Develop Reference

Trend Micro deepsecurity delete a computer: HTTP Status 400 – Bad Request

Trying to delete a computer from TMDS (Trend Micro Deep Security) with the python script provided.
The script was copied from TMDS and slightly altered. I added a line where the document which opens also is being read.
tmds_del_comp_list.txt => contains the computername to delete. eg: computername.domain.domain
creds.py contains the api_key.
The ipaddress and port has been changed for obvious reasons.
To confirm, the deepsecurity module has been installed in the same directory.
Directories deepsecurity, deep_security_api.egg-info, build and pycache are present.
# DEL operation, /api/computers/{computerID}
from __future__ import print_function
import sys, warnings
import deepsecurity
from deepsecurity.rest import ApiException
import creds
# Setup
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = 'https://ipaddress:1234/api/computers/{computerID}'
# Authentication
configuration.api_key['api-secret-key'] = creds.api_key
# Initialization
# Set Any Required Values
# api_version = 'v4'
reed = open('tmds_del_comp_list.txt', mode='r' )
computer_id = reed.read()
api_instance = deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
api_version = 'v1'
try:
api_instance.delete_computer(computer_id, api_version)
except ApiException as e:
print("An exception occurred when calling ComputersApi.delete_computer: %s\n" % e)
error received:
An exception occurred when calling ComputersApi.delete_computer: (400)
Reason:
HTTP response headers: HTTPHeaderDict({'Content-Type': 'text/html;charset=utf-8', 'Content-Language': 'en', 'Content-Length': '435', 'Date': 'Thu, 06 Oct 2022 09:24:22 GMT', 'Connection': 'close'})
HTTP response body: <!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad Request</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 400 – Bad Request</h1></body></html>
Before this error i received different errors, which i corrected. I had a .env file instead of creds.py.
I have tested out if my tmds_del_comp_list.txt file was actually being read, it was not so that's why i added the line with the read function. ( when i did print print(reed) nothing came up)
The api_version was wrong, from the documentation i understood that TMDS version 20 corresponds to version v4 in the API. After changing it to v1, no more error. When double checking the version in the browser https://ipaddress:4119/rest/apiVersion I get 4. Bit baffled by this.
'https://ipaddress:1234/api/computers/{computerID}'
I find the url weird. The {computerID} bit is what i find weird since it does not correspond to any variable. I do not see how it works together with the rest of the code, unless api_instance.delete_computer adds computer_id to {computerID}. There's no indication that what i think is correct or not.
api_instance.delete_computer(computer_id, api_version)
Googling does not really bring any relevant information up.
I'm a beginner with python, api's and deepsecurity.
Any leads, pointing to the obvious and constructive help/comments/etc are very welcome.
Edit1: looking back at all the docs available, i see that "computerID" should be an integer, which in our organisation, it is not a number or integer but a vm name + domain name.
Maybe there's a number connected to every VM reporting to TMDS. Maybe i'll try to Get/List all computers to see what id's they have.
I did try that and i could not find an ID number with just a number.
This is probably not the issue.
path Parameters
computerID
required
integer <int32> \d+
The ID number of the computer to delete.
Example: 1
Edit2: When clicking on the arrow down next to GET/computers from link <https://automation.deepsecurity.trendmicro.com/article/12_0/api-reference/tag/Computers#operation/listComputers>
I get to see this link https://automation.deepsecurity.trendmicro.com/#operation/searchComputers/computers which points to the correct endpoint i presume and where #operation should be replaced by GET. When doing so i get a 404 response. I got a 404 when changing the endpoint to /get/computers.
Conclusion, end-point is probably correct, when it is not, i do get an error that the url is wrong.
error:
An exception occurred when calling ComputersApi.list_computers: (404)
Reason:
HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1;mode=block', 'Set-Cookie': 'JSESSIONID=codewithlettersandnumbers; Path=/; Secure; HttpOnly; SameSite=Lax', 'Content-Type': 'text/html;charset=ISO-8859-1', 'Content-Length': '105', 'Date': 'Thu, 06 Oct 2022 14:56:58 GMT'})
HTTP response body:
<html>
<head>
<meta http-equiv="REFRESH" content="0;url=/SignIn.screen">
</head>
<body>
</body>
</html>
Edit3: Testing a simple GET/computers with Postman gave me a clue that the actual key was wrong. I corrected that and got a 200 response. So the key was wrong. I corrected that on my python script but i still get the same 400 error.

ICMP - how to fix "no response found" while keeping different data in request - reply

The problem: how to fix this warning: [ Expert Info (Warning/Sequence): No response seen to ICMP request]
The story: I'm playing with scapy. I have two tools: A is the sender ( which sends a echo-request ) and B is the recipient ( which sends a echo-reply AFTER it sniffs a echo-request ). The code of A:
....
pinger = IP(dst=x.x.x.x)/ICMP(id=0x7ccb, seq=1)/text
....
The code of B:
.....
sniff(filter=f"src host x.x.x.x and dst host x.x.x.x and icmp",
iface="XX", count=1)
send(IP(dst=x.x.x.x)/ICMP(type="echo-reply", id=0x7ccb, seq=1)/textback)
....
The result:
enter image description here
It appears that if the payloads ( text of A and textback of B ) are the same, this warning does not get displayed. However, for my goal, the text shall be different. So, how do I get rid of this warning while keeping both payloads not the same?

The data received in the echo message must be returned in the echo reply message.

How to fetch only parts of json file in python3 requests module

So, I am writing a program in Python to fetch data from google classroom API using requests module. I am getting the full json response from the classroom as follows :
{'announcements': [{'courseId': '#############', 'id': '###########', 'text': 'This is a test','state': 'PUBLISHED', 'alternateLink': 'https://classroom.google.com/c/##########/p/###########', 'creationTime': '2021-04-11T10:25:54.135Z', 'updateTime': '2021-04-11T10:25:53.029Z', 'creatorUserId': '###############'}, {'courseId': '############', 'id': '#############', 'text': 'Hello everyone', 'state': 'PUBLISHED', 'alternateLink': 'https://classroom.google.com/c/#############/p/##################', 'creationTime': '2021-04-11T10:24:30.952Z', 'updateTime': '2021-04-11T10:24:48.880Z', 'creatorUserId': '##############'}, {'courseId': '##################', 'id': '############', 'text': 'Hello everyone', 'state': 'PUBLISHED', 'alternateLink': 'https://classroom.google.com/c/##############/p/################', 'creationTime': '2021-04-11T10:23:42.977Z', 'updateTime': '2021-04-11T10:23:42.920Z', 'creatorUserId': '##############'}]}
I was actually unable to convert this into a pretty format so just pasting it as I got it from the http request. What I actually wish to do is just request the first few announcements (say 1, 2, 3 whatever depending upon the requirement) from the service while what I'm getting are all the announcements (as in the sample 3 announcements) that had been made ever since the classroom was created. Now, I believe that fetching all the announcements might make the program slower and so I would prefer if I could get only the required ones. Is there any way to do this by passing some arguments or anything? There are a few direct functions provided by google classroom however I came across those a little later and have already written everything using the requests module which would require changing a lot of things which I would like to avoid. However if unavoidable I would go that route as well.

Answer:
Use the pageSize field to limit the number of responses you want in the announcements: list request, with an orderBy parameter of updateTime asc.
More Information:
As per the documentation:
orderBy: string
Optional sort ordering for results. A comma-separated list of fields with an optional sort direction keyword. Supported field is updateTime. Supported direction keywords are asc and desc. If not specified, updateTime desc is the default behavior. Examples: updateTime asc, updateTime
and:
pageSize: integer
Maximum number of items to return. Zero or unspecified indicates that the server may assign a maximum.
So, let's say you want the first 3 announcements for a course, you would use a pageSize of 3, and an orderBy of updateTime asc:
# Copyright 2021 Google LLC.
# SPDX-License-Identifier: Apache-2.0
service = build('classroom', 'v1', credentials=creds)
asc = "updateTime asc"
pageSize = 3
# Call the Classroom API
results = service.courses().announcements().list(pageSize=3, orderBy=asc ).execute()
or an HTTP request example:
GET https://classroom.googleapis.com/v1/courses/[COURSE_ID]/announcements
?orderBy=updateTime%20asc
&pageSize=2
&key=[YOUR_API_KEY] HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
References:
Method: announcements.list | Classroom API | Google Developers

Push aggregated metrics to the Prometheus Pushgateway from clustered Node JS

I've ran my node apps in a cluster with Prometheus client implemented. And I've mutated the metrics (for testing purpose) so I've got these result:
# HELP otp_generator_generate_failures A counter counts the number of generate OTP fails.
# TYPE otp_generator_generate_failures counter
otp_generator_generate_failures{priority="high"} 794
# HELP otp_generator_verify_failures A counter counts the number of verify OTP fails.
# TYPE otp_generator_verify_failures counter
otp_generator_verify_failures{priority="high"} 802
# HELP smsblast_failures A counter counts the number of SMS delivery fails.
# TYPE smsblast_failures counter
smsblast_failures{priority="high"} 831
# HELP send_success_calls A counter counts the number of send API success calls.
# TYPE send_success_calls counter
send_success_calls{priority="low"} 847
# HELP send_failure_calls A counter counts the number of send API failure calls.
# TYPE send_failure_calls counter
send_failure_calls{priority="high"} 884
# HELP verify_success_calls A counter counts the number of verify API success calls.
# TYPE verify_success_calls counter
verify_success_calls{priority="low"} 839
# HELP verify_failure_calls A counter counts the number of verify API failure calls.
# TYPE verify_failure_calls counter
verify_failure_calls{priority="high"} 840
FYI: I have adopted the given example from: https://github.com/siimon/prom-client/blob/master/example/cluster.js
Then, I pushed the metrics and everything work fine at the process. But, when I checked the gateway portal, it gives different result from those metrics above.
The one that becomes my opinion is the pushed metrics came from single instance instead of aggregated metrics from few instances running. Isn't it?
So, has anyone ever solved this problem?
Oh, this is my push code:
const { Pushgateway, register } = require('prom-client')
const promPg = new Pushgateway(
config.get('prometheus.pushgateway'),
{
timeout: 5000
},
register
)
promPg.push({ jobName: 'sms-otp-middleware' }, (err, resp, body) => {
console.log(`Error: ${err}`)
console.log(`Body: ${body}`)
console.log(`Response status: ${resp.statusCode}`)
res.status(200).send('metrics_pushed')
})

cant call curl from python3

I am trying to call this curl from python3. This, from bash, is working fine.
curl -LH "Accept: text/bibliography; style=bibtex" http://dx.doi.org/10.1103/PhysRevLett.117.126802
yielding the expected result:
#article{Chang_2016, title={Observation of the Quantum Anomalous Hall Insulator to Anderson Insulator Quantum Phase Transition and its Scaling Behavior}, volume={117}, ISSN={1079-7114}, url={http://dx.doi.org/10.1103/PhysRevLett.117.126802}, DOI={10.1103/physrevlett.117.126802}, number={12}, journal={Physical Review Letters}, publisher={American Physical Society (APS)}, author={Chang, Cui-Zu and Zhao, Weiwei and Li, Jian and Jain, J. K. and Liu, Chaoxing and Moodera, Jagadeesh S. and Chan, Moses H. W.}, year={2016}, month={Sep}}
in python3, I am doing:
import subprocess
doi = "http://dx.doi.org/10.1103/PhysRevLett.117.126802"
try:
subprocess.call(["curl", "-LH", '"Accept: text/bibliography; style=bibtex"', doi])
except ExplicitException:
print("DOI is not available")
self.Messages.on_warn_clicked("DOI is not given",
"Search google instead")
which is giving error:
<html><body><h1>400 Bad request</h1>
Your browser sent an invalid request.
</body></html>
whats going wrong here?

You have 3 problems here:
don't quote your arguments in subprocess, it already does that for you when necessary, since you pass the arguments and not the unsplitted command line (good practice, keep it on, but drop the unneccessary quoting).
then, subprocess.call does not allow to parse/store the output in python, which is problematic for number 3:
and last: your site answers with rubbish HTML (java stacktrace) randomly. This explains why you're getting different output in python, but you can get it in bash as well.
Problem #1
subprocess.call(["curl", "-LH", '"Accept: text/bibliography; style=bibtex"', doi])
should be
subprocess.call(["curl", "-LH", 'Accept: text/bibliography; style=bibtex', doi])
Else, quotes are applied twice and your Accept: xxx argument has quotes around it, which is unexpected by curl
demo of the non-working quote part:
import subprocess,os
doi = "http://dx.doi.org/10.1103/PhysRevLett.117.126802"
#### this is wrong because of the quoting ####
p = subprocess.Popen(["curl", "-LH", '"Accept: text/bibliography; style=bibtex"', doi],stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
[output,error] = p.communicate()
print(output)
result:
b' some stats then ... <html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n\r\n'
Problems #2 and #3
I have implemented a retry mechanism which parses the output and retries until correct output is found:
import subprocess,os,sys
doi = "http://dx.doi.org/10.1103/PhysRevLett.117.126802"
while True:
p = subprocess.Popen(["curl", "-LH", 'Accept: text/bibliography; style=bibtex', doi],stdout=subprocess.PIPE)
[output,error] = p.communicate()
output = output.decode("latin-1")
if "java.util.concurrent.FutureTask.run" in output:
# site crashed when responding: junk HTML output: retry
sys.stderr.write("Wrong answer: retrying\n")
else:
print(output)
break
result:
Wrong answer: retrying <==== here the site throwed a big HTML exception output
#article{Chang_2016, title={Observation of the Quantum Anomalous Hall Insulator to Anderson Insulator Quantum Phase Transition and its Scaling Behavior}, volume={117}, ISSN={1079-7114}, url={http://dx.doi.org/10.1103/PhysRevLett.117.126802}, DOI={10.1103/physrevlett.117.126802}, number={12}, journal={Physical Review Letters}, publisher={American Physical Society (APS)}, author={Chang, Cui-Zu and Zhao, Weiwei and Li, Jian and Jain, J.âK. and Liu, Chaoxing and Moodera, Jagadeesh S. and Chan, Moses H.âW.}, year={2016}, month={Sep}}
So it works, it's just a site problem, but with my python wrapper you are able to re-submit the request until it yields the proper answer.