How to Detect JSON Insecure Deserialization (JID) Attacks in C/C++

Deserializing untrusted JSON objects can result in a JSON Insecure Deserialization (JID) attack, and this breach can allow an attacker to execute code remotely on your device (among other malicious outcomes). Thankfully, using the below code, you can easily take advantage of a free security API designed to identify insecure deserialization threats in JSON strings and protect your system from potential harm.

To structure your API call in two quick steps, start by installing libcurl in your C/C++ project:

libcurl/7.75.0

After that, copy the below code to structure your request, and provide a free-tier API key (allows up to 800 API calls per month) in the authorization header:

CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
     curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
     curl_easy_setopt(curl, CURLOPT_URL, "https://api.cloudmersive.com/security/threat-detection/content/insecure-deserialization/json/detect/string");
     curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
     curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
     struct curl_slist *headers = NULL;
     headers = curl_slist_append(headers, "Content-Type: application/json");
     headers = curl_slist_append(headers, "Apikey: YOUR-API-KEY-HERE");
     curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
     const char *data = "\"<string>\"";
     curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data);
     res = curl_easy_perform(curl);
}
curl_easy_cleanup(curl);

That’s all there is to it — now you can protect your vulnerable object serialization processes from inadvertently compromising your system.