For the last 10 years many hackers have tried to penetrate into system by simple uploading malicious files in the forms.
In this article we are going to try to protect your website using pompelmi a NPM module that will check if a file/zip is good or not before upload it in the database.
1. Install the npm package
By doing inside the folder of your project
npm install pompelmi
# or: yarn add pompelmi / pnpm add pompelmi
2. Import in your project
At the top of your express configuration file write
import { createUploadGuard } from '@pompelmi/express-middleware';
3. Create a scanner
By writing below the import
const SimpleEicarScanner = {
async scan(bytes: Uint8Array) {
const text = Buffer.from(bytes).toString('utf8');
if (text.includes('EICAR-STANDARD-ANTIVIRUS-TEST-FILE')) return [{ rule: 'eicar_test' }];
return [];
}
};
4. Call the function
Now it's time to call the function where you need to check the files/zip
app.post(
'/upload',
upload.any(),
createUploadGuard({
scanner: SimpleEicarScanner,
includeExtensions: ['txt','png','jpg','jpeg','pdf','zip'],
allowedMimeTypes: ['text/plain','image/png','image/jpeg','application/pdf','application/zip'],
maxFileSizeBytes: 20 * 1024 * 1024,
timeoutMs: 5000,
concurrency: 4,
failClosed: true,
onScanEvent: (ev) => console.log('[scan]', ev)
}),
(req, res) => {
res.json({ ok: true, scan: (req as any).pompelmi ?? null });
}
);
It's done. Now you can predict if a file that the user is trying to upload is a malware or not!
Repository: https://github.com/pompelmi/pompelmi
Warning ⚠️: It's an Alpha, something will not work, The author takes no responsibility for any problems.
Disclosure: I’m the author.
Top comments (0)