Antivirus Integration

Hi All,

 

Is there a documented way to implement antivirus scan for any attachment on YouTrack?

I know one could write a workflow for this (with REST calls to an API), but has anyone done it before? I'd like not to reinvent the wheel, if possible.

 

Thanks!

0
5 comments
Official comment

Hello,

I'm Lena from the YouTrack Team. Thank you for reaching out. 

I'm afraid I'm not aware of any solutions implemented by other our customers. However, here at YouTrack, we have plans to improve our security checkups for Cloud instances. We'll make sure to announce it when it's done. At the moment, we don't have any ETA, unfortunately. 

You are welcome! Have a nice day!
0

Hi Lena Vostrikova,

 

I'm running into an issue while trying to create a workflow that calls an HTTP service when an attachment is created / updated.

The way I have it setup is:

 guard: (ctx) => {
    const issue = ctx.issue;
    var run = false;
    issue.attachments.forEach(function(att) {
      if (att.isNew || att.isChanged("content"))
        run = true;
    });

    return run;
  },
  action: (ctx) => {
    const issue = ctx.issue;
    issue.attachments.forEach(function(att) {
      if (att.isNew || att.isChanged("content")) {
        workflow.message("Starting a virus scan for file " + att.name);
        const connection = new http.Connection('http://localhost:8090/');
        connection.addHeader({
          name: 'Content-Type',
          value: "text/plain"
        });
      const response = connection.getSync("insert/path/here", null); // pass the issue ID and the attachment name here

        if (response && response.code !== 200) {
          workflow.message("There was an error running the PII detector (" + response.code + ")");
        }
      }
  });

Then, on the service side, I use a REST API client to get all the attachments to the issue and go through the list to fetch the one that's needed (based on the file name).

But, when the service grabs the attachments from YouTrack, the one that is currently added is not present in the list. It's almost like YouTrack fires the workflow before the upload or the updating the database with the new attachment is done.

I have a feeling that I'm not "guard"-ing the workflow properly, but, I can't find a property of the attachment that indicates that he file is "completely attached".

 

Can you help with some direction on this?

 

Thanks!

0
Hello Constantin,

You are right; the workflow is fired before the attachment is added to the database. It is made to give you a chance to revert the action. Unfortunately, we don't have a handler for adding the attachment to the database. As a possible workaround, I suggest you pass the attachments on your server and concatenate it to the array received by REST API.

Please let me know if you have any additional questions.
0

Please sign in to leave a comment.