Skip to content

Fix malware scan status stuck at Scanning after draft activation#771

Open
Schmarvinius wants to merge 2 commits intomainfrom
bugfix/scanner-not-updating-active-entity
Open

Fix malware scan status stuck at Scanning after draft activation#771
Schmarvinius wants to merge 2 commits intomainfrom
bugfix/scanner-not-updating-active-entity

Conversation

@Schmarvinius
Copy link
Copy Markdown
Collaborator

@Schmarvinius Schmarvinius commented Mar 30, 2026
edited
Loading

Summary

  • Fixes a race condition where activating a draft before the async malware scan completes causes the attachment to stay at status: Scanning forever
  • The async scanner now updates both draft and active entities after scanning, so the result is persisted regardless of which table the row lives in at update time
  • Also fixes duplicate scanning: previously the same file was scanned twice for draft-enabled entities, now it is scanned once

Closes #770

Root Cause

scanAttachment() selected the attachment row before the scan, then updated the same entity after the scan. If the draft was activated during the scan, the draft row was deleted and the update hit 0 rows. The active entity was skipped because it had 0 rows at select time.

Fix

Split scanAttachment() into two phases:

  1. Find the first entity with the attachment and scan its content
  2. Update all candidate entities (both draft and active) with the scan result

An UPDATE against a table with no matching row is a harmless 0-row no-op. The table that has the row gets updated.

@hyperspace-insights
Copy link
Copy Markdown
Contributor

hyperspace-insights bot commented Mar 30, 2026

Summary

The following content is AI-generated and provides a summary of the pull request:

Fix Malware Scan Status Stuck at Scanning After Draft Activation

Bug Fix

🐛 Resolves a race condition where activating a draft entity before the async malware scan completes causes the attachment to remain permanently stuck at status: Scanning. The fix ensures scan results are written to all candidate entities (both draft and active tables), so the correct table is updated regardless of when draft activation occurs. This also eliminates duplicate scanning that previously occurred for draft-enabled entities.

Root Cause

scanAttachment() selected the attachment row before the scan and updated only that same entity after. If the draft was activated during the scan, the draft row was deleted and the update hit 0 rows, leaving the active entity stuck at Scanning forever.

Changes

  • DefaultAttachmentMalwareScanner.java: Refactored scanAttachment() into two distinct phases:

    1. Find & scan: locate the first entity containing the attachment and scan its content (once, not twice).
    2. Update all candidates: write the scan result to every candidate entity (both draft and active tables). An update against a table with no matching row is a harmless 0-row no-op.

    Extracted helpers findAndScanAttachment() and validateAndFilter() to support this split logic.

  • DefaultAttachmentMalwareScannerTest.java: Updated existing tests to reflect that scanning and attachment service reads now happen once instead of twice. Added two new test cases:

    • scanResultWrittenToAllEntitiesEvenIfDraftDeletedDuringScanning — verifies the race condition scenario is handled correctly.
    • noScanOrUpdateWhenAttachmentNotFoundInAnyEntity — verifies no scan or update occurs when the attachment is not found in any entity.

Jira Issues

GitHub Issues:

  • #770: Malware scan status stuck at 'Scanning' when draft is activated before async scan completes
  • 🔄 Regenerate and Update Summary
  • ✏️ Insert as PR Description (deletes this comment)
  • 🗑️ Delete comment
PR Bot Information

Version: 1.19.9 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

💌 Have ideas or want to contribute? Create an issue and share your thoughts with us!
📑 Check out the documentation for more information.
📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!

Made with ❤️ by Hyperspace.

hyperspace-insights[bot]
hyperspace-insights bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@hyperspace-insights hyperspace-insights bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR introduces a two-phase scan-then-update-all-entities approach to fix a real race condition, but has several substantive correctness issues: the unconditional "update all" loop can stamp unrelated attachments that appear between SELECT and UPDATE; findAndScanAttachment relies on re-reading an already-iterated Result object whose re-readability is untested; and a test's name/assertions directly contradict its intent, obscuring the actual behaviour under review.

PR Bot Information

Version: 1.19.9 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

  • File Content Strategy: Full file content
  • Correlation ID: d3dddd80-2c4e-11f1-9772-da3e87f9e8b3
  • Event Trigger: pull_request.opened
  • LLM: anthropic--claude-4.6-sonnet

@Schmarvinius Schmarvinius requested a review from a team March 31, 2026 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyperspace-insights hyperspace-insights[bot] hyperspace-insights[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Malware scan status stuck at 'Scanning' when draft is activated before async scan completes

1 participant

@Schmarvinius