search

cap-js / attachments

The @cap-js/attachments package is a CDS plugin that provides out-of-the box asset storage and handling by using an aspect Attachments. It also provides a CAP-level, easy to use integration of the SAP Object Store.
Apache License 2.0
6 stars 4 forks source link

Malware Scanner Throws Error #60

Open ch-sap opened 3 weeks ago

ch-sap commented 3 weeks ago

Hi,

we have a CAP/Fiori Elements application with cap-js/attachment and deployed it to cloud foundry. We used object store to save the attachments.

The attachment association is added to an entity which is draft-enabled. The attachment reuse UI is shown and I could upload a text file, but I see an error in console and when I save the draft, I get an error.

The CF log shows me: 06T07:49:03.064Z","msg":"❗️Uncaught Found 0 matching services","stacktrace":["VError: Found 0 matching services","at Object.serviceCredentials (/home/vcap/app/node_modules/@sap/xsenv/lib/xsservices.js:121:11)","at getCredentials (/home/vcap/app/node_modules/@cap-js/attachments/lib/malwareScanner.js:91:16)","at scanRequest (/home/vcap/app/node_modules/@cap-js/attachments/lib/malwareScanner.js:31:23)","at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"],"jse_shortmsg":"Found 0 matching services","jse_info":{},"message":"Found 0 matching

The file is nevertheless there and after some time, the save works.

Could you please give advice?

Best regards, Christine

muskansethi1 commented 3 weeks ago

Hi @ch-sap,

You have to bind the malware scanning service instance from btp, as it is enabled by default in the plugin. Another option is to disable it in the package.json if you want to by setting attachments.scan = false

Hope this helps.

Best Regards, Muskan

ch-sap commented 3 weeks ago

Hello Muskan, is this documented somewhere? I found these documentations:

  1. https://cap.cloud.sap/docs/plugins/#attachments: There is almost no information, at least a direct and visible link to the plugin github repo should be available.
  2. https://github.com/cap-js/attachments: The malware example is there, but only for local deployment. I miss the information how the malware service is named and how it works with MTA.yaml for cloud foundry.

It would be great if you could enhance the documentation.

Is this the malware scanning service, I shall use? https://discovery-center.cloud.sap/protected/index.html#/serviceCatalog/malware-scanning-service?service_plan=clamav&region=all&commercialModel=btpea

Could you please change the behavior that a clear error message is shown in cloud foundry log and not just a dump?

Best regards, Christine

muskansethi1 commented 5 days ago

Hi @ch-sap,

Yes, this is the service, you can create an instance and bind it to the application. We will also enhance the error handling in our plugin

Best Regards, Muskan