From 57dd85a021dc05a3d731e7ac4fed9369befb0353 Mon Sep 17 00:00:00 2001
From: Jonathan Hooper <jonathan.hooper@gsa.gov>
Date: Wed, 13 May 2020 13:39:07 -0400
Subject: [PATCH] LG-2959 Add a missing `return` statement when a Acuant SDK
 file is not permitted

**Why**: So the execution does not continue leading to a 500 error
---
 app/controllers/acuant_sdk_controller.rb | 2 +-
 spec/requests/acuant_sdk_spec.rb         | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/controllers/acuant_sdk_controller.rb b/app/controllers/acuant_sdk_controller.rb
index 45df1aac64f..2ec373451cb 100644
--- a/app/controllers/acuant_sdk_controller.rb
+++ b/app/controllers/acuant_sdk_controller.rb
@@ -10,7 +10,7 @@ class AcuantSdkController < ApplicationController
 
   def show
     # Only render files on an allowlist to prevent path traversal issues
-    render plain: 'Not found', status: :not_found unless requested_asset_permitted?
+    return render(plain: 'Not found', status: :not_found) unless requested_asset_permitted?
 
     SecureHeaders.append_content_security_policy_directives(
       request,
diff --git a/spec/requests/acuant_sdk_spec.rb b/spec/requests/acuant_sdk_spec.rb
index 0c212520804..ddc9922ff1f 100644
--- a/spec/requests/acuant_sdk_spec.rb
+++ b/spec/requests/acuant_sdk_spec.rb
@@ -31,5 +31,11 @@
 
       expect(response.status).to eq(404)
     end
+
+    it 'renders a 404 for map files' do
+      get '/verify/doc_auth/AcuantImageProcessingService.wasm.map'
+
+      expect(response.status).to eq(404)
+    end
   end
 end