file scan for screening and licensing (#1551)

# Description

This PR includes the following proposed change(s):

-spdbt-3146(ook up the file virus scan service with our screening and
licensing app.)

src/Spd.Presentation.Licensing/Controllers/LicenceAppDocumentController.cs

@@ -4,27 +4,31 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Caching.Distributed;
 using Spd.Manager.Licence;
+using Spd.Utilities.FileScanning;
 using Spd.Utilities.LogonUser;
 using Spd.Utilities.Recaptcha;
+using Spd.Utilities.Shared.Exceptions;
 using System.ComponentModel.DataAnnotations;
+using System.Net;
 using System.Security.Principal;
 
 namespace Spd.Presentation.Licensing.Controllers;
 [ApiController]
 public class LicenceAppDocumentController : SpdLicenceControllerBase
 {
     private readonly IMediator _mediator;
-    private readonly IConfiguration _configuration;
+    private readonly IFileScanProvider _fileScanProvider;
     private readonly IPrincipal _currentUser;
 
     public LicenceAppDocumentController(IMediator mediator, IDistributedCache cache,
         IDataProtectionProvider dpProvider,
         IPrincipal currentUser,
         IRecaptchaVerificationService recaptchaVerificationService,
-        IConfiguration configuration) : base(cache, dpProvider, recaptchaVerificationService, configuration)
+        IConfiguration configuration,
+        IFileScanProvider fileScanProvider) : base(cache, dpProvider, recaptchaVerificationService, configuration)
     {
         _mediator = mediator;
-        _configuration = configuration;
+        _fileScanProvider = fileScanProvider;
         _currentUser = currentUser;
     }
 
@@ -42,8 +46,9 @@ public LicenceAppDocumentController(IMediator mediator, IDistributedCache cache,
     public async Task<IEnumerable<LicenceAppDocumentResponse>> UploadLicenceAppFiles([FromForm][Required] LicenceAppDocumentUploadRequest fileUploadRequest, [FromRoute] Guid licenceAppId, CancellationToken ct)
     {
         VerifyFiles(fileUploadRequest.Documents);
+        await FileVirusScanAsync(fileUploadRequest.Documents, ct);
 
-        if (User.HasClaim("Policy", "OnlyBcsc"))
+        if (_currentUser.GetIdentityProvider() == null) //bcsc identity provider is null
         {
             var applicantInfo = _currentUser.GetBcscUserIdentityInfo();
             return await _mediator.Send(new CreateDocumentInTransientStoreCommand(fileUploadRequest, applicantInfo.Sub, licenceAppId), ct);
@@ -64,6 +69,7 @@ public async Task<IEnumerable<LicenceAppDocumentResponse>> UploadLicenceAppFiles
     public async Task<Guid> UploadFilesToCache([FromForm][Required] LicenceAppDocumentUploadRequest fileUploadRequest, CancellationToken ct)
     {
         VerifyFiles(fileUploadRequest.Documents);
+        await FileVirusScanAsync(fileUploadRequest.Documents, ct);
 
         CreateDocumentInCacheCommand command = new(fileUploadRequest);
         var newFileInfos = await _mediator.Send(command, ct);
@@ -104,11 +110,22 @@ public async Task<Guid> UploadLicenceAppFilesAnonymous([FromForm][Required] Lice
     {
         await VerifyKeyCode();
         VerifyFiles(fileUploadRequest.Documents);
+        await FileVirusScanAsync(fileUploadRequest.Documents, ct);
 
