How to Check Object Serialization Files for Insecure Deserialization Threats using C/C++

Cloudmersive
2 min readJul 17, 2023

--

Using the below code, you can take advantage of an API designed to identify malicious user-controlled objects (insecure deserialization threats) within object serialization files. You can also use this API to identify virus and malware signatures along with a variety of other hidden content threats (executables, macros, etc.), so it can be implemented as a multi-threat detection policy adding only a single API request to your workflow.

To take advantage of this API, start by installing libcurl in your C/C++ Project:

libcurl/7.75.0

Next, copy & paste the following ready-to-run code examples, then supply a free-tier Cloudmersive API key in the authorization header (this allows 800 API calls per month with no commitment):

CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(curl, CURLOPT_URL, "https://api.cloudmersive.com/virus/scan/file/advanced");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "allowExecutables: <boolean>");
headers = curl_slist_append(headers, "allowInvalidFiles: <boolean>");
headers = curl_slist_append(headers, "allowScripts: <boolean>");
headers = curl_slist_append(headers, "allowPasswordProtectedFiles: <boolean>");
headers = curl_slist_append(headers, "allowMacros: <boolean>");
headers = curl_slist_append(headers, "allowXmlExternalEntities: <boolean>");
headers = curl_slist_append(headers, "allowInsecureDeserialization: <boolean>");
headers = curl_slist_append(headers, "allowHtml: <boolean>");
headers = curl_slist_append(headers, "restrictFileTypes: <string>");
headers = curl_slist_append(headers, "Content-Type: multipart/form-data");
headers = curl_slist_append(headers, "Apikey: YOUR-API-KEY-HERE");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_mime *mime;
curl_mimepart *part;
mime = curl_mime_init(curl);
part = curl_mime_addpart(mime);
curl_mime_name(part, "inputFile");
curl_mime_filedata(part, "/path/to/file");
curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime);
res = curl_easy_perform(curl);
curl_mime_free(mime);
}
curl_easy_cleanup(curl);

Setting the “allowInsecureDeserialization” header to “false” will return a CleanResult: False response when relevant threats are detected (this is the same response provided when virus/malware signatures are detected).

--

--

Cloudmersive

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.