How to Detect Scripts Embedded in File Uploads using C/C++
Malicious scripts can be shared through vulnerable file upload policies and used to initiate a variety of damaging cyberattacks. It’s important to block uploads containing scripts at the same stage as checking files for virus and malware signatures — and the below code makes that easy to accomplish in a single request.
Using the ready-to-run C/C++ code examples provided further down the page, you can call a free API that references more than 17 million virus and malware signatures and performs in-depth content verification to detect hidden threats in files, including but not limited to scripts (executables, macros, invalid files, password-protected files, etc. will also be detected). You can choose to engage or disengage content threat detection policies as you see fit by customizing relevant parameters in the API request body.
First things first, install libcurl in your project:
libcurl/7.75.0After that, copy the below code to structure your request, and supply a free-tier API key in the authorization header (you can get one by registering a free account on the Cloudmersive website):
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(curl, CURLOPT_URL, "https://api.cloudmersive.com/virus/scan/file/advanced");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "allowExecutables: <boolean>");
headers = curl_slist_append(headers, "allowInvalidFiles: <boolean>");
headers = curl_slist_append(headers, "allowScripts: <boolean>");
headers = curl_slist_append(headers, "allowPasswordProtectedFiles: <boolean>");
headers = curl_slist_append(headers, "allowMacros: <boolean>");
headers = curl_slist_append(headers, "allowXmlExternalEntities: <boolean>");
headers = curl_slist_append(headers, "allowInsecureDeserialization: <boolean>");
headers = curl_slist_append(headers, "allowHtml: <boolean>");
headers = curl_slist_append(headers, "restrictFileTypes: <string>");
headers = curl_slist_append(headers, "Content-Type: multipart/form-data");
headers = curl_slist_append(headers, "Apikey: YOUR-API-KEY-HERE");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_mime *mime;
curl_mimepart *part;
mime = curl_mime_init(curl);
part = curl_mime_addpart(mime);
curl_mime_name(part, "inputFile");
curl_mime_filedata(part, "/path/to/file");
curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime);
res = curl_easy_perform(curl);
curl_mime_free(mime);
}
curl_easy_cleanup(curl);Now you can easily incorporate a multi-threat scanning step for your C/C++ applications.