         CreateDocumentInCacheCommand command = new(fileUploadRequest);
         var newFileInfos = await _mediator.Send(command, ct);
         Guid fileKeyCode = Guid.NewGuid();
         await Cache.SetAsync(fileKeyCode.ToString(), newFileInfos, TimeSpan.FromMinutes(30), ct);
         return fileKeyCode;
     }
+
+    protected async Task FileVirusScanAsync(IList<IFormFile> documents, CancellationToken ct)
+    {
+        foreach (IFormFile file in documents)
+        {
+            var result = await _fileScanProvider.ScanAsync(file.OpenReadStream(), ct);
+            if (result.Result != ScanResult.Clean)
+                throw new ApiException(HttpStatusCode.BadRequest, "The uploaded file is not clean.");
+        }
+    }
 }

src/Spd.Presentation.Licensing/Spd.Presentation.Licensing.csproj

@@ -25,6 +25,7 @@
 				<ProjectReference Include="..\Spd.Manager.Common\Spd.Manager.Common.csproj" />
 				<ProjectReference Include="..\Spd.Manager.Licence\Spd.Manager.Licence.csproj" />
 				<ProjectReference Include="..\Spd.Manager.Payment\Spd.Manager.Payment.csproj" />
+				<ProjectReference Include="..\Spd.Utilities.FileScanning\Spd.Utilities.FileScanning.csproj" />
 				<ProjectReference Include="..\Spd.Utilities.Hosting\Spd.Utilities.Hosting.csproj" />
 				<ProjectReference Include="..\Spd.Utilities.LogonUser\Spd.Utilities.LogonUser.csproj" />
 				<ProjectReference Include="..\Spd.Utilities.Payment\Spd.Utilities.Payment.csproj" />

src/Spd.Presentation.Screening/Controllers/ApplicantController.cs

@@ -5,6 +5,7 @@
 using Spd.Manager.Screening;
 using Spd.Manager.Shared;
 using Spd.Presentation.Screening.Configurations;
+using Spd.Utilities.FileScanning;
 using Spd.Utilities.LogonUser;
 using Spd.Utilities.Recaptcha;
 using Spd.Utilities.Shared;
@@ -23,17 +24,19 @@ public class ApplicantController : SpdControllerBase
         private readonly IPrincipal _currentUser;
         private readonly IRecaptchaVerificationService _verificationService;
         private readonly IConfiguration _configuration;
-
+        private readonly IFileScanProvider _fileScanProvider;
 
         public ApplicantController(IMediator mediator,
             IPrincipal currentUser,
             IRecaptchaVerificationService verificationService,
-            IConfiguration configuration)
+            IConfiguration configuration,
+            IFileScanProvider fileScanProvider)
         {
             _mediator = mediator;
             _currentUser = currentUser;
             _verificationService = verificationService;
             _configuration = configuration;
+            _fileScanProvider = fileScanProvider;
         }
 
         #region application-invites
@@ -219,6 +222,7 @@ public async Task<IEnumerable<ApplicantAppFileCreateResponse>> UploadApplicantAp
                 {
                     throw new ApiException(HttpStatusCode.BadRequest, $"{file.Name} exceeds maximum supported file size {fileUploadConfig.MaxFileSizeMB} MB.");
                 }
+                await FileVirusScanAsync(file, ct);
             }
             if (fileUploadRequest.FileType != FileTypeCode.ApplicantInformation && fileUploadRequest.Files.Count > 1)
             {
@@ -248,6 +252,13 @@ public async Task<FileStreamResult> DownloadFileTemplate([FromRoute] Guid applic
 
         }
         #endregion
+
+        protected async Task FileVirusScanAsync(IFormFile document, CancellationToken ct)
+        {
+            var result = await _fileScanProvider.ScanAsync(document.OpenReadStream(), ct);
+            if (result.Result != ScanResult.Clean)
+                throw new ApiException(HttpStatusCode.BadRequest, "The uploaded file is not clean.");
+        }
     }
 }
 

src/Spd.Presentation.Screening/Controllers/ApplicationController.cs

@@ -4,12 +4,14 @@
 using Microsoft.AspNetCore.Mvc;
 using Spd.Manager.Screening;
 using Spd.Manager.Shared;
+using Spd.Utilities.FileScanning;
 using Spd.Utilities.LogonUser;
 using Spd.Utilities.Shared;
 using Spd.Utilities.Shared.Exceptions;
 using System.ComponentModel.DataAnnotations;
 using System.Configuration;
 using System.Globalization;
+using System.Net;
 using System.Security.Principal;
 using System.Text;
 using System.Text.Json;
@@ -26,20 +28,23 @@ public class ApplicationController : SpdControllerBase
         private readonly IConfiguration _configuration;
         private readonly IPrincipal _currentUser;
         private readonly ILogger<ApplicationController> _logger;
+        private readonly IFileScanProvider _fileScanProvider;
 
