How one can Complement SharePoint Website Drive Safety With Java Code Examples

There are greater than 250,000 firms/organizations around the globe leaning on SharePoint to securely handle their most dear paperwork, and greater than 3 million whole customers.  This widespread reputation makes the platform a market-leading doc administration answer – and this, by extension, makes it a worthwhile goal for motivated menace actors.

Bypassing SharePoint’s built-in safety is an especially troublesome job, in fact. The O365 surroundings supplies tenants with highly effective safety at each entry level, from exhaustive bodily information middle safety as much as modern software safety insurance policies. High-notch file encryption with SSL and TLS connections is utilized to maintain consumer information secure in transit, and BitLocker disk-level encryption with distinctive encryption keys is used to safe information at relaxation. Additional, as contaminated file uploads have grown to develop into an especially frequent assault vector, O365 supplies built-in virus and malware detection insurance policies (together with anti-phishing insurance policies and numerous further e-mail hyperlink and attachment safety measures) which might be personalized extensively per particular person or organizational tenants’ wants. The listing goes on, with every tenant’s particular subscription stage finally figuring out the extent of their built-in safety.

As highly effective as SharePoint’s customizable built-in safety insurance policies are, nevertheless, no storage platform’s insurance policies are ever meant to be utilized as a single level of safety for delicate information. Doc storage safety, like all department of cybersecurity, is a shifting goal requiring myriad options working collectively to collectively create a formidable protection towards evolving assault vectors. In different phrases, any tenant’s menace profile can at all times be improved upon with selective layering of exterior safety insurance policies on high of built-in safety insurance policies.

Within the the rest of this text, I’ll display a free-to-use Virus Scanning API answer that may be built-in with a SharePoint Website Drive occasion to scan information for viruses, malware, and quite a lot of non-malware content material threats, working alongside O365’s built-in asynchronous scanning to root out a variety of file add menace sorts.

Demonstration

The Superior Virus Scan API beneath is meant to function a strong layer of doc storage safety along side SharePoint’s built-in customizable insurance policies, straight scanning new file uploads in focused Website Drive cases for a rising listing of 17 million+ virus and malware signatures (together with ransomware, spy ware, trojans, and so on.), whereas additionally performing full content material verification to determine invalid file sorts and different non-malware threats hidden behind deceptive file names and illegitimate file extensions. 

This API additionally permits builders to set customized restrictions towards undesirable file sorts within the API request physique, so numerous pointless and probably threatening file sorts might be detected and deleted outright whatever the legitimacy of their contents. For instance, a Website Drive storing contract paperwork doubtless solely requires frequent file sorts like .DOCX or .PDF: limiting information to those sorts helps reduce dangers with out compromising workflow effectivity.  

Under, I’ve outlined the data you’ll have to combine this API along with your SharePoint On-line Website Drive occasion, and I’ve offered ready-to-run Java code examples that will help you construction your API name with ease.

To start out off, you’ll want to assemble the next SharePoint info to fulfill obligatory parameters within the API request physique:

  1. Shopper ID (Shopper ID entry credentials; might be obtained from Azure Energetic Listing portal)
  2. Shopper Secret (Shopper Secret entry credentials; additionally obtained from Azure Energetic Listing portal
  3. SharePoint Area Identify (i.e., yourdomain.sharepoint.com)
  4. Website ID (the precise SharePoint ID for the location drive you wish to retrieve and scan information from)

Optionally, you may also collect the next SharePoint info:

  1. Tenant ID (pertaining to your Azure Energetic Listing)
  2. File Path (path of a selected file inside your Website Drive)
  3. Merchandise ID (e.g., DriveItem ID)

When you’ve gotten all of your obligatory info, you can begin shopper SDK set up by including the next reference to the repository in your Maven POM File (JitPack is used to dynamically compile the library):

<repositories>
    <repository>
        <id>jitpack.io</id>
        <url>https://jitpack.io</url>
    </repository>
</repositories>

Then you’ll be able to wrap up by including the next reference to the dependency:

<dependencies>
<dependency>
    <groupId>com.github.Cloudmersive</groupId>
    <artifactId>Cloudmersive.APIClient.Java</artifactId>
    <model>v4.25</model>
</dependency>
</dependencies>

At this level, you’ll be able to add the imports and duplicate Java code examples to construction your API name:

// Import courses:
//import com.cloudmersive.shopper.invoker.ApiClient;
//import com.cloudmersive.shopper.invoker.ApiException;
//import com.cloudmersive.shopper.invoker.Configuration;
//import com.cloudmersive.shopper.invoker.auth.*;
//import com.cloudmersive.shopper.ScanCloudStorageApi;

ApiClient defaultClient = Configuration.getDefaultApiClient();

// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the next line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");

