Open in app

Sign in

Write

Sign in

How to Identify Invalid File Uploads using Go

Cloudmersive
2 min readJun 14, 2023

--

Invalid file types can carry a variety of hidden threats, so it’s important that our applications never blindly trust a file’s encoding matches its extension.

Thankfully, using the Go code examples provided below, you can easily detect and set policies against invalid file formats with in-depth content verification. Setting the (“allowInvalidFiles”, “<boolean>”) parameter to “False” will return a “CleanResult: False” API response for any file with encoding that fails to match its extension, making it easy to delete these files from your workflow. This API will, by default, also check file contents against a continuously updated list of more than 17 million virus and malware signatures, and it will allow you to set a variety of additional custom hidden-threat detection policies in the API request body.

You can structure your API call using the ready-to-run Go code examples below:

package main

import (
     "fmt"
     "bytes"
     "mime/multipart"
     "os"
     "path/filepath"
     "io"
     "net/http"
     "io/ioutil"
)

func main() {

     url := "https://api.cloudmersive.com/virus/scan/file/advanced"
     method := "POST"

     payload := &bytes.Buffer{}
     writer := multipart.NewWriter(payload)
     file, errFile1 := os.Open("/path/to/file")
     defer file.Close()
     part1,
         errFile1 := writer.CreateFormFile("inputFile",filepath.Base("/path/to/file"))
     _, errFile1 = io.Copy(part1, file)
     if errFile1 != nil {
          fmt.Println(errFile1)
          return
     }
     err := writer.Close()
     if err != nil {
          fmt.Println(err)
          return
     }


     client := &http.Client {
     }
     req, err := http.NewRequest(method, url, payload)

     if err != nil {
          fmt.Println(err)
          return
     }
     req.Header.Add("allowExecutables", "<boolean>")
     req.Header.Add("allowInvalidFiles", "<boolean>")
     req.Header.Add("allowScripts", "<boolean>")
     req.Header.Add("allowPasswordProtectedFiles", "<boolean>")
     req.Header.Add("allowMacros", "<boolean>")
     req.Header.Add("allowXmlExternalEntities", "<boolean>")
     req.Header.Add("allowInsecureDeserialization", "<boolean>")
     req.Header.Add("allowHtml", "<boolean>")
     req.Header.Add("restrictFileTypes", "<string>")
     req.Header.Add("Content-Type", "multipart/form-data")
     req.Header.Add("Apikey", "YOUR-API-KEY-HERE")

     req.Header.Set("Content-Type", writer.FormDataContentType())
     res, err := client.Do(req)
     if err != nil {
          fmt.Println(err)
          return
     }
     defer res.Body.Close()

     body, err := ioutil.ReadAll(res.Body)
     if err != nil {
          fmt.Println(err)
          return
     }
     fmt.Println(string(body))
}

That’s all there is to it — now you can easily boost security for your file upload workflows in a single API request.

Golang
Virus Scan
API
Content Verification
File Upload

--

--

Cloudmersive
Cloudmersive

Written by Cloudmersive

692 Followers
10 Following

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams