- Print
- PDF
Developing Hash Filter
- Print
- PDF
Available in Classic and VPC
It describes how to use the Hash Filter REST API to write Hash Filter codes.
Before developing Hash Filter, you need to subscribe to File Safer, subscribe to the API Gateway, and create an API Key. For more information, see Getting started with File Safer.
Hash Filter implementation scenario
The following describes the scenario for applying Hash Filter to files uploaded/downloaded by users:
1. Identify files suspected of being malware
2. Extract hash values from identified files
3. Create an authentication value
4. Add a request parameter
5. Request the API
6. Check the response value and determine whether to block
Write Hash Filter codes
Write codes according to the Hash Filter implementation scenario.
1. Identify files suspected of being malware
Among uploaded/downloaded files, identify those files which require a malware scan.
2. Extract hash values from identified files
Extract the hash value from the file. The following is an example JAVA code that extracts the hash value.
The format of the hash value for each hash type is as follows:
- SHA-1: displayed as a hexadecimal 40-bytes string
<Example> 3ec625cb2277d7334406ab712b69c4ceaf38bd82 - MD5: displayed as a hexadecimal 32-bytes string
<Example> 8072fd6da170738c905cf362f787442b
public static String getHash(String filename, String algorithm) throws Exception
{
MessageDigest md = MessageDigest.getInstance(algorithm);
// file hashing with DigestInputStream
DigestInputStream dis = new DigestInputStream(new FileInputStream(new File(filename)), md);
// empty loop to clear the data
while(dis.read() != -1);
dis.close();
// Get the hash's bytes
byte[] hashBytes = md.digest();
// bytes to hex
StringBuffer sb = new StringBuffer();
for(byte h : hashBytes) {
sb.append(String.format("%02x", h));
}
return sb.toString();
}
public static void main(String[] args)
{
try {
// Get hash value of a file with SHA-1 Algorithm
String sha1 = getHash("./test.exe", "sha-1");
// Get hash value of a file MD5 Algorithm
String md5 = getHash("./test.exe", "md5");
} catch (Exception e) {
e.printStackTrace();
}
}
3. Create authentication value
Create an IAM authentication value required for the NAVER Cloud Platform API use authentication. The headers required for authentication are as follows:
x-ncp-iam-access-key
: get the access key issued in the My page> Manage API authentication key menu of the NAVER Cloud Platform portalx-ncp-apigw-signature-v2
: create a signature value by HmacSHA256-encrypting the Secret Key mapped with the Access Key (Use \n for the newline character)x-ncp-apigw-api-key
: get the API Key issued through the API Gatewayx-ncp-apigw-timestamp
: it is not an authentication value, but it is included in the request header. See API specifications.
For information on how to create a signature value and example codes, see NAVER Cloud Platform API guide > API overview > Default API > Ncloud API > 2. Create headers.
4. Add a request parameter
Add the Hash Filter API request parameter value. The request parameters are as follows:
- hashCode: add a hash value as a string
- hashType: indicate the algorithm of the hash value (MD5 or SHA-1)
The following is an example of a created parameter.
hashCode=00010efc49b7174d18400710eed1642a7d4b12db&hashType=sha1
For information on the Hash Filter REST API specifications, see checkHash (Hash Filter).
5. Request API
Use the header and parameter created in procedures 3 and 4 above to request it with the Hash Filter URI. The following is an example code for requesting the Hash Filter API.
public static void main(String[] args) throws Exception
{
String accessKey = "ACCESS_KEY"; // access key (from portal or sub account)
String apikey = API_GATEWAY_KEY;
String apiDomain = "https://filesafer.apigw.ntruss.com";
String method = "GET";
long timestamp = System.currentTimeMillis();
// step 2, 3: Extract hash vlaue of a identified file then add parameter value including hash value and hash type
String param = "hashCode=" + getHash("./test.exe") + "&hashType=sha1";
// The apiURL is the value obtained by appending parameter to the end of URI string provided by Hash Filter.
String apiURL = "/hashfilter/v1/checkHash?" + param;
// step 4: Create authentication value
String signature = makeSignature(method, apiURL, timestamp);
// step 5: Request API
URL url = new URL(apiDomain + apiURL);
HttpURLConnection con = (HttpURLConnection)url.openConnection();
con.setRequestMethod(method);
con.setRequestProperty("x-ncp-apigw-timestamp", Long.toString(timestamp));
con.setRequestProperty("x-ncp-iam-access-key", accessKey);
con.setRequestProperty("x-ncp-apigw-signature-v2", signature);
con.setRequestProperty("x-ncp-apigw-api-key", apikey);
con.setRequestProperty("accept", "application/json");
// step 6: Check the response value and determine whether to block
int httpResponseCode = con.getResponseCode();
BufferedReader br = null;
if (httpResponseCode == 200) {
br = new BufferedReader(new InputStreamReader(con.getInputStream()));
String readLine;
StringBuffer httpResponse = new StringBuffer();
while((readLine = br.readLine())! = null) {
httpResponse.append(readLine);
}
// Do next step (ex, determine whether to block)
...
br.close();
}
}
When using jdk20 or higher, you can use the URI method instead of the URL method.
6. Check the response value and determine whether to block
Process the file after looking at the object
value of hashCheckResultList
of the API call response value and determining the presence of malware.
If object
is in hashCheckResultList
, malware is detected, and otherwise there is no malware.