ScanCloudStorageApi apiInstance = new ScanCloudStorageApi();
String clientID = "clientID_example"; // String | Shopper ID entry credentials; see description above for directions on easy methods to get the Shopper ID from the Azure Energetic Listing portal.
String clientSecret = "clientSecret_example"; // String | Shopper Secret entry credentials; see description above for directions on easy methods to get the Shopper Secret from the Azure Energetic Listing portal
String sharepointDomainName = "sharepointDomainName_example"; // String | SharePoint On-line area title, akin to mydomain.sharepoint.com
String siteID = "siteID_example"; // String | Website ID (GUID) of the SharePoint website you want to retrieve the file from
String tenantID = "tenantID_example"; // String | Elective; Tenant ID of your Azure Energetic Listing
String filePath = "filePath_example"; // String | Path to the file inside the drive, akin to 'hiya.pdf' or '/folder/subfolder/world.pdf'.  If the file path comprises Unicode characters, you could base64 encode the file path and prepend it with 'base64:', akin to: 'base64:6ZWV6ZWV6ZWV6ZWV6ZWV6ZWV'.
String itemID = "itemID_example"; // String | SharePoint itemID, akin to a DriveItem Id
Boolean allowExecutables = true; // Boolean | Set to false to dam executable information (program code) from being allowed within the enter file.  Default is fake (really helpful).
Boolean allowInvalidFiles = true; // Boolean | Set to false to dam invalid information, akin to a PDF file that's not actually a sound PDF file, or a Phrase Doc that's not a sound Phrase Doc.  Default is fake (really helpful).
Boolean allowScripts = true; // Boolean | Set to false to dam script information, akin to a PHP information, Python scripts, and different malicious content material or safety threats that may be embedded within the file.  Set to true to permit these file sorts.  Default is fake (really helpful).
Boolean allowPasswordProtectedFiles = true; // Boolean | Set to false to dam password protected and encrypted information, akin to encrypted zip and rar information, and different information that search to avoid scanning by passwords.  Set to true to permit these file sorts.  Default is fake (really helpful).
Boolean allowMacros = true; // Boolean | Set to false to dam macros and different threats embedded in doc information, akin to Phrase, Excel and PowerPoint embedded Macros, and different information that include embedded content material threats.  Set to true to permit these file sorts.  Default is fake (really helpful).
Boolean allowXmlExternalEntities = true; // Boolean | Set to false to dam XML Exterior Entities and different threats embedded in XML information, and different information that include embedded content material threats. Set to true to permit these file sorts. Default is fake (really helpful).
String restrictFileTypes = "restrictFileTypes_example"; // String | Specify a restricted set of file codecs to permit as clear as a comma-separated listing of file codecs, akin to .pdf,.docx,.png would permit solely PDF, PNG and Phrase doc information.  All information should go content material verification towards this listing of file codecs, if they don't, then the consequence might be returned as CleanResult=false.  Set restrictFileTypes parameter to null or empty string to disable; default is disabled.
attempt 
    CloudStorageAdvancedVirusScanResult consequence = apiInstance.scanCloudStorageScanSharePointOnlineFileAdvanced(clientID, clientSecret, sharepointDomainName, siteID, tenantID, filePath, itemID, allowExecutables, allowInvalidFiles, allowScripts, allowPasswordProtectedFiles, allowMacros, allowXmlExternalEntities, restrictFileTypes);
    System.out.println(consequence);
 catch (ApiException e) 
    System.err.println("Exception when calling ScanCloudStorageApi#scanCloudStorageScanSharePointOnlineFileAdvanced");
    e.printStackTrace();

To fulfill the request authentication parameter, you will want to offer a free-tier API key, which is able to help you scan as much as 800 information monthly.

Inside this request physique, you’ll be able to set Booleans to use customized non-malware menace insurance policies towards information containing executables, invalid information, scripts, password-protected information, macros, XML exterior entities, insecure deserialization, and HTML, and you’ll present a comma-separated listing of acceptable file sorts within the restrictFileTypes parameter to disallow undesirable file extensions. Any information violating these insurance policies will mechanically obtain a CleanResult: False worth within the API response physique, which is identical worth assigned to information containing viruses and malware. The concept is to enact 360-degree content material safety in a single request so you’ll be able to rapidly delete (or quarantine/analyze) information which will pose a critical danger to your system.  

Under, I’ve offered a full instance API response in your reference:


  "Profitable": true,
  "CleanResult": true,
  "ContainsExecutable": true,
  "ContainsInvalidFile": true,
  "ContainsScript": true,
  "ContainsPasswordProtectedFile": true,
  "ContainsRestrictedFileFormat": true,
  "ContainsMacros": true,
  "VerifiedFileFormat": "string",
  "FoundViruses": [
    
      "FileName": "string",
      "VirusName": "string"
    
  ],
  "ErrorDetailedDescription": "string",
  "FileSize": 0,
  "ContentInformation": 
    "ContainsJSON": true,
    "ContainsXML": true,
    "ContainsImage": true,
    "RelevantSubfileName": "string"
  

It’s price noting that no matter the way you select to set your customized menace guidelines, information containing JSON, XML, or embedded photos might be labeled as such within the API response as effectively.