Halaman utama Jelajahi Bantuan
Masuk
Vieraw
/
Kutt
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

Added malware detection

Pouria Ezzati 8 tahun lalu
induk
a9fac292a7
melakukan
31ad474be8
2 mengubah file dengan 27 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 6 0
      server/config.example.js
  2. 21 0
      server/controllers/urlController.js

+ 6 - 0
server/config.example.js
Tampilan Berkas 

@@ -18,6 +18,12 @@ module.exports = {
 
   */
 
   RECAPTCHA_SECRET_KEY: '',
 
 
+  /* 
+    Google Cloud API to prevent from users from submitting malware URLs.
 
+    Get it from https://developers.google.com/safe-browsing/v4/get-started
 
+  */
 
+  GOOGLE_SAFE_BROWSING_KEY: '',
 
+
 
   /*
 
     Your email host details to use to send verification emails.
 
     More info on http://nodemailer.com/

+ 21 - 0
server/controllers/urlController.js
Tampilan Berkas 

@@ -3,6 +3,7 @@ const URL = require('url');
 
 const useragent = require('useragent');
 
 const geoip = require('geoip-lite');
 
 const bcrypt = require('bcryptjs');
 
+const axios = require('axios');
 
 const {
 
   createShortUrl,
 
   createVisit,
 
@@ -64,6 +65,26 @@ exports.urlShortener = async ({ body, user }, res) => {
 
       }
 
     }
 
   }
 
+  const isMalware = await axios.post(
 
+    `https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${
 
+      config.GOOGLE_SAFE_BROWSING_KEY
 
+    }`,
 
+    {
 
+      client: {
 
+        clientId: config.DEFAULT_DOMAIN.toLowerCase().replace('.', ''),
 
+        clientVersion: '1.0.0',
 
+      },
 
+      threatInfo: {
 
+        threatTypes: ['MALWARE', 'SOCIAL_ENGINEERING'],
 
+        platformTypes: ['WINDOWS'],
 
+        threatEntryTypes: ['URL'],
 
+        threatEntries: [{ url: body.target }],
 
+      },
 
+    }
 
+  );
 
+  if (isMalware.data && isMalware.data.matches) {
 
+    return res.status(400).json({ error: 'Malware detected!' });
 
+  }
 
   const url = await createShortUrl({ ...body, target, user });
 
   return res.json(url);
 
 };