0

我的 REST API 脚本有问题,在我将趋势科技服务器深度安全防护系统从 11.2.225 升级到 20.0.366 之前,该脚本一直有效。错误发生在“for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:”行上,执行脚本时出现的错误如下所示:

2021-06-21 13:38:00,529 root         INFO     Start Initialization
2021-06-21 13:38:00,536 root         INFO     Start read RuleIDs from DSCycle File
2021-06-21 13:38:00,539 root         INFO     Start read RuleIDs from Exception List File
2021-06-21 13:38:00,614 root         INFO     get all subpolicies of DS3
2021-06-21 13:38:01,997 root         INFO     get all applicationtypes for further filtering
2021-06-21 13:38:02,053 root         INFO     start policy DS3 Windows
Traceback (most recent call last):
File "E:\Script\ApplyNewIPSRulesInCycle.py", line 144, in <module>
for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:
File "E:\PythonInstall\lib\site-packages\deepsecurity\api\computers_api.py", line 614, in 
search_computers
(data) = self.search_computers_with_http_info(api_version, **kwargs)  # noqa: E501
File "E:\PythonInstall\lib\site-packages\deepsecurity\api\computers_api.py", line 698, in 
search_computers_with_http_info
collection_formats=collection_formats)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 322, in call_api
_preload_content, _request_timeout)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 153, in __call_api
_request_timeout=_request_timeout)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 365, in request
body=body)
File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 275, in POST
body=body)
File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 228, in request
raise ApiException(http_resp=r)
deepsecurity.rest.ApiException: (400)
Reason:
HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': 
'1;mode=block', 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no-cache', 'X-DSM-Version': 
'Deep Security/20.0.366', 'Content-Type': 'application/json', 'Content-Length': '82', 'Date': 
'Mon, 21 Jun 2021 11:38:01 GMT', 'Connection': 'close'})
HTTP response body: {"message":"Invalid SearchFilter: choiceTest is not supported for field 
policyID"}

需要的部分脚本:

# Get all subpolicies of basepolicy
logger.info("get all subpolicies of %s", basePolicy_d.name)
all_subpolicies = []
tempnew_policies = []
temp_policies = api_policy.search_policies(api_version, search_filter=search_filter).policies
while len(temp_policies) > 0:
    for p in temp_policies:
        search_criteria.numeric_value = p.id
        search_filter = deepsecurity.SearchFilter(None, [search_criteria])
        tempnew_policies.extend(api_policy.search_policies(api_version,     search_filter=search_filter).policies)
    all_subpolicies.extend(temp_policies)
    temp_policies = tempnew_policies
    tempnew_policies = []

# Get all ApplicationTypes with incoming direction

search_criteria = deepsecurity.SearchCriteria()
search_criteria.field_name = "direction"
search_criteria.choice_test = "equal"
search_criteria.choice_value = "incoming"
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
appltypesid = []
logger.info("get all applicationtypes for further filtering")
appltypes = api_appltype.search_application_types(api_version,     search_filter=search_filter).application_types
for a in appltypes:
    appltypesid.append(a.id)

f = open("e:\\script\\export\\export.txt", "a")

# Go trough all the policies that are under the D-Group
for policy in all_subpolicies:
    logger.info("start policy %s", policy.name)
    mailmsg_add = ""
    # Get all computers in that policy
    search_criteria.field_name = "policyID"
    search_criteria.numeric_value = policy.id
    search_filter = deepsecurity.SearchFilter(None, [search_criteria])
    rulesToAdd = []
    for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:
        try:
            # Get all Recommendations per Computer
            recommendation_comp = api_rec_comp.list_intrusion_prevention_rule_ids_on_computer(computer.id, api_version)
            if recommendation_comp.recommended_to_assign_rule_ids is not None:
                for rule_id in recommendation_comp.recommended_to_assign_rule_ids:
                    # Check if ConnectionDirection of recommended IPS is incoming
                    rule = api_ipsrule.describe_intrusion_prevention_rule(rule_id, api_version)
                    logger.debug("check rule %s for list of policy %s", (str(rule.id) + ": " + rule.name), policy.name)
                    if rule.application_type_id in appltypesid and rule.id in dscycle_ruleids and rule.id not in exception_ruleids:
                        # TODO:Add to a list per Policy to add new policies
                        if rule.id not in rulesToAdd:
                            mailmsg_add += "- add rule " + (str(rule.id) + ": " + rule.name) + " \r\n"
                            logger.info("add rule %s to list of policy %s", (str(rule.id) + ": " + rule.name), policy.name)
                            rulesToAdd.append(rule.id)

                        f.write(policy.name + ";" + computer.host_name + ";" + str(rule.id) + ": " + rule.name + "\n")
        except Exception as e:
            logging.exception("Exception on Computer ", computer.id)
    
   

有谁知道为什么会失败,发生了什么变化以及我能做什么?

4

1 回答 1

1

日志告诉我们问题发生在策略循环中。错误消息(“Invalid SearchFilter:choiceTest is not supported for field policyID”)告诉我们问题是 SearchFilter 在尝试搜索 policyID 字段时包含一个choiceTest。

查看代码,我看到 search_criteria 变量被重复使用。这意味着第三次使用它时,它会继承choiceTest第二次使用的价值。

尝试这样的事情(创建一个新的搜索条件):

# Get all computers in that policy    
search_criteria_policy = deepsecurity.SearchCriteria()
search_criteria_policy.field_name = "policyID"
search_criteria_policy.numeric_value = policy.id

PS 我在趋势科技研发部工作

于 2021-06-21T14:03:34.390 回答