Open in app

Sign in

Write

Sign in

How to Scan Files for HTML Threats in Go

Cloudmersive
2 min readJun 20, 2023

--

Files with top level HTML input can conceal a variety of hidden threats, including Cross-Site Scripting (XSS) and local file access attempts. Thankfully, using the ready-to-run code provided below, you can easily call an API which quickly detects HTML input within file uploads, instantly improving security for your applications. This API performs in-depth content verification on dozens of common file types and additionally scans content for millions of virus and malware signatures.

You can structure your API call by copying the code examples provided below:

package main

import (
     "fmt"
     "bytes"
     "mime/multipart"
     "os"
     "path/filepath"
     "io"
     "net/http"
     "io/ioutil"
)

func main() {

     url := "https://api.cloudmersive.com/virus/scan/file/advanced"
     method := "POST"

     payload := &bytes.Buffer{}
     writer := multipart.NewWriter(payload)
     file, errFile1 := os.Open("/path/to/file")
     defer file.Close()
     part1,
         errFile1 := writer.CreateFormFile("inputFile",filepath.Base("/path/to/file"))
     _, errFile1 = io.Copy(part1, file)
     if errFile1 != nil {
          fmt.Println(errFile1)
          return
     }
     err := writer.Close()
     if err != nil {
          fmt.Println(err)
          return
     }


     client := &http.Client {
     }
     req, err := http.NewRequest(method, url, payload)

     if err != nil {
          fmt.Println(err)
          return
     }
     req.Header.Add("allowExecutables", "<boolean>")
     req.Header.Add("allowInvalidFiles", "<boolean>")
     req.Header.Add("allowScripts", "<boolean>")
     req.Header.Add("allowPasswordProtectedFiles", "<boolean>")
     req.Header.Add("allowMacros", "<boolean>")
     req.Header.Add("allowXmlExternalEntities", "<boolean>")
     req.Header.Add("allowInsecureDeserialization", "<boolean>")
     req.Header.Add("allowHtml", "<boolean>")
     req.Header.Add("restrictFileTypes", "<string>")
     req.Header.Add("Content-Type", "multipart/form-data")
     req.Header.Add("Apikey", "YOUR-API-KEY-HERE")

     req.Header.Set("Content-Type", writer.FormDataContentType())
     res, err := client.Do(req)
     if err != nil {
          fmt.Println(err)
          return
     }
     defer res.Body.Close()

     body, err := ioutil.ReadAll(res.Body)
     if err != nil {
          fmt.Println(err)
          return
     }
     fmt.Println(string(body))
}

Setting the “allowHtrml” parameter to “False” will mark files containing HTML input as infected, making it easy to remove them from your upload process. You can additionally set similar parameters to block a variety of hidden threat types.

To authenticate your requests, you’ll need a free-tier API key, which you can get on the Cloudmersive website with no additional commitment.

Free Api
Xss Attack
Virus Scan
Content Verification
Golang

--

--

Cloudmersive
Cloudmersive

Written by Cloudmersive

695 Followers
10 Following

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams