Scanning the QR links for malware

[TriStaRvOiD]

Pretty sure QR codes aren't very secure. Maybe add VirusTotal integration for scanning the URLs, or something else?

[omerdotdev]

Sure. from VT Api docs,

Public API constraints and restrictions

The Public API is limited to 500 requests per day and a rate of 2 requests per minute.
The Public API must not be used in commercial products or services.
The Public API must not be used in business workflows that do not contribute new files.
You are not allowed to register multiple accounts to overcome the aforementioned limitations.

I will try to integrate it for now or perhaps look for opensource alternatives to keep it accessible as VirusTotal public API is limited.

[TriStaRvOiD]

Sure. from VT Api docs,

Public API constraints and restrictions

The Public API is limited to 500 requests per day and a rate of 2 requests per minute.
The Public API must not be used in commercial products or services.
The Public API must not be used in business workflows that do not contribute new files.
You are not allowed to register multiple accounts to overcome the aforementioned limitations.

Yeah, VT is pretty restrictive. However I don't think there is any open source alternative that does the same. Also, just wanted to mention that since VP is owned by Google, you probably may want to make such a feature optional if you're implementing it.

I will try to integrate it for now or perhaps look for opensource alternatives to keep it accessible as VirusTotal public API is limited.

Thanks for considering it!

[TriStaRvOiD]

Here are some options similar to VT:-

• Google's Safe Browsing APIs
(https://developers.google.com/safe-browsing)

• Cloudmersive's APIs
(https://cloudmersive.com/)

There are barely any API providers, let alone open source ones.
One open source solution could be to use a malware list host file (eg. https://github.com/StevenBlack/hosts) and iterate through each domain, checking the qr code url against the host file list.