Hi,
Oracle APEX 24.1 | Oracle DB 19c
I have an app that needs to be available to the public, and which needs to allow users to upload files. I am going through OWASP's File Upload Cheatsheet and two of the actions / checks they recommend are:
- Run the file through an antivirus or a sandbox if available to validate that it doesn't contain malicious data
- Run the file through CDR (Content Disarm & Reconstruct) if applicable type (PDF, DOCX, etc...)
For the first item, I've googled around and found a few sources (relating to Oracle APEX / DB):
The “Filescanner” from Martin Nielsen looks promising, but I would prefer an option that was local. The first option mentions ICAP, which also looks promising, but I have very little idea of what to do from the high-level outline provided.
All the other options look pretty time intensive and / or very old (including numerous I haven't listed).
I want to get an update from the community about the options available. Ideal solution would be something local, easy to set up, easy to maintain, updates would occur automatically, and I could “call” the service on the front-end before any files ever get to a server (currently we just have the files going to the DB directly).
As for the CDR, I didn't see anything when it came to using it in conjunction with Oracle. Any thoughts / ideas there? It seems like it would be a service similar to the AV one, but actively purges files of malicious stuff.
(Also, for background, I'm using the file upload plug-in powered by Dropzone, so files are initially stored in an APEX Collection.)