handler/DefaultMalwareScannerServiceHandlerTest.java
Outdated
Show resolved
Hide resolved
…-malwarescannerservice-independant-of-the-attachmentservice # Conflicts: # .github/workflows/pipeline.yml
Schmarvinius
deleted the
503-feature-provide-a-malwarescannerservice-independant-of-the-attachmentservice
branch
2 participants
Add Independent
MalwareScannerServiceFeatureNew Feature
✨ Introduces a standalone
MalwareScannerServicethat can be injected from the CAP service catalog to scan arbitrary content for malware, independently of theAttachmentService. This allows consumers to perform on-demand malware scans without going through the attachment upload flow.Changes
MalwareScannerService.java(new): Defines theMalwareScannerServiceinterface with ascanContent(InputStream)method and theSCAN_CONTENTevent constant, registered under the nameMalwareScannerService$Default.MalwareScannerServiceImpl.java(new): ImplementsMalwareScannerServiceby creating aMalwareScanEventContext, emitting the scan event, and returning the scan result.DefaultMalwareScannerServiceHandler.java(new): Default@Onevent handler for theMalwareScannerService. Delegates toMalwareScanClientto perform the actual scan. ReturnsNO_SCANNERif no client binding is available, andFAILEDon unexpected errors.MalwareScanEventContext.java(new):EventContextinterface for theSCAN_CONTENTevent, carrying the contentInputStreamand the resultingMalwareScanResultStatus.Registration.java: RegistersMalwareScannerServiceImplas a new service andDefaultMalwareScannerServiceHandleras a new event handler during startup.RegistrationTest.java: Updated tests to assert that bothAttachmentServiceandMalwareScannerServiceare registered, and thatDefaultMalwareScannerServiceHandleris included among the registered event handlers. Handler counts updated from8→9(full setup) and1→2(minimal setup).MalwareScannerServiceImplTest.java(new): Parameterized tests verifying thatscanContentcorrectly propagates allMalwareScanResultStatusvalues and passes the content stream through the event context.DefaultMalwareScannerServiceHandlerTest.java(new): Unit tests for the handler covering clean, infected, no-scanner, and error/exception scenarios, as well as annotation verification.MalwareScanEventContextTest.java(new): Basic test verifying thatMalwareScanEventContextfields can be set and read correctly.📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!
PR Bot Information
Version:
1.20.11| 📖 Documentation | 🚨 Create Incident | 💬 Feedbackaab8a0c0-345f-11f1-8614-8f9ec63b6357anthropic--claude-4.6-sonnetpull_request.opened