springspring-bootfile-uploadspring-securitymalware

Spring Boot Security Scans on File Upload


I am adding a POST endpoint to a Spring Boot REST service to allow it to accept file uploads from web apps and other sources:

@PostMapping("/fileUpload")
public ResponseEntity uploadFile(@RequestParam("file") MultipartFile file) {
    // ...
}

I'd like to run a security check against this file and see if there's anything malicious inside of it. Does Spring have any tools or libs to help with such an effort?


Solution

  • Spring Security does not provide any type of scanning for malicious files. You will need to use an anti virus tool that provides a Java API that you can use in your application. Off the top of my head I know Symantec offers a Java API, have a look here.

    https://www.symantec.com/connect/articles/how-use-symantec-scan-engine-52-content-scanning-technologies-direct-integration-your-appli