Identify true file types to reduce risk
    • PDF

    Identify true file types to reduce risk

    • PDF

    Article summary

    When handling files electronically, it's important to identify their file type correctly. This eliminates the threat of file type masquarading, where files may be misrepresented with false extensions or MIME types.

    Our API correctly identifies the true file type, so that the system can take appropriate actions to prevent security breaches, data corruption, or unintended processing of files.

    Once the correct file type is identified, you can make informed decisions within your application based on the following scenarios:

    Supported File Type

    If the detected file type is included in the list of supported file types, you can confidently proceed with regular CDR processing of the file within your system.

    Unsupported File Type

    If the detected file type falls under the list of unsupported file types, it is essential to take immediate action to prevent any further progression of that file within your system.

    In such cases, it is recommended that you implement a "fail fast" mechanism to halt any further processing of the file, ensuring that your system is protected from handling potentially harmful or incompatible files.

    File Type Masquerading

    If the detected file type differs from the file's declared extension or MIME type, it may indicate file masquerading, where a malicious actor attempts to mislead the system.

    In such a scenario, consider taking more evasive actions to handle the file within your system. These actions may include isolating the file, running additional security checks, or notifying administrators for further investigation.

    Glasswall Halo Events

    How to make a request to Glasswall Halo:

    1. Begin by initiating a request to the Glasswall Halo API, choosing the appropriate endpoint based on the file type:
    • For binary files, use the api/v3/cdr-file endpoint.
    • For Base64 encoded files, use the api/v3/cdr endpoint.
    1. Glasswall Halo processes the request and conducts file type detection on the original file.

    2. To ensure that only file type detection is performed without any further actions, include the response-content parameter in the URL with the value set to noRebuiltFile,noAnalysisReport. This activates the File Type Detection Only mode.

    3. Glasswall Halo analyses the file using the Glasswall Embedded Engine to determine the true file type.

    4. Upon successful detection, Glasswall Halo includes the identified true file type in the response header with the header key x-filetype.

    5. You can now use the obtained true file type information for further processing, security checks, or any other necessary actions within your application or system.

    API Authentication

    Glasswall Halo supports two types of authentication: Basic and Bearer. Before making any request, you must authenticate using the appropriate scheme based on your configuration.

    Basic

    If your system is configured with Basic authentication, you need to obtain an Organisation ID and token from the system administrator. Combine these values in the format <OrganisationId>:<Token> and then Base64 encode them. The resulting encoded value should be included in the request header as follows:

    Authorization: Basic ZGVtbzpwQDU1dzByZA==
    

    Bearer

    For Bearer authentication, you will require a Bearer token obtained from your identity provider. Once you have obtained the token, include it in the request header as follows:

    Authorization: Bearer ZGVtbzpwQDU1dzByZA==
    

    Note: ensure that you use the appropriate authentication method as per your system's configuration. Using the correct authentication ensures successful access to the Glasswall Halo API and prevents any authorization issues.

    Learn more about authenticating Glasswall Halo

    Request Construction

    To process a binary file or a Base64 encoded file using Glasswall Halo, follow the instructions below:

    Binary File Processing

    Submit the binary string in the Request body to the following endpoint:

    POST {baseUrl}/api/v3/cdr-file?response-content=noRebuiltFile,noAnalysisReport
    

    Base64 Encoded File Processing

    Submit the Base64 encoded string in the Request body to the following endpoint:

    POST {baseUrl}/api/v3/cdr?response-content=noRebuiltFile,noAnalysisReport
    

    Request body Format

    The body of the request should be in JSON format and include the Base64 field containing the Base64 encoded string of the file, and the fileName field specifying the original filename (including the appropriate file extension).

    {
      "base64": "string",
      "fileName": "filename.pdf",
    }
    

    Note

    • Replace {baseUrl} with the actual base URL of the Glasswall Halo API.
    • Correct auth header should be provided with each request
    • Setting response-content to noRebuiltFile,noAnalysisReport in the URL ensures that only file type detection is performed without rebuilding the file or generating an analysis report.
    • For binary file processing, use a multipart form post, while for Base64 encoded file processing, provide the file content in the JSON Request body with the appropriate filename.

    Response Handling

    After making a successful request, you will receive a 201 status code. However, when running the API in File Type Detect mode, there will be no file output in the response. To identify the true file type, inspect the response header and locate the x-filetype key. The value of this header will indicate the true file type.

    • If the x-filetype value is unknown, it means that Glasswall was unable to identify the true file type for the given file.

    • If the x-filetype value is 'txt', it indicates that the file contains purely UTF-8 or ASCII text.

    Status: 201 Created
    Headers:
      access-control-allow-origin: * 
      access-control-expose-headers: * 
      content-length: 0 
      content-type: text/plain 
      date: Thu,20 Jul 2023 10:55:46 GMT 
      strict-transport-security: max-age=31536000; includeSubDomains 
      x-applied-policy: service-dynamic 
      x-file-size: 301189 
      x-filetype: pdf 
      x-processing-id: 779b6828-1e1b-4148-9dc0-a3f1e38cb119 
      x-processing-status: rebuilt 
    
    

    In the example above, the x-filetype value is pdf, indicating that the true file type is a PDF document.

    For further details about possible error codes that can be returned by the API, refer to our API documentation. There you can also find comprehensive information for handling various error scenarios.

    Expected Values

    The output file types are associated with file type groups rather than individual extensions. With Glasswall's Embedded Engine multiple extensions are identified by a single value. To better comprehend the output values of the file type header, please refer to the table below:

    File Type ValueExtensions
    doc.doc, .dot
    xls.xls, .xlt
    ppt.ppt, .pps, .pot
    pdf.pdf
    docx.docx, .docm, .dotx, .dotm
    xlsx.xlsx, .xltx, .xltm, .xlsm
    pptx.pptx, .pptm, .ppsx, .ppam, .potm, .ppsm, .potx
    tiff.tif, .tiff, .geotiff
    svg.svg
    emf.emf
    wmf.wmf
    jpeg.jpeg, .jpg, .jpe, .jif, .jfif, .jfi
    png.png
    gif.gif
    bmp.bmp, .dib

    Summary

    By implementing true file type detection in your application, you can ensure that your system processes files safely and efficiently, mitigating risks associated with unsupported or potentially malicious file types. Properly handling file type detection and reacting appropriately to different scenarios will help maintain the security and reliability of your infrastructure.

    Quick Start

    To try Glasswall Halo yourself, please refer to our Quick Start Guide.


    Was this article helpful?