Add antivirus check on precompiled letters sent with test key

- precompiled PDFs sent by test key uploaded to scan bucket - set status to VIRUS-SCAN-FAILED for pdfs failing virus scan rather than PERMANENT-FAILURE - Make call to AV app for precompiled letters sent via a test key, and set notification status to PENDING-VIRUS-SCAN
2026-02-01 07:35:34 -05:00 · 2018-03-23 12:04:37 +00:00
parent 8c282aa406
commit 0ee5c33084
6 changed files with 78 additions and 42 deletions
--- a/app/celery/letters_pdf_tasks.py
+++ b/app/celery/letters_pdf_tasks.py
@@ -17,16 +17,22 @@ from app.dao.notifications_dao import (
    get_notification_by_id,
    update_notification_status_by_id,
    dao_update_notification,
+    dao_get_notification_by_reference,
    dao_get_notifications_by_references,
    dao_update_notifications_by_reference,
 )
 from app.letters.utils import (
    delete_pdf_from_letters_scan_bucket,
    get_reference_from_filename,
-    move_scanned_pdf_to_letters_pdf_bucket,
+    move_scanned_pdf_to_test_or_live_pdf_bucket,
    upload_letter_pdf
 )
-from app.models import NOTIFICATION_CREATED, NOTIFICATION_PERMANENT_FAILURE
+from app.models import (
+    KEY_TYPE_TEST,
+    NOTIFICATION_CREATED,
+    NOTIFICATION_DELIVERED,
+    NOTIFICATION_VIRUS_SCAN_FAILED,
+)


@notify_celery.task(bind=True, name="create-letters-pdf", max_retries=15, default_retry_delay=300)
@@ -157,16 +163,18 @@ def letter_in_created_state(filename):
@notify_celery.task(name='process-virus-scan-passed')
 def process_virus_scan_passed(filename):
    current_app.logger.info('Virus scan passed: {}'.format(filename))
-    move_scanned_pdf_to_letters_pdf_bucket(filename)
    reference = get_reference_from_filename(filename)
-    updated_count = update_letter_pdf_status(reference, NOTIFICATION_CREATED)
+    notification = dao_get_notification_by_reference(reference)

-    if updated_count != 1:
-        raise Exception(
-            "There should only be one letter notification for each reference. Found {} notifications".format(
-                updated_count
-            )
-        )
+    is_test_key = notification.key_type == KEY_TYPE_TEST
+    move_scanned_pdf_to_test_or_live_pdf_bucket(
+        filename,
+        is_test_letter=is_test_key
+    )
+    update_letter_pdf_status(
+        reference,
+        NOTIFICATION_DELIVERED if is_test_key else NOTIFICATION_CREATED
+    )


@notify_celery.task(name='process-virus-scan-failed')
@@ -174,7 +182,7 @@ def process_virus_scan_failed(filename):
    current_app.logger.error('Virus scan failed: {}'.format(filename))
    delete_pdf_from_letters_scan_bucket(filename)
    reference = get_reference_from_filename(filename)
-    updated_count = update_letter_pdf_status(reference, NOTIFICATION_PERMANENT_FAILURE)
+    updated_count = update_letter_pdf_status(reference, NOTIFICATION_VIRUS_SCAN_FAILED)

    if updated_count != 1:
        raise Exception(
--- a/app/letters/utils.py
+++ b/app/letters/utils.py
@@ -26,11 +26,11 @@ def get_folder_name(_now, is_test_or_scan_letter=False):
    return folder_name


-def get_letter_pdf_filename(reference, crown, is_test_or_scan_letter=False):
+def get_letter_pdf_filename(reference, crown, is_scan_letter=False):
    now = datetime.utcnow()

    upload_file_name = LETTERS_PDF_FILE_LOCATION_STRUCTURE.format(
-        folder=get_folder_name(now, is_test_or_scan_letter),
+        folder=get_folder_name(now, is_scan_letter),
        reference=reference,
        duplex="D",
        letter_class="2",
@@ -58,22 +58,19 @@ def get_reference_from_filename(filename):
    return filename_parts[1]


-def upload_letter_pdf(notification, pdf_data, is_test_letter=False):
+def upload_letter_pdf(notification, pdf_data):
    current_app.logger.info("PDF Letter {} reference {} created at {}, {} bytes".format(
        notification.id, notification.reference, notification.created_at, len(pdf_data)))

    upload_file_name = get_letter_pdf_filename(
        notification.reference,
        notification.service.crown,
-        is_test_or_scan_letter=is_test_letter or notification.template.is_precompiled_letter)
+        is_scan_letter=notification.template.is_precompiled_letter)

-    if is_test_letter:
-        bucket_name = current_app.config['TEST_LETTERS_BUCKET_NAME']
+    if notification.template.is_precompiled_letter:
+        bucket_name = current_app.config['LETTERS_SCAN_BUCKET_NAME']
    else:
-        if notification.template.is_precompiled_letter:
-            bucket_name = current_app.config['LETTERS_SCAN_BUCKET_NAME']
-        else:
-            bucket_name = current_app.config['LETTERS_PDF_BUCKET_NAME']
+        bucket_name = current_app.config['LETTERS_PDF_BUCKET_NAME']

    s3upload(
        filedata=pdf_data,
@@ -88,9 +85,10 @@ def upload_letter_pdf(notification, pdf_data, is_test_letter=False):
    return upload_file_name


-def move_scanned_pdf_to_letters_pdf_bucket(filename):
+def move_scanned_pdf_to_test_or_live_pdf_bucket(filename, is_test_letter=False):
    source_bucket_name = current_app.config['LETTERS_SCAN_BUCKET_NAME']
-    target_bucket_name = current_app.config['LETTERS_PDF_BUCKET_NAME']
+    target_bucket_config = 'TEST_LETTERS_BUCKET_NAME' if is_test_letter else 'LETTERS_PDF_BUCKET_NAME'
+    target_bucket_name = current_app.config[target_bucket_config]

    s3 = boto3.resource('s3')
    copy_source = {'Bucket': source_bucket_name, 'Key': filename}
--- a/app/v2/notifications/post_notifications.py
+++ b/app/v2/notifications/post_notifications.py
@@ -227,7 +227,7 @@ def process_letter_notification(*, letter_data, api_key, template, reply_to_text

    if precompiled:
        try:
-            if should_send:
+            if should_send or (precompiled and api_key.key_type == KEY_TYPE_TEST):
                status = NOTIFICATION_PENDING_VIRUS_CHECK
            letter_content = base64.b64decode(letter_data['content'])
            pages = pdf_page_count(io.BytesIO(letter_content))
@@ -273,8 +273,16 @@ def process_letter_notification(*, letter_data, api_key, template, reply_to_text
        )
    else:
        if precompiled and api_key.key_type == KEY_TYPE_TEST:
-            upload_letter_pdf(notification, letter_content, is_test_letter=True)
-        update_notification_status_by_reference(notification.reference, NOTIFICATION_DELIVERED)
+            filename = upload_letter_pdf(notification, letter_content)
+
+            # call task to add the filename to anti virus queue
+            notify_celery.send_task(
+                name=TaskNames.SCAN_FILE,
+                kwargs={'filename': filename},
+                queue=QueueNames.ANTIVIRUS,
+            )
+        else:
+            update_notification_status_by_reference(notification.reference, NOTIFICATION_DELIVERED)

    return notification