Implement first revision of malware scanning microservice.
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
8a61a52fa1
commit
e717674f45
47
README.md
47
README.md
@ -1,3 +1,48 @@
|
|||||||
# malscan
|
# malscan
|
||||||
|
|
||||||
REST-based API to consume ClamAV as a microservice
|
REST-based API to consume ClamAV as a microservice.
|
||||||
|
|
||||||
|
## API endpoints
|
||||||
|
|
||||||
|
This microservice exposes the following API endpoints:
|
||||||
|
|
||||||
|
- `/status`
|
||||||
|
- `/scan`
|
||||||
|
|
||||||
|
### `/status` endpoint
|
||||||
|
|
||||||
|
This endpoint provides the status of the malware engine used as well as the amount of signatures in the database. It also carries out a basic sanity check on the antimalware software being used.
|
||||||
|
|
||||||
|
Methods accepted: `GET`
|
||||||
|
|
||||||
|
Parameters: none
|
||||||
|
|
||||||
|
Example output:
|
||||||
|
```
|
||||||
|
{
|
||||||
|
"scanning_engine": "clamav",
|
||||||
|
"signature_count": 8659701,
|
||||||
|
"sanity_check": true
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### `/scan` endpoint
|
||||||
|
|
||||||
|
Methods accepted: `POST`
|
||||||
|
|
||||||
|
Parameters: file to be scanned needs to be supplied as the body of the request. Maximum file upload size is 20MB.
|
||||||
|
|
||||||
|
Example output:
|
||||||
|
```
|
||||||
|
{
|
||||||
|
"malware_detected": true,
|
||||||
|
"malware_name": "Win.Test.EICAR_HDB-1",
|
||||||
|
"engine": {
|
||||||
|
"scanning_engine": "clamav",
|
||||||
|
"signature_count": 8659701,
|
||||||
|
"sanity_check": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
You can use this endpoint using eg `curl -X POST http://localhost:8080/scan --data "@eicar.com"`
|
||||||
24
rest.go
24
rest.go
@ -19,7 +19,29 @@ type scan_response struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func scan_api(c *gin.Context) {
|
func scan_api(c *gin.Context) {
|
||||||
|
data, err := c.GetRawData()
|
||||||
|
if err != nil {
|
||||||
|
c.IndentedJSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
malware_type, err, sigCount := scan_data(data)
|
||||||
|
malware_detected := true
|
||||||
|
if malware_type == "" {
|
||||||
|
malware_detected = false
|
||||||
|
}
|
||||||
|
|
||||||
|
response := scan_response{
|
||||||
|
Malware_detected: malware_detected,
|
||||||
|
Malware_name: malware_type,
|
||||||
|
Engine: status_response{
|
||||||
|
Signature_count: sigCount,
|
||||||
|
Sanity_check: true,
|
||||||
|
Scanning_engine: "clamav",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
c.IndentedJSON(http.StatusOK, response)
|
||||||
}
|
}
|
||||||
|
|
||||||
func status_api(c *gin.Context) {
|
func status_api(c *gin.Context) {
|
||||||
@ -36,7 +58,7 @@ func start_api() {
|
|||||||
gin.SetMode(gin.ReleaseMode)
|
gin.SetMode(gin.ReleaseMode)
|
||||||
|
|
||||||
router := gin.Default()
|
router := gin.Default()
|
||||||
router.PUT("/scan", scan_api)
|
router.POST("/scan", scan_api)
|
||||||
router.GET("/status", status_api)
|
router.GET("/status", status_api)
|
||||||
|
|
||||||
router.Run(":8080")
|
router.Run(":8080")
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user