JSON Payload-Attachment as Byte format-How to Scan

abiram8
Participant IV

Hi,

If we have scenario where the attachment is sent as byte format inside JSON Payload and need to scan for content inside JSON payload.

How do we scan this in apigee?. Attachment is not physical file attachment, but its Byte format embedded inside JSON payload.

1. REST/SOAP messages with file attachments are classified as multipart messages, hope this scenario is not considered to be multipart ?

2. How to scan such type of request. in Apigee (where attachment is sent as byte format inside JSON Payload).

https://community.apigee.com/questions/11790/how-do-i-make-an-icap-call-this-is-the-protocol-us.html

Seen this community post but this indicates example using avnscan with java callout (as an example), but we are not sure for the listed UC if its applicable ( for scenario byte format inside JSON Payload, we donot have the file name its in binary format) or any other approach is recommended?

0 6 1,467
6 REPLIES 6

You used the phrase

attachment is sent as byte format inside JSON Payload

Q1. Can you explain what that means? What is "byte format"? Can you give an example?

Q2. What are you scanning for?

@Dino-at-Google

Scanning for Virus, due to security reasons coming to Apigee.

Any attachment is sent as a Java byte array inside JSON. as a Java object.

Eg:

{

'hello" : world,

}

{

"key" : "....Javabyte objectofattachment...nnn1155555"

}

This is just an example (In resal time it may differ) but the file goes as Java byte inside JSON file, which need to be scanned for Virus.

I would solve this with a Java callout.

It would need to:

  • read the JSON. Can use Gson or Jackson for this.
  • decode the "java byte" encoded data from the json payload. Really I think this might be a base16 or base64-encoded bytestream.
  • Create and send an ICAP request to the ICAP server. The request should contain a _contrived_ HTTP POST request with the payload representing the decoded content of that file. I suppose the content-type should be application/octet-stream . You should be able to use this Java client library to build the request.
  • Examine the ICAP response and act accordingly.

Basically the Java callout needs to adapt the inbound JSON request, into a form that the ICAP server can reasonably handle. This is a matter of decoding and re-encoding. Protocol adaptation.

It might be possible to skip the base64-decode (or base16-decode, or whatever) step, if the ICAP server can handle encoded content.

But the key part is "create an ICAP request". You'll need to be savvy to that protocol to build that into the Java callout. You need to know just what to pass to setHttpRequestBody() in that Java client library I mentioned.

Hi Dino-at-Google

Thanks for details, few of the comments.

We can get multiple such files as a array (multiple byte streams of multiple files inside

JSON file ) or a single file as a byte stream inside JSON file).

Instead is it good idea to send the JSON file itself to ICAP request, instead of converting the single or multiple files (byte stream), shouldn't the ICAP server will still scan it ...irrespective of any format (even if it does have capability of converting to required format) overall the server should be able to scan for virus (correct ?) Is it right assumptions ?

Yes, ideally the ICAP server will scan the payload without transformation. My suggestion for extracting the data and reformatting it, before sending it to the ICAP server, makes sense only if the ICAP server cannot handle the original format .

I think you're thinking about it in the right way.

Thanks @Dino-at-Google for detailed response. Appreciate your follow up answer