Available in Classic and VPC
You can write Hash Filter codes using Hash Filter REST API.
Before developing Hash Filter, you need to subscribe to File Safer and API Gateway and create an API Key. For more information, see Getting started.
Hash Filter implementation scenario
The following is the scenario for applying Hash Filter to the files you upload/download:
1. Identify files suspected of being malware
2. Extract hash values from identified files
3. Create authentication value
4. Add request parameter
5. Request API
6. Check response value and determine whether to block
Write Hash Filter codes
Write codes according to the Hash Filter implementation scenario.
1. Identify files suspected of being malware
Among uploaded/downloaded files, identify files that need a malware scan.
2. Extract hash values from identified files
Extract the hash values from the files. The following is an example JAVA code that extracts the hash value:
The formats of the hash value for each hash type are as follows:
- SHA-1: Indicated as a hexadecimal 40-bytes string.
Example: 3ec625cb2277d7334406ab712b69c4ceaf38bd82 - MD5: Indicated as a hexadecimal 32-bytes string.
Example: 8072fd6da170738c905cf362f787442b
public static String getHash(String filename, String algorithm) throws Exception
{
MessageDigest md = MessageDigest.getInstance(algorithm);
// file hashing with DigestInputStream
DigestInputStream dis = new DigestInputStream(new FileInputStream(new File(filename)), md);
// empty loop to clear the data
while(dis.read() != -1);
dis.close();
// Get the hash's bytes
byte[] hashBytes = md.digest();
// bytes to hex
StringBuffer sb = new StringBuffer();
for(byte h : hashBytes) {
sb.append(String.format("%02x", h));
}
return sb.toString();
}
public static void main(String[] args)
{
try {
// Get hash value of a file with SHA-1 Algorithm
String sha1 = getHash("./test.exe", "sha-1");
// Get hash value of a file MD5 Algorithm
String md5 = getHash("./test.exe", "md5");
} catch (Exception e) {
e.printStackTrace();
}
}
3. Create authentication value
Create an IAM authentication value required for the NAVER Cloud Platform API use authentication. The headers required for authentication are as follows:
x-ncp-iam-access-key: Issue Access Key from the My Account > Account and security management > Security management > Access management menu on the console.x-ncp-apigw-signature-v2: Create a signature value by HmacSHA256-encrypting the Secret Key mapped with the Access Key (use \n for a new-line character).x-ncp-apigw-api-key: Issue API Key through API Gateway.x-ncp-apigw-timestamp: Not an authentication value, but included in the request header. See API specifications.
For information on how to create a signature value and example codes, see NAVER Cloud Platform API guide > API overview > Basic API > Ncloud API > 2. Create header.
4. Add request parameter
Add the Hash Filter API request parameter value. The request parameters are as follows:
- hashCode: Add a hash value as a string.
- hashType: Indicate the algorithm of the hash value (MD5 or SHA-1).
The following is an example of a created parameter:
hashCode=00010efc49b7174d18400710eed1642a7d4b12db&hashType=sha1
For information on the Hash Filter REST API specifications, see checkHash (Hash Filter).
5. Request API
Use the header and parameters created in steps 3 and 4 above to send a request to the Hash Filter URI. The following is an example code for requesting the Hash Filter API:
public static void main(String[] args) throws Exception
{
String accessKey = "ACCESS_KEY"; // access key (from portal or sub account)
String apikey = API_GATEWAY_KEY;
String apiDomain = "https://filesafer.apigw.ntruss.com";
String method = "GET";
long timestamp = System.currentTimeMillis();
// step 2, 3: Extract hash vlaue of a identified file then add parameter value including hash value and hash type
String param = "hashCode=" + getHash("./test.exe") + "&hashType=sha1";
// The apiURL is the value obtained by appending parameter to the end of URI string provided by Hash Filter.
String apiURL = "/hashfilter/v1/checkHash?" + param;
// step 4: Create authentication value
String signature = makeSignature(method, apiURL, timestamp);
// step 5: Request API
URL url = new URL(apiDomain + apiURL);
HttpURLConnection con = (HttpURLConnection)url.openConnection();
con.setRequestMethod(method);
con.setRequestProperty("x-ncp-apigw-timestamp", Long.toString(timestamp));
con.setRequestProperty("x-ncp-iam-access-key", accessKey);
con.setRequestProperty("x-ncp-apigw-signature-v2", signature);
con.setRequestProperty("x-ncp-apigw-api-key", apikey);
con.setRequestProperty("accept", "application/json");
// step 6: Check the response value and determine whether to block
int httpResponseCode = con.getResponseCode();
BufferedReader br = null;
if (httpResponseCode == 200) {
br = new BufferedReader(new InputStreamReader(con.getInputStream()));
String readLine;
StringBuffer httpResponse = new StringBuffer();
while((readLine = br.readLine())! = null) {
httpResponse.append(readLine);
}
// Do next step (ex, determine whether to block)
...
br.close();
}
}
When using jdk20 or higher, you can use the URI method instead of the URL method.
6. Check response value and determine whether to block
Check hashCheckResultList's object value in the API call response to determine the presence of malware, and process the file accordingly.
If object contains hashCheckResultList, it indicates that malware was detected. Otherwise, no malware was found.