         public ApplicationController(IMediator mediator,
             IValidator<ApplicationCreateRequest> appCreateRequestValidator,
             IValidator<ApplicationCreateRequestFromBulk> appCreateRequestFromBulkValidator,
             IConfiguration configuration,
             IPrincipal currentUser,
-            ILogger<ApplicationController> logger)
+            ILogger<ApplicationController> logger,
+            IFileScanProvider fileScanProvider)
         {
             _mediator = mediator;
             _appCreateRequestValidator = appCreateRequestValidator;
             _appCreateRequestFromBulkValidator = appCreateRequestFromBulkValidator;
             _configuration = configuration;
             _currentUser = currentUser;
             _logger = logger;
+            _fileScanProvider = fileScanProvider;
         }
 
         #region application-invites
@@ -174,6 +179,7 @@ public async Task<BulkUploadCreateResponse> BulkUpload([FromForm][Required] Bulk
             var userId = this.HttpContext.User.GetUserId();
             if (userId == null) throw new ApiException(System.Net.HttpStatusCode.Unauthorized);
 
+            await FileVirusScanAsync(bulkUploadRequest.File, ct);
             //validation file
             string fileName = bulkUploadRequest.File.FileName;
             string exe = fileName.Split(".").Last();
@@ -363,7 +369,7 @@ public async Task<ActionResult> IdentityVerify([FromRoute] Guid applicationId, [
         /// <returns></returns>
         [Route("api/orgs/{orgId}/application")]
         [HttpPost]
-        public async Task<ApplicationCreateResponse> AddApplication([FromForm][Required] CreateApplication createApplication, [FromRoute] Guid orgId)
+        public async Task<ApplicationCreateResponse> AddApplication([FromForm][Required] CreateApplication createApplication, [FromRoute] Guid orgId, CancellationToken ct)
         {
 
             bool isPSSO = false;
@@ -384,6 +390,7 @@ public async Task<ApplicationCreateResponse> AddApplication([FromForm][Required]
             {
                 if (createApplication.ConsentFormFile == null)
                     throw new ApiException(System.Net.HttpStatusCode.BadRequest, "The consent file must be supplied.");
+                await FileVirusScanAsync(createApplication.ConsentFormFile, ct);
             }
 
             var userId = this.HttpContext.User.GetUserId();
@@ -743,6 +750,13 @@ private ClearanceAccessListSortBy GetClearanceSortBy(string? sortby)
             };
         }
         #endregion
+
+        protected async Task FileVirusScanAsync(IFormFile document, CancellationToken ct)
+        {
+            var result = await _fileScanProvider.ScanAsync(document.OpenReadStream(), ct);
+            if (result.Result != ScanResult.Clean)
+                throw new ApiException(HttpStatusCode.BadRequest, "The uploaded file is not clean.");
+        }
     }
 }
 

src/Spd.Presentation.Screening/Spd.Presentation.Screening.csproj

@@ -25,6 +25,7 @@
 				<ProjectReference Include="..\Spd.Manager.Common\Spd.Manager.Common.csproj" />
 				<ProjectReference Include="..\Spd.Manager.Payment\Spd.Manager.Payment.csproj" />
 				<ProjectReference Include="..\Spd.Manager.Screening\Spd.Manager.Screening.csproj" />
+				<ProjectReference Include="..\Spd.Utilities.FileScanning\Spd.Utilities.FileScanning.csproj" />
 				<ProjectReference Include="..\Spd.Utilities.Hosting\Spd.Utilities.Hosting.csproj" />
 				<ProjectReference Include="..\Spd.Utilities.LogonUser\Spd.Utilities.LogonUser.csproj" />
 				<ProjectReference Include="..\Spd.Utilities.Recaptcha\Spd.Utilities.Recaptcha.csproj" />