From e717674f4545c6ede3dee2e65d8261941e89df8e Mon Sep 17 00:00:00 2001
From: Yvan Janssens <yvanj@cyber.gent>
Date: Fri, 7 Apr 2023 14:53:38 +0200
Subject: [PATCH] Implement first revision of malware scanning microservice.

---
 README.md | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
 rest.go   | 24 +++++++++++++++++++++++-
 2 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8a07d0d..537795c 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,48 @@
 # malscan
 
-REST-based API to consume ClamAV as a microservice
+REST-based API to consume ClamAV as a microservice. 
+
+## API endpoints
+
+This microservice exposes the following API endpoints:
+
+- `/status`
+- `/scan`
+
+### `/status` endpoint
+
+This endpoint provides the status of the malware engine used as well as the amount of signatures in the database. It also carries out a basic sanity check on the antimalware software being used.
+
+Methods accepted: `GET` 
+
+Parameters: none
+
+Example output:
+```
+{
+    "scanning_engine": "clamav",
+    "signature_count": 8659701,
+    "sanity_check": true
+}
+```
+
+### `/scan` endpoint
+
+Methods accepted: `POST`
+
+Parameters: file to be scanned needs to be supplied as the body of the request. Maximum file upload size is 20MB.
+
+Example output:
+```
+{
+    "malware_detected": true,
+    "malware_name": "Win.Test.EICAR_HDB-1",
+    "engine": {
+        "scanning_engine": "clamav",
+        "signature_count": 8659701,
+        "sanity_check": true
+    }
+}
+```
+
+You can use this endpoint using eg `curl -X POST http://localhost:8080/scan --data "@eicar.com"`
\ No newline at end of file
diff --git a/rest.go b/rest.go
index 33e703a..c3ef2d7 100644
--- a/rest.go
+++ b/rest.go
@@ -19,7 +19,29 @@ type scan_response struct {
 }
 
 func scan_api(c *gin.Context) {
+	data, err := c.GetRawData()
+	if err != nil {
+		c.IndentedJSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
 
+	malware_type, err, sigCount := scan_data(data)
+	malware_detected := true
+	if malware_type == "" {
+		malware_detected = false
+	}
+
+	response := scan_response{
+		Malware_detected: malware_detected,
+		Malware_name:     malware_type,
+		Engine: status_response{
+			Signature_count: sigCount,
+			Sanity_check:    true,
+			Scanning_engine: "clamav",
+		},
+	}
+
+	c.IndentedJSON(http.StatusOK, response)
 }
 
 func status_api(c *gin.Context) {
@@ -36,7 +58,7 @@ func start_api() {
 	gin.SetMode(gin.ReleaseMode)
 
 	router := gin.Default()
-	router.PUT("/scan", scan_api)
+	router.POST("/scan", scan_api)
 	router.GET("/status", status_api)
 
 	router.Run(":8080")